LAPORAN TEKNIS PEMELIHARAAN JARINGAN
WIDE AREA NETWORK / WAN
Kabupaten Bandung Barat
Pendahuluan
Teknologi informasi semakin berperan dalam mendukung efisiensi dan efektifitas komunikasi pada organisasi modern baik itu perusahaan maupun institusi pemerintahan, Salah satunya penerapannya adalah dengan teknologi Wide Area Network (WAN), dimana cakupan WAN meliputi wilayah yang lebih luas dari pada Local Area Network (LAN).
Kabupaten Bandung Barat adalah kabupaten pecahan dari Kabupaten bandung yang mempunyai luas wilayah sekitar 1.311,31 km2 yang mencakup 16 kecamatan serta 165 Desa.tentu dengan wilayah yang luas seperti ini bukan perkara mudah untuk bisa menghubungkan semua kecamatan dan semua desa, hal ini di sebabkan hambatan infrastruktur serta faktor geografis.
Atas dasar tersebut, maka pemerintah Kabupaten Bandung Barat melalui Kantor Dinas Perhubungan dan Kominfo melakukan sebuah upaya untuk memelihara semua infrastuktur jaringan TCP/IP yang ada di kabupaten bandung barat, sehingga strategis untuk pemanfaatan Teknologi Informasi pada sarana pendukung pekerjaan dan pelayanan pada masyarakat pengelolaan teknologi Informasi maka diharapkan pekerjaan dan pelayanan, para pegawai di Kabupaten Bandung Barat lebih baik dan lebih maksimal setiap harinya.
Maksud dan Tujuan
Maksud : meningkatkan efesiensi dan efektivitas pkerjaan di lingkungan pemerintahan kab. Bandung barat dengan dukungan teknologi informasi.
Tujuan dari kegiatan ini adalah :
1. Terpeliharanya semua jaringan yang ada di kabupaten Bandung barat baik itu di lingkungan pemerintah daerah maupun kecamatan .
2. Tersedianya jaringan untuk semua koneksi aplikasi internal kabupaten bandung barat maupun kebutuhan koneksi internet.
Lokasi Kegiatan
lokasi kegiatan pemerintahan Kab.Bandung barat sebagai pusat data dan informasi serta pusat perangkat access point menuju beberapa titik kecamatan di sesuikan dengan jumlah perangkat yang tersedia.
Hasil Kegiatan Topologi
Pada tahun 2014-2015 ada sekitar 9 Kecamatan yang terhubung secara langsung maupun lewat repeater ke kabupaten bandungbarat.berikut topologi WAN kab.bandungbarat tahun 2014-2015
Topologi WAN Kab. Bandung Barat
Dari 16 kecamatan yang ada di Kab. Bandungbarat hanya 1 yang terhubung secara langsung yaitu kecamatan padalarang sedangkan sisa kecamatan tidak terkoneksi di sebabkan perangkat terkena petir serta sebelumnya memang belum terhubung secara langsung.
Di karenakan keterbatasan perangkat, maka di prioritaskan kecamatan ataupun dinas terdekat yang memungkinkan terhubung secara langsung, yaitu Kecamatan Ngamprah, Cisarua, Sindangkerta serta DPRD Kab.Bandung Barat. Untuk kasus kecamatan Cisarua tidak bisa secara langsung terhubung menuju Kantor kabupaten tetapi melalui DPRD hal ini di sebabkan faktor geografis yang tidak memungkinkan secara langsung terhubung ke gedung PEMDA.
ID VLAN dan IP Addressing
Untuk memudahkan monitoring dan bandwidth manajemen baik di gedung pemda serta kecamatan maka kita terapkan teknologi VLAN, berikut ID VLAN serta IP address-list untuk beberapa tempat.
