Documente Academic
Documente Profesional
Documente Cultură
Pendahuluan
Port
PortSentry
http://www.psionic.com/products/
portsentry.html.
: Pelabuhan
Sentry : Penjaga
PortSentry adalah sebuah perangkat lunak
yang di rancang untuk mendeteksi adanya
port scanning & meresponds secara aktif
jika ada port scanning secara real time
BSD
Firewall
Dibelakang tiap host yang dilindungi
Fiture PortSentry
Mendeteksi
scan
Melakukan aksi terhadap host yg melakukan
pelanggaran
Mengemail admin system bila di integrasikan
dengan Logcheck/LogSentry
Jenis-Jenis Scan
Connect
setting ????
Melogging pelanggaran akses di
/var/log/messages
Menambahkan entry untuk penyerang di
/etc/hosts.deny
Menambahkan non-permanent route dari
penyerang ke "black-hole"
Mengeblok akses ke sistem
/etc/portsentry/portsentry.conf
file /etc/portsentry.modes
file /etc/portsentry/portsentry.ignore
Menjalankan portsentry
/usr/sbin/portsentry
/etc/rc.d/init.d/portsentry
portsentry
-udp
portsentry -tcp
portsentry -audp
portsentry -sudp
portsentry -atcp
portsentry -stcp
start
KILL_ROUTE="/usr/local/sbin/iptables
-I
/etc/portsentry/portsentry.blocked.atcp
/etc/portsentry/portsentry.blocked.audp
/etc/portsentry/portsentry.history .
Output PortSentry
Sep
- Attack detection.
InterSect Alliance - Intrusiuon analysis. Identifies
malicious or unauthorized access attempts.
snort - Instead of monitoring a single server with
portsentry, snort monitors the network,
performing real-time traffic analysis and packet
logging on IP networks for the detection of an
attack or probe.