Sebelumnya mungkin kita sudah tidak asing lagi dengan Firewall dan IDS (Intrusion Detection System) semuanya ituadalah sebuah system yang berfungsi untuk mengamankan network dan server.<\/p>\n
IDS itu sendiri pun dibagi dalam 2 jenis yaitu Network Instrusion Detection System (NIDS) dan Host Intrusion Detection System (HIDS). Fungsi dari IDS ini sendiri adalah untuk mendeteksi suatu kejanggalan dari suatu system atau network yang terjadi sesuai dengan jenis tipe yang ada berdasarkan rules.<\/p>\n
Disini penulis hanya akan membicarakan membangun menggunakan aplikasi opensource. Sedangkan cara kerja lebih kurang seperti gambar dibawah ini :<\/p>\n
|\u00a0\u00a0 \u00a0|\u00a0 Input Traffic
\n|\u00a0\u00a0 \u00a0|
\n|\u00a0\u00a0 \u00a0|
\nV\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 V
\n————-\u00a0 Attack Traffic\u00a0\u00a0\u00a0\u00a0\u00a0 OUTPUT DENY
\nHIPS\/NIPS\u00a0\u00a0\u00a0\u00a0 ———–>\u00a0\u00a0\u00a0\u00a0\u00a0 ^
\n————-\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 |\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 |
\n| \u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 |\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 |
\n|\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 V\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 |
\n|\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 ————-\u00a0 Block IP |
\nV———->\u00a0\u00a0\u00a0 Firewall\u00a0\u00a0\u00a0\u00a0\u00a0 ———
\nL\u00a0\u00a0 \u00a0 ————-
\nE\u00a0\u00a0 \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 |
\nG\u00a0\u00a0\u00a0\u00a0 T\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 |
\nA\u00a0\u00a0\u00a0\u00a0\u00a0 R\u00a0\u00a0\u00a0\u00a0\u00a0 |
\nL\u00a0\u00a0\u00a0\u00a0\u00a0 A\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 |
\nF
\nF\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 |
\nI\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 |
\nC\u00a0\u00a0\u00a0\u00a0\u00a0 V
\n—————
\nApplication
\n—————
\nInstalasi;<\/p>\n
\n\n
- Masuk ke direktori snort<\/li>\n
- unila-inherent-gtw# cd \/usr\/ports\/security\/snort<\/strong><\/li>\n
- unila-inherent-gtw# ll
\ntotal 22
\n-rw-r–r–\u00a0\u00a0\u00a0 1 root\u00a0\u00a0\u00a0\u00a0 wheel\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 5080 Aug 15 03:01 Makefile
\n-rw-r–r–\u00a0\u00a0\u00a0 1 root\u00a0\u00a0\u00a0\u00a0 wheel\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 197 Aug 15 03:01 distinfo
\ndrwxr-xr-x\u00a0\u00a0\u00a0 2 root\u00a0\u00a0\u00a0\u00a0 wheel\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 512 Jun 15 10:01 files
\n-rw-r–r–\u00a0\u00a0\u00a0 1 root\u00a0\u00a0\u00a0\u00a0 wheel\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 1202 Apr 20\u00a0 2003 pkg-descr
\n-rw-r–r–\u00a0\u00a0\u00a0 1 root\u00a0\u00a0\u00a0\u00a0 wheel\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 6768 Apr 19 09:23 pkg-plist
\ndrwxr-xr-x\u00a0\u00a0\u00a0 3 root\u00a0\u00a0\u00a0\u00a0 wheel\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 512 Sep 27 15:36 work