No ID VLAN Description IP Address-list
1
11-14
Gedung Dinas
10.10.1.0/24 s/d 10.10.4.0/24
2
21-27
Ged. Setda
10.10.21.0/24 s/d 10.10.28.0/24
3
31-35
Gedung C
10.10.31.0/24 s/d 10.10.35.0/24
4
41-44
Gedung B
10.10.41.0/24 s/d 10.10.44.0/24
5
51
Gedung Perpustakaan
10.10.51.0/24
6
28
WIFI GedungC dan Setda 10.10.28.0/24
7
101
DPRD
10.10.101.0/24
8
61
Kec. UTARA
10.10.102.0/24
Setting dan Konfigurasi A. Router Utama
router utama dalam hal ini di pegang oleh mikrotik jenis RB 1100 Hx2 untuk menanangani Routing, BW manajemen, VLAN manajemen, VPN Server serta filtering, sehingga posisi router utama menjadi posisi sentral di jaringan KBB.
berikut list konfigurasi di router utama. A.1. VLAN ID
A2. Bandwidth Manajemen
bandwidth manajemn di setting berdsarkan IP dengan metode PCQ, berikut konfigurasi yang sudah di lakukan dan di kelompokan berdasarkan tempat :
@KOMINFO] > queue simple print
Flags: X - disabled, I - invalid, D - dynamic
0 name="ICMP" target="" parent=none packet-marks=ICMP priority=1/1 queue=default-small/default-small limit-at=0/0 max-limit=0/0 burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s
1 name="DNS" target="" parent=none packet-marks=DNS priority=1/1 queue=default-small/default-small limit-at=0/0 max-limit=0/0 burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s
2 name="SIMDA" target=192.168.1.10/32 parent=none packet-marks="" priority=1/1 queue=default/default limit-at=0/0 max-limit=65M/65M burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s total-queue=default 3 ;;; GedungD
name="Gedung D" target=10.10.51.0/24 parent=none packet-marks=""
priority=1/1 queue=pcq_upload/pcq_download limit-at=0/0 max-limit=65M/65M burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s total-queue=default
4 ;;; Bandwidth Setda name="GED. SETDA"
target=10.10.24.0/24,10.10.22.0/24,10.10.23.0/24,10.10.25.0/24
parent=none packet-marks="" priority=1/1 queue=pcq_upload/pcq_download limit-at=0/0 max-limit=65M/65M burst-limit=0/0 burst-threshold=0/0
burst-time=0s/0s total-queue=default 5 ;;; SOUTH
name="Kec-PKS SELATAN" target=10.10.20.0/24 parent=none packet-marks="" priority=1/1 queue=pcq_upload/pcq_download limit-at=0/0 max-limit=65M/65M burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s total-queue=default 6 ;;; NORTH
name="KEC PKS UTARA" target=10.10.30.0/24,10.10.102.0/24 parent=none packet-marks="" priority=1/1 queue=pcq_upload/pcq_download limit-at=0/0 max-limit=65M/65M burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s total-queue=default
7 ;;; GEDUNG C
name="GED C" target=10.10.32.0/24,10.10.31.0/24,10.10.33.0/24, 10.10.34.0/24,192.168.1.0/24,172.16.2.0/24
parent=none packet-marks="" priority=1/1 queue=pcq_upload/pcq_download limit-at=0/0 max-limit=65M/65M burst-limit=0/0 burst-threshold=0/0
burst-time=0s/0s total-queue=default 8 ;;; DPRD
name="DPRD" target=10.10.101.0/24 parent=none packet-marks="" priority=1/1 queue=default/default limit-at=0/0 max-limit=65M/65M burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s total-queue=default 9 ;;; Ged Dinas
name="GEDUNG DINAS"
target=10.10.1.0/24,10.10.2.0/24,10.10.3.0/24,10.10.4.0/24,10.10.131.0/24 parent=none packet-marks="" priority=8/8 queue=pcq_upload/pcq_download limit-at=0/0 max-limit=65M/65M burst-limit=0/0 burst-threshold=0/0
