Detect high numbers of outgoing connections per user. Maybe use Snort?

已完成 已发布的 Feb 13, 2012 货到付款
已完成 货到付款

I'd like to detect abusive network traffic outgoing from my server (caused by different users on the server, maybe they're infected by a virus).

I'd like a solution that I can install as root on the server and that'll alert me if the number of outgoing connections per user (each has a unique private IP) per 1-minute time interval exceeds some threshold. Alert me simply by calling an HTTP POST webservice.

This needs to work on Ubuntu 10.04 LTS

In your bid, please specify what path you would take to solve this. Use Snort, or some other existing package? Or build something custom with iptables?

I'll also need a script to install/deploy the solution on the server.

工程 Linux 项目管理 脚本安装 shell脚本 软件构架 软件测试 系统管理

项目ID: #2711343

关于项目

4个方案 远程项目 活跃的Feb 28, 2012

授予:

kobor

See private message.

$42.5 USD 在22天内
(75条评论)
4.9

有4名威客正在参与此工作的竞标,均价$216/小时

tiborveres

See private message.

$250.75 USD 在22天内
(25条评论)
5.6
njcole

See private message.

$150 USD 在22天内
(12条评论)
5.4
klarakarl

See private message.

$420.75 USD 在22天内
(17条评论)
4.8