Detecting UDP DoS attack
https://stackoverflow.com/questions/11975857
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
i am trying to write a program that detects a UDP DoS attack using C++ and WinPcap. What criteria can i use to identify such an attack? I have noticed many UDP DoS generator programs send the same payload over and over again so i can probably detect that but generating random payload is exceedingly simple. Any ideas on what to do?
Solution
I'm assuming that the UDP packets will have spoofed IP addresses. If you're not going to whitelist the requests so that you can test them for validity, then you may as well come up with a threshold above which you've decided it's "probably" a DoS attack.
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