\nunila-inherent-gtw#<\/li>\n- unila-inherent-gtw# make && make install<\/strong><\/li>\n
- setelah instalasi selesai download rules dari website resmi http:\/\/snort.org<\/li>\n
- Yang musti diinget rules nya harus bersesuian dengan snort yang udah diinstall\n
\n
- unila-inherent-gtw# pkg_info | grep snort<\/strong>
\nsnort-2.7.0.1\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Lightweight network intrusion detection system
\nunila-inherent-gtw#<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/blockquote>\n\n
- Karena gue pake snort versi 2.7 jadi download rules yang versi 2.7, pengalaman gue kalo download rules nya tidak sesuai dengan snort yang diinstall maka snort tidak akan berfungsi.<\/li>\n
- Setelah donwload rules, ekstrak file tersebut di direktori snort<\/li>\n
- unila-inherent-gtw# cd \/usr\/local\/etc\/snort\/<\/strong>
\nunila-inherent-gtw# ll<\/strong>
\ntotal 2710
\n-r–r–r–\u00a0\u00a0\u00a0 1 root\u00a0\u00a0\u00a0\u00a0 wheel\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 3455 Sep 27 15:36 classification.config
\n-r–r–r–\u00a0\u00a0\u00a0 1 root\u00a0\u00a0\u00a0\u00a0 wheel\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 3455 Sep 27 15:36 classification.config-sample
\n-r–r–r–\u00a0\u00a0\u00a0 1 root\u00a0\u00a0\u00a0\u00a0 wheel\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 12196 Sep 27 15:36 gen-msg.map
\n-r–r–r–\u00a0\u00a0\u00a0 1 root\u00a0\u00a0\u00a0\u00a0 wheel\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 12196 Sep 27 15:36 gen-msg.map-sample
\n-r–r–r–\u00a0\u00a0\u00a0 1 root\u00a0\u00a0\u00a0\u00a0 wheel\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 2060 Sep 27 15:36 generators
\n-r–r–r–\u00a0\u00a0\u00a0 1 root\u00a0\u00a0\u00a0\u00a0 wheel\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 2060 Sep 27 15:36 generators-sample
\n-r–r–r–\u00a0\u00a0\u00a0 1 root\u00a0\u00a0\u00a0\u00a0 wheel\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 548 Sep 27 15:36 reference.config
\n-r–r–r–\u00a0\u00a0\u00a0 1 root\u00a0\u00a0\u00a0\u00a0 wheel\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 548 Sep 27 15:36 reference.config-sample
\ndrwxr-xr-x\u00a0\u00a0\u00a0 5 root\u00a0\u00a0\u00a0\u00a0 wheel\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 1536 Sep 27 16:49 rules
\n-r–r–r–\u00a0\u00a0\u00a0 1 root\u00a0\u00a0\u00a0\u00a0 wheel\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 5 Sep 27 15:36 sid
\n-r–r–r–\u00a0\u00a0\u00a0 1 root\u00a0\u00a0\u00a0\u00a0 wheel\u00a0\u00a0\u00a0\u00a0 1237107 Sep 27 15:36 sid-msg.map
\n-r–r–r–\u00a0\u00a0\u00a0 1 root\u00a0\u00a0\u00a0\u00a0 wheel\u00a0\u00a0\u00a0\u00a0 1237107 Sep 27 15:36 sid-msg.map-sample
\n-r–r–r–\u00a0\u00a0\u00a0 1 root\u00a0\u00a0\u00a0\u00a0 wheel\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 5 Sep 27 15:36 sid-sample
\n-r–r–r–\u00a0\u00a0\u00a0 1 root\u00a0\u00a0\u00a0\u00a0 wheel\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 39083 Sep 27 16:14 snort.conf
\n-r–r–r–\u00a0\u00a0\u00a0 1 root\u00a0\u00a0\u00a0\u00a0 wheel\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 39042 Sep 27 15:36 snort.conf-sample
\n-r–r–r–\u00a0\u00a0\u00a0 1 root\u00a0\u00a0\u00a0\u00a0 wheel\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 2319 Sep 27 15:36 threshold.conf
\n-r–r–r–\u00a0\u00a0\u00a0 1 root\u00a0\u00a0\u00a0\u00a0 wheel\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 2319 Sep 27 15:36 threshold.conf-sample
\n-r–r–r–\u00a0\u00a0\u00a0 1 root\u00a0\u00a0\u00a0\u00a0 wheel\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 53841 Sep 27 15:36 unicode.map
\n-r–r–r–\u00a0\u00a0\u00a0 1 root\u00a0\u00a0\u00a0\u00a0 wheel\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 53841 Sep 27 15:36 unicode.map-sample
\nunila-inherent-gtw#<\/li>\n- Langsung kopiin ke folder rules<\/li>\n
- Setelah selesai tambahkan command\u00a0 snort_enable=”YES”<\/strong> di file startup \/etc\/rc.conf<\/strong><\/li>\n
- Jalankan snort dengan menggunakan perintah \/usr\/local\/etc\/rc.d\/snort start<\/strong><\/li>\n
- unila-inherent-gtw# tail -f \/var\/log\/messages<\/strong>
\nSep 28 08:46:52 unila-inherent-gtw snort[2325]: Warning: flowbits key ‘ms_sql_seen_dns’ is checked but not ever set. Sep 28 08:46:52 unila-inherent-gtw snort[2325]: Warning: flowbits key ‘dce.bind.ca-alert’ is checked but not ever set. Sep 28 08:46:52 unila-inherent-gtw snort[2325]: Warning: flowbits key ‘flv.xfer’ is checked but not ever set.
\nSep 28 08:46:52 unila-inherent-gtw snort[2325]: 51 out of 512 flowbits in use.
\nSep 28 08:46:52 unila-inherent-gtw snort[2325]: *** *** interface device lookup found: em0 ***
\nSep 28 08:46:52 unila-inherent-gtw snort[2325]: Initializing daemon mode
\nSep 28 08:46:52 unila-inherent-gtw snort[2326]: PID path stat checked out ok, PID path set to \/var\/run\/
\nSep 28 08:46:52 unila-inherent-gtw snort[2326]: Writing PID “2326” to file “\/var\/run\/\/snort_em0.pid”
\nSep 28 08:46:52 unila-inherent-gtw snort[2326]: Daemon initialized, signaled parent pid: 2325
\nSep 28 08:46:52 unila-inherent-gtw snort[2325]: Daemon parent exiting
\nSep 28 08:47:07 unila-inherent-gtw snort[2326]: Preprocessor\/Decoder Rule Count: 0
\nSep 28 08:47:07 unila-inherent-gtw snort[2326]: Snort initialization completed successfully (pid=2326)
\nSep 28 08:47:07 unila-inherent-gtw snort[2326]: Not Using PCAP_FRAMES<\/li>\n- unila-inherent-gtw# ps ax | grep snort<\/strong>
\n2326\u00a0 ??\u00a0 Ss\u00a0\u00a0\u00a0\u00a0 0:33.51 \/usr\/local\/bin\/snort -Dq -c \/usr\/local\/etc\/snort\/snort.conf
\n2329\u00a0 p3\u00a0 L+\u00a0\u00a0\u00a0\u00a0 0:00.00 grep snort
\nunila-inherent-gtw#apakah snort sudah berjalan dengan baik<\/li>\n- Kemudian cek apakah ada yang melakukan penyerangan dengan mengecek log alert snort<\/li>\n
- unila-inherent-gtw# tail -f \/var\/log\/snort\/alert<\/strong><\/li>\n
- ho..ho..ho…. ternyata banyak juga yang iseng<\/li>\n
- [**] [1:483:6] ICMP PING CyberKit 2.2 Windows [**]
\n[Classification: Misc activity] [Priority: 3]
\n09\/28-08:52:57.862390 192.168.140.35 -> 192.168.43.188
\nICMP TTL:28 TOS:0x0 ID:39662 IpLen:20 DgmLen:92
