Effective of Unicast and Multicast IP Address Attack over Intrusion Detection System with Honeypot

Many things can destabilize a computer network connections, both with regard to hardware and software. Therefore, we need a technique for network security, one of them is firewall. The problems that arise in this final project is to build a linux based firewall automation application via web service by using REST (Representational State Transfer) architecture and IDS (Intrusion Detection System). The system buid firewall rules using linux operating system with the help o f 2 pieces o f IDS to detect theactivities of traffic data between the intruder and the server that will be recorded in the IDS database. The system will compare the server with IDS on the router to get the IP address o f the actual intruders, so it will be blocked by the firewall. The applications is used to prevents the ping o f death attack usingweb service and REST protocol so that firewall rules will run automatically.

Download Full-text

Performance Analysis of Mail Clients on Low Cost Computer With ELGamal and RSA Using SNORT

Advances in Systems Analysis, Software Engineering, and High Performance Computing - Handbook of Research on Pattern Engineering System Development for Big Data Analytics ◽

10.4018/978-1-5225-3870-7.ch020 ◽

2018 ◽

pp. 332-353

Author(s):

Sreerama Murthy Kattamuri ◽

Vijayalakshmi Kakulapati ◽

Pallam Setty S.

Keyword(s):

Intrusion Detection ◽

Low Power ◽

Intrusion Detection System ◽

Detection System ◽

Low Cost ◽

Raspberry Pi ◽

Ip Address ◽

Intrusion Prevention ◽

Plain Text ◽

Intrusion Prevention System

An intrusion detection system (IDS) focuses on determining malicious tasks by verifying network traffic and informing the network administrator for restricting the user or source or source IP address from accessing the network. SNORT is an open source intrusion detection system (IDS) and SNORT also acts as an intrusion prevention system (IPS) for monitoring and prevention of security attacks on networks. The authors applied encryption for text files by using cryptographic algorithms like Elgamal and RSA. This chapter tested the performance of mail clients in low cost, low power computer Raspberry Pi, and verified that SNORT is efficient for both algorithms. Within low cost, low power computer, they observed that as the size of the file increases, the run time is constant for compressed data; whereas in plain text, it changed significantly.

Download Full-text

Analisis Forensik Jaringan Studi Kasus Serangan SQL Injection pada Server Universitas Gadjah Mada

IJCCS (Indonesian Journal of Computing and Cybernetics Systems) ◽

10.22146/ijccs.2157 ◽

2013 ◽

Vol 7 (1) ◽

Author(s):

Resi Utami Putri ◽

Jazi Eko Istiyanto

Keyword(s):

Intrusion Detection ◽

Computer Security ◽

Intrusion Detection System ◽

Process Model ◽

Detection System ◽

Process Models ◽

Sql Injection ◽

Ip Address ◽

Security Investigation ◽

Automated Tools

AbstrakForensik jaringan merupakan ilmu keamanan komputer berkaitan dengan investigasi untuk menemukan sumber serangan pada jaringan berdasarkan bukti log, mengidentifikasi, menganalisis serta merekonstruksi ulang kejadian tersebut. Penelitian forensik jaringan dilakukan di Pusat Pelayanan Teknologi Informasi dan Komunikasi (PPTIK) Universitas Gadjah Mada.Metode yang digunakan adalah model proses forensik (The Forensic Process Model) sebuah model proses investigasi forensik digital, yang terdiri dari tahap pengkoleksian, pemeriksaan, analisis dan pelaporan. Penelitian dilakukan selama lima bulan dengan mengambil data dari Intrusion Detection System (IDS) Snort. Beberapa file log digabungkan menjadi satu file log, lalu data dibersihkan agar sesuai untuk penelitian.Berdasarkan hasil penelitian yang telah dilakukan, terdapat 68 IP address yang melakukan tindakan illegal SQL Injection pada server www.ugm.ac.id. Kebanyakan penyerang menggunakan tools SQL Injection yaitu Havij dan SQLMap sebagai tool otomatis untuk memanfaatkan celah keamanan pada suatu website. Selain itu, ada yang menggunakan skrip Python yaitu berasal dari benua Eropa yaitu di Romania. Kata kunci—forensik jaringan, model proses forensik, SQL injection AbstractNetwork forensic is a computer security investigation to find the sources of the attacks on the network by examining log evidences, identifying, analyzing and reconstructing the incidents. This research has been conducted at The Center of Information System and Communication Service, Gadjah Mada University.The method that used was The Forensic Process Model, a model of the digital investigation process, consisted of collection, examination, analysis, and reporting. This research has been conducted over five months by retrieving data that was collected from Snort Intrusion Detection System (IDS). Some log files were retrieved and merged into a single log file, and then the data cleaned to fit for research.Based on the research, there are 68 IP address was that did illegal action, SQL injection, on server www.ugm.ac.id. Most of attackers using Havij and SQLmap (automated tools to exploit vulnerabilities on a website). Beside that, there was also Python script that was derived from the continent of Europe in Romania. Keywords— Network Forensics, The Forensic Process Models, SQL Injection

Download Full-text

Types of Threats and Appropriate Countermeasures for Internet Communications

International Journal of Information Security and Cybercrime ◽

10.19107/ijisc.2021.01.03 ◽

2021 ◽

Vol 10 (1) ◽

pp. 27-37

Author(s):

Irina-Bristena BACÎŞ

Keyword(s):

Intrusion Detection ◽

Intrusion Detection System ◽

Detection System ◽

Configuration Management ◽

Identity Theft ◽

Security Threats ◽

Security Measures ◽

Protection Measures ◽

Ip Address ◽

Network Flooding

Threats can translate into various types of attacks an intruder can take on entities in a network: flooding the target with protocol messages, smurfing (targeted broadcasting of an ICMP protocol-based messaging protocol), distributed attacks that lead to blocking the service for legitimate users, IP address theft and flooding targets with unsolicited emails, identity theft, or fraudulent routing. Against these threats, a variety of security measures can be implemented, such as: configuration management, firewall installation, intrusion detection system installation. Used separately or together, these protection measures can eliminate or even minimize the probability of materializing security threats and preventing attacks on the security features of a system.

Download Full-text