Forem

sankethj
sankethj

Posted on

9 1

Detect Dos, ping etc.. using SNORT

๐˜ฟ๐™š๐™ฉ๐™š๐™˜๐™ฉ ๐Ÿ‡ฉโ€Œ๐Ÿ‡ดโ€Œ๐Ÿ‡ธโ€Œ, ๐Ÿ‡ตโ€Œ๐Ÿ‡ฎโ€Œ๐Ÿ‡ณโ€Œ๐Ÿ‡ฌโ€Œ ๐™š๐™ฉ๐™˜... ๐™ช๐™จ๐™ž๐™ฃ๐™œ ๐Ÿ‡ธโ€Œ๐Ÿ‡ณโ€Œ๐Ÿ‡ดโ€Œ๐Ÿ‡ทโ€Œ๐Ÿ‡นโ€Œ

Snort is a packet sniffer that monitors network traffic in real time, scrutinizing each packet closely to detect a dangerous payload or suspicious anomalies.

My OS :- ubuntu
Let my ip address be 192.168.1.103

๐Ÿ…ข๐Ÿ…”๐Ÿ…ฃ๐Ÿ…ค๐Ÿ…Ÿ:- ( will be easy in future )

First you need to make some changes in configuration of snort.

๐šœ๐šž๐š๐š˜ ๐š๐šŽ๐š๐š’๐š /๐šŽ๐š๐šŒ/๐šœ๐š—๐š˜๐š›๐š/๐šœ๐š—๐š˜๐š›๐š.๐šŒ๐š˜๐š—๐š

Now, change HOME_NET IP address to your ip range.
Like,
๐š’๐š™๐šŸ๐šŠ๐š› ๐™ท๐™พ๐™ผ๐™ด_๐™ฝ๐™ด๐šƒ ๐Ÿท๐Ÿฟ๐Ÿธ.๐Ÿท๐Ÿผ๐Ÿพ.๐Ÿท.๐Ÿถ/๐Ÿธ๐Ÿบ

Now go to
/๐šŽ๐š๐šŒ/๐šœ๐š—๐š˜๐š›๐š/๐š›๐šž๐š•๐šŽ๐šœ/๐š•๐š˜๐šŒ๐šŠ๐š•.๐š›๐šž๐š•๐šŽ๐šœ
and add the rules given below

( Watch rules writing in the image. )

๐Ÿ…“๐Ÿ…”๐Ÿ…ฃ๐Ÿ…”๐Ÿ…’๐Ÿ…ฃ ๐Ÿ…Ÿ๐Ÿ…˜๐Ÿ…๐Ÿ…– ๐Ÿ…ข๐Ÿ…’๐Ÿ…๐Ÿ…

๐™๐™ช๐™ก๐™š:-
๐šŠ๐š•๐šŽ๐š›๐š ๐š’๐šŒ๐š–๐š™ ๐šŠ๐š—๐šข ๐šŠ๐š—๐šข -> $๐™ท๐™พ๐™ผ๐™ด_๐™ฝ๐™ด๐šƒ ๐šŠ๐š—๐šข (๐š–๐šœ๐š:"๐™ฟ๐š’๐š—๐š ๐š๐šŽ๐š๐šŽ๐šŒ๐š๐šŽ๐š"; ๐šœ๐š’๐š:๐Ÿท๐Ÿถ๐Ÿถ๐Ÿถ๐Ÿถ๐Ÿถ๐Ÿท; ๐š›๐šŽ๐šŸ:๐Ÿท; ๐šŒ๐š•๐šŠ๐šœ๐šœ๐š๐šข๐š™๐šŽ:๐š’๐šŒ๐š–๐š™-๐šŽ๐šŸ๐šŽ๐š—๐š;)

alert ---> show alert

ICMP ---> It's a protocol used to report error in ipv4

-> :- to

$HOME_NET ---> destination ip

msg ---> shows message which you write

sid --->  keyword is used to uniquely identify Snort rules. This information allows output plugins to identify rules easily.
100 - 1,000,000 Rules already registered . So u need to use greater than this id like 1,000,123.

rev --->  keyword is used to uniquely identify revisions of Snort rules

classtype:icmp-event ---> Categorizes the rule as an โ€œicmp-eventโ€, one of the predefined Snort categories. This option helps with rule organization.

