Network security on the webserver is the most important part to ensure integrity and service for users. Web servers are often the target of attacks that result in data corruption. One of them is the SYN Flood attack, which is a type of Denial of Service (DOS) attack that provides massive SYN requests to the webserver. This research is to analyze attack indications and maintain system security from the threat of data flooding. One way to maintain a computer network security system is to use Snort as an IDS (Intrusion Detection System). Snort is software that functions to detect intrusions. Data packets passing through network traffic will be analyzed first. Data packets detected as intrusions will trigger an alert which is then stored in a log file. That way, network administrators can find out intrusions that occur on computer networks. The method of testing flood attack data is using the penetration testing method. The three test samples are data flooding attacks against ICMP, UDP, and TCP protocols. The results obtained when testing flooding attack data where detection sensors can detect all attacks and all attack samples, while the warnings generated by Snort are shown in a web form which can be seen in the detail of each attack that occurred.