Skip to Main Content
To defend DoS (denial of service) Attacks, the access filtering mechanism is adopted on the end servers or the IDS (intrusion detection system). The difficulty to define the filtering rules comes from the hardness to identify normal and anomaly packets from the incoming packets. In this paper, we analyze the amount of incoming packet to our college and extract characters of IP packets classified by the source and destination IP addresses and destination port numbers. We can clearly identify the countries and providers of denial packets and extract the characters of crawls of search engines.