2. Detect and Protect DOS and DDOS attacks

1. Detect and Protect DDOS attacks using Anti DDOS Guardian

Anti DDoS Software Free Downloads - BeeThink Anti DDoS Solution

2. Detect DDOS with Wireshark

You can detect a DOS attack by simply viewing a pcap file, a large no of packets from a source within a short span of time indicate a DOS attack. A big giveaway is a large number of SYN packets being sent to our Windows 10 PC. We are able to note the start of the attack by a huge flood of TCP traffic. If there is a huge discrepancy between the results of the bottom 2 display filters, we have syn flood attack

To find DOS (SYN and ACK) : tcp.flags.syn == 1  , tcp.flags.syn == 1 and tcp.flags.ack == 0

Moreover, If we use the following display filter to display syn/ack packets there will be a huge discrepancy between them

tcp.flags.syn == 1 and tcp.flags.ack == 1

We can also view Wireshark’s graphs for a visual representation of the uptick in traffic. The I/O graph can be found via the Statistics>I/O Graph menu. It shows a massive spike in overall packets from near 0 to up to 2400 packets a second.

Go to statistics and select conversations. If there are a number of packets targeted on one IP and no reply pack, it indicates DDOS. You can also check the TCP tab

Wireshark Cheat Sheet - Commands, Captures, Filters, Shortcuts & FAQsComparitech

You can also use other DoS and DDoS protection tools such as, DOSarrest’s DDoS protection service (https://www.dosarrest.com), DDoS-GUARD (https://ddos-guard.net), Radware DefensePro X (https://www.radware.com), F5 DDoS Attack Protection (https://www.f5.com) to protect organization’s systems and networks from DoS and DDoS attacks.

Certified Ethical Hacker (CEHv12) Practical hands on LabsUdemy