alert appeared for DDoS attack then I used wire shark it shows multiple sync packets from the trusted IP/ physical address. I want to confirm that how I consider that it is a sync flood attack?
Please start posting anonymously - your entry will be published after you log in or create a new account.
This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.
Comments
What are the characteristics of a sync flood or DDoS attack according to you?
alert appeared for DDoS attack then I used wire shark it shows multiple sync packets from the trusted IP/ physical address. I want to confirm that how I consider that it is a sync flood attack?
Alert from what?
I would start with what is on DDOS. https://www.cloudflare.com/learning/d.... Afterwards, think about how to look for the behavior using Wireshark.
CISA: DDoS QUICK GUIDE
Do you mean "SYN Flood (TCP/SYN)"?