2. Detect and Protect DOS and DDOS attacks

1. Detect and Protect DDOS attacks using Anti DDOS Guardian

2. Detect DDOS with Wireshark

You can detect a DOS attack by simply viewing a pcap file, a large no of packets from a source within a short span of time indicate a DOS attack. A big giveaway is a large number of SYN packets being sent to our Windows 10 PC. We are able to note the start of the attack by a huge flood of TCP traffic. If there is a huge discrepancy between the results of the bottom 2 display filters, we have syn flood attack

To find DOS (SYN and ACK) : tcp.flags.syn == 1  , tcp.flags.syn == 1 and tcp.flags.ack == 0

Moreover, If we use the following display filter to display syn/ack packets there will be a huge discrepancy between them

tcp.flags.syn == 1 and tcp.flags.ack == 1

We can also view Wireshark’s graphs for a visual representation of the uptick in traffic. The I/O graph can be found via the Statistics>I/O Graph menu. It shows a massive spike in overall packets from near 0 to up to 2400 packets a second.

Go to statistics and select conversations. If there are a number of packets targeted on one IP and no reply pack, it indicates DDOS. You can also check the TCP tab

You can also use other DoS and DDoS protection tools such as, DOSarrest’s DDoS protection service (https://www.dosarrest.com), DDoS-GUARD (https://ddos-guard.net), Radware DefensePro X (https://www.radware.com), F5 DDoS Attack Protection (https://www.f5.com) to protect organization’s systems and networks from DoS and DDoS attacks.

Previous1. Perform DOS and DDOS with various techniques NextModule 11. Session Hijacking

Last updated 4 months ago

Was this helpful?