Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
293
Views
0
Helpful
2
Replies

limiting by sessions

rnaydenov
Level 1
Level 1

‎01-03-2008 06:03 AM - edited ‎03-10-2019 03:55 AM

Hi guys,

Is there a way that I can make a custom signature to detect if any given host has reached a predefined limit of sessions to specific host. I know this can be done with ASA, but can it be done with IPS functionality?

Labels:
0 Helpful
2 Replies 2

mhellman
Level 7
Level 7

‎01-09-2008 02:43 PM

Yes, you can do this. I assume you're talking about TCP sessions, right? Take a look at 3041-1, TCP SYN/FIN Packet. Copy it. Change the TCP flags to SYN. Change the TCP mask to SYN|FIN|ACK|RST|PSH|URG. Change the destination port range to the desired values. Change the event count and interval to the number of sessions that must be reached over the time interval before the alarm will fire.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card