[189987] in North American Network Operators' Group
Re: Detecting Attacks
daemon@ATHENA.MIT.EDU (joel jaeggli)
Sun Jun 12 14:00:35 2016
X-Original-To: NANOG@nanog.org
To: subashini hariharan <suba.h17@gmail.com>, NANOG@nanog.org
From: joel jaeggli <joelja@bogus.com>
Date: Sun, 12 Jun 2016 11:00:28 -0700
In-Reply-To: <CAD=4tqRpouj8UGZqJZMG8FM-qBNkLQgJopq1DwwGCmcDJNsOJA@mail.gmail.com>
Errors-To: nanog-bounces@nanog.org
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--CbW64VCPeMiB6aBrCmqiTrlmLTeahilv4
From: joel jaeggli <joelja@bogus.com>
To: subashini hariharan <suba.h17@gmail.com>, NANOG@nanog.org
Message-ID: <7e028977-043c-1f40-c3d2-4fd7dfcaa02d@bogus.com>
Subject: Re: Detecting Attacks
References: <CAD=4tqRpouj8UGZqJZMG8FM-qBNkLQgJopq1DwwGCmcDJNsOJA@mail.gmail.com>
In-Reply-To: <CAD=4tqRpouj8UGZqJZMG8FM-qBNkLQgJopq1DwwGCmcDJNsOJA@mail.gmail.com>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
On 6/10/16 10:39 PM, subashini hariharan wrote:
> Hello,
>=20
> I am Subashini, a graduate student. I am interested in doing my project=
in
> Network Security. I have a doubt related to it.
>=20
> The aim is to detect DoS/DDoS attacks using the application. I am going=
to
> use ELK (ElasticSearch, Logstash, Kibanna) for processing the logs (Log=
> Analytics).
>=20
> My doubt is regarding how do we generate logs for detecting this attack=
? As
> I am new to this process, I am not sure about it.
lots of dos simply isn't targeting the application layer or even the
host especially. So, that stuff will rarely bubble up via syslog for
example until machines start to run into trouble. rather it will be
exposed via flow data or the frequent collection of interface counters.
> Also, if it is possible to do any other attacks similar to this, you ca=
n
> please give a hint about it.
>=20
> Could anyone please help with this, it would be a great help!!
>=20
--CbW64VCPeMiB6aBrCmqiTrlmLTeahilv4
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
iEYEARECAAYFAlddoz0ACgkQ8AA1q7Z/VrKN+ACfQLu+LJNxqUiZtHjO6HGnDELj
1ksAn1YeC23Jx5Tu7rVmI9iU5e8iPHM2
=yjeq
-----END PGP SIGNATURE-----
--CbW64VCPeMiB6aBrCmqiTrlmLTeahilv4--
