diff --git a/Kode program.txt b/Kode program.txt index 48393f6..23c57a9 100644 --- a/Kode program.txt +++ b/Kode program.txt @@ -1,92 +1,198 @@ -Kode program dalam Implementasi Snort Untuk Mendeteksi Serangan DDOS Pada Jaringan Web Server adalah sebagai berikut: -a. Install LOIC di Kali Linux -1) # apt-get update -2) # git clone https://github.com/nicolargo/loicinstaller.git -3) # cd Downloads -4) # chmod 777 loic.sh -5) # ./loic.sh install -6) # ./loic.sh update -7) # cd LOIC-master -8) # ./loic.sh run - -b. Install Hping3 di Kali Linux -1) # sudo apt-get update -2) # sudo apt-get install hping3 -3) # hping3 –version - -c. Install Apache di Ubuntu -1) # sudo apt-get update -2) # sudo apt-get install apache2 -3) # sudo systemctl start apache2 -4) # sudo systemctl enable apache2 - -d. Install Snort 3 di Ubuntu -1) # sudo apt-get update -2) # apt install build-essential libpcap-dev libpcre3-dev libnet1-dev zlib1g-dev luajit hwloc libdnet-dev libdumbnet-dev bison flex liblzma-dev openssl libssl-dev pkg-config libhwloc-dev cmake cpputest libsqlite3-dev uuid-dev libcmocka-dev libnetfilter-queue-dev libmnl-dev autotools-dev libluajit-5.1-dev libunwind-dev libfl-dev -y -3) # git clone https://github.com/snort3/libdaq.git -4) # cd libdaq -5) # ./bootstrap -6) # ./configure -7) # cd -8) wget https://github.com/snort3/snort3/archive/refs/tags/3.1.43.0.tar.gz -9) # tar -xvzf 3.1.43.0.tar.gz -10) # cd snort3-3.1.43.0 ./configure_cmake.sh --prefix=/usr/local --enable-tcmalloc -11) # cd build -make -make install -ldconfig -12) # snort -V - -e. Penyerangan TCP Syn Flood -1) # sudo hping3 -S --flood -V -p 80 -–rand-source 192.168.0.199 - -f. Monitoring Apache Server Status -1) # sudo a2enmod status -2) # sudo nano /etc/apache2/sites-available/000-default.conf -3) # sudo systemctl restart apache2 - -g. Konfigurasi Network Interface -1) # ip link set dev enp0s3 pormisc on -2) # ip add sh enp0s3 -3) # ethtool -k enp0s3 | grep receive-offload -4) # ethtool -K enp0s3 gro off lro off - -h. Konfigurasi NIC Snort -1) # sudo nano /etc/systemd/system/snort3-nic.service -2) # sudo systemctl daemon-reload -3) # sudo systemctl start snort3-nic.service -4) # sudo systemctl status snort3-nic.service -5) # sudo systemctl enable snort3-nic.service -6) # sudo journalctl -u snort3-nic.service - -i. Konfigurasi Snort -1) # mkdir /usr/local/etc/rules -2) # wget -qO- https://www.snort.org/downloads/community/snort3-community-rules.tar.gz | tar xz -C /usr/local/etc/rules/ -3) # nano /usr/local/etc/snort/snort.lua -4) HOME_NET = '192.168.0.199' -EXTERNAL_NET = 'any' - -j. Konfigurasi Ruleset Snort -1) # nano /usr/local/etc/rules/local.rules -2) # snort -c /usr/local/etc/snort/snort.lua -R /usr/local/etc/rules/local.rules -3) # snort -c /usr/local/etc/snort/snort.lua -R /usr/local/etc/rules/local.rules -i enp0s3 -A alert_fast -s 65535 -k none - -k. Konfigurasi Systemd Service Snort -1. # nano /etc/systemd/system/snort3.service -2. # systemctl daemon-reload -3. # systemctl enable --now snort3 -4. # systemctl status snort3 - -l. Pengujian Snort Menggunakan Hping3 -1) # sudo systemctl start snort3-nic -2) # sudo systemctl status snort3-nic -3) # sudo hping3 -S --flood -V -p 80 192.168.0.199 -4) # tail -f /var/log/snort/alert_fast.txt -5) # snort -c /usr/local/etc/snort/snort.lua -R /usr/local/etc/rules/local.rules -i enp0s3 -A alert_fast -s 65535 -k none - -m. Install Cockpit -1. # sudo apt