Can we use BRO to detect DDOS ( SYN Flodding attack) at a router. If yes how? I had a internet trace obtained from CAIDA ISP-A . I have to detect SYN flodding attacks in that trace. It is a PCAP file of 2GB. Please help me .I have tried it with snort but was not succesful.
Please Help me. Thank you .
You might want to take a look at the policy file synflood.bro to see if it does what you are looking for or use it as a starting point to write a custom policy.