Dipmoy has asked for the wisdom of the Perl Monks concerning the following question:

This node falls below the community's minimum standard of quality and will not be displayed.

Replies are listed 'Best First'.
Re: SYN attack detection code
by Corion (Patriarch) on Dec 30, 2010 at 08:02 UTC

    Detecting a SYN flood attack is something very OS specific. You will need to talk to the network stack of your OS. Maybe your OS has a logging facility where it tells you how many SYN packets it has received and from what IP. Use that facility from Perl then.

    Maybe you can use libpcap (or WinPcap) with Net::Pcap to count and detect how many SYN packets you receive. But as libpcap is separate from your OS networking stack, it likely won't be able to prevent the problems that a SYN flood causes.

[reply]
[d/l]
[select]
    A reply falls below the community's threshold of quality. You may see it by logging in.

Back to Seekers of Perl Wisdom