2012/7/13 sahil sharma <[email protected]>: > Hi, > > I want to block a TCP-SYN-FLOOD attacker attacking my server. > I have launched the attack but I can't see any logs. > > How can we detect that there is flooding at the SERVER.
You need some way to detect tcp-syn-flooding, maybe using custom iptables rules? I think ossec can detect iptables with log-prefix DROP -- Eero
