A simple Python-based system for detecting Denial of Service (DoS) attacks using Scapy.
This project implements a DoS detection system that monitors network traffic in real-time and identifies abnormal patterns indicative of a potential DoS attack.
It works by:
- Capturing packets with Scapy.
- Counting packets per IP within a time window.
- Comparing packet counts against a threshold.
- Logging and alerting when suspicious traffic is detected.
- Monitor live traffic on a network interface.
- Detect abnormal spikes in packet flow.
- Alert when a potential DoS attack is identified.
- Maintain logs of detection events for analysis.
- Python 3
- Scapy library
Install Scapy:
pip install scapy
βββ dos_uneeq.py # Main detection script
βββ dos_log.txt # Logs of alerts & packet counts
βββ README.md # Documentation
- Clone this repository:
git clone https://github.com/your-username/dos-detector.git
cd dos-detector
- Run the detection script with sudo/root privileges (required for packet sniffing):
sudo python3 dos_uneeq.py
- By default, it monitors the loopback interface (lo). You can modify it to use another interface in the code:
sniff(iface="eth0", prn=detect_dos, store=False)[INFO] 127.0.0.1 sent 1 packets
----- Checking packet counts -----
[ALERT] Possible DoS attack from 127.0.0.1 - 31684 packets in 10s
----------------------------------
- Time Window: 10 seconds
- Threshold: 100 packets (default)
- If any IP sends more than 100 packets in 10 seconds, it raises an ALERT.
- Events are saved to
dos_log.txt.
You can tune:
time_window = 10 # seconds
threshold = 100 # packetsThis project demonstrates how to detect DoS attacks using traffic monitoring and threshold-based anomaly detection. While simple, it provides a foundation for building more advanced Intrusion Detection Systems (IDS).
