<p><em>Cyber attacks are a serious threat to network security, especially in routers that result in termination of connections, missing configurations that affect all communications and transactions between networks become impeded by the loss of many parties. The first step to do is to design and build an attack detection system that is Intrusion Detection System (IDS). The use of snort is useful for recording Distributed Danial of Services (DDoS) attacks as well as traffic data stored on the router stored in the log and forwarded to the instant messaging telegram application as a notification to alert the administrator. A telegram can be used not only as a notification but can also be used as a network forensic stage to strengthen evidence of an attack as a process of data collection for the purposes of the trial. The results showed that by utilizing Instant Messaging Telegram by designing wake Application (App) notification using PHP programming language able to detect attacks by using existing rules on snort and can serve as the basis of evidence of an attack.</em></p><p><strong><em> </em></strong><strong><em>Keywords:</em></strong><strong> </strong><em>Telegram, Intrusion Detection System (IDS), Snort, Network Forensics, DDoS.</em></p><p> </p>