Detecting Attacks

• Previous message (by thread): Detecting Attacks
• Next message (by thread): Detecting Attacks
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

hi su..

On 06/10/16 at 10:39pm, subashini hariharan wrote:
> I am Subashini, a graduate student. I am interested in doing my project in
> Network Security. I have a doubt related to it.

duh... too broad of a subject ... you'd need to be more specific about which
of the hundred's of sub categories ...

> The aim is to detect DoS/DDoS attacks using the application.

good ... sorta specific but not ...

> I am going to
> use ELK (ElasticSearch, Logstash, Kibanna) for processing the logs (Log
> Analytics).

hummm, why that app and not the couple dozen other ways people are using
to detect incoming and/or outgoing DDoS attacks

if the "professor" says "use ELK" ... you have no ther choice ...
if not, there's much better options to detect DDoS attacks ...

( tcpdump -nnvv ) ... if you cannot explain each line, you've got a DDoS problem

> My doubt is regarding how do we generate logs for detecting this attack? As
> I am new to this process, I am not sure about it.

what's the doubt ?? if there is a doubt ... conduct and experiment and 
see if it confirms your expected result or explain why its different
and do more experiments until "its all explained" and no more doubts

> Also, if it is possible to do any other attacks similar to this, you can
> please give a hint about it.

several dozens other types of attacks similar to DDoS, which  takes over
a server or network offline including no-technical-skill required attacks

> Could anyone please help with this, it would be a great help!!

google/yahoo/bing is your assistant ready to give you ALL the 
answer's you need and ant

-----------

side notes ...
a) if you log all incoming packets ( attacks ), you have increased the
   effectiveness of ddos attacks since you have now gave them the power 
   to fill up your disk, use your cpu, use your memory, use your time 
   to review the logs, etc, etc 

   all of that is bad bad stuff to have the DDoS attackers do to you 

b) for logs, etc, there are dozens of other apps that try to detect
   attacks ( splunk, snort, hundred other apps, including eyeballs )

   why are some methodologies better than others ?

c) detecting DDoS attacks is nice but, what's the point ??
   you're still under attack ... and haven't resolved the issue

   kinda like cooking dinner but not eating it ... you're still starving

d) every computer connected to the internet is under constant 24x7x365
   attacks ... a good "ddos detector" will tell you how much traffic
   is legitimate and how much bandwidth is wasted by the attacks
   and which server and which ports they are attacking, etc etc

   script kiddies are already attacking your network 
   ( the one you're using bnow ) .. it's a free and harmless DDoS attacks
   and you should be able to see what they are doing to you "now"

   if you cannot "see what" they are attacking, you've got a major problem

e) if you want to generate some specific DDoS attacks ..
   use ping, nping, hping, nmap, etc to start .... that should
   keep you busy for the next year or few years

   do NOT ever send packets outside to computers you do not own,
   or some ominous looking folks might come looking for you

f) if you want to detect DDoS attacks .... post process tcpdump's output

magic pixie dust
alvin
#
# DDoS-Simulator.net
# DDoS-Mitigator.net
#

• Previous message (by thread): Detecting Attacks
• Next message (by thread): Detecting Attacks
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]