install cockpit -2. # sudo systemctl start cockpit -3. # systemctl status cockpit -4. https://192.168.189.70:9090 - +Kode program dalam Implementasi Snort Untuk Mendeteksi Serangan DDOS Pada Jaringan Web Server adalah sebagai berikut: +a. Install LOIC di Kali Linux +1) # apt-get update +2) # git clone https://github.com/nicolargo/loicinstaller.git +3) # cd Downloads +4) # chmod 777 loic.sh +5) # ./loic.sh install +6) # ./loic.sh update +7) # cd LOIC-master +8) # ./loic.sh run + +b. Install Hping3 di Kali Linux +1) # sudo apt-get update +2) # sudo apt-get install hping3 +3) # hping3 –version + +c. Install Apache di Ubuntu +1) # sudo apt-get update +2) # sudo apt-get install apache2 +3) # sudo systemctl start apache2 +4) # sudo systemctl enable apache2 + +d. Install Snort 3 di Ubuntu +1) # sudo apt-get update +2) # apt install build-essential libpcap-dev libpcre3-dev libnet1-dev zlib1g-dev luajit hwloc libdnet-dev libdumbnet-dev bison flex liblzma-dev openssl libssl-dev pkg-config libhwloc-dev cmake cpputest libsqlite3-dev uuid-dev libcmocka-dev libnetfilter-queue-dev libmnl-dev autotools-dev libluajit-5.1-dev libunwind-dev libfl-dev -y +3) # git clone https://github.com/snort3/libdaq.git +4) # cd libdaq +5) # ./bootstrap +6) # ./configure +7) # cd +8) wget https://github.com/snort3/snort3/archive/refs/tags/3.1.43.0.tar.gz +9) # tar -xvzf 3.1.43.0.tar.gz +10) # cd snort3-3.1.43.0 ./configure_cmake.sh --prefix=/usr/local --enable-tcmalloc +11) # cd build +make +make install +ldconfig +12) # snort -V + +e. Penyerangan TCP Syn Flood +1) # sudo hping3 -S --flood -V -p 80 -–rand-source 192.168.0.199 + +f. Monitoring Apache Server Status +1) # sudo a2enmod status +2) # sudo nano /etc/apache2/sites-available/000-default.conf +3) # sudo systemctl restart apache2 + +g. Konfigurasi Network Interface +1) # ip link set dev enp0s3 pormisc on +2) # ip add sh enp0s3 +3) # ethtool -k enp0s3 | grep receive-offload +4) # ethtool -K enp0s3 gro off lro off + +h. Konfigurasi NIC Snort +1) # sudo nano /etc/systemd/system/snort3-nic.service +2) # sudo systemctl daemon-reload +3) # sudo systemctl start snort3-nic.service +4) # sudo systemctl status snort3-nic.service +5) # sudo systemctl enable snort3-nic.service +6) # sudo journalctl -u snort3-nic.service + +i. Konfigurasi Snort +1) # mkdir /usr/local/etc/rules +2) # wget -qO- https://www.snort.org/downloads/community/snort3-community-rules.tar.gz | tar xz -C /usr/local/etc/rules/ +3) # nano /usr/local/etc/snort/snort.lua +4) HOME_NET = '192.168.0.199' +EXTERNAL_NET = 'any' + +j. Konfigurasi Ruleset Snort +1) # nano /usr/local/etc/rules/local.rules +2) # snort -c /usr/local/etc/snort/snort.lua -R /usr/local/etc/rules/local.rules +3) # Rule untuk mendeteksi trafik UDP +alert udp any any -> any 53 (msg:"UDP Traffic Detected"; sid:10000001; metadata:policy security-ips alert drop;) + +# Rule untuk mendeteksi trafik TCP +alert tcp any any -> any 80 (msg:"TCP Traffic Detected"; sid:10000002; metadata:policy security-ips alert drop;) + +# Rule to detect any HTTP traffic +alert http any any -> any any (msg:"HTTP Traffic Detected"; sid:10000003; rev:1;) + +# Rule untuk memblokir serangan UDP Flood +drop udp any any -> any 53 ( + msg:"Potential UDP Flood Attack Detected"; + detection_filter:track by_src, count 20, seconds 10; + classtype:attempted-dos; + sid:1000004; + rev:1; + priority:1; + metadata:service udp, policy security-ips