Scribd Logo
Upload

Welcome to Scribd!

  • Rules Yang Digunakan Pada Snort

    Uploaded by

    Kii Ka
    22 views10 pages
    contoh lampiran

    Original Title

    Lampiran

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    contoh lampiran

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    22 views10 pages

    Rules Yang Digunakan Pada Snort

    Uploaded by

    Kii Ka
    contoh lampiran

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 10

    1.

    Rules yang digunakan pada Snort


    alert icmp any any -> any any (msg:"ICMP Flood"; dsize:>40; itype:8;
    reference:arachnids,162; classtype:attempted-recon; sid:6; rev:3;)

    alert tcp any any -> any any (msg: " TCP SYN packet flooding (simple or distributed)";
    threshold: type both, track by_dst, count 10000, seconds 60; flow:stateless; flags:S,12;
    sid:7; rev:1;)

    2. Topologi yang digunakan pada Mininet


    from mininet.topo import Topo

    class MyTopo( Topo ):

    def __init__( self ):

    #Initialize topology

    Topo.__init__( self )

    #PID

    def int2dpid( dpid ):

    try:

    dpid = hex( dpid ) [ 2: ]

    dpid = '0' * (16 - len( dpid )) + dpid

    return dpid

    except IndexError:

    raise Exception ( 'Unable to derive default datapath ID -' 'please either


    specify a dpid or use a' 'canonical switcj ma,e as s23.')

    #Add host & switch


    hostSatu = self.addHost('h1', ip='10.0.0.1')

    hostDua = self.addHost('h2', ip='10.0.0.2')

    hostTiga = self.addHost('h3', ip='10.0.0.3')

    hostEmpat = self.addHost('h4', ip='10.0.0.4')

    switchPusat = self.addSwitch('s1', mac='00:00:00:00:00:01',dpid=int2dpid(1))

    switchSatu = self.addSwitch('s2', mac='00:00:00:00:00:02',dpid=int2dpid(2))

    switchDua = self.addSwitch('s3', mac='00:00:00:00:00:03',dpid=int2dpid(3))

    #Add links

    self.addLink('s1','s2',bw=100)

    self.addLink('s1','s3',bw=100)

    self.addLink('h1','s2',bw=100)

    self.addLink('h2','s2',bw=100)

    self.addLink('h3','s3',bw=100)

    self.addLink('h4','s3',bw=100)

    topos = {'mytopo': (lambda: MyTopo()) }


    3. Script Unblock
    #!/bin/bash

    while [[ $# -gt 0 ]]; do

    case "$1" in

    -rule1s1)

    rule1_s1=$2

    shift

    ;;

    -rule2s1)

    rule2_s1=$2

    shift

    ;;

    *)

    esac

    shift

    done

    echo
    "*********************************************************************
    ***"

    sleep 10

    echo "Recovering Connection"

    curl -X DELETE -d '{"rule_id": '$rule1_s1'}'


    http://localhost:8080/firewall/rules/0000000000000001

    curl -X DELETE -d '{"rule_id": '$rule2_s1'}'


    http://localhost:8080/firewall/rules/0000000000000001

    echo

    echo
    "*********************************************************************
    ***"
    4. Script Blokir
    #!/bin/bash clear

    logfile="/var/log/snort/alert.csv"

    tail -s 0 -n 1 -f $logfile | while read line; do

    src=`echo $line | cut -f 4 -d ","`

    dst=`echo $line | cut -f 5 -d ","`

    if [[ $src == *[:]* ]]

    then

    src=`echo $src | cut -f 1 -d ":"`

    fi

    if [[ $dst == *[:]* ]]

    then

    dst=`echo $dst | cut -f 1 -d ":"`

    fi

    echo "Start Blocking"

    curl -X POST -d '{"nw_src": "'$src'", "nw_dst":"'$dst'", "nw_proto":"TCP", "actions":


    "DENY", "priority": "10"}' http://localhost:8080/firewall/rules/0000000000000001

    rule1s1=`curl -s http://localhost:8080/firewall/rules/0000000000000001 | jq ' .[]


    | .access_control_list | .[] | .rules | max_by(.rule_id) | .rule_id '`
    echo

    curl -X POST -d '{"nw_src": "'$dst'", "nw_dst":"'$src'", "nw_proto":"TCP", "actions":


    "DENY", "priority": "10"}' http://localhost:8080/firewall/rules/0000000000000001

    rule2s1=`curl -s http://localhost:8080/firewall/rules/0000000000000001 | jq ' .[]


    | .access_control_list | .[] | .rules | max_by(.rule_id) | .rule_id '`

    echo

    ./unblock.sh -rule1s1 $rule1s1 -rule2s1 $rule2s1

    done
    5. Data Hasil Pengujian Performansi
    5.1. Delay Video Stream
    TCP (Syn Flood )
    25 Mbps 50 Mbps 75 Mbps 90 Mbps 91 Mbps 92 Mbps 93 Mbps 94 Mbps 95 Mbps 96 Mbps 97 Mbps 98 Mbps 99 Mbps 100 Mbps
    Tanpa IPS 0.189 0.44 11.025 15.842 18.227 18.636 19.355 19.428 20.201 20.593 21.002 35.11 39.776 46.544
    Terintegrasi IPS 0.441 0.872 140.334 170.019 173.150 175.968 178.523 180.886 184.015 186.114 189.005 190.524 196.531 197.170

