/*--------------------------------------------------------------------------------- ---------------------------------------------------------------------------------*/ /*--------------------------------------------------------------------------------- ---------------------------------------------------------------------------------*/
HASIM IS NEVER

Tutorial dan artikel

Rabu, 16 Januari 2013

Honeypots Tutorial

Introduction

For every consumer and business that is on the Internet, viruses, worms, and crackers are but a few security threats. There are the obvious tools that aid information security professionals against these problem such as anti-virus software, firewalls, and intrusion detection systems, but these systems can only react to or prevent attacks – they cannot give us information about the attacker, the tools used or even the methods employed. Given all of these security questions, honeypots are a novel approach to network security and security research alike. This paper will first give an introduction to honeypots – the types and uses. We will then look at the nuts and bolts of honeypots and how to put them together. With a more advanced idea of how honeypots work, we will then investigate the research related to honeypots and look at the possible legal ramifications for the those who deploy them. Finally, we shall conclude by looking at what the future holds for honeypots and honeynets.


What is a Honeypot?

Spitzner defines a honeypot as an “information system resource whose value lies in unauthorized or illicit use of that resource.” Essentially, honeypots are resources that allow anyone or anything to access it and more importantly, honeypots do not have any real production value. The connections that are made to a honeypot are most likely probes and attacks in hopes of compromising a network. More often than not, a honeypot is simply an unprotected, unpatched, unused workstation on a network being closely watched by administrators.



The two main reasons why honeypots are deployed are :

1. To learn how intruders probe and attempt to gain access to your systems and gain insight into attack methodologies to better protect real production systems.
2. To gather forensic information required to aid in the apprehension or prosecution of intruders. (Bandy).


Types of Honeypots
Honeypots come in two flavors: low-interaction and high-interaction. Interaction measures the amount of activity that an intruder may have with a honeypot.


• Low-interaction honeypots are easy to deploy and maintain as they essentially emulate services and operating systems. They are constrained by a limited set of responses and thus are only able to trap automated scanners.


• High-interaction honeypots do not provide emulation. Instead, they employ real operating systems and services. These honeypots are more complex and allow one to obtain a vast amount of information regarding the attacker’s activity. Since they employ real OSes, they could themselves be compromised and turned into sources of further attack.

Information Capturing Mechanisms
Capturing data on a system designed for compromise must be done in a fashion that allows for significant analysis of activity, yet is un-obtrusive and transparent to the individual(s) who are compromising the oneypot. Data can be captured at three distinct points, all offering their own benefits and drawbacks:


Host-based

Data capture on the compromised host allows the greatest potential to log incoming and outgoing connections, commands entered on the host via the command line, and snapshots of running processes. Unfortunately, this method also presents the greatest risk. An intruder will often look for any logs and/or security tools, and attempt to disable them in order to conceal their presence. This being the case, data capture could be halted or modified, thus tainting the results of our experiment. Examples of tools used to log activity on a Honeypot are the operating system’s system log (typically the first target of an intruder), any intrusion detection system with packet capture ability, such as Snort, or a packet capture and analysis tool such as Ethereal, both discussed below.



Network-based

A safer, but more complex solution to data capture involves the Honeypot clandestinely logging activity and sending it to a remote server for further analysis. This solution allows us to archive the data collected by the Honeypot on a remote machine. We assume this server to be hardened against attack, as the intruder may notice a data stream leaving the Honeypot, and attempt to disable the collection mechanism. Using tools such as Sebek1, we can effectively hide a data capture service on the Honeypot, and collect data on a remote server via a UDP connection. Sebek records the activity of the intruder and covertly sends it to a gateway, server within the network, or server elsewhere on the internet.



Router/Gateway-based

The final common method used for data collection is at the actual ateway, router or firewall level of the network. As a gateway moves all data between the hosts on a network and the internet, we have the opportunity to log all connections and data moving from the internet to our Honeypot(s). This offers a slight increase in risk over the Sebek solution described above, as a gateway is typically not hidden in a network, and itself becomes a target for attack. Additionally, this is a more hardware intensive solution, as you require a server to act in a gateway role. Many small-scale or home gateways do not offer significant logging capabilities, and cannot be used in this role. Without robust data-capture techniques, the validity of information gathered from the host machines is greatly reduced. One of the main goals of defensive information warfare is to understand your opponent – the capture and analysis of this data is the method with which we begin to accomplish this.