burst-time=10s/10s 10 ;;; WIFI
name="WIFI" target=172.16.3.0/24,10.10.28.0/24 parent=none
packet-marks="" priority=8/8 queue=pcq_wifi_upload/pcq_wifi_download limit-at=0/0 max-limit=65M/65M burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s
5 name="pcq_download" kind=pcq pcq-rate=1M pcq-limit=300KiB pcq-classifier=dst-address pcq-total-limit=5000KiB pcq-burst-rate=0 pcq-burst-threshold=0 pcq-burst-time=2s pcq-src-address-mask=32
pcq-dst-address-mask=32 pcq-src-address6-mask=64 pcq-dst-address6-mask=64
6 name="pcq_upload" kind=pcq rate=1M limit=200KiB classifier=src-port total-limit=5000KiB pcq-burst-rate=65M pcq-burst-threshold=0 pcq-burst-time=10s pcq-src-address-mask=32
pcq-dst-address-mask=32 pcq-src-address6-mask=64 pcq-dst-address6-mask=64
7 name="pcq_wifi_download" kind=pcq pcq-rate=756k pcq-limit=300KiB pcq-classifier=dst-address pcq-total-limit=5000KiB pcq-burst-rate=0 pcq-burst-threshold=0 pcq-burst-time=2s pcq-src-address-mask=32
pcq-dst-address-mask=32 pcq-src-address6-mask=64 pcq-dst-address6-mask=64
8 name="pcq_wifi_upload" kind=pcq pcq-rate=5M pcq-limit=200KiB pcq-classifier=src-port pcq-total-limit=5000KiB pcq-burst-rate=65M pcq-burst-threshold=0 pcq-burst-time=10s pcq-src-address-mask=32
pcq-dst-address-mask=32 pcq-src-address6-mask=64 pcq-dst-address6-mask=64 A.3 Routing Manajemen
untuk memudahkan dalam membuat routing table di semua tempat, maka dari awal di setting menggunakan OSPF
Network redistribute :
@KOMINFO] > routing ospf network print Flags: X - disabled, I - invalid
# NETWORK AREA 0 172.16.0.0/16 backbone 1 10.0.0.0/8 backbone 2 192.168.0.0/16 backbone
@KOMINFO] > routing ospf instance print Flags: X - disabled, * - default
0 * name="default" router-id=60.253.117.41 distribute-default=never redistribute-connected=as-type-1 redistribute-static=as-type-1 redistribute-rip=no redistribute-bgp=no redistribute-other-ospf=no metric-default=1 metric-connected=20 metric-static=20 metric-rip=20 metric-bgp=auto metric-other-ospf=auto in-filter=ospf-in
out-filter=ospf-out A4. Filtering
untuk menjaga hal hal yang tidak di inginkan seperti flooding, serangan malware serta port tertentu yang dibiasa di gunakana olah trojan maka di router juga di pasang filtering sederhana, berikut konfigurasi filtering di router utama :
@KOMINFO] > ip firewall filter print Flags: X - disabled, I - invalid, D - dynamic
0 ;;; PPTP
chain=input action=accept protocol=gre log=no log-prefix="" 1 ;;; PPTP
chain=input action=accept protocol=tcp dst-port=1723 log=no log-prefix="" 2 chain=input action=accept protocol=icmp log=no log-prefix=""
3 chain=input action=accept src-address=202.51.224.0/20 log=no log-prefix="" 4 chain=input action=accept src-address=172.16.1.0/24 log=no log-prefix="" 5 chain=input action=accept src-address=172.16.4.0/24 log=no log-prefix="" 6 chain=input action=accept src-address=10.0.0.0/8 log=no log-prefix="" 7 chain=input action=accept src-address=192.168.0.0/16 log=no log-prefix="" 8 chain=input action=accept src-address=10.10.30.0/24 log=no log-prefix="" 9 chain=input action=accept src-address=10.10.31.0/24 log=no log-prefix="" 10 chain=input action=accept src-address=36.84.67.169 log=no log-prefix="" 11 chain=input action=accept src-address=172.16.0.0/16 log=no log-prefix="" 12 chain=input action=accept src-address=180.253.4.139 log=no log-prefix="" 13 chain=input action=accept src-address=36.84.67.125 log=no log-prefix="" 14 chain=input action=accept src-address=180.245.138.206 log=no log-prefix="" 15 chain=input action=accept src-address=36.72.23.93 log=no log-prefix="" 16 chain=forward action=accept src-address=10.10.131.0/24
