[189980] in North American Network Operators' Group
Re: Detecting Attacks
daemon@ATHENA.MIT.EDU (Otto Monnig)
Sat Jun 11 18:01:41 2016
X-Original-To: nanog@nanog.org
From: Otto Monnig <omonnig@gmail.com>
In-Reply-To: <CAD=4tqQ4NLX3Adu_ZppJ_9di6YM=5SxYkCeVuXqo70epYeHG3w@mail.gmail.com>
Date: Sat, 11 Jun 2016 17:01:35 -0500
To: subashini hariharan <suba.h17@gmail.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces@nanog.org
Security Onion is a FOSS Linux distribution with several great security =
tools integrated into an installer. =20
https://security-onion-solutions.github.io/security-onion/ =
<https://security-onion-solutions.github.io/security-onion/>
Snort & Suricata are signature based detection tools. Bro is a domain =
specific language for packet analysis and processing.
https://isc.sans.edu/forums/diary/Why+I+think+you+should+try+Bro/15259/ =
<https://isc.sans.edu/forums/diary/Why+I+think+you+should+try+Bro/15259/>
--
Otto Monnig
> On Jun 11, 2016, at 12:22 AM, subashini hariharan <suba.h17@gmail.com> =
wrote:
>=20
> Hello,
>=20
> I am Subashini, a graduate student. I am interested in doing my =
project in
> Network Security. I have a doubt related to it.
>=20
> The aim is to detect DoS/DDoS attacks using the application. I am =
going to
> use ELK (ElasticSearch, Logstash, Kibanna) for processing the logs =
(Log
> Analytics).
>=20
> My doubt is regarding how do we generate logs for detecting this =
attack? As
> I am new to this process, I am not sure about it.
>=20
> Also, if it is possible to do any other attacks similar to this, you =
can
> please give a hint about it.
>=20
> Could anyone please help with this, it would be a great help!!
>=20
>=20
> --=20
> Thank You.
>=20
> With Regards,
> H.Subashini