๐˜ฟ๐™š๐™ฉ๐™š๐™˜๐™ฉ๐™ž๐™ฃ๐™œ
๐šœ๐šž๐š๐š˜ ๐šœ๐š—๐š˜๐š›๐š -๐™ฐ ๐šŒ๐š˜๐š—๐šœ๐š˜๐š•๐šŽ -๐šš -๐šŒ /๐šŽ๐š๐šŒ/๐šœ๐š—๐š˜๐š›๐š/๐šœ๐š—๐š˜๐š›๐š.๐šŒ๐š˜๐š—๐š -๐š’ ๐šŽ๐š‘๐š๐Ÿถ

-A console ----> shows standard output alert
-q ----> quite mode
-i ----> interface
-c ----> config

๐Ÿ…“๐Ÿ…”๐Ÿ…ฃ๐Ÿ…”๐Ÿ…’๐Ÿ…ฃ ๐Ÿ…ฃ๐Ÿ…’๐Ÿ…Ÿ ๐Ÿ…ข๐Ÿ…’๐Ÿ…๐Ÿ…

๐™๐™ช๐™ก๐™š:-
๐šŠ๐š•๐šŽ๐š›๐š ๐š๐šŒ๐š™ ๐šŠ๐š—๐šข ๐šŠ๐š—๐šข -> $๐™ท๐™พ๐™ผ๐™ด_๐™ฝ๐™ด๐šƒ ๐šŠ๐š—๐šข (๐š–๐šœ๐š: "๐šƒ๐™ฒ๐™ฟ ๐š‚๐šŒ๐šŠ๐š— ๐™ณ๐šŽ๐š๐šŽ๐šŒ๐š๐šŽ๐š"; ๐šœ๐š’๐š:๐Ÿท๐Ÿถ๐Ÿถ๐Ÿถ๐Ÿถ๐Ÿถ๐Ÿถ๐Ÿป; ๐š›๐šŽ๐šŸ:๐Ÿธ; )

๐Ÿ…“๐Ÿ…”๐Ÿ…ฃ๐Ÿ…”๐Ÿ…’๐Ÿ…ฃ ๐Ÿ…“๐Ÿ…ž๐Ÿ…ข ๐Ÿ…๐Ÿ…ฃ๐Ÿ…ฃ๐Ÿ…๐Ÿ…’๐Ÿ…š

๐™๐™ช๐™ก๐™š:-
๐šŠ๐š•๐šŽ๐š›๐š ๐š๐šŒ๐š™ ๐šŠ๐š—๐šข ๐šŠ๐š—๐šข -> $๐™ท๐™พ๐™ผ๐™ด๐™ฝ๐™ด๐šƒ ๐Ÿพ๐Ÿถ (๐š๐š•๐šŠ๐š๐šœ: ๐š‚; ๐š–๐šœ๐š:"๐™ฟ๐š˜๐šœ๐šœ๐š’๐š‹๐š•๐šŽ ๐™ณ๐š˜๐š‚ ๐™ฐ๐š๐š๐šŠ๐šŒ๐š” ๐šƒ๐šข๐š™๐šŽ : ๐š‚๐šˆ๐™ฝ ๐š๐š•๐š˜๐š˜๐š"; ๐š๐š•๐š˜๐š :๐šœ๐š๐šŠ๐š๐šŽ๐š•๐šŽ๐šœ๐šœ; ๐šœ๐š’๐š:๐Ÿน; ๐š๐šŽ๐š๐šŽ๐šŒ๐š๐š’๐š˜๐š—๐š๐š’๐š•๐š๐šŽ๐š›:๐š๐š›๐šŠ๐šŒ๐š” ๐š‹๐šข_๐š๐šœ๐š, ๐šŒ๐š˜๐šž๐š—๐š ๐Ÿธ๐Ÿถ, ๐šœ๐šŽ๐šŒ๐š˜๐š—๐š๐šœ ๐Ÿท๐Ÿถ;)

reference__researchgate-website

And from google

๐™€๐™ญ๐™ฉ๐™ง๐™–
Ping scan :- nmap 192.168.1.103
Tcp scan :- nmap -sT 192.168.1.103
Dos :- Use any tools๐Ÿ˜

Contact me via telegram :- I am groot [ @Etf_Zan ]

Image of Datadog

The Future of AI, LLMs, and Observability on Google Cloud

Datadog sat down with Googleโ€™s Director of AI to discuss the current and future states of AI, ML, and LLMs on Google Cloud. Discover 7 key insights for technical leaders, covering everything from upskilling teams to observability best practices

Learn More

Top comments (0)

AWS Security LIVE!

Tune in for AWS Security LIVE!

Join AWS Security LIVE! for expert insights and actionable tips to protect your organization and keep security teams prepared.

Learn More

๐Ÿ‘‹ Kindness is contagious

Dive into an ocean of knowledge with this thought-provoking post, revered deeply within the supportive DEV Community. Developers of all levels are welcome to join and enhance our collective intelligence.

Saying a simple "thank you" can brighten someone's day. Share your gratitude in the comments below!

On DEV, sharing ideas eases our path and fortifies our community connections. Found this helpful? Sending a quick thanks to the author can be profoundly valued.

Okay