How can I patch a DDoS attack with a pcap?

asked 2021-04-11 19:38:47 +0000

i99q gravatar image

I recently made a VPN hosted off of OVH, I have TCPDump installed but I dont know how to patch the pcap.

edit retag flag offensive close merge delete


Your question doesn't make sense. A pcap is a file containing captured traffic, it can't be used to patch anything. Maybe there's a language problem, can you maybe rephrase the question?

grahamb gravatar imagegrahamb ( 2021-04-11 19:41:59 +0000 )edit

it has a DDoS attack captured but I dont know how to patch the attack by using hex strings. Which I don't know how to get the hex strings

i99q gravatar imagei99q ( 2021-04-11 19:46:17 +0000 )edit

What do you mean by "patch the attack"? "Patch" is generally used to mean something you do to a program, not to a pattern of network traffic trying to overload your machine, which is what a network DoS is, Do you mean that you want to search through the pcap to find the traffic that's attacking your machine?

Guy Harris gravatar imageGuy Harris ( 2021-04-12 01:18:41 +0000 )edit

It seems you have a lot of skills to learn. Start by reading the PCAp file and understanding the protocol. Then learn you IPD/IDS system to understand how virtual patching works and how you can creat your own virtual patches. My guess is that you need to invest something worth of a month in to this process of learning the protocols and learning how to use the right tools. There is now quick fix here as it will only be a stopgap for 1 very specific type of hole

hugo.vanderkooij gravatar imagehugo.vanderkooij ( 2021-04-12 07:40:33 +0000 )edit

Cant you get the hex string to an attack and patch the attack through IP Tables? Im just wondering how I get the hex string and how to drop traffic with the same hex string with IP Tables. I also want to know how to find the specific IPs coming from the DDoS attack through a pcap that captured a DDoS attack

i99q gravatar imagei99q ( 2021-04-12 10:30:01 +0000 )edit