[hobbit] Port Monitoring
Paul Moore
paul.moore at verizonbusiness.com
Mon Nov 6 21:12:03 CET 2006
That works good if you know who is going to be hitting you but I would like
to detect unknown clients.
Paul - v966-5159
-=-=-
Are You Pondering What I'm Pondering?
I think so Brain, but, snort, no, no, it's too stupid.
-----Original Message-----
From: David Gore [mailto:David.Gore at verizonbusiness.com]
Sent: Monday, November 06, 2006 2:50 PM
To: hobbit at hswn.dk
Subject: Re: [hobbit] Port Monitoring
Paul Moore wrote:
> Is there a way to setup hobbit's port monitoring to alert when a specific
> device has X number of established connections on particular port? IE
> alerting when one client has 20 sessions connected to port 80 signifying a
> DOS attack?
hobbit-clients.cfg:
HOST=myDOSTarget
PORT REMOTE=%x.x.x.X.nnn STATE=ESTABLISHED MIN=1 MAX=20
>
> Paul Moore V966-5159
> MSO OSS Support
> -=-=-=-=-=
> Pinky, Are You Pondering What I'm Pondering?
> Well, I think so Brain but if Jimmy cracks corn and no one cares, why does
> he keep doing it?
>
>
>
>
> To unsubscribe from the hobbit list, send an e-mail to
> hobbit-unsubscribe at hswn.dk
>
>
To unsubscribe from the hobbit list, send an e-mail to
hobbit-unsubscribe at hswn.dk
More information about the Xymon
mailing list