nanog mailing list archives

Re: Detecting Attacks

From: Otto Monnig <omonnig () gmail com>
Date: Sat, 11 Jun 2016 17:01:35 -0500

Security Onion is a FOSS Linux distribution with several great security tools integrated into an installer.  
https://security-onion-solutions.github.io/security-onion/ <https://security-onion-solutions.github.io/security-onion/>

Snort & Suricata are signature based detection tools.  Bro is a domain specific language for packet analysis and 
processing.

https://isc.sans.edu/forums/diary/Why+I+think+you+should+try+Bro/15259/ 
<https://isc.sans.edu/forums/diary/Why+I+think+you+should+try+Bro/15259/>

--
Otto Monnig

On Jun 11, 2016, at 12:22 AM, subashini hariharan <suba.h17 () gmail com> wrote:

Hello,

I am Subashini, a graduate student. I am interested in doing my project in
Network Security. I have a doubt related to it.

The aim is to detect DoS/DDoS attacks using the application. I am going to
use ELK (ElasticSearch, Logstash, Kibanna) for processing the logs (Log
Analytics).

My doubt is regarding how do we generate logs for detecting this attack? As
I am new to this process, I am not sure about it.

Also, if it is possible to do any other attacks similar to this, you can
please give a hint about it.

Could anyone please help with this, it would be a great help!!


-- 
Thank You.

With Regards,
H.Subashini

Current thread:

Detecting Attacks subashini hariharan (Jun 11)
- Re: Detecting Attacks Suresh Ramasubramanian (Jun 11)
- Re: Detecting Attacks Otto Monnig (Jun 11)
- Re: Detecting Attacks Valdis . Kletnieks (Jun 12)
- Re: Detecting Attacks Pavel Odintsov (Jun 12)
- <Possible follow-ups>
- Detecting Attacks subashini hariharan (Jun 11)
  - Re: Detecting Attacks joel jaeggli (Jun 12)
- Re: Detecting Attacks alvin nanog (Jun 11)