The latest articles on DEV Community by sankethj (@sankethj). https://dev.to/sankethj https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F528204%2F7189aeb0-d776-4960-b1aa-6f445c851132.jpg https://dev.to/sankethj en sankethj Thu, 03 Dec 2020 18:47:37 +0000 https://dev.to/sankethj/detect-dos-ping-etc-using-snort-4gab https://dev.to/sankethj/detect-dos-ping-etc-using-snort-4gab <p>𝘿𝙚𝙩𝙚𝙘𝙩 🇩‌🇴‌🇸‌, 🇵‌🇮‌🇳‌🇬‌ 𝙚𝙩𝙘... 𝙪𝙨𝙞𝙣𝙜 🇸‌🇳‌🇴‌🇷‌🇹‌</p> <p>Snort is a packet sniffer that monitors network traffic in real time, scrutinizing each packet closely to detect a dangerous payload or suspicious anomalies.</p> <p>My OS :- ubuntu<br> Let my ip address be 192.168.1.103</p> <p>🅢🅔🅣🅤🅟:- ( will be easy in future ) </p> <p>First you need to make some changes in configuration of snort. </p> <p>𝚜𝚞𝚍𝚘 𝚐𝚎𝚍𝚒𝚝 /𝚎𝚝𝚌/𝚜𝚗𝚘𝚛𝚝/𝚜𝚗𝚘𝚛𝚝.𝚌𝚘𝚗𝚏</p> <p>Now, change HOME_NET IP address to your ip range. <br> Like, <br> 𝚒𝚙𝚟𝚊𝚛 𝙷𝙾𝙼𝙴_𝙽𝙴𝚃 𝟷𝟿𝟸.𝟷𝟼𝟾.𝟷.𝟶/𝟸𝟺</p> <p>Now go to<br> /𝚎𝚝𝚌/𝚜𝚗𝚘𝚛𝚝/𝚛𝚞𝚕𝚎𝚜/𝚕𝚘𝚌𝚊𝚕.𝚛𝚞𝚕𝚎𝚜<br> and add the rules given below</p> <p>( Watch rules writing in the image. ) </p> <p>🅓🅔🅣🅔🅒🅣 🅟🅘🅝🅖 🅢🅒🅐🅝</p> <p>𝙍𝙪𝙡𝙚:-<br> 𝚊𝚕𝚎𝚛𝚝 𝚒𝚌𝚖𝚙 𝚊𝚗𝚢 𝚊𝚗𝚢 -&gt; $𝙷𝙾𝙼𝙴_𝙽𝙴𝚃 𝚊𝚗𝚢 (𝚖𝚜𝚐:"𝙿𝚒𝚗𝚐 𝚍𝚎𝚝𝚎𝚌𝚝𝚎𝚍"; 𝚜𝚒𝚍:𝟷𝟶𝟶𝟶𝟶𝟶𝟷; 𝚛𝚎𝚟:𝟷; 𝚌𝚕𝚊𝚜𝚜𝚝𝚢𝚙𝚎:𝚒𝚌𝚖𝚙-𝚎𝚟𝚎𝚗𝚝;)</p> <p>alert ---&gt; show alert </p> <p>ICMP ---&gt; It's a protocol used to report error in ipv4</p> <p>-&gt; :- to</p> <p>$HOME_NET ---&gt; destination ip</p> <p>msg ---&gt; shows message which you write</p> <p>sid ---&gt;  keyword is used to uniquely identify Snort rules. This information allows output plugins to identify rules easily.<br> 100 - 1,000,000 Rules already registered . So u need to use greater than this id like 1,000,123.</p> <p>rev ---&gt;  keyword is used to uniquely identify revisions of Snort rules</p> <p>classtype:icmp-event ---&gt; Categorizes the rule as an “icmp-event”, one of the predefined Snort categories. This option helps with rule organization.</p> <p>𝘿𝙚𝙩𝙚𝙘𝙩𝙞𝙣𝙜<br> 𝚜𝚞𝚍𝚘 𝚜𝚗𝚘𝚛𝚝 -𝙰 𝚌𝚘𝚗𝚜𝚘𝚕𝚎 -𝚚 -𝚌 /𝚎𝚝𝚌/𝚜𝚗𝚘𝚛𝚝/𝚜𝚗𝚘𝚛𝚝.𝚌𝚘𝚗𝚏 -𝚒 𝚎𝚑𝚝𝟶</p> <p>-A console ----&gt; shows standard output alert<br> -q ----&gt; quite mode<br> -i ----&gt; interface<br> -c ----&gt; config</p> <p>🅓🅔🅣🅔🅒🅣 🅣🅒🅟 🅢🅒🅐🅝</p> <p>𝙍𝙪𝙡𝙚:-<br> 𝚊𝚕𝚎𝚛𝚝 𝚝𝚌𝚙 𝚊𝚗𝚢 𝚊𝚗𝚢 -&gt; $𝙷𝙾𝙼𝙴_𝙽𝙴𝚃 𝚊𝚗𝚢 (𝚖𝚜𝚐: "𝚃𝙲𝙿 𝚂𝚌𝚊𝚗 𝙳𝚎𝚝𝚎𝚌𝚝𝚎𝚍"; 𝚜𝚒𝚍:𝟷𝟶𝟶𝟶𝟶𝟶𝟶𝟻; 𝚛𝚎𝚟:𝟸; )</p> <p>🅓🅔🅣🅔🅒🅣 🅓🅞🅢 🅐🅣🅣🅐🅒🅚</p> <p>𝙍𝙪𝙡𝙚:-<br> 𝚊𝚕𝚎𝚛𝚝 𝚝𝚌𝚙 𝚊𝚗𝚢 𝚊𝚗𝚢 -&gt; $𝙷𝙾𝙼𝙴<em>𝙽𝙴𝚃 𝟾𝟶 (𝚏𝚕𝚊𝚐𝚜: 𝚂; 𝚖𝚜𝚐:"𝙿𝚘𝚜𝚜𝚒𝚋𝚕𝚎 𝙳𝚘𝚂 𝙰𝚝𝚝𝚊𝚌𝚔 𝚃𝚢𝚙𝚎 : 𝚂𝚈𝙽 𝚏𝚕𝚘𝚘𝚍"; 𝚏𝚕𝚘𝚠:𝚜𝚝𝚊𝚝𝚎𝚕𝚎𝚜𝚜; 𝚜𝚒𝚍:𝟹; 𝚍𝚎𝚝𝚎𝚌𝚝𝚒𝚘𝚗</em>𝚏𝚒𝚕𝚝𝚎𝚛:𝚝𝚛𝚊𝚌𝚔 𝚋𝚢_𝚍𝚜𝚝, 𝚌𝚘𝚞𝚗𝚝 𝟸𝟶, 𝚜𝚎𝚌𝚘𝚗𝚍𝚜 𝟷𝟶;)</p> <h1> reference__researchgate-website </h1> <p>And from google</p> <p>𝙀𝙭𝙩𝙧𝙖<br> Ping scan :- nmap 192.168.1.103<br> Tcp scan :- nmap -sT 192.168.1.103<br> Dos :- Use any tools😐</p> <p>Contact me via telegram :- I am groot [ @Etf_Zan ]</p> security snort dos cybersecurity