Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Ok Gaes ketemu lagi dengan saya disini saya akan menjelaskan bagaimana cara kerja
- SNORT (IDS) ya gaes
- pertama install buat rules
- jalankan dan lihat lognya
- alert icmp any any -> $HOME_NET any (msg:"Ada yang PING"; sid:10000001; rev:001;)
- alert tcp any 21 -> $HOME_NET any (msg:"Ada yang Coba FTP"; sid:10000002; rev:002;)
- alert tcp any 80 -> $HOME_NET any (msg:"Ada yang Akses Web"; sid:10000003; rev:003;)
- alert tcp any 22 -> $HOME_NET any (msg:"Ada yang Coba SSH"; sid:10000004; rev:004;)
- alert tcp any 4444 -> $HOME_NET any (msg:"Exploit Metasploit Detect port 4444"; sid:10000005; rev:005;)
- deteksi atas
- ping
- ftp
- web
- ssh
- metasploit port 4444
- snort saya tarus di
- ipvar HOME_NET 10.10.1.1/24
- ok gaes itu adalah ip dari ETH0
- sekarang jalankan
- snort -A console -i eth0 -u snort -g snort -c /etc/snort/snort.conf
- efek Ping, FTP, WEB, SSH, sekarang ke metasploit dulu, Exploit Metasploit Detect port 4444
- ok Gaes sekian ya terus sekarang gimana lihat LOGNYA
- WARNING: No preprocessors configured for policy 0.
- 10/30-19:26:58.214021 10.10.1.2:4444 -> 10.10.1.1:58638
- TCP TTL:64 TOS:0x0 ID:40641 IpLen:20 DgmLen:180 DF
- ***AP*** Seq: 0x19D30B9 Ack: 0xAB5EB290 Win: 0x121 TcpLen: 32
- TCP Options (3) => NOP NOP TS: 2110748209 86463
- =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
- WARNING: No preprocessors configured for policy 0.
- 10/30-19:26:58.216543 10.10.1.2:4444 -> 10.10.1.1:58638
- TCP TTL:64 TOS:0x0 ID:40642 IpLen:20 DgmLen:196 DF
- ***AP*** Seq: 0x19D3139 Ack: 0xAB5EB3A0 Win: 0x12F TcpLen: 32
- TCP Options (3) => NOP NOP TS: 2110748211 86463
- =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
- WARNING: No preprocessors configured for policy 0.
- 10/30-19:26:58.218460 10.10.1.2:4444 -> 10.10.1.1:58638
- TCP TTL:64 TOS:0x0 ID:40643 IpLen:20 DgmLen:196 DF
- ***AP*** Seq: 0x19D31C9 Ack: 0xAB5EB440 Win: 0x13D TcpLen: 32
- TCP Options (3) => NOP NOP TS: 2110748213 86464
- =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
- WARNING: No preprocessors configured for policy 0.
- 10/30-19:26:58.220290 10.10.1.2:4444 -> 10.10.1.1:58638
- TCP TTL:64 TOS:0x0 ID:40644 IpLen:20 DgmLen:180 DF
- ***AP*** Seq: 0x19D3259 Ack: 0xAB5EB4F0 Win: 0x14B TcpLen: 32
- TCP Options (3) => NOP NOP TS: 2110748215 86464
- =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
- WARNING: No preprocessors configured for policy 0.
- 10/30-19:26:58.261441 10.10.1.2:4444 -> 10.10.1.1:58638 -> ini metasploit
- TCP TTL:64 TOS:0x0 ID:40645 IpLen:20 DgmLen:52 DF
- ***A**** Seq: 0x19D32D9 Ack: 0xAB5EB5A0 Win: 0x15A TcpLen: 32
- TCP Options (3) => NOP NOP TS: 2110748256 86465
- =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
- WARNING: No preprocessors configured for policy 0.
- 10/30-19:27:17.279834 ip Server 10.10.1.1:80 -> ip attacker 10.10.1.2:34031 -->ini webnya
- TCP TTL:64 TOS:0x0 ID:16618 IpLen:20 DgmLen:52 DF
- ***A**** Seq: 0xC9D0107C Ack: 0x26BAAC03 Win: 0x21F TcpLen: 32
- TCP Options (3) => NOP NOP TS: 91230 2110767227
- =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
- Oke gaes sekian ya
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement