Analisis dan Implementasi Honeypot Honeyd Sebagai Low Interaction Terhadap Serangan Distributed Denial Of Service (DDOS) dan Malware

Abstract

Every computer device connected to a wide computer network is vulnerable to security risks. These threats encompass vulnerabilities to data, information, resources, and services within the system. These threats include intrusion, eavesdropping, theft of vital data, as well as damage to the network system. These actions are carried out by parties who are not accountable, commonly referred to as intruders or attackers. One method to prevent or anticipate these malicious actions is by utilizing the honeyd Honeypot technique. The honeyd Honeypot adopts a low-interaction approach, which involves indirect interaction with attackers. This Honeypot serves as a decoy or simulated server intentionally presented as a target for attacks. The purpose of this Honeypot is to detect and analyze ongoing attacks. In this research, the honeyd Honeypot is implemented as a simulated server resembling an authentic server. This server provides various services and opens several ports deliberately prepared as attack targets, such as Port 139, and Port 21.The results of this research unveil the existence of attacks. Signs of these attacks include a surge in network traffic, reaching up to 100 Megabits above the normal level. Another indicator is a sudden spike in CPU usage, reaching 100%. The activities of these attacks can be analyzed through the installed Wireshark application on the Honeypot server. Information obtained from this analysis encompasses details about the attacker's activities, enabling more effective preventive, anticipatory, and corrective measures. These steps encompass securing the server, network system, and existing services.