Project

General

Profile

[Solved] TCP SYN flood attacks

Added by Emad Alsai over 6 years ago

Dear Prelude teams

Happy new year

I'm testing prelude in order to detect some famous network attacks for my thesis as a Forensic investigations.
I used to test the Prelude with attack of TCP SYN Flood and I realized that the Prelude did not detect it at all!!!!!!!!
Is it truth that Prelude does not detect TCP SYN Flood attacks OR I missed some configurations??
By the way, the agents that I'm using are:
Prelude-lml
Prelude-correlate
Prelude-manager

If you like to email me, my email is sts2010 at google mail dot com

Prelude.png View (26.9 KB)


Replies (1)

RE: TCP SYN flood attacks - Added by Antoine LUONG over 6 years ago

Hello,

You need to install and connect some dedicated network sensors like Suricata in order to detect such attacks.
See InstallingAgentThirdpartySuricata for more details.

Regards

    (1-1/1)