Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
372
Views
0
Helpful
2
Replies

limiting by sessions

rnaydenov
Level 1
Level 1

‎01-03-2008 06:03 AM - edited ‎03-10-2019 03:55 AM

Hi guys,

Is there a way that I can make a custom signature to detect if any given host has reached a predefined limit of sessions to specific host. I know this can be done with ASA, but can it be done with IPS functionality?

Labels:
0 Helpful
2 Replies 2

mhellman
Level 7
Level 7

‎01-09-2008 02:43 PM

Yes, you can do this. I assume you're talking about TCP sessions, right? Take a look at 3041-1, TCP SYN/FIN Packet. Copy it. Change the TCP flags to SYN. Change the TCP mask to SYN|FIN|ACK|RST|PSH|URG. Change the destination port range to the desired values. Change the event count and interval to the number of sessions that must be reached over the time interval before the alarm will fire.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card