putraaaahmad
/
TKK_E32211894
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update Kode program.txt

This commit is contained in:
Putra Ahmad Mudakir 2024-07-18 16:06:00 +07:00
parent f66946400c
commit d4c53d8c3a
1 changed files with 198 additions and 92 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

290
Kode program.txt
View File

@ -1,92 +1,198 @@
Kode program dalam Implementasi Snort Untuk Mendeteksi Serangan DDOS Pada Jaringan Web Server adalah sebagai berikut: Kode program dalam Implementasi Snort Untuk Mendeteksi Serangan DDOS Pada Jaringan Web Server adalah sebagai berikut:
a. Install LOIC di Kali Linux a. Install LOIC di Kali Linux
1) # apt-get update 1) # apt-get update
2) # git clone https://github.com/nicolargo/loicinstaller.git 2) # git clone https://github.com/nicolargo/loicinstaller.git
3) # cd Downloads 3) # cd Downloads
4) # chmod 777 loic.sh 4) # chmod 777 loic.sh
5) # ./loic.sh install 5) # ./loic.sh install
6) # ./loic.sh update 6) # ./loic.sh update
7) # cd LOIC-master 7) # cd LOIC-master
8) # ./loic.sh run 8) # ./loic.sh run
b. Install Hping3 di Kali Linux b. Install Hping3 di Kali Linux
1) # sudo apt-get update 1) # sudo apt-get update
2) # sudo apt-get install hping3 2) # sudo apt-get install hping3
3) # hping3 version 3) # hping3 version
c. Install Apache di Ubuntu c. Install Apache di Ubuntu
1) # sudo apt-get update 1) # sudo apt-get update
2) # sudo apt-get install apache2 2) # sudo apt-get install apache2
3) # sudo systemctl start apache2 3) # sudo systemctl start apache2
4) # sudo systemctl enable apache2 4) # sudo systemctl enable apache2
d. Install Snort 3 di Ubuntu d. Install Snort 3 di Ubuntu
1) # sudo apt-get update 1) # sudo apt-get update
2) # apt install build-essential libpcap-dev libpcre3-dev libnet1-dev zlib1g-dev luajit hwloc libdnet-dev libdumbnet-dev bison flex liblzma-dev openssl libssl-dev pkg-config libhwloc-dev cmake cpputest libsqlite3-dev uuid-dev libcmocka-dev libnetfilter-queue-dev libmnl-dev autotools-dev libluajit-5.1-dev libunwind-dev libfl-dev -y 2) # apt install build-essential libpcap-dev libpcre3-dev libnet1-dev zlib1g-dev luajit hwloc libdnet-dev libdumbnet-dev bison flex liblzma-dev openssl libssl-dev pkg-config libhwloc-dev cmake cpputest libsqlite3-dev uuid-dev libcmocka-dev libnetfilter-queue-dev libmnl-dev autotools-dev libluajit-5.1-dev libunwind-dev libfl-dev -y
3) # git clone https://github.com/snort3/libdaq.git 3) # git clone https://github.com/snort3/libdaq.git
4) # cd libdaq 4) # cd libdaq
5) # ./bootstrap 5) # ./bootstrap
6) # ./configure 6) # ./configure
7) # cd 7) # cd
8) wget https://github.com/snort3/snort3/archive/refs/tags/3.1.43.0.tar.gz 8) wget https://github.com/snort3/snort3/archive/refs/tags/3.1.43.0.tar.gz
9) # tar -xvzf 3.1.43.0.tar.gz 9) # tar -xvzf 3.1.43.0.tar.gz
10) # cd snort3-3.1.43.0 ./configure_cmake.sh --prefix=/usr/local --enable-tcmalloc 10) # cd snort3-3.1.43.0 ./configure_cmake.sh --prefix=/usr/local --enable-tcmalloc
11) # cd build 11) # cd build
make make
make install make install
ldconfig ldconfig
12) # snort -V 12) # snort -V
e. Penyerangan TCP Syn Flood e. Penyerangan TCP Syn Flood
1) # sudo hping3 -S --flood -V -p 80 -rand-source 192.168.0.199 1) # sudo hping3 -S --flood -V -p 80 -rand-source 192.168.0.199
f. Monitoring Apache Server Status f. Monitoring Apache Server Status
