Monitoring Splunk
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

We are trying to detect DDOS using splunk that has been deployed on a GCP windows server instance we need help!

VashisthaPandya
New Member
‎03-31-2024 05:22 AM

So for our Final year project we have been assigned the project of implementing DDOS and detecting it with Splunk
Now our issue is that we are not getting any logs from the Splunk's ADD DATA INPUT option of Local Windows Networking Monitoring which seems to work for the video I was following to do that

Context of DDOS: 
SO we are using hping3 tcp syn flood attack but their logs aren't getting in through my newly added data input source 
All the other network logs are generating like network from my gcp to rdp to server and back
but these are the only type of logs that are showing
Now if I were to guess the problem it might be that there are two IP provided to us by GCP
Internal and External IP
I've attacked on both but there is no difference in the incoming LOGS
I've checked the connectivity between the two VM's on GCP i.e. Win and Ubuntu 
using ping and telnet 
Also have turned off the rdp win's firewall
also added a firewall rule that allows ingress tcp packets over the port 80 and 21 (which we are attacking on)
So my guess ultimately is that the server of GCP is blocking these type of packets
I'm still not sure how all these things work(I'm a AI dev you see this is not my field)
SO Please help me if you can and have time to!|
THANK YOU for reading my question and taking your time for doing it

IF you have any other questions that you need the answers for to help me be free to ask away as much you guys want

Tags (2)
0 Karma
Reply

meetmshah
SplunkTrust
SplunkTrust
‎04-03-2024 01:22 AM

Hello, Just checking through if the issue was resolved or you have any further questions?

0 Karma
Reply

meetmshah
SplunkTrust
SplunkTrust
‎03-31-2024 08:43 AM

Hello @VashisthaPandya, Do you really want to have a "real-real" traffic or dummy would work? Because you can generate dummy Windows EventCode traffic through EventGen (https://splunkbase.splunk.com/app/1924) and deploy it and focus on writing effective search query.

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

Splunkbase Unveils New App Listing Management Public Preview

Splunkbase Unveils New App Listing Management Public PreviewWe're thrilled to announce the public preview of ...

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Are you leveraging automation to its fullest potential in your threat detection strategy?Our upcoming Security ...

Can’t Make It to Boston? Stream .conf25 and Learn with Haya Husain

Boston may be buzzing this September with Splunk University and .conf25, but you don’t have to pack a bag to ...