failure of TCP after DOS attack
I am using suricata-3.1.2 as DUT and we are using 3 machine setup server(connecting to WAN)<--->DUT<--->client and in rules i added dos attack rule
"drop tcp any any -> any any (flags: S; msg:"Possible TCP DoS"; flow: stateless; detection_filter:track by_dst, count 100, seconds 5; sid:10001;rev:1)"
and making hping from client "hping3 -S -p 80 --flood --rand-source <server ip>" so it will take care of sending different source ips to destination ip.
So DUT is able to stop this DOS attack after allowing 100 count of source ips,and after that i am stopping this hping traffic and accessing the server through ftp or accessing any website facebook or any other ,so that DUT is not allowing any traffic of TCP after DOS attack.(these file access and website access doesnt send 100 packets in 5 seconds). and logging of rule is getting happened.