layer7-protocol=DENIED log=no log-prefix=""
17 chain=forward action=accept src-address=10.10.3.132 layer7-protocol=DENIED log=no log-prefix=""
18 ;;; dari DMZ
chain=forward action=accept src-address=172.16.1.0/24 log=no log-prefix=""
chain=forward action=accept src-address=192.168.1.10 log=no log-prefix="" 21 chain=forward action=accept dst-address=192.168.1.10 log=no log-prefix="" 22 ;;; P2P
chain=forward action=drop p2p=all-p2p log=no log-prefix="" 23 ;;; Blaster Worm
chain=virus action=drop protocol=tcp dst-port=135-139 log=no log-prefix=""
24 ;;; Messenger Worm
chain=virus action=drop protocol=udp dst-port=135-139 log=no log-prefix=""
25 ;;; Blaster Worm
chain=virus action=drop protocol=tcp dst-port=445 log=no log-prefix="" 26 ;;; Blaster Worm
chain=virus action=drop protocol=udp dst-port=445 log=no log-prefix="" 27 ;;; ________
chain=virus action=drop protocol=tcp dst-port=593 log=no log-prefix="" 28 ;;; ________
chain=virus action=drop protocol=tcp dst-port=1024-1030 log=no log-prefix=""
29 ;;; Drop MyDoom
chain=virus action=drop protocol=tcp dst-port=1080 log=no log-prefix="" 30 ;;; ________
chain=virus action=drop protocol=tcp dst-port=1214 log=no log-prefix="" 31 ;;; ndm requester
chain=virus action=drop protocol=tcp dst-port=1363 log=no log-prefix="" 32 ;;; ndm server
chain=virus action=drop protocol=tcp dst-port=1364 log=no log-prefix="" 33 ;;; screen cast
chain=virus action=drop protocol=tcp dst-port=1368 log=no log-prefix="" 34 ;;; hromgrafx
35 ;;; cichlid
chain=virus action=drop protocol=tcp dst-port=1377 log=no log-prefix="" 36 ;;; Bagle Virus
chain=virus action=drop protocol=tcp dst-port=2745 log=no log-prefix="" 37 ;;; Dumaru.Y
chain=virus action=drop protocol=tcp dst-port=2283 log=no log-prefix="" 38 ;;; Beagle
chain=virus action=drop protocol=tcp dst-port=2535 log=no log-prefix="" 39 ;;; Beagle.C-K
chain=virus action=drop protocol=tcp dst-port=2745 log=no log-prefix="" 40 ;;; MyDoom
chain=virus action=drop protocol=tcp dst-port=3127-3128 log=no log-prefix=""
41 ;;; Backdoor OptixPro
chain=virus action=drop protocol=tcp dst-port=3410 log=no log-prefix="" 42 ;;; Worm
chain=virus action=drop protocol=tcp dst-port=4444 log=no log-prefix="" 43 ;;; Worm
chain=virus action=drop protocol=udp dst-port=4444 log=no log-prefix="" 44 ;;; Drop Sasser
chain=virus action=drop protocol=tcp dst-port=5554 log=no log-prefix="" 45 ;;; Drop Beagle.B
chain=virus action=drop protocol=tcp dst-port=8866 log=no log-prefix="" 46 ;;; Drop Dabber.A-B
chain=virus action=drop protocol=tcp dst-port=9898 log=no log-prefix="" 47 ;;; Drop Dumaru.Y
chain=virus action=drop protocol=tcp dst-port=10000 log=no log-prefix="" 48 ;;; Drop MyDoom.B
chain=virus action=drop protocol=tcp dst-port=10080 log=no log-prefix="" 49 ;;; Drop NetBus
