Sir
i m working on bro 2.3.2 version
i want to know can we detect denial of service attack using bro?
if possible can you please provide me some guidance .
thanks
hoping your early reply
Detecting denial of service attacks aren’t as clear cut as detecting other attacks e.g. SQL injection. What constitutes a DoS depends on your networks specifics, such as bandwidth. A DoS to your network might not be a DoS to a larger network.
This being said, Bro does have the ability to detect common port scan attacks. I believe the detection scripts are built on the sumstats framework. Here’s one Seth wrote <https://github.com/sethhall/bro-junk-drawer/blob/master/scan_udp.bro>. I hope that helps.
-AK