Cara Mengidentifikasi Serangan Hacker

Cara Mengidentifikasi Serangan Hacker Saya yakin temen temen udah pada tau tentang hal ini, tapi ini cuma sekedar mengingatkan kembali memori kita dulu menangani security dengan cara manual, jangan menyalah gunakan artikel ini dan saya tidak bertanggung jawab atas penyalah gunaan artikel ini Sumber : www dot Hackersbook dot com Semoga bermanfaat Identifying attackers – “Pants down" You certainly experience people trying to send you Trojans or viruses or attacking you with unnecessary mails. Your firewall will caution you in such cases and reveal the sender’s IP address in the mail header. The IP address comes in handy when trying to identify the origin of the attack. We want to illustrate what steps to take in order to get as much information as possible. PING The IP address gives the attacker’s Internet address. The numerical address like 212.214.172.81 does not reveal much. You can use PING to convert the address into a domain name in WINDOWS: The Domain Name Service (DNS) protocol reveals the matching domain name. PING stands for “Packet Internet Groper” and is delivered with practically every Internet compatible system, including all current Windows versions. Make sure you are logged on to the net. Open the DOS shell and enter the following PING command: Ping –a 123.123.12.1 Ping will search the domain name and reveal it. You will often have information on the provider the attacker uses e.g.: dialup21982.gateway123.provider.com This means that the attacker logged on using “provider.com”. Unfortunately, there are several IP addresses that cannot be converted into domain names. The following passage may be of help in such cases. Traceroute – Where is the attack from? Traceroute is also carried out in the MS DOS shell, and connects your PC to another one that is in the Internet or to a server. In precise terms, Traceroute traces the route of data packages that have reached you from a particular location in the net and vice versa. Internet comprises of several servers and routers that function as stations that convey your data packages further. Traceroute is known as “tracert” in Windows. Tracert 123.123.12.1 Tracer connects to the computer whose IP has been entered and reveals all stations starting from your Internet connection. Both the IP address as well as the domain name (if available) is displayed. If PING cannot reveal a name, Traceroute will possibly deliver the name of the last or second

last station to the attacker, which may enable conclusions concerning the name of the provider used by the attacker and the region from which the attacks are coming. After identifying a provider in this manner (e.g. provider.com), you can obtain more information on this provider at http://www.netsol.com/cgibin/whois/whois . Foreign domain names can searched for under the WHOIS section of that country. You will find these at http://ww.nic. +national top-leveldomains. e.g. http://www.nic.at for Austria or http://www.nic.ch for Switzerland or http://www.nic.de for Germany. Geographical analysis with NeoTrace Finally, we would like to introduce another tool, “NeoTrace”, which even gives a graphical display of TRACEROUTE analysis and the connection on a map. A free trial version is available at http://www.neotrace.com. After downloading, you should install while still online to enable Neotrace display the geographical details. Enter your country and the next city to where you are. After installing, you can enter the IP address you are targeting in the area marked “Target”, then click “Go”. terims Kepada dokter_cinta