Difference between revisions of "Suricata: Test DDoS Attack"

From OnnoWiki
Jump to navigation Jump to search
Line 54: Line 54:
  
 
  hping3 -S -p 80 --flood --rand-source 192.168.1.148
 
  hping3 -S -p 80 --flood --rand-source 192.168.1.148
 +
 +
Bisa dilihat di
 +
 +
tail -f /var/log/suricata/fast.log
  
 
==Referensi==
 
==Referensi==

Revision as of 09:50, 30 March 2020

Sumber: https://kifarunix.com/install-and-setup-suricata-on-ubuntu-18-04/

Kita akan uji nyali melakukan DDoS Attack ke server yan menjalankan SURICATA.

Menyiapkan Rules

Edit file

vi /etc/suricata/rules/test-ddos.rules
alert tcp any any -> $HOME_NET 80 (msg: "Possible DDoS attack"; flags: S; flow: stateless; threshold: type both, track by_dst, count 200, seconds 1; sid:1000001; rev:1;)

Rule ini akan mencatat jika ada 100 usaha connection dalam 10 detik.

Kita masukan rules test-ddos.rules di bagian rule-files:

vi /etc/suricata/suricata.yaml
rule-files:
  - suricata.rules
# - Custom Test rules
  - test-ddos.rules

Persiapan Attack

Pastikan kita disable packet offload features di network interface,

ethtool -K enp0s3 gro off lro off

Jika tidak bisa, tidak apa2. Pastikan denga perintah,

ethtool -k enp0s3 | grep large
large-receive-offload: off [fixed]


Run Suricata

Run,

killall suricata
rm /var/run/suricata.pid
suricata -D -c /etc/suricata/suricata.yaml -i enp0s3

Bisa dilihat dengan,

suricata --list-runmodes


Kali Linux Attack

Attack menggunakan Kali Linux

hping3 -S -p 80 --flood --rand-source 192.168.1.148

Bisa dilihat di

tail -f /var/log/suricata/fast.log

Referensi

Pranala Menarik