IJID (International Journal on Informatics for Development) (May 2013)
Honeypot Log Analysis as a Network Security Support
Abstract
The development of information and communication technology could not be separated from the development of computer network and interconnected network (internet). On the other side, there are people who try to access the information illegally, even try to disturb and destroy the flow of information. These people are called hacker or cracker. Because of that reason, it is needed tools to prevent this information. Those tools are like firewall, IPS (Intrusion prevention system), IDS (intrusion detection system), anti-virus, and other tools. This research does literature review by analyzing one of IDS tools that is honeypot using a method of data analyzing using secondary data from Honey net Project Research at January 7th until 29th 2003. The result published by those researchers is a DDOS attack was happen at January 18th and 19th 2003 that caused one of the computer servers with IP (internet protocol) 10.1.1.101 went down at January 19th 2003. A computer with IP 10.1.1.101 at January18th 2003 started to get over packets, that is 293 packet or 41.1% from 707 packets, but the computer had not gone down yet. However, at January 19th 2003 the computer got more packets, that was 795 packets or 58% from 1,370 packets, that cause the computer became down. The evidence was unconnected computers at January 20th 2003. Based on these analyzing we concludes that honeypot is very effective to be a supporting tool to detect a network intrusion, especially DDOS. And the addition value of honeypot implementation is a log which gives information for network administrators to know any activities on the network, both normal activities, or disadvantage activities.
Keywords
