Project

General

Profile

Actions
Copy link

Support #1992

closed

Testing DDOS attack

Added by Rahul Surya over 7 years ago. Updated over 6 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Affected Versions:
Label:

Description

Actually we are adding a local rule for ddos attack,
Like this
drop tcp any any -> any any (flags: S; msg:"Possible TCP DoS"; flow: stateless; threshold: type both, track by_dst, count 70, seconds 10; sid:10001;rev:1)
after that i am sending DDOS traffic through hping using "hping3 -S -p 80 --flood --rand-source 47.47.47.2" and within less than 10 seconds i am getting this rule in fastlog and traffic is getting dropped ,but after if i made pinging(nomal traffic) to the same interface and no rule is exist ,its not pinging.So can we tell how to test DDOS and DOS traffic and rule needed to be added.

Actions
Copy link
 #1

Updated by Victor Julien over 7 years ago

  • Tracker changed from Bug to Support
  • Priority changed from Immediate to Normal
Actions
Copy link
 #2

Updated by Andreas Herz over 7 years ago

  • Assignee set to Anonymous
  • Target version set to TBD

Can you be more verbose about the step after the hping? You say no rule exists, but did you reload the rules or restart suricata or what did you do exactly?

Actions
Copy link
 #3

Updated by Andreas Herz over 6 years ago

  • Status changed from New to Closed

closed due to no response

Actions
Copy link
 #4

Updated by Victor Julien over 6 years ago

  • Target version deleted (TBD)
Actions
Copy link

Also available in: Atom PDF