sync flood attack identification

asked 2023-12-23 16:53:49 +0000

Mubashir gravatar image

How to identify sync flood attack or DDoS attack using wire shark

edit retag flag offensive close merge delete

Comments

What are the characteristics of a sync flood or DDoS attack according to you?

Jaap gravatar imageJaap ( 2023-12-24 13:02:57 +0000 )edit

alert appeared for DDoS attack then I used wire shark it shows multiple sync packets from the trusted IP/ physical address. I want to confirm that how I consider that it is a sync flood attack?

Mubashir gravatar imageMubashir ( 2023-12-24 15:14:38 +0000 )edit

Alert from what?

Jaap gravatar imageJaap ( 2023-12-24 16:06:58 +0000 )edit

I would start with what is on DDOS. https://www.cloudflare.com/learning/d.... Afterwards, think about how to look for the behavior using Wireshark.

BigFatCat gravatar imageBigFatCat ( 2023-12-24 16:45:38 +0000 )edit

CISA: DDoS QUICK GUIDE
Do you mean "SYN Flood (TCP/SYN)"?

Chuckc gravatar imageChuckc ( 2023-12-25 00:06:29 +0000 )edit
add a comment