# 2. Detect and Protect DOS and DDOS attacks

{% embed url="<https://youtu.be/m2LoHpqrN4o>" %}
Detecting DDOS Attacks with Wireshark
{% endembed %}

## 1. Detect and Protect DDOS attacks using Anti DDOS Guardian

{% embed url="<https://www.anti-ddos.net/>" %}

<figure><img src="https://2218819509-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FrUBnODuUX4EQ8P27uc5D%2Fuploads%2FZG7JnHUkwNONLruj1wC4%2Fimage.png?alt=media&#x26;token=bda9e0dc-425c-49a1-bd70-d0adce7fbc0b" alt=""><figcaption></figcaption></figure>

## 2. Detect DDOS with Wireshark

You can detect a DOS attack by simply viewing a pcap file, a large no of packets from a source within a short span of time indicate a DOS attack. A big giveaway is a large number of SYN packets being sent to our Windows 10 PC. We are able to note the start of the attack by a huge flood of TCP traffic. If there is a huge discrepancy between the results of the bottom 2 display filters, we have syn flood attack

```
To find DOS (SYN and ACK) : tcp.flags.syn == 1  , tcp.flags.syn == 1 and tcp.flags.ack == 0
```

Moreover, If we use the following display filter to display syn/ack packets there will be a huge discrepancy between them

```
tcp.flags.syn == 1 and tcp.flags.ack == 1
```

We can also view Wireshark’s graphs for a visual representation of the uptick in traffic. The I/O graph can be found via the Statistics>I/O Graph menu. It shows a massive spike in overall packets from near 0 to up to 2400 packets a second.

<figure><img src="https://2218819509-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FrUBnODuUX4EQ8P27uc5D%2Fuploads%2F1IkqWLSi3T36cda75fgf%2Fimage.png?alt=media&#x26;token=8ae580c7-3bc4-4fc1-ba8e-352de9bb1a14" alt=""><figcaption></figcaption></figure>

Go to statistics and select conversations. If there are a number of packets targeted on one IP and no reply pack, it indicates DDOS. You can also check the TCP tab

<figure><img src="https://2218819509-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FrUBnODuUX4EQ8P27uc5D%2Fuploads%2F0lnolzvvLTX53dloFofF%2Fimage.png?alt=media&#x26;token=3d5a1204-2425-461b-b9ef-4e48f8f16653" alt=""><figcaption></figcaption></figure>

{% embed url="<https://www.comparitech.com/net-admin/wireshark-cheat-sheet/>" %}

<mark style="color:blue;">You can also use other DoS and DDoS protection tools such as,</mark> <mark style="color:blue;"></mark><mark style="color:blue;">**DOSarrest’s DDoS protection service**</mark> <mark style="color:blue;"></mark><mark style="color:blue;">(<https://www.dosarrest.com>),</mark> <mark style="color:blue;"></mark><mark style="color:blue;">**DDoS-GUARD**</mark> <mark style="color:blue;"></mark><mark style="color:blue;">(<https://ddos-guard.net>),</mark> <mark style="color:blue;"></mark><mark style="color:blue;">**Radware DefensePro X**</mark> <mark style="color:blue;"></mark><mark style="color:blue;">(<https://www.radware.com>),</mark> <mark style="color:blue;"></mark><mark style="color:blue;">**F5 DDoS Attack Protection**</mark> <mark style="color:blue;"></mark><mark style="color:blue;">(<https://www.f5.com>) to protect organization’s systems and networks from DoS and DDoS attacks.</mark>

{% embed url="<https://www.udemy.com/course/ethical-hacker-practical/?referralCode=289CF01CF51246BCAD6C>" %}