Anda di halaman 1dari 10

Keamanan (Pertemuan Terakhir) 17-11-2017

[admin@MikroTik] > interface set 1 name=ether1

failure: already have interface with such name

[admin@MikroTik] > interface set 0 name=ether1

[admin@MikroTik] > interface set 1 name=ether2

[admin@MikroTik] > interface set 2 name=ether3

[admin@MikroTik] > interface set 3 name=ether4

[admin@MikroTik] > interface set 4 name=ether5

[admin@MikroTik] > interface set 5 name=wlan1

[admin@MikroTik] > interface print

Flags: D - dynamic, X - disabled, R - running, S - slave

# NAME TYPE ACTUAL-MTU


L2MTU MAX-L2MTU MAC-ADDRESS

0 R ether1 ether 1500


1598 2028 64:D1:54:86:52:4F

1 R ether2 ether 1500


1598 2028 64:D1:54:86:52:50

2 ether3 ether 1500


1598 2028 64:D1:54:86:52:51

3 ether4 ether 1500


1598 2028 64:D1:54:86:52:52

4 ether5 ether 1500


1598 2028 64:D1:54:86:52:53

5 wlan1 wlan 1500


1600 2290 64:D1:54:86:52:55

6 X wlan2 wlan 1500


1600 2290 64:D1:54:86:52:54

[admin@MikroTik] > ip address add address=10.10.12.2/30


interface=ether1

[admin@MikroTik] > ip address add address=192.168.1.1/24


interface=ether2
[admin@MikroTik] > ip address add address=192.168.2.1/24
interface=ether3