Uses of Honeypots

Honeypots have several applications to the world of network security. They serve as network decoys to prevent attacks on an organization’s real network by appearing to be easy targets. By tracking all activity on a honeypot, viruses and worms can easily be detected.
In addition, honeypots can be used to combat spam. Spammers are constantly searching for sites with vulnerable open relays to forward spam on to other networks. (Vaughan- Nichols). Honeypots can be set up as open proxies or relays to allow spammers to use their sites. This in turn allows for identification of spammers.

Recently, they have been used to learn about credit card frauds. The Honeynet project, a honeypot research group, has been able to get an insight into such activities by observing IRC channels. As traffic for these IRC channels passes through a proxy on a honeypot, administrators and law enforcement officials are able to observe illegal traffic (The reader is encouraged to refer to http://www.honeynet.org/papers/profiles/ccfraud. pdf for more details).

Advantages and Disadvantages 

Honeypots have several advantages. They collect small amounts of information that have great value. This captured information provides an in-depth look at attacks that very few other technologies offer. Honeypots are designed to capture any activity and can work in encrypted or IPv6 networks. In addition, honeypots are relatively simple to create and maintain (Spitzner).


On the other hand, honeypots also have some disadvantages. Honeypots can only track activity that directly interacts with them as opposed to all traffic across the network. There is also a level of risk to consider (Spitzner), since a honeypot may be compromised and used as a platform to attack another network. However, this risk can be mitigated by controlling the level of direct interaction that attackers have with the honeypot.


Honeynets

A collection of honeypots are combined to create a single honeynet. Honeynets are a step towards aggressive security strategies where one engages the blackhat community to attack the system without their knowledge of the monitoring. By creating an entire fraudulent network, the amount of information that can be gathered is multiplied greatly. Honeynets can be classified as high interaction honeypots.


Honeypot Architecture

A typical low-interaction honeypot is also known as a GenI honeypot. This is a simple system which is very effective against automated attacks or beginner level attacks. Honeyd is one such GenI honeypot which emulates services and their responses for typical network functions from a single machine, while at the same time making the intruder believe that there are numerous different operating systems (Provos). It also allows the simulation of virtual network topologies using a routing mechanism that mimics various network parameters such as delay, latency and ICMP error messages. The primary architecture consists of a routing mechanism, a personality engine, a packet dispatcher and the service simulators. The most important of these is the personality engine which gives services a different ‘avatar’ for every operating system that they
emulate.


Drawbacks

This architecture provides a restricted framework within which emulation is carried out. Due to the limited number of services and functionality that it emulates, it is very easy to fingerprint. A flawed implementation (a behavior not shown by a real service) can also ender itself to alerting the attacker. It has constrained applications in research, since every service which is to be studied will have to be rebuilt for the honeypot.




Structure of a High-interaction Honeypot

A typical high-interaction honeypot consists of the following elements: resource of interest, data control, data capture and external logs (“Know Your Enemy: Learning with VMware. Honeynet Project”). These are also known as GenII honeypots and started development in 2002. They provide better data capture and control mechanisms. This makes them more complex to deploy and maintain in comparison to low-interaction honeypots. High interaction honeypots are very useful in their ability to identify vulnerable services and applications for a particular target operating system. Since the Honeypots have fullfledged operating systems, attackers attempt various attacks, providing administrators with very detailed information on attackers and their methodologies. This is essential for researchers to identify new and unknown attacks, by studying patterns generated by these honeypots.


