Threshold for DDOS Attack

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
2
down vote

favorite












I am trying to understand and simulate SYN Flood DDOS attacks. I am using snort to give me alerts. While I have control over the rate for my testing, I am interested in knowing what a good estimate of the traffic rate might be for an actual attack?



Thanks.










share|improve this question

























    up vote
    2
    down vote

    favorite












    I am trying to understand and simulate SYN Flood DDOS attacks. I am using snort to give me alerts. While I have control over the rate for my testing, I am interested in knowing what a good estimate of the traffic rate might be for an actual attack?



    Thanks.










    share|improve this question























      up vote
      2
      down vote

      favorite









      up vote
      2
      down vote

      favorite











      I am trying to understand and simulate SYN Flood DDOS attacks. I am using snort to give me alerts. While I have control over the rate for my testing, I am interested in knowing what a good estimate of the traffic rate might be for an actual attack?



      Thanks.










      share|improve this question













      I am trying to understand and simulate SYN Flood DDOS attacks. I am using snort to give me alerts. While I have control over the rate for my testing, I am interested in knowing what a good estimate of the traffic rate might be for an actual attack?



      Thanks.







      ddos denial-of-service snort






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked 2 hours ago









      cosmicrao

      162




      162




















          2 Answers
          2






          active

          oldest

          votes

















          up vote
          2
          down vote













          I believe the average rate these days (Nov 2018) is on the order of 3 Gbps (though large scale attacks can easily go up to 100 Gbps). One note, TCP SYN floods are a fairly uncommon vector these days. UDP floods are much more common.






          share|improve this answer



























            up vote
            2
            down vote













            Nowadays TCP SYN attacks are not common, focus more on UDP amplification attacks over DNS, memcache and other UDP services. On the other hand, if you want to compute the traffic rate you can use the formula, IP header (20 bytes) + TCP header (20/32) bytes per packet, so is easy to know how many packets per second you need to send if you want a 1GB for example.






            share|improve this answer




















              Your Answer








              StackExchange.ready(function()
              var channelOptions =
              tags: "".split(" "),
              id: "162"
              ;
              initTagRenderer("".split(" "), "".split(" "), channelOptions);

              StackExchange.using("externalEditor", function()
              // Have to fire editor after snippets, if snippets enabled
              if (StackExchange.settings.snippets.snippetsEnabled)
              StackExchange.using("snippets", function()
              createEditor();
              );

              else
              createEditor();

              );

              function createEditor()
              StackExchange.prepareEditor(
              heartbeatType: 'answer',
              convertImagesToLinks: false,
              noModals: true,
              showLowRepImageUploadWarning: true,
              reputationToPostImages: null,
              bindNavPrevention: true,
              postfix: "",
              imageUploader:
              brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
              contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
              allowUrls: true
              ,
              noCode: true, onDemand: true,
              discardSelector: ".discard-answer"
              ,immediatelyShowMarkdownHelp:true
              );



              );













               

              draft saved


              draft discarded


















              StackExchange.ready(
              function ()
              StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f196853%2fthreshold-for-ddos-attack%23new-answer', 'question_page');

              );

              Post as a guest






























              2 Answers
              2






              active

              oldest

              votes








              2 Answers
              2






              active

              oldest

              votes









              active

              oldest

              votes






              active

              oldest

              votes








              up vote
              2
              down vote













              I believe the average rate these days (Nov 2018) is on the order of 3 Gbps (though large scale attacks can easily go up to 100 Gbps). One note, TCP SYN floods are a fairly uncommon vector these days. UDP floods are much more common.






              share|improve this answer
























                up vote
                2
                down vote













                I believe the average rate these days (Nov 2018) is on the order of 3 Gbps (though large scale attacks can easily go up to 100 Gbps). One note, TCP SYN floods are a fairly uncommon vector these days. UDP floods are much more common.






                share|improve this answer






















                  up vote
                  2
                  down vote










                  up vote
                  2
                  down vote









                  I believe the average rate these days (Nov 2018) is on the order of 3 Gbps (though large scale attacks can easily go up to 100 Gbps). One note, TCP SYN floods are a fairly uncommon vector these days. UDP floods are much more common.






                  share|improve this answer












                  I believe the average rate these days (Nov 2018) is on the order of 3 Gbps (though large scale attacks can easily go up to 100 Gbps). One note, TCP SYN floods are a fairly uncommon vector these days. UDP floods are much more common.







                  share|improve this answer












                  share|improve this answer



                  share|improve this answer










                  answered 1 hour ago









                  DarkMatter

                  3816




                  3816






















                      up vote
                      2
                      down vote













                      Nowadays TCP SYN attacks are not common, focus more on UDP amplification attacks over DNS, memcache and other UDP services. On the other hand, if you want to compute the traffic rate you can use the formula, IP header (20 bytes) + TCP header (20/32) bytes per packet, so is easy to know how many packets per second you need to send if you want a 1GB for example.






                      share|improve this answer
























                        up vote
                        2
                        down vote













                        Nowadays TCP SYN attacks are not common, focus more on UDP amplification attacks over DNS, memcache and other UDP services. On the other hand, if you want to compute the traffic rate you can use the formula, IP header (20 bytes) + TCP header (20/32) bytes per packet, so is easy to know how many packets per second you need to send if you want a 1GB for example.






                        share|improve this answer






















                          up vote
                          2
                          down vote










                          up vote
                          2
                          down vote









                          Nowadays TCP SYN attacks are not common, focus more on UDP amplification attacks over DNS, memcache and other UDP services. On the other hand, if you want to compute the traffic rate you can use the formula, IP header (20 bytes) + TCP header (20/32) bytes per packet, so is easy to know how many packets per second you need to send if you want a 1GB for example.






                          share|improve this answer












                          Nowadays TCP SYN attacks are not common, focus more on UDP amplification attacks over DNS, memcache and other UDP services. On the other hand, if you want to compute the traffic rate you can use the formula, IP header (20 bytes) + TCP header (20/32) bytes per packet, so is easy to know how many packets per second you need to send if you want a 1GB for example.







                          share|improve this answer












                          share|improve this answer



                          share|improve this answer










                          answered 44 mins ago









                          camp0

                          38524




                          38524



























                               

                              draft saved


                              draft discarded















































                               


                              draft saved


                              draft discarded














                              StackExchange.ready(
                              function ()
                              StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f196853%2fthreshold-for-ddos-attack%23new-answer', 'question_page');

                              );

                              Post as a guest













































































                              Popular posts from this blog

                              How to check contact read email or not when send email to Individual?

                              Displaying single band from multi-band raster using QGIS

                              How many registers does an x86_64 CPU actually have?