[admin@MikroTik] > ip address add address=60.60.60.1/24


interface=wlan1

[admin@MikroTik] > ip address print

Flags: X - disabled, I - invalid, D - dynamic

# ADDRESS NETWORK INTERFACE

0 10.10.12.2/30 10.10.12.0 ether1

1 192.168.1.1/24 192.168.1.0 ether2

2 192.168.2.1/24 192.168.2.0 ether3

3 60.60.60.1/24 60.60.60.0 wlan1

[admin@MikroTik] > ip route add dst-address=0.0.0.0/0


gateway=10.10.12.1

[admin@MikroTik] > ip dns set servers=10.10.12.1 allow-remote-


requests=yes

[admin@MikroTik] > ping 8.8.8.8

SEQ HOST SIZE TTL TIME STATUS

0 8.8.8.8 56 246 30ms

1 8.8.8.8 56 246 30ms

2 8.8.8.8 56 246 30ms

3 8.8.8.8 56 246 37ms

4 8.8.8.8 56 246 28ms

5 8.8.8.8 56 246 30ms

sent=6 received=6 packet-loss=0% min-rtt=28ms avg-rtt=30ms max-


rtt=37ms

[admin@MikroTik] > ip firewall nat add chain=srcnat out-


interface=ether1 action=masquerade

[admin@MikroTik] > ip firewall nat print

Flags: X - disabled, I - invalid, D - dynamic

0 chain=srcnat action=masquerade out-interface=ether1


[admin@MikroTik] > system identity set
name=KEAMANAN_PERTEMUAN_TERAKHIR

[admin@KEAMANAN_PERTEMUAN_TERAKHIR] >

[admin@MikroTik] > system identity set


name=KEAMANAN_PERTEMUAN_TERAKHIR

[admin@KEAMANAN_PERTEMUAN_TERAKHIR] > system ntp client set primary-


ntp=203.160.128.3 enabled=yes

[admin@KEAMANAN_PERTEMUAN_TERAKHIR] > system clock set time-zone-


name=Asia/Jakarta

[admin@KEAMANAN_PERTEMUAN_TERAKHIR] > system clock print

time: 16:17:03

date: nov/17/2017

time-zone-autodetect: yes

time-zone-name: Asia/Jakarta

gmt-offset: +07:00

dst-active: no

[admin@KEAMANAN_PERTEMUAN_TERAKHIR] >

1. DHCP SERVER

pendaftaran MAC ADDRESS

[admin@KEAMANAN_PERTEMUAN_TERAKHIR] > ip pool add name=DHCP-LAN-1


ranges=192.168.1.2-192.168.1.20

[admin@KEAMANAN_PERTEMUAN_TERAKHIR] > ip pool add name=DHCP-LAN-2


ranges=192.168.2.2-192.168.2.20

[admin@KEAMANAN_PERTEMUAN_TERAKHIR] > ip pool print

# NAME
RANGES

0 DHCP-LAN-1
192.168.1.2-192.168.1.20
1 DHCP-LAN-2
192.168.2.2-192.168.2.20

[admin@KEAMANAN_PERTEMUAN_TERAKHIR] > ip dhcp-server network add


address=192.168.1.0/24\

\... netmask=255.255.255.0 dns-server=192.168.1.1,10.10.12.1\

\... gateway=192.168.1.1 ntp-server=10.10.12.1

[admin@KEAMANAN_PERTEMUAN_TERAKHIR] > ip dhcp-server network add


address=192.168.2.0/24\

\... netmask=255.255.255.0 dns-server=192.168.2.1,10.10.12.1\

\... gateway=192.168.2.1 ntp-server=10.10.12.1

[admin@KEAMANAN_PERTEMUAN_TERAKHIR] > ip dhcp-server network print

# ADDRESS GATEWAY DNS-SERVER WINS-SERVER


DOMAIN

0 192.168.1.0/24 192.168.1.1 192.168.1.1

10.10.12.1

1 192.168.2.0/24 192.168.2.1 192.168.2.1

10.10.12.1

[admin@KEAMANAN_PERTEMUAN_TERAKHIR] > ip dhcp-server add


name="PINJAMWAKTU LAN-1" address-pool=DHCP-LAN-1\

\... interface=ether2 lease-time=04:00:00 disabled=no

[admin@KEAMANAN_PERTEMUAN_TERAKHIR] > ip dhcp-server add


name="PINJAMWAKTU LAN-2" address-pool=DHCP-LAN-2\

\... interface=ether3 lease-time=04:00:00 disabled=no

DIUJI TERHUBUNG INTERNET? BERHASIL

2. PENGAMANAN IP ADDRESS VIA MAC ADDRESS

[admin@KEAMANAN_PERTEMUAN_TERAKHIR] > ip dhcp-server print

Flags: X - disabled, I - invalid


# NAME INTERFACE RELAY ADDRESS-POOL LEASE-TIME ADD-
ARP

0 PINJAMWAKTU LAN-1 ether2 DHCP-LAN-1 4h

1 I PINJAMWAKTU LAN-2 ether3 DHCP-LAN-2 4h

[admin@KEAMANAN_PERTEMUAN_TERAKHIR] > ip dhcp-server remove 1

[admin@KEAMANAN_PERTEMUAN_TERAKHIR] > ip dhcp-server print

Flags: X - disabled, I - invalid

# NAME INTERFACE RELAY ADDRESS-POOL LEASE-TIME ADD-


ARP

0 PINJAMWAKTU LAN-1 ether2 DHCP-LAN-1 4h

[admin@KEAMANAN_PERTEMUAN_TERAKHIR] > ip dhcp-server remove 0

[admin@KEAMANAN_PERTEMUAN_TERAKHIR] > ip dhcp-server print

Flags: X - disabled, I - invalid

# NAME INTERFACE RELAY ADDRESS-POOL LEASE-TIME ADD-


ARP

[admin@KEAMANAN_PERTEMUAN_TERAKHIR] >

[admin@KEAMANAN_PERTEMUAN_TERAKHIR] > ip dhcp-server add name="PINJAMWAKTU LAN-1"


address-pool=static-only\

\... interface=ether2 lease-time=04:00:00 disabled=no

[admin@KEAMANAN_PERTEMUAN_TERAKHIR] > ip dhcp-server add name="PINJAMWAKTU LAN-2"


address-pool=static-only\

\... interface=ether3 lease-time=04:00:00 disabled=no

SILAHKAN RESTART ROUTER DAN UJI APAKAH BISA TERKONEKSI INTERNET??

masukan mac address ( 54-53-ED-AC-90-D3)

[admin@KEAMANAN_PERTEMUAN_TERAKHIR] > ip dhcp-server lease add


address=192.168.1.5 mac-address= 54-53-ED-AC-90-D3\
\... server="PINJAMWAKTU LAN-1" lease-time=04:00:00

[admin@KEAMANAN_PERTEMUAN_TERAKHIR] > ip dhcp-server lease print

Flags: X - disabled, R - radius, D - dynamic, B - blocked

# ADDRESS MAC-ADDRESS
HOST-NAME SERVER RATE-LIMIT STATUS

0 192.168.1.5
54:53:ED:AC:90:D3 PINJAMWAK...
waiting

3. DHCP-ROGUE

Membaca dan memberitahukan ketika dia tidak kenal dengan penerima atau penyambung