Drawbacks
However, Gen II Honeypots do have their drawbacks as well. To simulate an entire network, with routers and gateways, would require an extensive computing infrastructure, since each such virtual element would have to be installed in its entirety. In addition, this setup is not comprehensive; the attacker can know that the network he is on is not the real one. This is one primary drawback of Gen II Honeypots. For example, on an average system with 512Mb RAM, there can be at the most 5 Windows VMs running at any given time with 64 Mb RAM each1. The number of honeypots in the network is limited. The risk associated with Gen II Honeypots is higher because they can be used easily as launch-pads for attacks.


Comparison between GenI and GenII Honeypots


Feature
Low-interaction Honeypot


High-interaction Honeypot



Number of virtual systems /
services that can be deployed
Large
Small

Data control
Limited
Extensive

Level of Interaction
Low
High

Ability to discover new attacks
Low
High

Risk
Low
High


Building a honeypot

To build a honeypot, a set of virtual machines (VMs) are created. They are then setup on a private network with the host OS. To facilitate data control, a stateful firewall such as IPTables can be used to log connections. This firewall would typically be configured in Layer 2 bridging mode, rendering it transparent to the attacker. The final step is data capture, for which tools such as Sebek and TermLog can be used. Once data has been captured, analysis on the data can be performed using tools such as HoneyInspector, PrivMsg and SleuthKit. We found this approach remarkable in its simplicity and feel that a few significant issues need to be brought to light. The first is the choice of a private host-only network. Though this may seem counter intuitive at first, there is a relatively sound reasoning for doing so. While bridging the VMs on to the physical network would seem like a better approach because it transparently forwards packets to the VMs and eliminates an additional layer of routing, it requires an additional data control device which will monitor the packets being sent from the VMs. The operation of data control cannot be performed by the host OS when the VMs are in bridged mode, since all data from the VMs bypass any firewalls or IDSs which exist at the application layer on the host, as shown in the figure below. Additionally, the firewall on the host should be transparent to the attacker. This requires considerable effort, since firewalls by default work at Layer 3 or greater. To render the firewall transparent to the attacker requires recompilation of the kernel. This may not be possible on all operating systems such as Windows. Structure of a VM Based Honeypot Finally, once a honeypot is compromised, a restoration mechanism has to be implemented so that it is instantly taken off the network and all its holes carefully plugged before placing it back on the network. This is currently a manual process and can only be partly automated.




Honeynets: Challenges
So far, we have looked at how honeynets are deployed by the research community and how they are used for worm detection, hacker tracking and a host of other activities. The underlying assumption about Honeynets is that the attacker is unaware of the monitoring
and cannot easily fingerprint the honeypot. But one cannot assume that the blackhat community would just walk into the traps laid for them. We present a few possible challenges to that assumption as discussed by Oudot and Holz:
• Fingerprinting a VMWare virtual machine: The IEEE standard has assigned
the following range of IP Addresses to VMWare:
00-05-69-xx-xx-xx, 00-0C-29-xx-xx-xx, 00-50-56-xx-xx-xx.
An attacker can check the MAC address of the machine and can conclude that a particular system is a virtual machine. Though this doesn’t reveal that a particular
system is necessarily a honeypot, a skilled or well informed hacker might keep away from such a system. (Oudot and Holz – Defeating Honeypots Part 1).




•Fingerprinting Sebek:-
Sebek is a kernel root kit used to hijack the system read( ) call and log all data accessed via read. It uses a covert channel to send data to the logging server. Also, Sebek is well designed to hide itself from being listed as a kernel module and also bypasses the TCP/IP stack so that an attacker cannot detect it using sniffers. However, one way of fingerprinting a system running Sebek could be the amount of traffic generated by Sebek. For a single byte read(), Sebek transfers close to 100 bytes of data. A continuous execution of single byte reads could sufficiently slow things down on a network which can be detected using ping requests. (Oudot and Holz .




• Reverse Firewall:- Honeynets typically have a reverse firewall, which limits the amount of outgoing traffic from the system. A clever attacker can observe the patterns in the outgoing traffic and can fingerprint the system as a honeynet if a sufficiently large number of outgoing packets are dropped or modified (Oudot and Holz – Defeating Honeypots Part 2). We believe that with the current deployment of honeypots there is no traffic to and from a honeypot except the attacker traffic. A system of interest to the hacker might be a database server or a web-server handling lots of requests. But, even though on a honeypot, the services can be provided or emulated, no active connections can be observed. An attacker can check for other connections or the amount of traffic on a system that he/she has compromised to get an idea about the system. A smart attacker might bundle all these checks into a script which is run as soon he/she gains access to the system and can back off as soon the script generates alerts. Beyond being able to keep the attacker from fingerprinting the honeynet, there are other challenges too facing the research community. Honeynets are useful in detecting worm attacks which follow the epidemic model3. Researchers have proposed Warhol worms and flash worms that do not follow the epidemic model and threaten to bring down the Internet in matter of minutes. Honeynets might provide little or no benefits in such a case. To overcome the challenges stated in above we suggest the following practices:




• MAC addresses of VMs must be changed from their default values.


• The system should be configured to generate fake traffic to the Honeypots and modify data capture accordingly.


• Recompile Sebek to use a more efficient covert channel, by compressing data or
by setting up a virtual service which pretends to transmit the data to another host.



Legal Issues Pertaining to Honeypots

In the technology world there are many legal questions concerning honeypots. First, honeypots are relatively new. Security professionals are still using them in new ways and the legal community is just starting to hear questions about them. The main issue is that there is no legislation concerning them. While there are hundreds of laws governing the United States, most US policy is made through court cases, where there are very few concerning Honeypots. That being understood, most of the research we found in the area concluded that there are three major legal spectrums concerning honeypots; entrapment, liability, and privacy (Honeypots: Are they Legal?”).



Entrapment

Entrapment can be claimed by a defendant when, according to the Webster, he “… would not have broken the law if not tricked into doing it by law enforcement officials.”. In other words, entrapment is a defense against criminal prosecution. An example would be a police officer asking you if you wished to buy illegal drugs from him. Honeypots do not coerce people to use them like the police officer does with the drugs. Honeypots are much like homes; if someone wishes to break in, they have to do all the work. They have to open the door, they have to look around the house, and they have to steal the items. While honeypots do not necessarily fall into the entrapment category, the do have many privacy concerns.




Honeytokens

A honeytoken is a data entity whose value lies in the inherent use of that data. Similar in concept to a honeypot, where the use of the honeypot itself is subject to scrutiny, honeytokens are entities such as false medical records, incorrect credit card numbers and invalid social security numbers. The very act of accessing these numbers, even by legitimate entities, is suspect. We believe that this concept is especially useful in preventing large classes of attacks. For instance, a database which contains credit card information could have certain 'honeytokened' credit card numbers. These records cause alerts to be fired the instant they are accessed. Since a legitimate user has no reason to access the honeytoken (there will be no legitimate need for a user to select all the records from a credit card table), the person accessing the record will undoubtedly have malicious intent. Thus, attacks ranging from an SQL Injection attack which selects all the data from the database to a DB Server hack which extracts all the records from a table or exploitation of a vulnerability in a database server to extract tuples can all be foiled using Honeytokens.


Conclusion

In this project, we have looked at various aspects of Honeypots. We described the architecture of low and high interaction honeypots and their possible drawbacks. We discussed the use of Honeypots in research and surveyed the research work related to Georgia Tech Honeynet project. A lot of challenges face the Honeynet research and deployment and we have presented a few such challenges and possible solutions. We also presented a detailed view of legal challenges with respect to Honeypot deployment. We have explored systems similar to Honeypots such as Tarpits and Honeytokens. We do believe that, although Honeypots have legal issues now, they do provide beneficial information regarding the security of a network. We think it is important that new legal policies be formulated to foster and support research in this area. This will help solve the current challenges and make it possible to use Honeypots for the benefit of the broader Internet community.

source : http://amitmathuriya.blogspot.com/2011/04/honeypots-tutorial.html
»»  Read more

Selasa, 15 Januari 2013

DDoS / DoS (Denial-of-Service) Attack Prevention

What is a DDoS? 
A denial-of-service attack (DoS attack), also known as a distributed denial-of-service attack (DDoS attack), attempts to make a computer or network resource unavailable to its intended users by sending thousands of packets to a person’s computer.
DoS attacks come from one location and can often be thwarted (depending on the technical knowledge of the attacker). A Distributed Denial of Service attack, however, comes from multiple locations and is therefore more difficult to prevent since the IP addresses of the attacker(s) come from several locations. Most routers will allow you to block a range of IP addresses, but this can lead to problems (e.g. accidentally blocking websites and applications) if not done carefully.

The following symptoms are usually NOT due to DDoS attacks:

· Periodic in-game lag.
· An internet connection that sometimes runs slow out of game.
· Experiencing random disconnects followed by reconnects.

The above symptoms describe latency issues. Please check out the most common fixes for latency in this Knowledge Base article:https://support.leagueoflegends.com/entries/20102243-improving-lag-latency-and-ping
If you believe you are victim of a DoS or DDos attack, please read the following guide:

1st – Get your IP Address:
The easiest way to do this is to go to http://www.whatismyip.com and write this number down. This will display your external IP address.

2nd - Determine if you are being DDoS’d or not: 
There are a few ways to confirm if you are being attacked - we highly recommend going through every step.
  • First, open a Command Prompt by pressing Win+R and typing “cmd”:
ddos_1.jpg

· Next we will attempt to ping the outside world. (Using Reddit.com as our example). Type ping reddit.com –n 10 into the Command Prompt window.

ddos_2.jpg

Pay attention to the number next to ‘time =’ and the percentage of packets loss displayed below ‘Ping statistics’. The time column is the amount of time it takes for a packet that is 32 bytes in size to travel from your computer, to Reddit’s servers, and then back to your computer. While playing League of Legends this number is referred to as your Latency.

In the beginning stages of a DoS attack, this number will increase periodically (40ms to 800ms) and will eventually respond with “Request timed out”. If you believe you are being DDoS’d, the first thing to do is open a command prompt and ping a reliable website that you know is online (Reddit, Google, etc). Most amateur DDoS attacks take time to build up steam so you can usually catch the less sophisticated attacks before they take you completely offline.
Who is attacking me and what can I do about it?
DDoS attacks are often done via botnets that are spaced out across hundreds of IP addresses. Many of these attacks come from individuals attempting to disrupt gameplay by using third party programs in combination with player IP Addresses.
To find where a DoS attack is coming from, you can download and run a program called ‘TCPView’. TCPView displays all current connections (endpoints) on your computer. A DoS attack’s origin becomes very clear with this program, as TCPView will be able to identify a connection that is running 100’s of times. From there, you can plug the IP address of this connection into ‘www.whois.sc’ and find out the attacker’s ISP. After that, contacting the ISP to explain the situation would be your next best step.

DDoS Solutions 
Problem: 
You are positive that you are being hit by a Distributed DoS attack and you are completely disconnected from the internet. You can’t ping any websites and all your applications are offline.

Solution: 
Please understand that some of these steps (3 & 4) are outdated and will more than likely not work.
They are included however as a precursor for some of the sections later on in the guide.
Your best short-term solution is to change your IP Address since the DDoS attacks are directed at your IP and nothing else.
Note: There are two different ways that your ISP can provide you with an IP Address: Dynamically or Statically. Dynamic IP addresses are assigned each time you log on the ISP’s network. This doesn’t necessarily mean your ISP will change your IP each and every time your restart your computer as it is solely dependent on your service provider.
A Static IP is exactly what it sounds like - static and never changing. Static IP addressing is much less secure since you are provided an IP that never changes. I highly suggest calling your ISP and finding our 1) What type of addressing you have and 2) If you are Static, is there any possibility to be changed to dynamic.

Unplug your cable/dsl modem as well as your router and wait 60-120 seconds. Plug back in and check www.whatismyip.com to see if you were assigned a new IP.

Call your ISP and tell them that you are being DDoS’d and that you need a new IP Address. Most ISPs will be receptive, though you may need to request to be escalated to a higher level of customer support.

Open a command prompt (Win+R, then type ‘cmd’) and type ‘ipconfig /release’ (This will disconnect you from the internet)
ddos3.jpg
Type ‘ipconfig /renew’
ddos4.jpg
Finally, type “ipconfig /all’ to display a great deal of network information.
ddos5.jpg
Look for the default gateway:
ddos6.jpg

ddos7.jpg
Type your default gateway into your internet browser to bring up your routers' admin page. You will need to know what type of router you have in order to find the default username and password. Some common ones are “root/password”, “admin/password”, “password/password” and “admin/admin”. Once you have access, you can attempt to Release/Renew you IP here.

Here is a screenshot of a standard router configuration page:
ddos8.jpg

DDoS Prevention Options
VPN 
Using VPN software is generally the best way to prevent becoming the victim of a DoS attack.  Unfortunately, these types of software can have negative interactions with League of Legends.  As VPN Software will assign you an IP Address, it will often increase your in-game latency significantly if the IP Address you are assigned is further away from our servers than you are actually located.  Additionally, if the VPN software you are using frequently changes your IP Address, there is the chance it could change mid-game, which would result in you being immediately disconnected. This is because our servers are expecting a connection from the original IP Address and cannot adjust for the sudden change in IP during a game. (Please note: consistently leaving games will increase your Leaver Level: https://support.leagueoflegends.com/entries/20030633-leaving-games-the-leaverbuster-faq )

Skype Proxy (Solution 1)
Making a Skype connection with someone is the most common way for them to gain access to your IP Address, as you don’t even need to friend someone for that information to be visible.  The following solution should help you avoid displaying an accurate IP Address while still allowing you access to Skype to communicate with your Team.
  • In Skype, Go to Tools -> Options -> Advanced -> Connection
  • Check the box that says "Use port 80 and 443 as alternatives for incoming connections"
  • Click this drop-down and change it to "SOCKS5"
ddos9.jpg
  • Go to http://www.xroxy.com/proxy-country.htm
  • Select the Country that you reside, pick any “SOCK5” IP Address from the list and enter it as the host.
    Note: What you are doing is running Skype via a proxy. As long as you pick an IP that is in the same country as you reside then you shouldn’t see much, if any degradation in call quality. If you do, just select a new IP until you find the best setup.
Skype Proxy (Solution 2)
  • Open notepad and paste the following (substituting the proxy information with your proxy server)
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Skype\Phone]
"DisableSupernode"=dword:00000001
"ProxySetting"="HTTPS"
"ProxyAddress"="x.x.x.x:yyyy"
"ProxyUsername"="username"
"ProxyPassword"="password"

Save the file as a .reg (Example: skype.reg) and then double click on it and confirm.

For additional information regarding prevention of DDoS attacks, we suggest the following guide written by Matthew Gunnin (Please note that we are unable to officially endorse the contents of this article):
source : http://www.leaguepedia.com/wiki/DDoS_Prevention_Guide
»»  Read more

Find User Ip On Skype

this is a quick tutorial on how to find someones IP on skype, this can be useful if the tard does not know how to find his own or if you just want to know who you are really talking to.

first off you will need;
Skype (obviously)
WireShark (or your traffic monitor of choice, preferably one with a filter)
Any OS supported by Skype (even android, over wifi only)

first you need to understand, the more active things are on you Skype; people trying to call you, getting status from contacts, and conversations will all give you a large amount of traffic.
(i personally recommend a temp Skype account, it makes everything so much more simple)

and we will be monitoring packets, not IP lists like network connections will normally provide, this way you have a better chance of finding the correct IP.

Getting started

[IMG]
first open up Skype and go to Tools > Options
now click the Advanced tab and go to Connection
un-mark and disable the option "use port 80 and 443 as alternatives for incoming connections"
now take note of the port set in "use port XXXX for incoming connections" for this example we will use port 21625.
Save & Restart Skype.

[IMG]
Second Step open WireShark, pick the Interface you use to connect to the internet and pick Start.

[IMG]
you will probably see a lot of results filling up, we need to clean this up a bit using the Filter.

[IMG]
first get your local IP, you can do this in windows by starting command prompt Run > CMD
and in command prompt typing the following "ipconfig" (without quotes).

[IMG]
now take Note of your Local IPv4 Address for the interface you are using,
in this example it will be 192.168.1.10

[IMG]
now back to WireShark to filter everything only the things going from your PC on port 21625 and only udp.
in the filter box type;
ip.src == 192.168.1.10 and udp.srcport == 21625
now hit Apply and you should only see Skype traffic from your PC

[IMG]
most of the resaults are from the skyp servers but to make it even more accurate add
"and data.len == 3"
this narrows it down to packets of 3 bytes (most of the packets this small are p2p)
so now it the filter says;
ip.src == 192.168.1.10 and udp.srcport == 21625 and data.len == 3

as you can see the IP of the person you are calling is in the "Destination" and you are the Source.

now it should be very easy for you to spot someones IP when you call them or they send you are in a call or get sent a message.




source : http://newhax.com/forum/index.php?threads/find-user-ip-on-skype.3070/
»»  Read more

How to send a DOS to a desired IP with CMD

Read this before doing it, this is not legal, so i'm not responsable of your actions

- Open CMD

Start > Run > write CMD




Now choose a server like http://l2minotauro.webcindario.com

Then write on CMD "ping http://l2minotauro.webcindario.com"

Then this should appear


The IP is 89.17.220.221

Now write "ping 89.17.220.221 -t -l 65500" then wait about 1 hour and the desired IP net should crash




IT'S NOT ALWAYS WORKING, ESPECIALLY WITH L2SERVERS LIKE L2MINOTAURO

I advise you to DOS some normal random IP to test this. this was just an example

PS: It also depends if your Internet MBs are average/high

source : http://maxcheaters.com/forum/index.php?topic=157105.0&ckattempt=1


»»  Read more

Minggu, 13 Januari 2013

Clone IP dan Mac Address User Lain di Area Hotspot

Masih seputaran trik hotspot / wifi. kalau dipostingan saya dulu di Cara Gampang Bobol Password Wireless/Wifi/Hotspot kita menggunakan tool wzcook. Berhubung banyak yang masih bingung cara menggunakan wzcook, sekarang coba kita pake metode lainnya aja. Yaitu dengan cara clone ip address dan mac address user yang lagi online di area hotspot / wifi. Dengan mendapatkan ip dan mac address user lain itulah kita bisa ikutan online di hotspot. How to do that??? ikutin langkahnya pelan-pelan…
Hack Hotspot / Wifi

1. Langkah pertama kita menggunakan netcut untuk melihat user yang sedang online di area hotspot. bisa juga menggunakan ip scanner lainnya. untuk netcut bisa di download di postingan sebelumnya Free Software Pemutus Koneksi Internet Wifi

instal dan jalankan netcut, copy ip dan mac address calon korban. (nah disini anda harus mencoba satu-satu IP user yg online, sampai menemukan user unlimit, supaya kita juga dapat gratisnya unlimit
(gampanganya dengan cara mengamati ip mana yg paling sering online.
catat IP, Mac Address serta Gatewaynya.


lacak ip address dan mac address

2. disconnect WIFI di laptop kita (termasuk Netcut).
kemudian ganti ip Laptop kita sesuai ip korban yang udah anda copy kan tadi:
masukan IP(contoh ip yg saya copy 192.168.2.29), Subnet Mask(255.255.255.0), dan Default Gateway (default gateway hotspot; pada contoh 192.168.2.1).
sedangkan DNSnya terserah anda, (pada gambar gw menggunakan dns dari google).


ganti ip address

lalu ganti mac address kita sesuai Mac Address korban (jangan lupa hilangkan dulu tanda titik dua “:”)


merubah mac address

3. koneksikan kembali WIFI di laptop kita.

buka browser kesayangan anda dan jrengg….kalo anda berhasil, anda akan terkoneksi hotspot/wifi tanpa melewati halaman login hotspot terlebih dahulu.

