Hello, I am Subashini, a graduate student. I am interested in doing my project in Network Security. I have a doubt related to it. The aim is to detect DoS/DDoS attacks using the application. I am going to use ELK (ElasticSearch, Logstash, Kibanna) for processing the logs (Log Analytics). My doubt is regarding how do we generate logs for detecting this attack? As I am new to this process, I am not sure about it. Also, if it is possible to do any other attacks similar to this, you can please give a hint about it. Could anyone please help with this, it would be a great help!! -- Thank You. With Regards, H.Subashini
Is your aim to generate attack traffic? Or rather a mix of normal and attack traffic. That's one part. Googling ddos simulator will get you lots of results you can evaluate Logging it appropriately and capturing the logs, storing them in a db is the next. --srs
On 11-Jun-2016, at 10:52 AM, subashini hariharan <suba.h17@gmail.com> wrote:
Hello,
I am Subashini, a graduate student. I am interested in doing my project in Network Security. I have a doubt related to it.
The aim is to detect DoS/DDoS attacks using the application. I am going to use ELK (ElasticSearch, Logstash, Kibanna) for processing the logs (Log Analytics).
My doubt is regarding how do we generate logs for detecting this attack? As I am new to this process, I am not sure about it.
Also, if it is possible to do any other attacks similar to this, you can please give a hint about it.
Could anyone please help with this, it would be a great help!!
-- Thank You.
With Regards, H.Subashini
Security Onion is a FOSS Linux distribution with several great security tools integrated into an installer. https://security-onion-solutions.github.io/security-onion/ <https://security-onion-solutions.github.io/security-onion/> Snort & Suricata are signature based detection tools. Bro is a domain specific language for packet analysis and processing. https://isc.sans.edu/forums/diary/Why+I+think+you+should+try+Bro/15259/ <https://isc.sans.edu/forums/diary/Why+I+think+you+should+try+Bro/15259/> -- Otto Monnig
On Jun 11, 2016, at 12:22 AM, subashini hariharan <suba.h17@gmail.com> wrote:
Hello,
I am Subashini, a graduate student. I am interested in doing my project in Network Security. I have a doubt related to it.
The aim is to detect DoS/DDoS attacks using the application. I am going to use ELK (ElasticSearch, Logstash, Kibanna) for processing the logs (Log Analytics).
My doubt is regarding how do we generate logs for detecting this attack? As I am new to this process, I am not sure about it.
Also, if it is possible to do any other attacks similar to this, you can please give a hint about it.
Could anyone please help with this, it would be a great help!!
-- Thank You.
With Regards, H.Subashini
On Fri, 10 Jun 2016 22:22:31 -0700, subashini hariharan said:
The aim is to detect DoS/DDoS attacks using the application. I am going to use ELK (ElasticSearch, Logstash, Kibanna) for processing the logs (Log Analytics).
Bad approach. At that point, not only is the application being DDoS'ed, but now your logging system may be overwhelmed as well. And a favorite attack method is to throw a DDoS at one application (your http server, for instance), and while you're drowning in logfiles, slip in an exploit for something else (you *did* patch that tftpd server, right?) Also, the vast majority of DDoS attempts are just fill-the-pipe attacks, which often don't even bother attacking an application, just an IP address. This leverages the fact that there's a lot of routers that can switch average sized packets at line speed, but not minimum sized packets. So the link falls over faster if it's getting pounded with ICMP Echo Request packets or TCP SYN packets than if it's getting 800-byte http requests.
Hello! You could try my open source project: https://github.com/pavel-odintsov/fastnetmon It's pretty popular and used by a very big number of really big networks. We have option for capturing "pcap" dump for each attack for detailed investigation. On Sat, Jun 11, 2016 at 8:22 AM, subashini hariharan <suba.h17@gmail.com> wrote:
Hello,
I am Subashini, a graduate student. I am interested in doing my project in Network Security. I have a doubt related to it.
The aim is to detect DoS/DDoS attacks using the application. I am going to use ELK (ElasticSearch, Logstash, Kibanna) for processing the logs (Log Analytics).
My doubt is regarding how do we generate logs for detecting this attack? As I am new to this process, I am not sure about it.
Also, if it is possible to do any other attacks similar to this, you can please give a hint about it.
Could anyone please help with this, it would be a great help!!
-- Thank You.
With Regards, H.Subashini
-- Sincerely yours, Pavel Odintsov
participants (5)
-
Otto Monnig
-
Pavel Odintsov
-
subashini hariharan
-
Suresh Ramasubramanian
-
Valdis.Kletnieks@vt.edu