How can I patch a DDoS attack with a pcap?
I recently made a VPN hosted off of OVH, I have TCPDump installed but I dont know how to patch the pcap.
Please start posting anonymously - your entry will be published after you log in or create a new account.
Asked: 2021-04-11 19:38:47 +0000
Seen: 717 times
Last updated: Apr 11 '21
I captured what I believe is an unpatchable attack [closed]
What is the syntax for wireshark custom column
Tshark output file problem, saving to csv or txt
How to convert Pcapng file to pcap file by Tshark
Can I create a capture filter on a pcap file
How can I extract parameters from pcap
Your question doesn't make sense. A pcap is a file containing captured traffic, it can't be used to patch anything. Maybe there's a language problem, can you maybe rephrase the question?
it has a DDoS attack captured but I dont know how to patch the attack by using hex strings. Which I don't know how to get the hex strings
What do you mean by "patch the attack"? "Patch" is generally used to mean something you do to a program, not to a pattern of network traffic trying to overload your machine, which is what a network DoS is, Do you mean that you want to search through the pcap to find the traffic that's attacking your machine?
It seems you have a lot of skills to learn. Start by reading the PCAp file and understanding the protocol. Then learn you IPD/IDS system to understand how virtual patching works and how you can creat your own virtual patches. My guess is that you need to invest something worth of a month in to this process of learning the protocols and learning how to use the right tools. There is now quick fix here as it will only be a stopgap for 1 very specific type of hole
Cant you get the hex string to an attack and patch the attack through IP Tables? Im just wondering how I get the hex string and how to drop traffic with the same hex string with IP Tables. I also want to know how to find the specific IPs coming from the DDoS attack through a pcap that captured a DDoS attack