[Snort-users] Detecting repeated web requests
This is a discussion on [Snort-users] Detecting repeated web requests within the Snort forums, part of the System Security and Security Related category; This is a multi-part message in MIME format. ------_=_NextPart_001_01C4B79E.74A200BB Content-Type: text/plain; charset="us-ascii&...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
10-21-2004
|
|||
|
|||
[Snort-users] Detecting repeated web requests
This is a multi-part message in MIME format.
------_=_NextPart_001_01C4B79E.74A200BB Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hello, =20 I'd like to use Snort to do the following and wonder first of all, if it is capable of doing so? =20 1. If x number of repeated web requests (GETs) come in of the SAME exact type in a short time period, (which wouldn't happen under normal circumstances) then alert. 2. Or if many web requests of ANY type come in a short time period (indicating non-human activity), then alert. =20 =20 Does anyone know if these types of checks are possible in Snort? =20 =20 Thanks ------_=_NextPart_001_01C4B79E.74A200BB Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable <html xmlns:o=3D"urn:schemas-microsoft-com:office:office" = xmlns:w=3D"urn:schemas-microsoft-com:office:word" = xmlns=3D"http://www.w3.org/TR/REC-html40"> <head> <meta http-equiv=3DContent-Type content=3D"text/html; = charset=3Dus-ascii"> <meta name=3DGenerator content=3D"Microsoft Word 11 (filtered medium)"> <style> <!-- /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {margin:0in; margin-bottom:.0001pt; font-size:12.0pt; font-family:"Times New Roman";} a:link, span.MsoHyperlink {color:blue; text-decoration:underline;} a:visited, span.MsoHyperlinkFollowed {color:purple; text-decoration:underline;} span.EmailStyle17 {mso-style-type:personal-compose; font-family:Arial; color:windowtext;} @page Section1 {size:8.5in 11.0in; margin:1.0in 1.25in 1.0in 1.25in;} div.Section1 {page:Section1;} /* List Definitions */ @list l0 {mso-list-id:633876799; mso-list-type:hybrid; mso-list-template-ids:2068614236 67698703 67698713 67698715 67698703 = 67698713 67698715 67698703 67698713 67698715;} @list l0:level1 {mso-level-tab-stop:.5in; mso-level-number-position:left; text-indent:-.25in;} ol {margin-bottom:0in;} ul {margin-bottom:0in;} --> </style> </head> <body lang=3DEN-US link=3Dblue vlink=3Dpurple> <div class=3DSection1> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>Hello,<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><o:p> </o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>I’d like to use Snort to do the following and = wonder first of all, if it is capable of doing so?<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><o:p> </o:p></span></font></p> <ol style=3D'margin-top:0in' start=3D1 type=3D1> <li class=3DMsoNormal style=3D'mso-list:l0 level1 lfo1'><font size=3D2 = face=3DArial><span style=3D'font-size:10.0pt;font-family:Arial'>If x number of = repeated web requests (GETs) come in of the SAME exact type in a short time = period, (which wouldn’t happen under normal circumstances) then = alert.<o:p></o:p></span></font></li> <li class=3DMsoNormal style=3D'mso-list:l0 level1 lfo1'><font size=3D2 = face=3DArial><span style=3D'font-size:10.0pt;font-family:Arial'>Or if many web = requests of ANY type come in a short time period (indicating non-human activity), = then alert.<o:p></o:p></span></font></li> </ol> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><o:p> </o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><o:p> </o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>Does anyone know if these types of checks are = possible in Snort?<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><o:p> </o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><o:p> </o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>Thanks<o:p></o:p></span></font></p> </div> </body> </html> ------_=_NextPart_001_01C4B79E.74A200BB-- ------------------------------------------------------- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjourna...uidepromo.tmpl _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
