hello,need for help

[abra...@gmail.com]

I want to identify between the legitimate and non-legitimate (normal and attacker )  traffics but i don't know the methods or the possible algorithms to differentiate between the two types of traffic? please  help me to differentiate the two types of traffics.?

[amir heydary]

Hi abra.

normal traffic uses TCP  and attacker traffic uses UDP.

because almost traffics in the internet are HTTP ,FTP, Email and ... that all of them

use TCP protocol. DoS attacker send a lot of udp packets to victim. because UDP do not have congestion control mechanism.

if you want to differentiate the two types of traffics , then you follow :

1) detect translation protocol.

2) get or calculate rate of senders and compare with normal rate.

3) check link buffer to find or prevent congestion.

---

From: "abra...@gmail.com" <abra...@gmail.com>
To: aqmdos-simula...@googlegroups.com
Sent: Thursday, February 28, 2013 7:58 AM
Subject: [aqm-dos-sim-plat] hello,need for help

I want to identify between the legitimate and non-legitimate (normal and attacker )  traffics but i don't know the methods or the possible algorithms to differentiate between the two types of traffic? please  help me to differentiate the two types of traffics.?

--
Message sent from the "AQM&DoS Simulation Platform" group.
To post to this group, send email to
aqmdos-simula...@googlegroups.com
To download the platform, visit the platform site at
http://sites.google.com/site/cwzhangres/home/posts/aqmdossimulationplatform
For more options, visit this group at
http://groups.google.com/group/aqmdos-simulation-platform?hl=en
---
You received this message because you are subscribed to the Google Groups "AQM&DoS Simulation Platform" group.
To unsubscribe from this group and stop receiving emails from it, send an email to aqmdos-simulation-p...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.