Re: Detecting Attacks
hi su.. On 06/10/16 at 10:39pm, subashini hariharan wrote:
I am Subashini, a graduate student. I am interested in doing my project in Network Security. I have a doubt related to it.
duh... too broad of a subject ... you'd need to be more specific about which of the hundred's of sub categories ...
The aim is to detect DoS/DDoS attacks using the application.
good ... sorta specific but not ...
I am going to use ELK (ElasticSearch, Logstash, Kibanna) for processing the logs (Log Analytics).
hummm, why that app and not the couple dozen other ways people are using to detect incoming and/or outgoing DDoS attacks if the "professor" says "use ELK" ... you have no ther choice ... if not, there's much better options to detect DDoS attacks ... ( tcpdump -nnvv ) ... if you cannot explain each line, you've got a DDoS problem
My doubt is regarding how do we generate logs for detecting this attack? As I am new to this process, I am not sure about it.
what's the doubt ?? if there is a doubt ... conduct and experiment and see if it confirms your expected result or explain why its different and do more experiments until "its all explained" and no more doubts
Also, if it is possible to do any other attacks similar to this, you can please give a hint about it.
several dozens other types of attacks similar to DDoS, which takes over a server or network offline including no-technical-skill required attacks
Could anyone please help with this, it would be a great help!!
google/yahoo/bing is your assistant ready to give you ALL the answer's you need and ant ----------- side notes ... a) if you log all incoming packets ( attacks ), you have increased the effectiveness of ddos attacks since you have now gave them the power to fill up your disk, use your cpu, use your memory, use your time to review the logs, etc, etc all of that is bad bad stuff to have the DDoS attackers do to you b) for logs, etc, there are dozens of other apps that try to detect attacks ( splunk, snort, hundred other apps, including eyeballs ) why are some methodologies better than others ? c) detecting DDoS attacks is nice but, what's the point ?? you're still under attack ... and haven't resolved the issue kinda like cooking dinner but not eating it ... you're still starving d) every computer connected to the internet is under constant 24x7x365 attacks ... a good "ddos detector" will tell you how much traffic is legitimate and how much bandwidth is wasted by the attacks and which server and which ports they are attacking, etc etc script kiddies are already attacking your network ( the one you're using bnow ) .. it's a free and harmless DDoS attacks and you should be able to see what they are doing to you "now" if you cannot "see what" they are attacking, you've got a major problem e) if you want to generate some specific DDoS attacks .. use ping, nping, hping, nmap, etc to start .... that should keep you busy for the next year or few years do NOT ever send packets outside to computers you do not own, or some ominous looking folks might come looking for you f) if you want to detect DDoS attacks .... post process tcpdump's output magic pixie dust alvin # # DDoS-Simulator.net # DDoS-Mitigator.net #
participants (1)
-
alvin nanog