1) # sudo a2enmod status 1) # sudo a2enmod status
2) # sudo nano /etc/apache2/sites-available/000-default.conf 2) # sudo nano /etc/apache2/sites-available/000-default.conf
3) # sudo systemctl restart apache2 3) # sudo systemctl restart apache2
g. Konfigurasi Network Interface g. Konfigurasi Network Interface
1) # ip link set dev enp0s3 pormisc on 1) # ip link set dev enp0s3 pormisc on
2) # ip add sh enp0s3 2) # ip add sh enp0s3
3) # ethtool -k enp0s3 | grep receive-offload 3) # ethtool -k enp0s3 | grep receive-offload
4) # ethtool -K enp0s3 gro off lro off 4) # ethtool -K enp0s3 gro off lro off
h. Konfigurasi NIC Snort h. Konfigurasi NIC Snort
1) # sudo nano /etc/systemd/system/snort3-nic.service 1) # sudo nano /etc/systemd/system/snort3-nic.service
2) # sudo systemctl daemon-reload 2) # sudo systemctl daemon-reload
3) # sudo systemctl start snort3-nic.service 3) # sudo systemctl start snort3-nic.service
4) # sudo systemctl status snort3-nic.service 4) # sudo systemctl status snort3-nic.service
5) # sudo systemctl enable snort3-nic.service 5) # sudo systemctl enable snort3-nic.service
6) # sudo journalctl -u snort3-nic.service 6) # sudo journalctl -u snort3-nic.service
i. Konfigurasi Snort i. Konfigurasi Snort
1) # mkdir /usr/local/etc/rules 1) # mkdir /usr/local/etc/rules
2) # wget -qO- https://www.snort.org/downloads/community/snort3-community-rules.tar.gz | tar xz -C /usr/local/etc/rules/ 2) # wget -qO- https://www.snort.org/downloads/community/snort3-community-rules.tar.gz | tar xz -C /usr/local/etc/rules/
3) # nano /usr/local/etc/snort/snort.lua 3) # nano /usr/local/etc/snort/snort.lua
4) HOME_NET = '192.168.0.199' 4) HOME_NET = '192.168.0.199'
EXTERNAL_NET = 'any' EXTERNAL_NET = 'any'
j. Konfigurasi Ruleset Snort j. Konfigurasi Ruleset Snort
1) # nano /usr/local/etc/rules/local.rules 1) # nano /usr/local/etc/rules/local.rules
2) # snort -c /usr/local/etc/snort/snort.lua -R /usr/local/etc/rules/local.rules 2) # snort -c /usr/local/etc/snort/snort.lua -R /usr/local/etc/rules/local.rules
3) # snort -c /usr/local/etc/snort/snort.lua -R /usr/local/etc/rules/local.rules -i enp0s3 -A alert_fast -s 65535 -k none 3) # Rule untuk mendeteksi trafik UDP
alert udp any any -> any 53 (msg:"UDP Traffic Detected"; sid:10000001; metadata:policy security-ips alert drop;)
k. Konfigurasi Systemd Service Snort
1. # nano /etc/systemd/system/snort3.service # Rule untuk mendeteksi trafik TCP
2. # systemctl daemon-reload alert tcp any any -> any 80 (msg:"TCP Traffic Detected"; sid:10000002; metadata:policy security-ips alert drop;)
3. # systemctl enable --now snort3
4. # systemctl status snort3 # Rule to detect any HTTP traffic
alert http any any -> any any (msg:"HTTP Traffic Detected"; sid:10000003; rev:1;)
l. Pengujian Snort Menggunakan Hping3
1) # sudo systemctl start snort3-nic # Rule untuk memblokir serangan UDP Flood
2) # sudo systemctl status snort3-nic drop udp any any -> any 53 (
3) # sudo hping3 -S --flood -V -p 80 192.168.0.199 msg:"Potential UDP Flood Attack Detected";
4) # tail -f /var/log/snort/alert_fast.txt detection_filter:track by_src, count 20, seconds 10;
5) # snort -c /usr/local/etc/snort/snort.lua -R /usr/local/etc/rules/local.rules -i enp0s3 -A alert_fast -s 65535 -k none classtype:attempted-dos;
sid:1000004;
m. Install Cockpit rev:1;
1. # sudo apt install cockpit priority:1;