    ICMP 1Kb, i=u1


    25 Mbps 50 Mbps 75 Mbps 90 Mbps 91 Mbps 92 Mbps 93 Mbps 94 Mbps 95 Mbps 96 Mbps 97 Mbps 98 Mbps 99 Mbps 100 Mbps
    Tanpa IPS 179.031 183.279 194.592 204.978 204.983 205.013 205.019 205.021 205.048 205.069 206.354 207.163 209.138 210.394
    Terintegrasi IPS 0.324 0.619 182.524 204.85 216.917 221.47 225.516 227.136 228.946 229.576 230.277 233.613 235.162 238.874

    5.2. Delay VoIP


    TCP (Syn Flood )
    25 Mbps 50 Mbps 75 Mbps 90 Mbps 91 Mbps 92 Mbps 93 Mbps 94 Mbps 95 Mbps 96 Mbps 97 Mbps 98 Mbps 99 Mbps 100 Mbps
    Tanpa IPS 0.074 0.198 0.212 0.355 0.358 0.361 0.363 0.368 0.373 0.382 0.383 0.392 0.394 0.398
    Terintegrasi IPS 0.267 0.681 0.697 0.712 0.719 0.724 0.731 0.738 0.781 0.835 0.861 0.872 0.881 0.894

    ICMP 1Kb, i=u1


    25 Mbps 50 Mbps 75 Mbps 90 Mbps 91 Mbps 92 Mbps 93 Mbps 94 Mbps 95 Mbps 96 Mbps 97 Mbps 98 Mbps 99 Mbps 100 Mbps
    Tanpa IPS 161.528 175.875 178.45 188.89 189.88 190.17 190.24 190.38 190.49 190.63 190.71 190.86 190.93 191.13
    Terintegrasi IPS 0.311 0.346 0.553 0.559 0.565 0.569 0.571 0.581 0.587 0.595 0.611 0.617 0.621 0.625
    5.3. Jitter VoIP
    TCP (Syn Flood )
    25 Mbps 50 Mbps 75 Mbps 90 Mbps 91 Mbps 92 Mbps 93 Mbps 94 Mbps 95 Mbps 96 Mbps 97 Mbps 98 Mbps 99 Mbps 100 Mbps
    Tanpa IPS 0.062 0.153 0.245 0.341 0.347 0.351 0.355 0.358 0.362 0.365 0.371 0.384 0.389 0.391
    Terintegrasi IPS 0.345 0.375 0.411 0.419 0.431 0.442 0.45 0.458 0.463 0.475 0.488 0.493 0.498 0.504

    ICMP 1Kb, i=u1


    25 Mbps 50 Mbps 75 Mbps 90 Mbps 91 Mbps 92 Mbps 93 Mbps 94 Mbps 95 Mbps 96 Mbps 97 Mbps 98 Mbps 99 Mbps 100 Mbps
    Tanpa IPS 1.427 2.094 2.361 2.428 2.581 2.637 2.715 2.882 2.921 2.987 3.113 3.225 3.283 3.371
    Terintegrasi IPS 0.252 0.406 0.47 0.473 0.477 0.48 0.483 0.485 0.487 0.492 0.498 0.513 0.526 0.533

    5.4. Troughput Video Stream


    TCP (Syn Flood )
    25 Mbps 50 Mbps 75 Mbps 90 Mbps 91 Mbps 92 Mbps 93 Mbps 94 Mbps 95 Mbps 96 Mbps 97 Mbps 98 Mbps 99 Mbps 100 Mbps
    Tanpa IPS 5384 5278 4913 4876 4852 4797 4776 4647 4613 4585 4567 4544 4506 4346
    Terintegrasi IPS 5358.806 5220.578 4564.933 4367.35 4340.294 4329.131 4308.808 4276.15 4243.194 4213.061 4179.422 4148.556 4122.506 4095.164