[admin@KEAMANAN_PERTEMUAN_TERAKHIR] >ip dhcp-server alert add


interface=ether3 alert-timeout=01:00:00 disabled=no

4. WLAN

[admin@KEAMANAN_PERTEMUAN_TERAKHIR] > ip address print

Flags: X - disabled, I - invalid, D - dynamic

# ADDRESS NETWORK INTERFACE

0 10.10.12.2/30 10.10.12.0 ether1

1 192.168.1.1/24 192.168.1.0 ether2

2 192.168.2.1/24 192.168.2.0 ether3

3 60.60.60.1/24 60.60.60.0 wlan1

[admin@KEAMANAN_PERTEMUAN_TERAKHIR] > interface wireless print

Flags: X - disabled, R - running

0 name="wlan1" mtu=1500 l2mtu=1600 mac-address=64:D1:54:86:52:55


arp=enabled interface-type=Atheros AR9300 mode=station

ssid="MikroTik" frequency=2412 band=2ghz-b/g channel-


width=20mhz scan-list=default wireless-protocol=any

vlan-mode=no-tag vlan-id=1 wds-mode=disabled wds-default-


bridge=none wds-ignore-ssid=no bridge-mode=enabled
default-authentication=yes default-forwarding=yes default-ap-
tx-limit=0 default-client-tx-limit=0 hide-ssid=no

security-profile=default compression=no

1 X name="wlan2" mtu=1500 l2mtu=1600 mac-address=64:D1:54:86:52:54


arp=enabled interface-type=Atheros AR9888 mode=station

ssid="MikroTik" frequency=5180 band=5ghz-a channel-width=20mhz


scan-list=default wireless-protocol=any

vlan-mode=no-tag vlan-id=1 wds-mode=disabled wds-default-


bridge=none wds-ignore-ssid=no bridge-mode=enabled

default-authentication=yes default-forwarding=yes default-ap-


tx-limit=0 default-client-tx-limit=0 hide-ssid=no

security-profile=default compression=no

[admin@KEAMANAN_PERTEMUAN_TERAKHIR] > interface wireless set 0


mode=ap-bridge ssid="KEAMANAN_PUNYAKU"\

\... band=2ghz-b/g/n frequency=2437

[admin@KEAMANAN_PERTEMUAN_TERAKHIR] > interface wireless security-


profiles set 0\

\... mode=dynamic-keys authentication-types=wpa2-psk\

\... wpa2-pre-shared-key="cobacobadulu"

[admin@KEAMANAN_PERTEMUAN_TERAKHIR] > ip dhcp-server setup

Select interface to run DHCP server on

dhcp server interface: wlan1

Select network for DHCP addresses

dhcp address space: 60.60.60.0/24

Select gateway for given network

gateway for dhcp network: 60.60.60.1

Select pool of ip addresses given out by DHCP server


addresses to give out: 60.60.60.2-60.60.60.254

Select DNS servers

dns servers: 60.60.60.1

Select lease time

lease time: 04:00:00

[admin@KEAMANAN_PERTEMUAN_TERAKHIR] >

SILAHKAN DICOBA WIFINYA PASTIKAN

5. NMap

Microsoft Windows [Version 6.1.7601]

Copyright (c) 2009 Microsoft Corporation. All rights reserved.

C:\Users\AZRIEL>nmap -sS 192.168.1.1

Starting Nmap 7.60 ( https://nmap.org ) at 2017-11-17 17:19 SE Asia


Standard Tim

Nmap scan report for 192.168.1.1 (192.168.1.1)

Host is up (0.0062s latency).

Not shown: 993 closed ports

PORT STATE SERVICE

21/tcp open ftp

22/tcp open ssh

23/tcp open telnet


53/tcp open domain

80/tcp open http

2000/tcp open cisco-sccp

8291/tcp open unknown

MAC Address: 64:D1:54:86:52:50 (Routerboard.com)

Nmap done: 1 IP address (1 host up) scanned in 5.33 seconds

C:\Users\AZRIEL>nmap -sS 10.10.12.1

Starting Nmap 7.60 ( https://nmap.org ) at 2017-11-17 17:21 SE Asia


Standard Tim

Nmap scan report for 10.10.12.1 (10.10.12.1)

Host is up (0.0063s latency).

Not shown: 993 closed ports

PORT STATE SERVICE

21/tcp open ftp

22/tcp open ssh

23/tcp open telnet

53/tcp open domain

80/tcp open http

2000/tcp open cisco-sccp

8291/tcp open unknown

Nmap done: 1 IP address (1 host up) scanned in 4.78 seconds

C:\Users\AZRIEL>