putraaaahmad
/
TKK_E32211894
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
TKK_E32211894/Kode program.txt

199 lines
6.6 KiB
Plaintext
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

Kode program dalam Implementasi Snort Untuk Mendeteksi Serangan DDOS Pada Jaringan Web Server adalah sebagai berikut:
a. Install LOIC di Kali Linux
1) # apt-get update
2) # git clone https://github.com/nicolargo/loicinstaller.git
3) # cd Downloads
4) # chmod 777 loic.sh
5) # ./loic.sh install
6) # ./loic.sh update
7) # cd LOIC-master
8) # ./loic.sh run
b. Install Hping3 di Kali Linux
1) # sudo apt-get update
2) # sudo apt-get install hping3
3) # hping3 version
c. Install Apache di Ubuntu
1) # sudo apt-get update
2) # sudo apt-get install apache2
3) # sudo systemctl start apache2
4) # sudo systemctl enable apache2
d. Install Snort 3 di Ubuntu
1) # sudo apt-get update
2) # apt install build-essential libpcap-dev libpcre3-dev libnet1-dev zlib1g-dev luajit hwloc libdnet-dev libdumbnet-dev bison flex liblzma-dev openssl libssl-dev pkg-config libhwloc-dev cmake cpputest libsqlite3-dev uuid-dev libcmocka-dev libnetfilter-queue-dev libmnl-dev autotools-dev libluajit-5.1-dev libunwind-dev libfl-dev -y
3) # git clone https://github.com/snort3/libdaq.git
4) # cd libdaq
5) # ./bootstrap
6) # ./configure
7) # cd
8) wget https://github.com/snort3/snort3/archive/refs/tags/3.1.43.0.tar.gz
9) # tar -xvzf 3.1.43.0.tar.gz
10) # cd snort3-3.1.43.0 ./configure_cmake.sh --prefix=/usr/local --enable-tcmalloc
11) # cd build
make
make install
ldconfig
12) # snort -V
e. Penyerangan TCP Syn Flood
1) # sudo hping3 -S --flood -V -p 80 -rand-source 192.168.0.199
f. Monitoring Apache Server Status
1) # sudo a2enmod status
2) # sudo nano /etc/apache2/sites-available/000-default.conf
3) # sudo systemctl restart apache2
g. Konfigurasi Network Interface
1) # ip link set dev enp0s3 pormisc on
2) # ip add sh enp0s3
3) # ethtool -k enp0s3 | grep receive-offload
4) # ethtool -K enp0s3 gro off lro off
h. Konfigurasi NIC Snort
1) # sudo nano /etc/systemd/system/snort3-nic.service
2) # sudo systemctl daemon-reload
3) # sudo systemctl start snort3-nic.service
4) # sudo systemctl status snort3-nic.service
5) # sudo systemctl enable snort3-nic.service
6) # sudo journalctl -u snort3-nic.service
i. Konfigurasi Snort
1) # mkdir /usr/local/etc/rules
2) # wget -qO- https://www.snort.org/downloads/community/snort3-community-rules.tar.gz | tar xz -C /usr/local/etc/rules/
3) # nano /usr/local/etc/snort/snort.lua
4) HOME_NET = '192.168.0.199'
EXTERNAL_NET = 'any'
j. Konfigurasi Ruleset Snort
1) # nano /usr/local/etc/rules/local.rules
2) # snort -c /usr/local/etc/snort/snort.lua -R /usr/local/etc/rules/local.rules
3) # Rule untuk mendeteksi trafik UDP
alert udp any any -> any 53 (msg:"UDP Traffic Detected"; sid:10000001; metadata:policy security-ips alert drop;)
# Rule untuk mendeteksi trafik TCP
alert tcp any any -> any 80 (msg:"TCP Traffic Detected"; sid:10000002; metadata:policy security-ips alert drop;)
# Rule to detect any HTTP traffic
alert http any any -> any any (msg:"HTTP Traffic Detected"; sid:10000003; rev:1;)
# Rule untuk memblokir serangan UDP Flood
drop udp any any -> any 53 (
msg:"Potential UDP Flood Attack Detected";
detection_filter:track by_src, count 20, seconds 10;
classtype:attempted-dos;
sid:1000004;
rev:1;
