> [**] DDOS shaft synflood [**] > 01/07-08:21:35.632619 0:2:17:62:12:A5 -> 0:10:4B:C5:F:D > type:0x800 len:0x3C > 194.77.208.1:1580 -> XXX.XXX.XXX.XXX:111 TCP TTL:16 TOS:0x0 ID:58100 > IpLen:20 DgmLen:40 > ******S* Seq: 0x28374839 Ack: 0x2294E541 Win: 0xFFFF TcpLen: 20 > > =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ > =+=+=+=+=+=+ > > I'd like to know if there is anykind of software that can > besides detecting > DoS attack also report via any tool to Administrator and or > ISP Abuse Email
you can use Demarc (http://www.demarc.org/) which is an excellent interface to snort. you could use syn flood protection via iptables and log it to /var/log/synflood and have a cron job that checks the log file, parses it, does funky stuff and then mails you results. you could also look at logcheck from psionic -- Andrew Hatfield Head - Internet Security Division Hatfield & Associates Pty. Ltd. Phone : +61 7 3849 7155 Fax : +61 7 3849 6277 Email : [EMAIL PROTECTED] Web : http://www.hatfields.com.au/