drop; ) + +# Rule untuk memblokir serangan TCP SYN Flood +drop tcp any any -> any 80 ( + msg:"Potential TCP SYN Flood Attack Detected"; + flags:S; + detection_filter:track by_src, count 20, seconds 10; + classtype:attempted-dos; + sid:1000005; + rev:1; + priority:1; + metadata:service tcp, policy security-ips drop; ) + +# Rule untuk memblokir serangan TCP ACK Flood +block tcp any any -> any 80 ( + msg:"Potential TCP ACK Flood Attack from LOIC Detected"; + flags:A; + detection_filter:track by_src, count 20, seconds 10; + classtype:attempted-dos; + sid:1000006; + rev:1; + priority:1; + metadata:service tcp, policy security-ips block; ) +# Rule untuk memblokir serangan TCP PSH Flood +block tcp any any -> any 80 ( + msg:"Potential TCP PSH Flood Attack from LOIC Detected"; + flags:P; + detection_filter:track by_src, count 20, seconds 10; + classtype:attempted-dos; + sid:1000007; + rev:1; + priority:1; + metadata:service tcp, policy security-ips block; ) +# Rule untuk memblokir serangan TCP URG Flood +drop tcp any any -> any 80 ( + msg:"Potential TCP URG Flood Attack from LOIC Detected"; + flags:U; + detection_filter:track by_src, count 20, seconds 10; + classtype:attempted-dos; + sid:1000008; + rev:1; + priority:1; + metadata:service tcp, policy security-ips drop; ) + +# Rule untuk memblokir serangan TCP FIN Flood +drop tcp any any -> any 80 ( + msg:"Potential TCP FIN Flood Attack from LOIC Detected"; + flags:F; + detection_filter:track by_src, count 20, seconds 10; + classtype:attempted-dos; + sid:1000009; + rev:1; + priority:1; + metadata:service tcp, policy security-ips drop; ) + +# Rule untuk memblokir serangan TCP RST Flood +drop tcp any any -> any 80 ( + msg:"Potential TCP RST Flood Attack from LOIC Detected"; + flags:R; + detection_filter:track by_src, count 20, seconds 10; + classtype:attempted-dos; + sid:1000010; + rev:1; + priority:1; + metadata:service tcp, policy security-ips drop; ) + +# Rule untuk memblokir serangan HTTP GET +drop tcp any any -> any 80 ( + msg:"Potential HTTP DoS Attack Detected"; + flow:to_server,established; + content:"GET /"; http_method; + classtype:attempted-dos; + sid:10000011; + rev:1; + priority:1; + metadata:service http, policy security-ips drop; ) + +# Rule untuk memblokir serangan HTTP POST Request Flood +drop tcp any any -> any 80 ( + msg:"Potential HTTP POST Request Flood Attack Detected"; + flow:to_server,established; + content:"POST "; http_method; + detection_filter:track by_src, count 20, seconds 10; + classtype:attempted-dos; + sid:10000012; + rev:1; + priority:1; + metadata:service http, policy security-ips drop; ) + +4) # snort -c /usr/local/etc/snort/snort.lua -R /usr/local/etc/rules/local.rules -i enp0s3 -A alert_fast -s 65535 -k none + +k. Konfigurasi Systemd Service Snort +1. # nano /etc/systemd/system/snort3.service +2. # systemctl daemon-reload +3. # systemctl enable --now snort3 +4. # systemctl status snort3 + +l. Pengujian Snort Menggunakan Hping3 +1) # sudo systemctl start snort3-nic +2) # sudo systemctl status snort3-nic +3) # sudo hping3 -S --flood -V -p 80 192.168.0.199 +4) # tail -f /var/log/snort/alert_fast.txt +5) # snort -c /usr/local/etc/snort/snort.lua -R /usr/local/etc/rules/local.rules -i enp0s3 -A alert_fast -s 65535 -k none + +m. Install Cockpit +1. # sudo apt install cockpit +2. # sudo systemctl start cockpit +3. # systemctl status cockpit +4. https://192.168.189.70:9090 +