nanog mailing list archives
Re: Detecting Attacks
From: joel jaeggli <joelja () bogus com>
Date: Sun, 12 Jun 2016 11:00:28 -0700
On 6/10/16 10:39 PM, subashini hariharan wrote:
Hello, I am Subashini, a graduate student. I am interested in doing my project in Network Security. I have a doubt related to it. The aim is to detect DoS/DDoS attacks using the application. I am going to use ELK (ElasticSearch, Logstash, Kibanna) for processing the logs (Log Analytics). My doubt is regarding how do we generate logs for detecting this attack? As I am new to this process, I am not sure about it.
lots of dos simply isn't targeting the application layer or even the host especially. So, that stuff will rarely bubble up via syslog for example until machines start to run into trouble. rather it will be exposed via flow data or the frequent collection of interface counters.
Also, if it is possible to do any other attacks similar to this, you can please give a hint about it. Could anyone please help with this, it would be a great help!!
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- Detecting Attacks subashini hariharan (Jun 11)
- Re: Detecting Attacks Suresh Ramasubramanian (Jun 11)
- Re: Detecting Attacks Otto Monnig (Jun 11)
- Re: Detecting Attacks Valdis . Kletnieks (Jun 12)
- Re: Detecting Attacks Pavel Odintsov (Jun 12)
- <Possible follow-ups>
- Detecting Attacks subashini hariharan (Jun 11)
- Re: Detecting Attacks joel jaeggli (Jun 12)
- Re: Detecting Attacks alvin nanog (Jun 11)