priority:1;
metadata:service udp, policy security-ips drop; )
# Rule untuk memblokir serangan TCP SYN Flood
drop tcp any any -> any 80 (
msg:"Potential TCP SYN Flood Attack Detected";
flags:S;
detection_filter:track by_src, count 20, seconds 10;
classtype:attempted-dos;
sid:1000005;
rev:1;
priority:1;
metadata:service tcp, policy security-ips drop; )
# Rule untuk memblokir serangan TCP ACK Flood
block tcp any any -> any 80 (
msg:"Potential TCP ACK Flood Attack from LOIC Detected";
flags:A;
detection_filter:track by_src, count 20, seconds 10;
classtype:attempted-dos;
sid:1000006;
rev:1;
priority:1;
metadata:service tcp, policy security-ips block; )
# Rule untuk memblokir serangan TCP PSH Flood
block tcp any any -> any 80 (
msg:"Potential TCP PSH Flood Attack from LOIC Detected";
flags:P;
detection_filter:track by_src, count 20, seconds 10;
classtype:attempted-dos;
sid:1000007;
rev:1;
priority:1;
metadata:service tcp, policy security-ips block; )
# Rule untuk memblokir serangan TCP URG Flood
drop tcp any any -> any 80 (
msg:"Potential TCP URG Flood Attack from LOIC Detected";
flags:U;
detection_filter:track by_src, count 20, seconds 10;
classtype:attempted-dos;
sid:1000008;
rev:1;
priority:1;
metadata:service tcp, policy security-ips drop; )
# Rule untuk memblokir serangan TCP FIN Flood
drop tcp any any -> any 80 (
msg:"Potential TCP FIN Flood Attack from LOIC Detected";
flags:F;
detection_filter:track by_src, count 20, seconds 10;
classtype:attempted-dos;
sid:1000009;
rev:1;
priority:1;
metadata:service tcp, policy security-ips drop; )
# Rule untuk memblokir serangan TCP RST Flood
drop tcp any any -> any 80 (
msg:"Potential TCP RST Flood Attack from LOIC Detected";
flags:R;
detection_filter:track by_src, count 20, seconds 10;
classtype:attempted-dos;
sid:1000010;
rev:1;
priority:1;
metadata:service tcp, policy security-ips drop; )
# Rule untuk memblokir serangan HTTP GET
drop tcp any any -> any 80 (
msg:"Potential HTTP DoS Attack Detected";
flow:to_server,established;
content:"GET /"; http_method;
classtype:attempted-dos;
sid:10000011;
rev:1;
priority:1;
metadata:service http, policy security-ips drop; )
# Rule untuk memblokir serangan HTTP POST Request Flood
drop tcp any any -> any 80 (
msg:"Potential HTTP POST Request Flood Attack Detected";
flow:to_server,established;
content:"POST "; http_method;
detection_filter:track by_src, count 20, seconds 10;
classtype:attempted-dos;
sid:10000012;
rev:1;
priority:1;
metadata:service http, policy security-ips drop; )
4) # snort -c /usr/local/etc/snort/snort.lua -R /usr/local/etc/rules/local.rules -i enp0s3 -A alert_fast -s 65535 -k none
k. Konfigurasi Systemd Service Snort
1. # nano /etc/systemd/system/snort3.service
2. # systemctl daemon-reload
3. # systemctl enable --now snort3
4. # systemctl status snort3
l. Pengujian Snort Menggunakan Hping3
1) # sudo systemctl start snort3-nic
2) # sudo systemctl status snort3-nic
3) # sudo hping3 -S --flood -V -p 80 192.168.0.199
4) # tail -f /var/log/snort/alert_fast.txt
5) # snort -c /usr/local/etc/snort/snort.lua -R /usr/local/etc/rules/local.rules -i enp0s3 -A alert_fast -s 65535 -k none
m. Install Cockpit
1. # sudo apt install cockpit
2. # sudo systemctl start cockpit
3. # systemctl status cockpit
4. https://192.168.189.70:9090
Reference in New Issue View Git Blame Copy Permalink