sync flood attack identification

  • retag add tags

How to identify sync flood attack or DDoS attack using wire shark

Mubashir's avatar
1
Mubashir
asked 2023-12-23 16:53:49 +0000
edit flag offensive 0 remove flag close merge delete

Comments

What are the characteristics of a sync flood or DDoS attack according to you?

Jaap's avatar Jaap (2023-12-24 13:02:57 +0000) edit
more
  • delete

alert appeared for DDoS attack then I used wire shark it shows multiple sync packets from the trusted IP/ physical address. I want to confirm that how I consider that it is a sync flood attack?

Mubashir's avatar Mubashir (2023-12-24 15:14:38 +0000) edit
more
  • delete

Alert from what?

Jaap's avatar Jaap (2023-12-24 16:06:58 +0000) edit
more
  • delete

I would start with what is on DDOS. https://www.cloudflare.com/learning/d.... Afterwards, think about how to look for the behavior using Wireshark.

BigFatCat's avatar BigFatCat (2023-12-24 16:45:38 +0000) edit
more
  • delete

CISA: DDoS QUICK GUIDE
Do you mean "SYN Flood (TCP/SYN)"?

Chuckc's avatar Chuckc (2023-12-25 00:06:29 +0000) edit
more
  • delete
add a comment see more comments