Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

limiting by sessions

Hi guys,

Is there a way that I can make a custom signature to detect if any given host has reached a predefined limit of sessions to specific host. I know this can be done with ASA, but can it be done with IPS functionality?

2 REPLIES
Silver
Gold

Re: limiting by sessions

Yes, you can do this. I assume you're talking about TCP sessions, right? Take a look at 3041-1, TCP SYN/FIN Packet. Copy it. Change the TCP flags to SYN. Change the TCP mask to SYN|FIN|ACK|RST|PSH|URG. Change the destination port range to the desired values. Change the event count and interval to the number of sessions that must be reached over the time interval before the alarm will fire.

115
Views
0
Helpful
2
Replies