Ok Gaes ketemu lagi dengan saya disini saya akan menjelaskan bagaimana cara kerj

1. Ok Gaes ketemu lagi dengan saya disini saya akan menjelaskan bagaimana cara kerja
2. SNORT (IDS) ya gaes
3. pertama install buat rules
4. jalankan dan lihat lognya
5.  
6. alert icmp any any -> $HOME_NET any (msg:"Ada yang PING"; sid:10000001; rev:001;)
7. alert tcp any 21 -> $HOME_NET any (msg:"Ada yang Coba FTP"; sid:10000002; rev:002;)
8. alert tcp any 80 -> $HOME_NET any (msg:"Ada yang Akses Web"; sid:10000003; rev:003;)
9. alert tcp any 22 -> $HOME_NET any (msg:"Ada yang Coba SSH"; sid:10000004; rev:004;)
10. alert tcp any 4444 -> $HOME_NET any (msg:"Exploit Metasploit Detect port 4444"; sid:10000005; rev:005;)
11.  
12.  
13. deteksi atas
14. ping
15. ftp
16. web
17. ssh
18. metasploit port 4444
19.  
20.  
21. snort saya tarus di
22. ipvar HOME_NET 10.10.1.1/24
23.  
24. ok gaes itu adalah ip dari ETH0
25. sekarang jalankan
26.  
27. snort -A console -i eth0 -u snort -g snort -c /etc/snort/snort.conf
28. efek Ping, FTP, WEB, SSH, sekarang ke metasploit dulu,  Exploit Metasploit Detect port 4444
29. ok Gaes sekian ya terus sekarang gimana lihat LOGNYA
30.  
31.  
32.  WARNING: No preprocessors configured for policy 0.
33. 10/30-19:26:58.214021 10.10.1.2:4444 -> 10.10.1.1:58638
34. TCP TTL:64 TOS:0x0 ID:40641 IpLen:20 DgmLen:180 DF
35. ***AP*** Seq: 0x19D30B9  Ack: 0xAB5EB290  Win: 0x121  TcpLen: 32
36. TCP Options (3) => NOP NOP TS: 2110748209 86463
37. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
38.  
39. WARNING: No preprocessors configured for policy 0.
40. 10/30-19:26:58.216543 10.10.1.2:4444 -> 10.10.1.1:58638
41. TCP TTL:64 TOS:0x0 ID:40642 IpLen:20 DgmLen:196 DF
42. ***AP*** Seq: 0x19D3139  Ack: 0xAB5EB3A0  Win: 0x12F  TcpLen: 32
43. TCP Options (3) => NOP NOP TS: 2110748211 86463
44. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
45.  
46. WARNING: No preprocessors configured for policy 0.
47. 10/30-19:26:58.218460 10.10.1.2:4444 -> 10.10.1.1:58638
48. TCP TTL:64 TOS:0x0 ID:40643 IpLen:20 DgmLen:196 DF
49. ***AP*** Seq: 0x19D31C9  Ack: 0xAB5EB440  Win: 0x13D  TcpLen: 32
50. TCP Options (3) => NOP NOP TS: 2110748213 86464
51. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
52.  
53. WARNING: No preprocessors configured for policy 0.
54. 10/30-19:26:58.220290 10.10.1.2:4444 -> 10.10.1.1:58638
55. TCP TTL:64 TOS:0x0 ID:40644 IpLen:20 DgmLen:180 DF
56. ***AP*** Seq: 0x19D3259  Ack: 0xAB5EB4F0  Win: 0x14B  TcpLen: 32
57. TCP Options (3) => NOP NOP TS: 2110748215 86464
58. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
59.  
60. WARNING: No preprocessors configured for policy 0.
61. 10/30-19:26:58.261441 10.10.1.2:4444 -> 10.10.1.1:58638 -> ini metasploit
62. TCP TTL:64 TOS:0x0 ID:40645 IpLen:20 DgmLen:52 DF
63. ***A**** Seq: 0x19D32D9  Ack: 0xAB5EB5A0  Win: 0x15A  TcpLen: 32
64. TCP Options (3) => NOP NOP TS: 2110748256 86465
65. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
66.  
67. WARNING: No preprocessors configured for policy 0.
68. 10/30-19:27:17.279834  ip Server 10.10.1.1:80 -> ip attacker 10.10.1.2:34031 -->ini webnya
69. TCP TTL:64 TOS:0x0 ID:16618 IpLen:20 DgmLen:52 DF
70. ***A**** Seq: 0xC9D0107C  Ack: 0x26BAAC03  Win: 0x21F  TcpLen: 32
71. TCP Options (3) => NOP NOP TS: 91230 2110767227
72. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
73.  
74.  
75.  
76.  
77.  
78.  
79. Oke gaes sekian ya