Kode program dalam Implementasi Snort Untuk Mendeteksi Serangan DDOS Pada Jaringan Web Server adalah sebagai berikut:
a. Install LOIC di Kali Linux
1)	# apt-get update
2)	# git clone https://github.com/nicolargo/loicinstaller.git
3)	# cd Downloads
4)	# chmod 777 loic.sh
5)	# ./loic.sh install
6)	# ./loic.sh update
7)	# cd LOIC-master
8)	# ./loic.sh run

b. Install Hping3 di Kali Linux
1)	# sudo apt-get update
2)	# sudo apt-get install hping3
3)	# hping3 –version

c. Install Apache di Ubuntu
1)	# sudo apt-get update
2)	# sudo apt-get install apache2
3)	# sudo systemctl start apache2
4)	# sudo systemctl enable apache2

d. Install Snort 3 di Ubuntu
1)	# sudo apt-get update
2)	# apt install build-essential libpcap-dev libpcre3-dev libnet1-dev zlib1g-dev luajit hwloc libdnet-dev libdumbnet-dev bison flex liblzma-dev openssl libssl-dev pkg-config libhwloc-dev cmake cpputest libsqlite3-dev uuid-dev libcmocka-dev libnetfilter-queue-dev libmnl-dev autotools-dev libluajit-5.1-dev libunwind-dev libfl-dev -y
3)	# git clone https://github.com/snort3/libdaq.git
4)	# cd libdaq
5)	# ./bootstrap
6)	# ./configure
7)	# cd 
8)	wget https://github.com/snort3/snort3/archive/refs/tags/3.1.43.0.tar.gz
9)	# tar -xvzf 3.1.43.0.tar.gz
10)	# cd snort3-3.1.43.0 ./configure_cmake.sh --prefix=/usr/local --enable-tcmalloc
11)	# cd build 
make 
make install 
ldconfig
12)	# snort -V

e. Penyerangan TCP Syn Flood
1) 	# sudo hping3 -S --flood -V -p 80 -–rand-source 192.168.0.199

f. Monitoring Apache Server Status
1)	# sudo a2enmod status
2)	# sudo nano /etc/apache2/sites-available/000-default.conf
3)	# sudo systemctl restart apache2

g. Konfigurasi Network Interface
1)	# ip link set dev enp0s3 pormisc on
2)	# ip add sh enp0s3
3)	# ethtool -k enp0s3 | grep receive-offload
4)	# ethtool -K enp0s3 gro off lro off

h. Konfigurasi NIC Snort
1)	# sudo nano /etc/systemd/system/snort3-nic.service
2)	# sudo systemctl daemon-reload
3)	# sudo systemctl start snort3-nic.service
4)	# sudo systemctl status snort3-nic.service
5)	# sudo systemctl enable snort3-nic.service
6)	# sudo journalctl -u snort3-nic.service

i. Konfigurasi Snort
1)	# mkdir /usr/local/etc/rules
2)	# wget -qO- https://www.snort.org/downloads/community/snort3-community-rules.tar.gz | tar xz -C /usr/local/etc/rules/
3)	# nano /usr/local/etc/snort/snort.lua
4)	HOME_NET = '192.168.0.199'
EXTERNAL_NET = 'any'

j. Konfigurasi Ruleset Snort
1)	# nano /usr/local/etc/rules/local.rules
2)	# snort -c /usr/local/etc/snort/snort.lua -R /usr/local/etc/rules/local.rules
3)	# Rule untuk mendeteksi trafik UDP                                                       
alert udp any any -> any 53 (msg:"UDP Traffic Detected"; sid:10000001; metadata:policy security-ips alert drop;)

# Rule untuk mendeteksi trafik TCP
alert tcp any any -> any 80 (msg:"TCP Traffic Detected"; sid:10000002; metadata:policy security-ips alert drop;)

# Rule to detect any HTTP traffic
alert http any any -> any any (msg:"HTTP Traffic Detected"; sid:10000003; rev:1;)

# Rule untuk memblokir serangan UDP Flood
drop udp any any -> any 53 (
    msg:"Potential UDP Flood Attack Detected";
    detection_filter:track by_src, count 20, seconds 10;
    classtype:attempted-dos;
    sid:1000004;
    rev:1;
    priority:1;
    metadata:service udp, policy security-ips drop; )

# Rule untuk memblokir serangan TCP SYN Flood
drop tcp any any -> any 80 (
    msg:"Potential TCP SYN Flood Attack Detected";
    flags:S;
    detection_filter:track by_src, count 20, seconds 10;
    classtype:attempted-dos;
    sid:1000005;
    rev:1;
    priority:1;
    metadata:service tcp, policy security-ips drop; )

# Rule untuk memblokir serangan TCP ACK Flood
block tcp any any -> any 80 (
    msg:"Potential TCP ACK Flood Attack from LOIC Detected";
    flags:A;
    detection_filter:track by_src, count 20, seconds 10;
    classtype:attempted-dos;
    sid:1000006;
    rev:1;
    priority:1;
    metadata:service tcp, policy security-ips block; )
# Rule untuk memblokir serangan TCP PSH Flood
block tcp any any -> any 80 (
    msg:"Potential TCP PSH Flood Attack from LOIC Detected";
    flags:P;
    detection_filter:track by_src, count 20, seconds 10;
    classtype:attempted-dos;
    sid:1000007;
    rev:1;
    priority:1;
    metadata:service tcp, policy security-ips block; )
# Rule untuk memblokir serangan TCP URG Flood
drop tcp any any -> any 80 (
    msg:"Potential TCP URG Flood Attack from LOIC Detected";
    flags:U;
    detection_filter:track by_src, count 20, seconds 10;
    classtype:attempted-dos;
    sid:1000008;
    rev:1;
    priority:1;
    metadata:service tcp, policy security-ips drop; )

# Rule untuk memblokir serangan TCP FIN Flood
drop tcp any any -> any 80 (
    msg:"Potential TCP FIN Flood Attack from LOIC Detected";
    flags:F;
    detection_filter:track by_src, count 20, seconds 10;
    classtype:attempted-dos;
    sid:1000009;
    rev:1;
    priority:1;
    metadata:service tcp, policy security-ips drop; )

# Rule untuk memblokir serangan TCP RST Flood
drop tcp any any -> any 80 (
    msg:"Potential TCP RST Flood Attack from LOIC Detected";
    flags:R;
    detection_filter:track by_src, count 20, seconds 10;
    classtype:attempted-dos;
    sid:1000010;
    rev:1;
    priority:1;
    metadata:service tcp, policy security-ips drop; )

# Rule untuk memblokir serangan HTTP GET
drop tcp any any -> any 80 (
    msg:"Potential HTTP DoS Attack Detected";
    flow:to_server,established;
    content:"GET /"; http_method;
    classtype:attempted-dos;
    sid:10000011;
    rev:1;
    priority:1;
    metadata:service http, policy security-ips drop; )

# Rule untuk memblokir serangan HTTP POST Request Flood
drop tcp any any -> any 80 (
    msg:"Potential HTTP POST Request Flood Attack Detected";
    flow:to_server,established;
    content:"POST "; http_method;
    detection_filter:track by_src, count 20, seconds 10;
    classtype:attempted-dos;
    sid:10000012;
    rev:1;
    priority:1;
    metadata:service http, policy security-ips drop; )

4)  # snort -c /usr/local/etc/snort/snort.lua -R /usr/local/etc/rules/local.rules -i enp0s3 -A alert_fast -s 65535 -k none

k. Konfigurasi Systemd Service Snort
1.	# nano /etc/systemd/system/snort3.service
2.	# systemctl daemon-reload
3.	# systemctl enable --now snort3
4.	# systemctl status snort3

l. Pengujian Snort Menggunakan Hping3
1)	# sudo systemctl start snort3-nic
2)	# sudo systemctl status snort3-nic
3)	# sudo hping3 -S --flood -V -p 80 192.168.0.199
4)	# tail -f /var/log/snort/alert_fast.txt
5)	# snort -c /usr/local/etc/snort/snort.lua -R /usr/local/etc/rules/local.rules -i enp0s3 -A alert_fast -s 65535 -k none

m. Install Cockpit
1.	# sudo apt install cockpit
2.	# sudo systemctl start cockpit
3.	# systemctl status cockpit
4.	https://192.168.189.70:9090