Ask Your Question
0

How to differentiate between DDoS communications and benign communications?

asked 2022-08-09 14:34:44 +0000

ahmed-hamed14 gravatar image

I'm using the DDoS data available https://data.mendeley.com/datasets/8n...

The first 115,116 are categorized as DoS attacks because the three-way handshake is not satisfied; this is intuitive. However, row number 115124 does not satisfy the condition and is categorized as benign. There are several rows similar to this case. Can anyone elaborate on this?

edit retag flag offensive close merge delete
add a comment

1 Answer

Sort by ยป oldest newest most voted
0

answered 2022-08-10 12:14:25 +0000

tmp gravatar image

Because frame number 115125 resets the TCP connection, (TCP flags in column 21 show 0x00000004).

edit flag offensive delete link more
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

subscribe to rss feed

Stats

Asked: 2022-08-09 14:34:44 +0000

Seen: 118 times

Last updated: Aug 10 '22

Related questions

Is this a Webstresser or a DDoS attack?

Is this a DDoS?

I captured what I believe is an unpatchable attack [closed]

Help With Linux Kernel To Patch An Attack [closed]

Is this a Webstresser or a DDOS attack or a fake one?

I have same Transaction ID for all packets in DNS. Is there possibility of DNS flood or DNS amp attack?

How can I patch a DDoS attack with a pcap?

Strange packets captured