50 ;;; Drop Kuang2
chain=virus action=drop protocol=tcp dst-port=17300 log=no log-prefix="" 51 ;;; Drop SubSeven
chain=virus action=drop protocol=tcp dst-port=27374 log=no log-prefix="" 52 ;;; Drop PhatBot,Agobot, Gaobot
chain=virus action=drop protocol=tcp dst-port=65506 log=no log-prefix="" 53 ;;; Trinoo
chain=virus action=drop protocol=udp dst-port=12667 log=no log-prefix="" 54 ;;; Trinoo
chain=virus action=drop protocol=udp dst-port=27665 log=no log-prefix="" 55 ;;; Trinoo
chain=virus action=drop protocol=udp dst-port=31335 log=no log-prefix="" 56 ;;; Trinoo
chain=virus action=drop protocol=udp dst-port=27444 log=no log-prefix="" 57 ;;; Trinoo
chain=virus action=drop protocol=udp dst-port=34555 log=no log-prefix="" 58 ;;; Trinoo
chain=virus action=drop protocol=udp dst-port=35555 log=no log-prefix="" 59 ;;; Trinoo
chain=virus action=drop protocol=tcp dst-port=27444 log=no log-prefix="" 60 ;;; Trinoo
chain=virus action=drop protocol=tcp dst-port=27665 log=no log-prefix="" 61 ;;; Trinoo
chain=virus action=drop protocol=tcp dst-port=31335 log=no log-prefix="" 62 ;;; Trinoo
chain=virus action=drop protocol=tcp dst-port=31846 log=no log-prefix="" 63 ;;; Trinoo
chain=virus action=drop protocol=tcp dst-port=34555 log=no log-prefix="" 64 ;;; Trinoo
chain=virus action=drop protocol=tcp dst-port=35555 log=no log-prefix="" 65 ;;; ;;Block W32.Kido - Conficker
chain=forward action=drop protocol=udp src-port=135-139,445 log=no log-prefix=""
66 chain=forward action=drop protocol=udp dst-port=135-139,445 log=no log-prefix=""
67 chain=forward action=drop protocol=tcp src-port=135-139,445,593 log=no log-prefix=""
68 chain=forward action=drop protocol=tcp dst-port=135-139,445,593 log=no log-prefix=""
69 ;;; Do not DISABLE
chain=input action=drop src-address=!60.253.96.0/19 log=no log-prefix="" 70 ;;; Allow limited pings
chain=input action=accept protocol=icmp limit=50/5s,2 log=no log-prefix=""
71 chain=input action=accept protocol=icmp limit=50/5s,2 log=no log-prefix="" 72 ;;; drop FTP Brute Forcers
chain=input action=drop protocol=tcp src-address-list=FTP_BlackList dst-port=21 log=no log-prefix=""
73 chain=input action=drop protocol=tcp src-address-list=FTP_BlackList dst-port=21 log=no log-prefix=""
74 chain=output action=accept protocol=tcp content=530 Login incorrect dst-limit=1/1m,9,dst-address/1m log=no log-prefix=""
75 chain=output action=add-dst-to-address-list protocol=tcp address-list=FTP_BlackList address-list-timeout=1d
content=530 Login incorrect log=no log-prefix="" 76 ;;; drop SSH&TELNET Brute Forcers
chain=input action=drop protocol=tcp src-address-list=IP_BlackList dst-port=22-23 log=no log-prefix=""
77 chain=input action=add-src-to-address-list connection-state=new protocol=tcp src-address-list=SSH_BlackList_3 address-list=IP_BlackList address-list-timeout=1d dst-port=22-23 log=no log-prefix=""
78 chain=input action=add-src-to-address-list connection-state=new protocol=tcp src-address-list=SSH_BlackList_2
log=no log-prefix=""
79 chain=input action=add-src-to-address-list connection-state=new protocol=tcp src-address-list=SSH_BlackList_1
address-list=SSH_BlackList_2 address-list-timeout=1m dst-port=22-23 log=no log-prefix=""
