Just wondering if anyone has a DDoS detection script for Bro 2.2+. I saw there was an older one for Bro 1.5, but was wondering if someone created an updated one using the new SumStats framework. Please let me know if there is an out-of-the-box way to detect DDoS that I am missing.
Thanks,
Tyler
Justin, did you ever end up creating one? It should be pretty easy once you define what exactly you want to measure.
.Seth
Thanks guys!
Justin, if I’m reading this correctly, the script will only look at ports specified in dos_ports.
Is there a way to match all ports? Are there dangers in doing that?
Tyler