[Bro] DDOS ( SYN flodding attack)

sridhar basam sridhar.basam at gmail.com
Wed Mar 31 09:49:01 PDT 2010


You might want to take a look at the policy file synflood.bro to see if it
does what you are looking for or use it as a starting point to write a
custom policy.

 Sri

On Wed, Mar 31, 2010 at 10:50 AM, vijay khadse <vijay.m.khadse1979 at gmail.com
> wrote:

> Can we use BRO to detect DDOS ( SYN Flodding attack)  at a router. If yes
> how? I had a internet trace obtained  from CAIDA ISP-A . I have to detect
> SYN flodding attacks in that trace. It is a PCAP file of 2GB. Please help me
> .I have tried it with snort but was not succesful.
> Please Help me. Thank you .
>
> Regards,
> Vijay M Khadse
>
>
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>



-- 
Sridhar
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20100331/ac2e0fb7/attachment.html 


More information about the Bro mailing list