80 chain=input action=add-src-to-address-list connection-state=new protocol=tcp address-list=SSH_BlackList_1 address-list-timeout=1m dst-port=22-23 log=no log-prefix=""
81 ;;; drop port scanners
chain=input action=drop src-address-list=port_scanners log=no log-prefix=""
82 chain=input action=add-src-to-address-list tcp-flags=fin,!syn,!rst,!psh,!ack,!urg protocol=tcp
address-list=port_scanners address-list-timeout=2w log=no log-prefix="" 83 chain=input action=add-src-to-address-list tcp-flags=fin,syn protocol=tcp address-list=port_scanners address-list-timeout=2w log=no log-prefix="" 84 chain=input action=add-src-to-address-list tcp-flags=syn,rst protocol=tcp address-list=port_scanners address-list-timeout=2w log=no log-prefix="" 85 chain=input action=add-src-to-address-list
tcp-flags=fin,psh,urg,!syn,!rst,!ack protocol=tcp
address-list=port_scanners address-list-timeout=2w log=no log-prefix="" 86 chain=input action=add-src-to-address-list
tcp-flags=fin,syn,rst,psh,ack,urg protocol=tcp address-list=port_scanners address-list-timeout=2w log=no log-prefix=""
87 chain=input action=add-src-to-address-list tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg protocol=tcp
address-list=port_scanners address-list-timeout=2w log=no log-prefix="" 88 chain=forward action=drop protocol=tcp src-address-list=Worm-Infected-p445 dst-port=445 log=no log-prefix=""
89 chain=forward action=drop protocol=tcp src-address-list=Worm-Infected-p445 dst-port=445 log=no log-prefix=""
90 ;;; Accept established connections
chain=input action=accept connection-state=established log=no log-prefix=""
91 ;;; Accept related connections
chain=input action=accept connection-state=related log=no log-prefix="" 92 ;;; Drop invalid connections
chain=input action=drop connection-state=invalid log=no log-prefix="" 93 ;;; UDP
chain=input action=accept protocol=udp log=no log-prefix="" 94 ;;; drop invalid connections
chain=forward action=drop connection-state=invalid log=no log-prefix="" 95 ;;; Allow limited pings
chain=input action=accept protocol=icmp limit=50/5s,2 log=no log-prefix=""
96 ;;; Drop excess pings
chain=input action=drop protocol=icmp log=no log-prefix="" 97 ;;; DROP PING REPLY
chain=input action=drop protocol=icmp src-address=!10.10.0.4 log=no log-prefix=""
98 ;;; Drop Blaster Worm
chain=virus action=drop protocol=tcp dst-port=135-139 log=no log-prefix=""
99 ;;; Drop Messenger Worm
chain=virus action=drop protocol=udp dst-port=135-139 log=no log-prefix=""
100 ;;; Drop Blaster Worm
chain=virus action=drop protocol=tcp dst-port=445 log=no log-prefix="" 101 ;;; Drop Blaster Worm
chain=virus action=drop protocol=udp dst-port=445 log=no log-prefix="" 102 ;;; ________
chain=virus action=drop protocol=tcp dst-port=593 log=no log-prefix="" 103
chain=virus action=drop protocol=tcp dst-port=1024-1030 log=no log-prefix=""
chain=virus action=drop protocol=tcp dst-port=1080 log=no log-prefix="" 105 ;;; ________
chain=virus action=drop protocol=tcp dst-port=1214 log=no log-prefix="" 106 ;;; ndm requester
chain=virus action=drop protocol=tcp dst-port=1363 log=no log-prefix="" 107 ;;; ndm server
chain=virus action=drop protocol=tcp dst-port=1364 log=no log-prefix="" 108 ;;; screen cast