\nType:8\u00a0 Code:0\u00a0 ID:512\u00a0\u00a0 Seq:45340\u00a0 ECHO
\n[Xref => http:\/\/www.whitehats.com\/info\/IDS154]<\/p>\n[**] [1:483:6] ICMP PING CyberKit 2.2 Windows [**]
\n[Classification: Misc activity] [Priority: 3]
\n09\/28-08:52:57.862498 192.168.140.35 -> 192.168.43.189
\nICMP TTL:105 TOS:0x0 ID:39663 IpLen:20 DgmLen:92
\nType:8\u00a0 Code:0\u00a0 ID:512\u00a0\u00a0 Seq:45596\u00a0 ECHO
\n[Xref => http:\/\/www.whitehats.com\/info\/IDS154]<\/p>\n[**] [1:483:6] ICMP PING CyberKit 2.2 Windows [**]
\n[Classification: Misc activity] [Priority: 3]
\n09\/28-08:52:57.862515 192.168.140.35 -> 192.168.43.189
\nICMP TTL:104 TOS:0x0 ID:39663 IpLen:20 DgmLen:92
\nType:8\u00a0 Code:0\u00a0 ID:512\u00a0\u00a0 Seq:45596\u00a0 ECHO
\n[Xref => http:\/\/www.whitehats.com\/info\/IDS154]<\/p>\n[**] [1:483:6] ICMP PING CyberKit 2.2 Windows [**]
\n[Classification: Misc activity] [Priority: 3]
\n09\/28-08:52:57.862622 192.168.140.35 -> 192.168.43.188
\nICMP TTL:27 TOS:0x0 ID:39662 IpLen:20 DgmLen:92
\nType:8\u00a0 Code:0\u00a0 ID:512\u00a0\u00a0 Seq:45340\u00a0 ECHO
\n[Xref => http:\/\/www.whitehats.com\/info\/IDS154]<\/p>\n[**] [1:483:6] ICMP PING CyberKit 2.2 Windows [**]
\n[Classification: Misc activity] [Priority: 3] ^C<\/li>\n- Yups udah ketauan orang yang iseng, tinggal blok pake PF aja…..<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"
Sebelumnya mungkin kita sudah tidak asing lagi dengan Firewall dan IDS (Intrusion Detection System) semuanya ituadalah sebuah system yang berfungsi untuk mengamankan network dan server. IDS itu sendiri pun dibagi dalam 2 jenis yaitu Network Instrusion Detection System (NIDS) dan Host Intrusion Detection System (HIDS). Fungsi dari IDS ini sendiri adalah untuk mendeteksi suatu kejanggalan … Continue reading “IDS Using SNORT 2.7 and FREEBSD 6.2 Stable”<\/span><\/a><\/p>\n","protected":false},"author":25,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1348,5],"tags":[],"class_list":["post-109","post","type-post","status-publish","format-standard","hentry","category-kiat-sukses-menjadi-seorang-network-engineer-2","category-old-post-dari-unilanet"],"_links":{"self":[{"href":"https:\/\/dosen.unila.ac.id\/gigih\/wp-json\/wp\/v2\/posts\/109"}],"collection":[{"href":"https:\/\/dosen.unila.ac.id\/gigih\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dosen.unila.ac.id\/gigih\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dosen.unila.ac.id\/gigih\/wp-json\/wp\/v2\/users\/25"}],"replies":[{"embeddable":true,"href":"https:\/\/dosen.unila.ac.id\/gigih\/wp-json\/wp\/v2\/comments?post=109"}],"version-history":[{"count":0,"href":"https:\/\/dosen.unila.ac.id\/gigih\/wp-json\/wp\/v2\/posts\/109\/revisions"}],"wp:attachment":[{"href":"https:\/\/dosen.unila.ac.id\/gigih\/wp-json\/wp\/v2\/media?parent=109"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dosen.unila.ac.id\/gigih\/wp-json\/wp\/v2\/categories?post=109"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dosen.unila.ac.id\/gigih\/wp-json\/wp\/v2\/tags?post=109"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}