Is it possible to differentiate a nmap port scan from a syn flood attack?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

I am trying to log the different attempts of attacks such as a tcp
port scan, a udp port scan, a syn flood attack, ... arriving at a
computer.

I would like to classify attacks received in sections such as warning
and critical. Warning would be port scans and critical syn flood
attacks. However, I don't get the necessary rules to be able to
differentiate a syn flood attack of a tcp port scan.

Is it possible to differentiate a nmap tcp port scan from a syn flood attack?

I am using Ubuntu 18.04 with Kernel 4.18.

Thanks in advance,



[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux