On Fri, Jul 13, 2012 at 4:06 AM, sahil sharma <[email protected]> wrote: > Hi, > > I want to block a TCP-SYN-FLOOD attacker attacking my server. > I have launched the attack but I can't see any logs. > > How can we detect that there is flooding at the SERVER. > > Please help.
OSSEC doesn't detect scans like this by itself. What are you using to detect scans? Are the logs understood by OSSEC? Are they being monitored by OSSEC?
