Detecting SYN Flood Attacks with Colasoft Capsa!
Denial-of-service attack (DoS attack) is a malicious attack to make a machine or network resource unavailable to users, usually by temporarily or indefinitely disrupting services of a host connected to the Internet. (US-CERT 2013)
Today, DoS attack is a common cyber-attack on the network. According to the statistics, every three seconds, there is a DoS attack happening on the Internet. The low cost of launching a DoS attack is one of the major causes of frequent DoS attacks.
Some of the most commonly used DoS attack types include:
Ping of Death, Teardrop, WinNuk, UDP flood, TCP SYN flood, IP Spoofing, Land Attack, Smurf, ICMP flood, etc.
In this article, we will show you how to detect SYN flood attacks using a network analyzer named Colasoft Capsa.
You can download some awesome tools here - Including the Freeware Capsa -
In order to analyze DoS attacks (and Others) , I suggest you follow the three steps below:
Most hosts which are under DoS attack will show high CPU and memory usage or the network bandwidth is occupied by garbage traffic.
We can analyze and locate the attacks by decoding the raw packets. In this way, we will get protocols and behaviors of packets. Compare these information with attack signature, then we can locate the actual attack type.
- Locate issues
With TCP/UDP session and chart function, we can more accurately and quickly locate DOS attacks.
Now, I will give you an example to show you the detailed steps using the visual capabilities of Capsa!.