nanog mailing list archives

Re: Detecting Attacks

From: joel jaeggli <joelja () bogus com>
Date: Sun, 12 Jun 2016 11:00:28 -0700

On 6/10/16 10:39 PM, subashini hariharan wrote:

Hello,

I am Subashini, a graduate student. I am interested in doing my project in
Network Security. I have a doubt related to it.

The aim is to detect DoS/DDoS attacks using the application. I am going to
use ELK (ElasticSearch, Logstash, Kibanna) for processing the logs (Log
Analytics).

My doubt is regarding how do we generate logs for detecting this attack? As
I am new to this process, I am not sure about it.


lots of dos simply isn't targeting the application layer or even the
host especially. So, that stuff will rarely bubble up via syslog for
example until machines start to run into trouble. rather it will be
exposed via flow data or the frequent collection of interface counters.

Also, if it is possible to do any other attacks similar to this, you can
please give a hint about it.

Could anyone please help with this, it would be a great help!!

Attachment: signature.asc
Description: OpenPGP digital signature

Current thread:

Detecting Attacks subashini hariharan (Jun 11)
- Re: Detecting Attacks Suresh Ramasubramanian (Jun 11)
- Re: Detecting Attacks Otto Monnig (Jun 11)
- Re: Detecting Attacks Valdis . Kletnieks (Jun 12)
- Re: Detecting Attacks Pavel Odintsov (Jun 12)
- <Possible follow-ups>
- Detecting Attacks subashini hariharan (Jun 11)
  - Re: Detecting Attacks joel jaeggli (Jun 12)
- Re: Detecting Attacks alvin nanog (Jun 11)