This is our old Q&A Site. Please post any new questions and answers at

Guys, I have packet, but not sure is it syn dos attack? If it's not, please can you explain why? I see only syn packets and thought syn flood should look like that.

asked 21 Nov '14, 17:41

Madina%20Mika%20Igibayeva's gravatar image

Madina Mika ...
accept rate: 0%

edited 22 Nov '14, 02:47

grahamb's gravatar image

grahamb ♦

Maybe it is, but I don't think so - the frequency is too slow. SYN dos attacks require hundreds and thousands of SYN packets per second, and you have huge jumps in the time column. So I doubt this is a SYN flood attack, or it is a pretty sloppy one.

By the way, for determining that type of attack it is not good enough to post an image with some SYN packets, especially when the time column format is not clear. Does it display delta times or relative times? If those are delta times, you have pauses of 17 seconds and more between SYNs, which is way too much for any kind of attack. If those are relative times, your column sorting is bad, because they should increase, not go up and down.

Also, to determine a SYN flood attack you'd need to check for SYN/ACKs and if they're answered with a third handshake packet. Plus, your "flood" is comming from a private IP, which is highly unusal for an attack, because it means it is coming from your local network, and you can easily identify the source .

permanent link

answered 22 Nov '14, 03:52

Jasper's gravatar image

Jasper ♦♦
accept rate: 18%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text]( "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:


question asked: 21 Nov '14, 17:41

question was seen: 3,342 times

last updated: 22 Nov '14, 03:52

p​o​w​e​r​e​d by O​S​Q​A