2. # sudo systemctl start cockpit metadata:service udp, policy security-ips drop; )
3. # systemctl status cockpit
4. https://192.168.189.70:9090 # Rule untuk memblokir serangan TCP SYN Flood
drop tcp any any -> any 80 (
msg:"Potential TCP SYN Flood Attack Detected";
flags:S;
detection_filter:track by_src, count 20, seconds 10;
classtype:attempted-dos;
sid:1000005;
rev:1;
priority:1;
metadata:service tcp, policy security-ips drop; )
# Rule untuk memblokir serangan TCP ACK Flood
block tcp any any -> any 80 (
msg:"Potential TCP ACK Flood Attack from LOIC Detected";
flags:A;
detection_filter:track by_src, count 20, seconds 10;
classtype:attempted-dos;
sid:1000006;
rev:1;
priority:1;
metadata:service tcp, policy security-ips block; )
# Rule untuk memblokir serangan TCP PSH Flood
block tcp any any -> any 80 (
msg:"Potential TCP PSH Flood Attack from LOIC Detected";
flags:P;
detection_filter:track by_src, count 20, seconds 10;
classtype:attempted-dos;
sid:1000007;
rev:1;
priority:1;
metadata:service tcp, policy security-ips block; )
# Rule untuk memblokir serangan TCP URG Flood
drop tcp any any -> any 80 (
msg:"Potential TCP URG Flood Attack from LOIC Detected";
flags:U;
detection_filter:track by_src, count 20, seconds 10;
classtype:attempted-dos;
sid:1000008;
rev:1;
priority:1;
metadata:service tcp, policy security-ips drop; )
# Rule untuk memblokir serangan TCP FIN Flood
drop tcp any any -> any 80 (
msg:"Potential TCP FIN Flood Attack from LOIC Detected";
flags:F;
detection_filter:track by_src, count 20, seconds 10;
classtype:attempted-dos;
sid:1000009;
rev:1;
priority:1;
metadata:service tcp, policy security-ips drop; )
# Rule untuk memblokir serangan TCP RST Flood
drop tcp any any -> any 80 (
msg:"Potential TCP RST Flood Attack from LOIC Detected";
flags:R;
detection_filter:track by_src, count 20, seconds 10;
classtype:attempted-dos;
sid:1000010;
rev:1;
priority:1;
metadata:service tcp, policy security-ips drop; )
# Rule untuk memblokir serangan HTTP GET
drop tcp any any -> any 80 (
msg:"Potential HTTP DoS Attack Detected";
flow:to_server,established;
content:"GET /"; http_method;
classtype:attempted-dos;
sid:10000011;
rev:1;
priority:1;
metadata:service http, policy security-ips drop; )
# Rule untuk memblokir serangan HTTP POST Request Flood
drop tcp any any -> any 80 (
msg:"Potential HTTP POST Request Flood Attack Detected";
flow:to_server,established;
content:"POST "; http_method;
detection_filter:track by_src, count 20, seconds 10;
classtype:attempted-dos;
sid:10000012;
rev:1;
priority:1;
metadata:service http, policy security-ips drop; )
4) # snort -c /usr/local/etc/snort/snort.lua -R /usr/local/etc/rules/local.rules -i enp0s3 -A alert_fast -s 65535 -k none
k. Konfigurasi Systemd Service Snort
1. # nano /etc/systemd/system/snort3.service
2. # systemctl daemon-reload
3. # systemctl enable --now snort3
4. # systemctl status snort3
l. Pengujian Snort Menggunakan Hping3
1) # sudo systemctl start snort3-nic
2) # sudo systemctl status snort3-nic
3) # sudo hping3 -S --flood -V -p 80 192.168.0.199
4) # tail -f /var/log/snort/alert_fast.txt
5) # snort -c /usr/local/etc/snort/snort.lua -R /usr/local/etc/rules/local.rules -i enp0s3 -A alert_fast -s 65535 -k none
m. Install Cockpit
1. # sudo apt install cockpit
2. # sudo systemctl start cockpit
3. # systemctl status cockpit
4. https://192.168.189.70:9090