What is the rules to prevent DoS attacks please? #10218
Replies: 4 comments
-
|
I was doing the rules in Suricata, is that correct, |
Beta Was this translation helpful? Give feedback.
-
|
I have read rate filter but I am not sure where to start |
Beta Was this translation helpful? Give feedback.
-
|
I have read the below guides, but I could not find anything to prevent DoS attack https://docs.securityonion.net/en/2.3/suricata.html#suricata |
Beta Was this translation helpful? Give feedback.
-
|
SO does not support IPS mode. |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
Good morning everyone,
I really appreciate your help :)
I am doing the final year project in detecting and preventing DoS attacks using Security Onion, Security Onion is a great product with many tools that I need to learn more.
I have detected the DoS attack from Kali (ICMP flooding) against Ubuntu 22.04 on vmwaer on the alerts dashboard sid:2022973, which is excellent.
Now I need to prevent or block this DoS attack for my Demo at the university,
I will be honest, I searched a lot and watched Security Onion training on YouTube, but I could not find the best solutions or any advice.
my questions please:
what is the best action to prevent a DoS attack from Kali, please?
Also, where to add the new rule, is it in all rules, so rules, or local rules
what is the rule should be please?
Maybe I need to due rate_filter ?
I have posted the detection rule below
alert udp any 68 -> any 67 (msg:"ET POLICY Possible Kali Linux hostname in DHCP Request Packet"; content:"|63 82 53 63 35 01 03|"; content:"|0c 04|kali"; distance:0; nocase; reference:url,www.kali.org; classtype:policy-violation; sid:2022973; rev:1; metadata:attack_target Client_Endpoint, created_at 2016_07_18, deployment Perimeter, former_category POLICY, performance_impact Low, signature_severity Informational, updated_at 2017_10_12;)
Beta Was this translation helpful? Give feedback.
All reactions