WE ARE USING A SATELITE LINK TO REACH INTERNET AND OUR PROVIDER SEES MANY SYN ATTACK REQUEST IN THEIR MONITORING SYSTEM. THIS ATTACK AFFECTA US PRODUCING DELAY IN OUR APPLICATION LIKE THAT: BPOS EMAIL, AND INTERNET NAVEGATION. DO YOU HAVE AN EXAMPLE HOW TO DETECT THIS ATTACK WITH WIRESHARK? asked 02 Apr '11, 11:04  ROGER |
One Answer:
First of all, you might want to disable your CAPS lock key ;-) Detecting SYN Flood attacks is usually quite easy - if you see lots of packets coming in with the SYN flag set in a very short time frame (from either one single IP or literally from all over the world) you're probably being attacked. Typically those attacks try to hammer your servers with rapid series of SYNs without ever reacting to the resulting SYN/ACK. If you're not familiar with the TCP Three Way Handshake you should do that, and then find out if the incoming sessions leave the connections half open by not sending the final ACK. You might want to filter on SYN packets using answered 02 Apr '11, 11:11  Jasper ♦♦ |
