Cara Mengidentifikasi Serangan Hacker

Saya yakin temen temen udah pada tau tentang hal ini, tapi ini cuma sekedar mengingatkan kembali memori kita dulu menangani security dengan cara manual, jangan menyalah gunakan artikel ini dan saya tidak bertanggung jawab atas penyalah gunaan artikel ini

Sumber : www dot Hackersbook dot com


Semoga bermanfaat

Identifying attackers – “Pants down"
You certainly experience people trying to send you Trojans or viruses or attacking you with unnecessary mails. Your firewall will caution you in
such cases and reveal the sender’s IP address in the mail header.
The IP address comes in handy when trying to identify the origin of the
attack. We want to illustrate what steps to take in order to get as much
information as possible.

PING
The IP address gives the attacker’s Internet address. The numerical
address like 212.214.172.81 does not reveal much. You can use PING to convert the address into a domain name in WINDOWS: The Domain
Name Service (DNS) protocol reveals the matching domain name. PING
stands for “Packet Internet Groper” and is delivered with practically every Internet compatible system, including all current Windows versions.
Make sure you are logged on to the net. Open the DOS shell and enter
the following PING command:
Ping –a 123.123.12.1
Ping will search the domain name and reveal it. You will often have
information on the provider the attacker uses e.g.:
dialup21982.gateway123.provider.com

This means that the attacker logged on using “provider.com”.
Unfortunately, there are several IP addresses that cannot be converted
into domain names. The following passage may be of help in such
cases.

Traceroute – Where is the attack from?
Traceroute is also carried out in the MS DOS shell, and connects your
PC to another one that is in the Internet or to a server. In precise terms, Traceroute traces the route of data packages that have reached you from a particular location in the net and vice versa. Internet comprises of several servers and routers that function as stations that convey your data packages further.
Traceroute is known as “tracert” in Windows.
Tracert 123.123.12.1
Tracer connects to the computer whose IP has been entered and reveals all stations starting from your Internet connection. Both the IP address as well as the domain name (if available) is displayed.
If PING cannot reveal a name, Traceroute will possibly deliver the name of the last or second last station to the attacker, which may enable conclusions concerning the name of the provider used by the attacker and the region from which the attacks are coming.
After identifying a provider in this manner (e.g. provider.com), you can
obtain more information on this provider at http://www.netsol.com/cgibin/whois/whois .
Foreign domain names can searched for under the WHOIS section of
that country. You will find these at http://ww.nic. +national top-leveldomains.
e.g. http://www.nic.at for Austria or http://www.nic.ch for
Switzerland or http://www.nic.de for Germany.

Geographical analysis with NeoTrace
Finally, we would like to introduce another tool, “NeoTrace”, which even
gives a graphical display of TRACEROUTE analysis and the connection
on a map. A free trial version is available at http://www.neotrace.com.
After downloading, you should install while still online to enable Neotrace
display the geographical details.
Enter your country and the next city to where you are.
After installing, you can enter the IP address you are targeting in the
area marked “Target”, then click “Go”.

terims Kepada dokter_cinta

By ^Xmoensen^