Can we use BRO to detect DDOS ( SYN Flodding attack) at a router. If yes how? I had a internet trace obtained from CAIDA ISP-A . I have to detect SYN flodding attacks in that trace. It is a PCAP file of 2GB. Please help me .I have tried it with snort but was not succesful.
Please Help me. Thank you .
Vijay M Khadse
Can we use BRO to detect DDOS ( SYN Flodding attack) at a router.
There's a policy script for doing this, synflood.bro - give it a try.
Try running Bro with the script synflood.bro. You may need to tweak
a few of the parameters at the beginning of the script.
You might want to take a look at the policy file synflood.bro to see if it does what you are looking for or use it as a starting point to write a custom policy.