    ICMP 1Kb, i=u1


    25 Mbps 50 Mbps 75 Mbps 90 Mbps 91 Mbps 92 Mbps 93 Mbps 94 Mbps 95 Mbps 96 Mbps 97 Mbps 98 Mbps 99 Mbps 100 Mbps
    Tanpa IPS 4300 2860 2803 2794 2706 2666 2661 2653 2647 2613 2581 2543 2532 2521
    Terintegrasi IPS 5312 5206 4627 4535 4435 4421 4416 4392 4385 4359 4320 4304 4228 4216
    5.5. Troughput VoIP
    TCP (Syn Flood )
    25 Mbps 50 Mbps 75 Mbps 90 Mbps 91 Mbps 92 Mbps 93 Mbps 94 Mbps 95 Mbps 96 Mbps 97 Mbps 98 Mbps 99 Mbps 100 Mbps
    Tanpa IPS 70 70 70 70 70 70 70 70 70 70 70 70 70 70
    Terintegrasi IPS 70 70 70 70 70 70 70 70 70 70 70 70 70 70

    ICMP 1Kb, i=u1


    25 Mbps 50 Mbps 75 Mbps 90 Mbps 91 Mbps 92 Mbps 93 Mbps 94 Mbps 95 Mbps 96 Mbps 97 Mbps 98 Mbps 99 Mbps 100 Mbps
    Tanpa IPS 58 34 33 32 32 32 32 32 31 31 31 31 31 31
    Terintegrasi IPS 70 70 70 70 70 70 70 70 70 70 70 70 70 70

    5.6. Packet Loss Video Stream


    TCP (Syn Flood )
    25 Mbps 50 Mbps 75 Mbps 90 Mbps 91 Mbps 92 Mbps 93 Mbps 94 Mbps 95 Mbps 96 Mbps 97 Mbps 98 Mbps 99 Mbps 100 Mbps
    Tanpa IPS 0 0 0.84 8.11 8.79 9.47 10.04 10.66 11.58 14.35 14.48 14.93 15.2 17.83
    Terintegrasi IPS 0 0 11.06206 15.19464 15.68664 16.19286 16.61331 17.18683 17.84106 18.53483 19.24681 19.627 20.22789 20.65311

    ICMP 1Kb, i=u1


    25 Mbps 50 Mbps 75 Mbps 90 Mbps 91 Mbps 92 Mbps 93 Mbps 94 Mbps 95 Mbps 96 Mbps 97 Mbps 98 Mbps 99 Mbps 100 Mbps
    Tanpa IPS 18.88 45.12 45.86 46.36 46.85 47.13 47.28 47.36 47.73 47.85 47.96 48.31 48.67 48.87
    Terintegrasi IPS 0 0 13.43 16.83 17.43 17.51 17.57 17.46 18.13 17.93 17.75 17.71 17.65 18.12
    5.7. Packet Loss VoIP
    TCP (Syn Flood )
    25 Mbps 50 Mbps 75 Mbps 90 Mbps 91 Mbps 92 Mbps 93 Mbps 94 Mbps 95 Mbps 96 Mbps 97 Mbps 98 Mbps 99 Mbps 100 Mbps
    Tanpa IPS 0 0 0 0 0 0 0 0 0 0 0 0 0 0
    Terintegrasi IPS 0 0 0 0 0 0 0 0 0 0 0 0 0 0

    ICMP 1Kb, i=u1


    25 Mbps 50 Mbps 75 Mbps 90 Mbps 91 Mbps 92 Mbps 93 Mbps 94 Mbps 95 Mbps 96 Mbps 97 Mbps 98 Mbps 99 Mbps 100 Mbps
    Tanpa IPS 17.74 51.69 53.29 54.79 54.81 54.93 54.94 55.13 55.21 55.24 55.37 55.43 55.51 55.69
    Terintegrasi IPS 0 0 0 0 0 0 0 0 0 0 0 0 0 0

    5.8. Intrusion Detection System


    100 100 100 100 100 100 100 100 95 89 75 65 54 42
    100 100 100 100 100 100 100 100 96 93 79 61 53 41
    100 100 100 100 100 100 100 100 96 88 72 63 52 42
    100 100 100 100 100 100 100 100 95 87 71 61 51 43
    100 100 100 100 100 100 100 100 95 88 69 63 52 45
    Detection Rate (%)

    100 100 100 100 100 100 100 100 93 79 77 63 61 45


    100 100 100 100 100 100 100 100 94 82 72 61 58 47
    100 100 100 100 100 100 100 100 94 86 74 62 59 46
    100 100 100 100 100 100 100 100 95 85 73 64 60 41
    100 100 100 100 100 100 100 100 95 85 71 64 52 42
    100 100 100 100 100 100 100 100 96 87 74 65 53 48
    100 100 100 100 100 100 100 100 96 88 72 67 52 42
    100 100 100 100 100 100 100 100 97 84 77 68 51 43
    100 100 100 100 100 100 100 100 93 81 78 68 55 40
    100 100 100 100 100 100 100 100 95 85.85714 73.85714 63.92857 54.5 43.35714
    1000 2000 3000 4000 5000 6000 7000 8000 9000 10000 15000 25000 50000 75000
    Attack Rate (Packet/s)
    100 100 100 100 100 100 100 100 95 85.85714 73.85714 63.92857 54.5 43.35714

    You might also like