chain=virus action=drop protocol=tcp dst-port=1368 log=no log-prefix="" 109 ;;; hromgrafx
chain=virus action=drop protocol=tcp dst-port=1373 log=no log-prefix="" 110 ;;; cichlid
chain=virus action=drop protocol=tcp dst-port=1377 log=no log-prefix="" 111 ;;; Worm
chain=virus action=drop protocol=tcp dst-port=1433-1434 log=no log-prefix=""
112 ;;; Bagle Virus
chain=virus action=drop protocol=tcp dst-port=2745 log=no log-prefix="" 113 ;;; Drop Dumaru.Y
chain=virus action=drop protocol=tcp dst-port=2283 log=no log-prefix="" 114 ;;; Drop Beagle
chain=virus action=drop protocol=tcp dst-port=2535 log=no log-prefix="" 115 ;;; Drop Beagle.C-K
chain=virus action=drop protocol=tcp dst-port=2745 log=no log-prefix="" 116 ;;; Drop MyDoom
chain=virus action=drop protocol=tcp dst-port=3127-3128 log=no log-prefix=""
117 ;;; Drop Backdoor OptixPro
chain=virus action=drop protocol=tcp dst-port=3410 log=no log-prefix="" 118 ;;; Worm
119 ;;; Worm
chain=virus action=drop protocol=udp dst-port=4444 log=no log-prefix="" 120 ;;; Drop Sasser
chain=virus action=drop protocol=tcp dst-port=5554 log=no log-prefix="" 121 ;;; Drop Beagle.B
chain=virus action=drop protocol=tcp dst-port=8866 log=no log-prefix="" 122 ;;; Drop Dabber.A-B
chain=virus action=drop protocol=tcp dst-port=9898 log=no log-prefix="" 123 ;;; Drop Dumaru.Y
chain=virus action=drop protocol=tcp dst-port=10000 log=no log-prefix="" 124 ;;; Drop MyDoom.B
chain=virus action=drop protocol=tcp dst-port=10080 log=no log-prefix="" 125 ;;; Drop NetBus
chain=virus action=drop protocol=tcp dst-port=12345 log=no log-prefix="" 126 ;;; Drop Kuang2
chain=virus action=drop protocol=tcp dst-port=17300 log=no log-prefix="" 127 ;;; Drop SubSeven
chain=virus action=drop protocol=tcp dst-port=27374 log=no log-prefix="" 128 ;;; Drop PhatBot, Agobot, Gaobot
chain=virus action=drop protocol=tcp dst-port=65506 log=no log-prefix="" 129 ;;; jump to the virus chain
chain=forward action=jump jump-target=virus log=no log-prefix="" 130 ;;; Port scanners to list
chain=input action=add-src-to-address-list protocol=tcp psd=21,3s,3,1 address-list=port scanners address-list-timeout=2w log=no log-prefix="" 131 ;;; NMAP FIN Stealth scan
chain=input action=add-src-to-address-list tcp-flags=fin,!syn,!rst,!psh,!ack,!urg protocol=tcp
address-list=port scanners address-list-timeout=2w log=no log-prefix="" 132 ;;; SYN/FIN scan
chain=input action=add-src-to-address-list tcp-flags=fin,syn protocol=tcp address-list=port scanners address-list-timeout=2w log=no log-prefix=""
133 ;;; SYN/RST scan
chain=input action=add-src-to-address-list tcp-flags=syn,rst protocol=tcp address-list=port scanners address-list-timeout=2w log=no log-prefix="" 134 ;;; FIN/PSH/URG scan
chain=input action=add-src-to-address-list tcp-flags=fin,psh,urg,!syn,!rst,!ack protocol=tcp
address-list=port scanners address-list-timeout=2w log=no log-prefix="" 135 ;;; ALL/ALL scan
chain=input action=add-src-to-address-list
tcp-flags=fin,syn,rst,psh,ack,urg protocol=tcp address-list=port scanners address-list-timeout=2w log=no log-prefix=""
136 ;;; NMAP NULL scan
chain=input action=add-src-to-address-list tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg protocol=tcp
