Skip to content

[US] US-008: SYN Flood Attack Detection #100

Description

@arinamnova

User Story Statement

As an Information Security specialist,
I want the system to count how many SYN packets (handshake requests) arrive and how many of them actually receive responses,
so that I can detect attempts to overwhelm the network with thousands of empty requests (SYN flood attacks).

MoSCoW Priority

Should Have

Story Points

1

Notes, Constraints, Assumptions, Open Questions

Suggested three-step approach for security monitoring:

  1. Monitor the ratio of SYN packets to detect general network health and potential overloads.
  2. If the counters breach a threshold, trigger a visual alert on the dashboard.
  3. Allow the user to click the alert, view detailed packet metadata, and eventually apply blocking rules (tied to the traffic blocking/tunneling stories).

Acceptance Criteria

AC 1

Given [initial context], When [action occurs]

  • Then [expected outcome]

AC 2

Given [initial context], When [action occurs]

  • Then [expected outcome]

AC 3

Given [initial context], When [action occurs]

  • Then [expected outcome]

Assigned Reviewer

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    Status
    To do

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions