Analisis Rogue DHCP Packets Menggunakan Wireshark Network Protocol Analyzer

Muamar Kadafi, Khusnawi Khusnawi

Abstract


Rogue DHCP server adalah salah satu pemanfaatan celah keamanan pada mekanisme konfigurasi alamat jaringan menggunakan DHCP. Rogue DHCP server memberikan konfigurasi alamat jaringan yang salah kepada client yang tergabung di dalam jaringan dengan tujuan menciptakan serangan jaringan berupa man in the middle, sehingga dapat menimbulkan ancaman terhadap privasi client yang tergabung di dalam jaringan.
Penelitian difokuskan pada analisis DHCP packets seperti DHCPDISCOVER, DHCPREQUEST, DHCPOFFER, DHCPACK yang melewati sebuah Bridge Mikrotik menggunakan aplikasi Wireshark Network Protocol Analyzer sebelum dan setelah adanya Rogue DHCP server di dalam jaringan DHCP, sehingga dapat diamati bagaimana DHCP server asli dan Rogue DHCP server saling bertukar paket DHCP dengan DHCP client yang selanjutnya dilakukan analisis terhadap Rogue DHCP packets.
Dari hasil analisis didapatkan informasi parameter-parameter yang terkandung di dalam Rogue DHCP Packets yang difungsikan untuk membangun sistem keamanan jaringan DHCP berupa monitoring dan pencegahan terhadap Rogue DHCP Server menggunakan DHCP Alert yang dikombinasikan dengan Firewall Filter Rule pada sebuah Bridge Mikrotik, dengan diperoleh hasil bahwa sistem dapat mendeteksi dan mencegah adanya Rogue DHCP Server di dalam jaringan DHCP berbasis IPv4.

Rogue DHCP server is one of exploiting security holes in the mechanism of configuration the network address using DHCP. Rogue DHCP server provides incorrect configuration network address to a client who joined in the network with the aim of creating a network attacks such as “man in the middle”, so it can pose a threat to client privacy who joined in the network.
The research focused on the analysis of DHCP packets such as DHCPDISCOVER, DHCPREQUEST, DHCPOFFER, DHCPACK which passes through a Bridge Mikrotik using Wireshark Network Protocol Analyzer application before and after the Rogue DHCP server in the DHCP network, so it can be observed how the original DHCP server and Rogue DHCP Server exchanging packets with a DHCP Client and then make an analysis of the Rogue DHCP packets.
The result of analysis obtained information of parameters that contained in the Rogue DHCP Packets that enabled to build a DHCP network security system in the form of monitoring and prevention of Rogue DHCP server using DHCP Alert combined with Firewall Filter Rule on a Bridge Mikrotik, with result that the system can detect and prevent existence of Rogue DHCP Server in the DHCP based IPv4 network.


Full Text:

PDF

References


Razaque, A., Elleithy, K., 2012, Discovery of Malicious Attacks to Improve Mobile Collaborative Learning (MCL). International Journal of Computer Networks & Communications (IJCNC), Vol 4, No 4, Hal 21-40.

Khan, M., Alshomrani, S., and Qamar, S., 2013, Investigation of DHCP Packets using Wireshark, International Journal of Computer Applications, Vol 63, No 4, 1-9.

Kurniawan, A., 2012, Network Forensics: Panduan Analisis & Investigasi Paket Data Jaringan Menggunakan Wireshark, Andi, Yogyakarta.

Athailah, 2013, Mikrotik untuk Pemula, Mediakita, Jakarta.

Towidjojo, R., 2013, Mikrotik Kungfu Kitab 2, Jasakom.

Sugiri, Saputro, H., 2006, VMware Solusi Menjalankan Beberapa Sistem Operasi. Andi, Yogyakarta.




DOI: https://doi.org/10.24076/citec.2015v2i2.46

Refbacks

  • There are currently no refbacks.


Indexed by:

 

Dedicated to:

 

Creative Information Technology Journal (CITEC Journal) is licensed under a Creative Commons Attribution 4.0 International License