putraaaahmad
/
TKK_E32211894
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update Kode program.txt

This commit is contained in:
Putra Ahmad Mudakir 2024-07-18 16:06:00 +07:00
parent f66946400c
commit d4c53d8c3a
1 changed files with 198 additions and 92 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

108
Kode program.txt
View File

@ -69,7 +69,113 @@ EXTERNAL_NET = 'any'
j. Konfigurasi Ruleset Snort
1) # nano /usr/local/etc/rules/local.rules
2) # snort -c /usr/local/etc/snort/snort.lua -R /usr/local/etc/rules/local.rules
3) # snort -c /usr/local/etc/snort/snort.lua -R /usr/local/etc/rules/local.rules -i enp0s3 -A alert_fast -s 65535 -k none
3) # Rule untuk mendeteksi trafik UDP
alert udp any any -> any 53 (msg:"UDP Traffic Detected"; sid:10000001; metadata:policy security-ips alert drop;)
# Rule untuk mendeteksi trafik TCP
alert tcp any any -> any 80 (msg:"TCP Traffic Detected"; sid:10000002; metadata:policy security-ips alert drop;)
# Rule to detect any HTTP traffic
alert http any any -> any any (msg:"HTTP Traffic Detected"; sid:10000003; rev:1;)
# Rule untuk memblokir serangan UDP Flood
drop udp any any -> any 53 (
msg:"Potential UDP Flood Attack Detected";
detection_filter:track by_src, count 20, seconds 10;
classtype:attempted-dos;
sid:1000004;
rev:1;
priority:1;
metadata:service udp, policy security-ips drop; )
# Rule untuk memblokir serangan TCP SYN Flood
drop tcp any any -> any 80 (
msg:"Potential TCP SYN Flood Attack Detected";
flags:S;
detection_filter:track by_src, count 20, seconds 10;
classtype:attempted-dos;
sid:1000005;
rev:1;
priority:1;
metadata:service tcp, policy security-ips drop; )
# Rule untuk memblokir serangan TCP ACK Flood
block tcp any any -> any 80 (
msg:"Potential TCP ACK Flood Attack from LOIC Detected";
flags:A;
detection_filter:track by_src, count 20, seconds 10;
classtype:attempted-dos;
sid:1000006;
rev:1;
priority:1;
metadata:service tcp, policy security-ips block; )
# Rule untuk memblokir serangan TCP PSH Flood
block tcp any any -> any 80 (
msg:"Potential TCP PSH Flood Attack from LOIC Detected";
flags:P;
detection_filter:track by_src, count 20, seconds 10;
classtype:attempted-dos;
sid:1000007;
rev:1;
priority:1;
metadata:service tcp, policy security-ips block; )
# Rule untuk memblokir serangan TCP URG Flood
drop tcp any any -> any 80 (
msg:"Potential TCP URG Flood Attack from LOIC Detected";
flags:U;
detection_filter:track by_src, count 20, seconds 10;
classtype:attempted-dos;
sid:1000008;
rev:1;
priority:1;
metadata:service tcp, policy security-ips drop; )
# Rule untuk memblokir serangan TCP FIN Flood
drop tcp any any -> any 80 (
msg:"Potential TCP FIN Flood Attack from LOIC Detected";
flags:F;
detection_filter:track by_src, count 20, seconds 10;
classtype:attempted-dos;
sid:1000009;
rev:1;
priority:1;
metadata:service tcp, policy security-ips drop; )
# Rule untuk memblokir serangan TCP RST Flood
drop tcp any any -> any 80 (
msg:"Potential TCP RST Flood Attack from LOIC Detected";
flags:R;
detection_filter:track by_src, count 20, seconds 10;
classtype:attempted-dos;
sid:1000010;
rev:1;
priority:1;
metadata:service tcp, policy security-ips drop; )
# Rule untuk memblokir serangan HTTP GET
drop tcp any any -> any 80 (
msg:"Potential HTTP DoS Attack Detected";
flow:to_server,established;
content:"GET /"; http_method;
classtype:attempted-dos;
sid:10000011;
rev:1;
priority:1;
metadata:service http, policy security-ips drop; )
# Rule untuk memblokir serangan HTTP POST Request Flood
drop tcp any any -> any 80 (
msg:"Potential HTTP POST Request Flood Attack Detected";
flow:to_server,established;
content:"POST "; http_method;
detection_filter:track by_src, count 20, seconds 10;
classtype:attempted-dos;
sid:10000012;
rev:1;
priority:1;
metadata:service http, policy security-ips drop; )
4) # snort -c /usr/local/etc/snort/snort.lua -R /usr/local/etc/rules/local.rules -i enp0s3 -A alert_fast -s 65535 -k none
k. Konfigurasi Systemd Service Snort
1. # nano /etc/systemd/system/snort3.service