monitoring number of simultaneos connection
Roberto Tagliaferri
r.tagliaferri at tosnet.it
Tue Sep 26 10:01:52 CEST 2006
Is there a way to monitor the number of simultaneous open port from the
same ip?
I need to alert when an (stupid...) attacker send a thing like this
tcp 0 0 151.8.36.12:80 206.225.82.32:9654
SYN_RECV
tcp 0 0 151.8.36.12:80 206.225.82.32:63256
SYN_RECV
tcp 0 0 151.8.36.12:80 206.225.82.32:11611
SYN_RECV
tcp 0 0 151.8.36.12:80 206.225.82.32:55544
SYN_RECV
tcp 0 0 151.8.36.12:80 206.225.82.32:55045
SYN_RECV
tcp 0 0 151.8.36.12:80 206.225.82.32:949
SYN_RECV
tcp 0 0 151.8.36.12:80 206.225.82.32:19880
SYN_RECV
tcp 0 0 151.8.36.12:80 206.225.82.32:13331
SYN_RECV
tcp 0 0 151.8.36.12:80 206.225.82.32:31280
SYN_RECV
tcp 0 0 151.8.36.12:80 206.225.82.32:44500
SYN_RECV
tcp 0 0 151.8.36.12:80 206.225.82.32:11909
SYN_RECV
tcp 0 0 151.8.36.12:80 206.225.82.32:58313
SYN_RECV
tcp 0 0 151.8.36.12:80 206.225.82.32:47932
SYN_RECV
tcp 0 0 151.8.36.12:80 206.225.82.32:15468
SYN_RECV
tcp 0 0 151.8.36.12:80 206.225.82.32:2060
SYN_RECV
tcp 0 0 151.8.36.12:80 206.225.82.32:56875
SYN_RECV
tcp 0 0 151.8.36.12:80 206.225.82.32:45630
SYN_RECV
--
Roberto Tagliaferri
Responsabile Progettazione & Produzione
TosNet s.r.l. - Internet Service Provider
r.tagliaferri at tosnet.it
www.tosnet.it
More information about the Xymon
mailing list