DDOS ( SYN flodding attack)

Can we use BRO to detect DDOS ( SYN Flodding attack) at a router. If yes how? I had a internet trace obtained from CAIDA ISP-A . I have to detect SYN flodding attacks in that trace. It is a PCAP file of 2GB. Please help me .I have tried it with snort but was not succesful.
Please Help me. Thank you .

Regards,
Vijay M Khadse

Can we use BRO to detect DDOS ( SYN Flodding attack) at a router.

There's a policy script for doing this, synflood.bro - give it a try.

    Vern

Try running Bro with the script synflood.bro. You may need to tweak
a few of the parameters at the beginning of the script.

Robin

You might want to take a look at the policy file synflood.bro to see if it does what you are looking for or use it as a starting point to write a custom policy.

Sri