address-list=port scanners address-list-timeout=2w log=no log-prefix="" 137 ;;; dropping port scanners
chain=input action=drop src-address-list=port scanners log=no log-prefix=""
138 ;;; drop ftp brute forcers
chain=input action=drop protocol=tcp src-address-list=ftp_blacklist dst-port=21 log=no log-prefix=""
139 chain=output action=accept protocol=tcp content=530 Login incorrect dst-limit=1/1m,9,dst-address/1m log=no log-prefix=""
140 chain=output action=add-dst-to-address-list protocol=tcp address-list=ftp_blacklist address-list-timeout=3h
content=530 Login incorrect log=no log-prefix="" 141 ;;; drop ssh brute forcers
chain=input action=drop protocol=tcp src-address-list=ssh_blacklist dst-port=22 log=no log-prefix=""
142 chain=input action=add-src-to-address-list connection-state=new protocol=tcp src-address-list=ssh_stage3 address-list=ssh_blacklist address-list-timeout=3d dst-port=22 log=no log-prefix=""
143 chain=input action=add-src-to-address-list connection-state=new protocol=tcp src-address-list=ssh_stage2 address-list=ssh_stage3 address-list-timeout=1m dst-port=22 log=no log-prefix=""
144 chain=input action=add-src-to-address-list connection-state=new protocol=tcp src-address-list=ssh_stage1 address-list=ssh_stage2 address-list-timeout=1m dst-port=22 log=no log-prefix=""
145 chain=input action=add-src-to-address-list connection-state=new protocol=tcp address-list=ssh_stage1 address-list-timeout=1m dst-port=22 log=no log-prefix=""
146 ;;; drop ssh brute downstream
chain=forward action=drop protocol=tcp src-address-list=ssh_blacklist dst-port=22 log=no log-prefix=""
147 ;;; DotaA
chain=forward action=drop protocol=tcp dst-port=27015-27050 log=no log-prefix=""
148 chain=forward action=drop protocol=tcp src-port=27015-27050 log=no log-prefix=""
B. Access Point
ada beberapa access point yang terpasang di Kab.Bandungbarat untuk mencover beberapa gedung di lingkungan Kab. Bandungbarat dan juga mengcover kecamatan kecamatan di kab.bandungbarat.Berikit List berdasarkan SSID Access Point serta client covered nya.
No SSID Access Point IP address Covered Description
1 KBB-SOUTH 172.16.7.2 DPRD,Kec.Padalarang 2 KBB-SOUTH3 172.16.7.21 Sindangkerta,Ged. B 3 KBB-SOUTH2 172.16.7.130 Ged.SETDA,Ged.C
4 KBB-NORTH2 172.16.7.135 Kec.Ngamprah,Puskes Ngamprah
5 KBB-NORTH3 172.16.7.9 Kec.Cisarua
Documentasi Kegiatan
berikut Foto dokumentasi kegiatan pemeliharaan jaringan WAN di beberapa tempat : Kec.Cisarua :
Kec. Ngamprah
Usulan dan Saran
ada bebrapa usul untuk perbaikan jaringan WAN KBB kedapan :
1. Disarankan di pecah beberapa fungsi yang sekarang ada di Router utama menjadi di buat terpisah di router yang lain sehinggal beban kerja router bisa berkura waktu ng
2. di usulkan penambhan perangkat Radio Rocket untuk menghubungkan beberapa tempat yang masih mati serta untuk backup perangkat apabila sewaktu waktu mati.
3. di Sarankan menambah beberapa switch manageable di bebrapa tempat terutama Ged D dan Gedung B supaya bisa termanage jaringan gedungnya.
4. Di usulkan mengganti link Wireless menjadi link Fiber Optik untuk menghubungkan antar gedung di lingkungan kab. Bandungbarat
5. Disarankan di pasang Access Point di tiap tiap Kecamatan supaya tersa manfaat access internet di lingkungan kecamatan dan sekitarnya.