topic Re: limiting by sessions in Network Security https://community.cisco.com/t5/network-security/limiting-by-sessions/m-p/874135#M85010 <HTML><HEAD></HEAD><BODY><P>Following links may help you</P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/docs/security/ips/5.0/configuration/guide/cli/clisgeng.html" target="_blank">http://www.cisco.com/en/US/docs/security/ips/5.0/configuration/guide/cli/clisgeng.html</A></P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/docs/security/ips/5.0/configuration/guide/cli/clisgdef.html" target="_blank">http://www.cisco.com/en/US/docs/security/ips/5.0/configuration/guide/cli/clisgdef.html</A></P></BODY></HTML> Wed, 09 Jan 2008 19:38:19 GMT didyap 2008-01-09T19:38:19Z limiting by sessions https://community.cisco.com/t5/network-security/limiting-by-sessions/m-p/874134#M85009 <P>Hi guys,</P><P></P><P>Is there a way that I can make a custom signature to detect if any given host has reached a predefined limit of sessions to specific host. I know this can be done with ASA, but can it be done with IPS functionality?</P> Sun, 10 Mar 2019 10:55:36 GMT https://community.cisco.com/t5/network-security/limiting-by-sessions/m-p/874134#M85009 rnaydenov 2019-03-10T10:55:36Z Re: limiting by sessions https://community.cisco.com/t5/network-security/limiting-by-sessions/m-p/874135#M85010 <HTML><HEAD></HEAD><BODY><P>Following links may help you</P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/docs/security/ips/5.0/configuration/guide/cli/clisgeng.html" target="_blank">http://www.cisco.com/en/US/docs/security/ips/5.0/configuration/guide/cli/clisgeng.html</A></P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/docs/security/ips/5.0/configuration/guide/cli/clisgdef.html" target="_blank">http://www.cisco.com/en/US/docs/security/ips/5.0/configuration/guide/cli/clisgdef.html</A></P></BODY></HTML> Wed, 09 Jan 2008 19:38:19 GMT https://community.cisco.com/t5/network-security/limiting-by-sessions/m-p/874135#M85010 didyap 2008-01-09T19:38:19Z Re: limiting by sessions https://community.cisco.com/t5/network-security/limiting-by-sessions/m-p/874136#M85011 <HTML><HEAD></HEAD><BODY><P>Yes, you can do this. I assume you're talking about TCP sessions, right? Take a look at 3041-1, TCP SYN/FIN Packet. Copy it. Change the TCP flags to SYN. Change the TCP mask to SYN|FIN|ACK|RST|PSH|URG. Change the destination port range to the desired values. Change the event count and interval to the number of sessions that must be reached over the time interval before the alarm will fire.</P></BODY></HTML> Wed, 09 Jan 2008 22:43:48 GMT https://community.cisco.com/t5/network-security/limiting-by-sessions/m-p/874136#M85011 mhellman 2008-01-09T22:43:48Z