# 2. Detect and Protect DOS and DDOS attacks

{% embed url="<https://youtu.be/m2LoHpqrN4o>" %}
Detecting DDOS Attacks with Wireshark
{% endembed %}

## 1. Detect and Protect DDOS attacks using Anti DDOS Guardian

{% embed url="<https://www.anti-ddos.net/>" %}

<figure><img src="/files/Xhssylee8PTakDDoDyUl" alt=""><figcaption></figcaption></figure>

## 2. Detect DDOS with Wireshark

You can detect a DOS attack by simply viewing a pcap file, a large no of packets from a source within a short span of time indicate a DOS attack. A big giveaway is a large number of SYN packets being sent to our Windows 10 PC. We are able to note the start of the attack by a huge flood of TCP traffic. If there is a huge discrepancy between the results of the bottom 2 display filters, we have syn flood attack

```
To find DOS (SYN and ACK) : tcp.flags.syn == 1  , tcp.flags.syn == 1 and tcp.flags.ack == 0
```

Moreover, If we use the following display filter to display syn/ack packets there will be a huge discrepancy between them

```
tcp.flags.syn == 1 and tcp.flags.ack == 1
```

We can also view Wireshark’s graphs for a visual representation of the uptick in traffic. The I/O graph can be found via the Statistics>I/O Graph menu. It shows a massive spike in overall packets from near 0 to up to 2400 packets a second.

<figure><img src="/files/Eg8XcqOBAswnwjsmpjWu" alt=""><figcaption></figcaption></figure>

Go to statistics and select conversations. If there are a number of packets targeted on one IP and no reply pack, it indicates DDOS. You can also check the TCP tab

<figure><img src="/files/2dOv72JGCtN0Ef17Gm9R" alt=""><figcaption></figcaption></figure>

{% embed url="<https://www.comparitech.com/net-admin/wireshark-cheat-sheet/>" %}

<mark style="color:blue;">You can also use other DoS and DDoS protection tools such as,</mark> <mark style="color:blue;"></mark><mark style="color:blue;">**DOSarrest’s DDoS protection service**</mark> <mark style="color:blue;"></mark><mark style="color:blue;">(<https://www.dosarrest.com>),</mark> <mark style="color:blue;"></mark><mark style="color:blue;">**DDoS-GUARD**</mark> <mark style="color:blue;"></mark><mark style="color:blue;">(<https://ddos-guard.net>),</mark> <mark style="color:blue;"></mark><mark style="color:blue;">**Radware DefensePro X**</mark> <mark style="color:blue;"></mark><mark style="color:blue;">(<https://www.radware.com>),</mark> <mark style="color:blue;"></mark><mark style="color:blue;">**F5 DDoS Attack Protection**</mark> <mark style="color:blue;"></mark><mark style="color:blue;">(<https://www.f5.com>) to protect organization’s systems and networks from DoS and DDoS attacks.</mark>

{% embed url="<https://www.udemy.com/course/ethical-hacker-practical/?referralCode=289CF01CF51246BCAD6C>" %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://ceh-practical.cavementech.com/module-10.-denial-of-service/2.-detect-and-protect-dos-and-ddos-attacks.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.