Kalau anda masih juga kurang puas dengan bandwith yang di dapatkan, gunakan aja senjata (netcut) untuk memutuskan koneksi user lain yang sedang online (tapi jangan gatewaynya). bandwith akan menjadi milik anda seutuhnya…

sumber : http://caritauaja.info/tips-trik/clone-ip-dan-mac-address-user-lain-di-area-hotspot
»»  Read more

Rabu, 26 Desember 2012

Israel Akan Serang Balik Hacker di Seluruh Dunia, Termasuk Indonesia

Setelah mengalami jutaan serangan hacker di seluruh dunia, pihak Israel memutuskan untuk menyerang balik. Serangan balik tersebut ditujukan kepada semua pihak yang terlibat dengan pelumpuhan situs-situs keamanan Israel yang terjadi selama beberapa minggu ini.

Seperti yang kita ketahui pada artikel “Akhirnya, Hacker Indonesia Turun ke Palestina,” para hacker Indonesia pergi membantu warga Palestina untuk tetap terhubung dengan dunia maya. Hal ini berarti bahwa Indonesia kemungkinan menjadi sasaran Israel. Kemungkinan Israel akan menyerang DNS Server Indonesia.

Dikutip dari dering, dugaan ini diperkuat oleh surat peringatan yang dikeluarkan oleh Security Incident Response Team on Internet and Infrastructure (SIRTII) atau Otoritas Keamanan Infrastruktur Internet Indonesia. Pihaknya telah mengeluarkan surat peringatan agar para hacker Indonesia waspada terhadap serangan terhadap DNS Server Indonesia.
Surat Peringatan dari SIRTII kepada para hacker Indonesia


Merespon surat tersebut, SIRTII saat ini tengah berkoordinasi dengan operator DNS untuk meningkatkan pengawasan keamanan dan mencegah kemungkinan buruk terjadi.

Perlu Sobat unic ketahui, DNS adalah suatu sistem server yang menghubungkan pengguna internet dengan domain. Jika server ini mati, maka domain Indonesia itu tidak bisa diakses. Yang lebih merugikan adalah ketika website perbankan dan jasa layanan masyarakat tidak bisa diakses lagi.

Mudah-mudahan serangan ini tidak terjadi pada situs yang melayani kepentingan masyarakat banyak.

Sumber Artikel : http://www.unic29.com/17426/israel-akan-serang-balik-hacker-di-seluruh-dunia-termasuk-indonesia/ 
»»  Read more

Server dan Situs Diserang Hacker Indonesia, Israel Ancam Serang Balik


Pasca Israel mengivansi kembali kawasan Jalur Gaza, Palestina, banyak kelompok dan pihak dari berbagai dunia mengecamnya. Setelah aktivis hacker terkenal dunia Anonymous yang menyerang 650 situs Israel sebagai tanda protes, kini giliran hacker Indonesia yang turun tangan menyerang situs negara Yahudi tersebut.

Akibatnya, kemarin otoritas keamanan Internet Indonesia (Indonesia Security Incident Response Team on Internet Infrastructure/IDSIRTI) mengabarkan ada pemberitahuan dari otoritas Internet Israel, bahwa mereka bakal dilakukan serangan balasan terhadap DNS server Indonesia, terutama pada domain .id.

"Sejauh ini belum ada serangan (ke domain-domain .id), tapi kemarin memang ada notifikasi dari First Org, itu lembaga semacam IDSIRTI-nya Israel," ujar Ketua Umum Pengelola Nama Domain Internet Indonesia (Pandi) Andy Budimansyah, melansir Merdeka, Kamis (23/11).
Dia menyebut hacker Indonesia sudah berhenti menyerang situs-situs Israel. Meski demikian, Pandi berkoordinasi dengan operator DNS tetap mengawasi. Karena jika hacker Israel benar-benar menyerang balik akibatnya tetap merugikan.

"Kalau server banking atau website-website yang melayani masyarakat tiba-tiba tidak bisa diakses, kan kasihan," tuturnya.
»»  Read more