dos-detector
DoS/DDoS Attack Detection - Log analysis, traffic patterns, and anomaly detection
claude mcp add --transport stdio marc-shade-dos-detector-mcp python -m dos_detector \ --env LOG_FORMAT="Default log format, configurable via config file" \ --env THRESHOLDS_API="URL or path to thresholds configuration (optional)"
How to use
The DoS Detector MCP Server monitors web traffic and log data to identify and mitigate denial-of-service patterns. It analyzes access logs (Apache, Nginx), authentication logs, and traffic patterns to detect indicators such as HTTP floods, SYN floods, slowloris behavior, and anomalous bandwidth spikes. Tools exposed by the server include analyze_access_log for parsing server logs to surface DoS indicators, detect_syn_flood and detect_http_flood to examine connection and request patterns, detect_slowloris to flag slow HTTP attacks, and analyze_ip_rates to assess per-IP traffic rates. Additional capabilities like detect_amplification and generate_dos_report provide deeper analysis and summary reports, while get_attack_indicators returns a list of IoCs derived from detected incidents. This MCP server integrates with other agents in the Agentic System to provide real-time alerts and contribute to a broader defense-in-depth strategy.
How to install
Prerequisites:
- Python 3.10+ installed on the system
- Access to the project repository (clone or download)
- Optional: virtual environment tool (venv) is recommended
Install steps:
-
Clone the repository: git clone https://github.com/marc-shade/dos-detector-mcp.git cd dos-detector-mcp
-
Create and activate a virtual environment (recommended): python3.10 -m venv venv source venv/bin/activate # On Windows use: venv\Scripts\activate
-
Install dependencies: pip install -r requirements.txt
If there is a setup.py or pyproject.toml, you can alternatively install with:
pip install -e .
-
Run the MCP server (module-based execution): python -m dos_detector
-
Optional: provide a configuration file or environment variables to customize logs formats and thresholds as needed. Ensure any required data sources (log file paths, network interfaces) are accessible by the process.
Additional notes
Tips:
- Ensure the server has read access to web server logs (Apache/Nginx) and authentication logs you want to monitor.
- Thresholds are configurable; tune them to balance detection sensitivity and false positives.
- If running behind containers or in a restricted environment, set appropriate network permissions and mount log directories.
- Use the provided environment variables (LOG_FORMAT, THRESHOLDS_API) to customize parsing and thresholds without modifying code.
- Check log formats compatibility and consider adding regex-based custom parsers if needed.
- For deployment, consider integrating with the MCP ecosystem to enable real-time alerts and cross-server analytics.
Related MCP Servers
lc2mcp
Convert LangChain tools to FastMCP tools
mcp-config-manager
Manage MCP server configs across Claude, Gemini & other AI systems. Interactive CLI for server enable/disable, preset management & config sync.
fcpxml
🎬 The first AI-powered MCP server for Final Cut Pro XML. Control your edits with natural language.
web-research-assistant
MCP server for SearXNG with 13 production-ready tools for web search, package info, GitHub integration, error translation, API docs, and more
mcp_server_code_extractor
🎯 Precise code extraction for AI assistants - MCP server using tree-sitter to extract functions, classes & snippets from 30+ languages without manual parsing
mcp -for-Github
Updated description by github_update_repository test
