{"id":5828,"date":"2017-06-11T11:48:50","date_gmt":"2017-06-11T03:48:50","guid":{"rendered":"http:\/\/inertz.com\/blog\/?p=5828"},"modified":"2020-02-24T11:05:10","modified_gmt":"2020-02-24T03:05:10","slug":"cara-nak-cegah-false-alarm-pada-snmp-monitoring-server-disebabkan-oleh-ddos-pada-port-udp","status":"publish","type":"post","link":"https:\/\/inertz.com\/blog\/cara-nak-cegah-false-alarm-pada-snmp-monitoring-server-disebabkan-oleh-ddos-pada-port-udp\/","title":{"rendered":"Cegah false alarm snmp monitoring server kerana DDOS port UDP"},"content":{"rendered":"

\"snmp\"<\/a>Terkadang server monitoring system yang menggunakan SNMP akan mengeluarkan false alarm service down. Biasanya perkara ini berlaku akibat daripada UDP flood pada service SNMP. Server tidak down tetapi disebabkan oleh port tersebut flood, maklumat yang perlu ditarik oleh monitoring server tidak dapat dicapai. False alarm boleh menyebabkan kerugian masa dan salah tafsir kerana server yang dianggap down sebenarnya tiada masalah.<\/p>\n

Contoh SNMP DDOS:<\/p>\n

[bash]<\/p>\n

root@svr29 [~]# tail -f \/var\/log\/messages | grep “Connection from UDP”
\nNov 11 10:42:47 svr29 snmpd[28113]: Connection from UDP: [201.229.x.x]:1025
\nNov 11 10:42:50 svr29 snmpd[28113]: Connection from UDP: [201.229.x.x]:1025
\nNov 11 10:42:53 svr29 snmpd[28113]: Connection from UDP: [24.201.x.x]:1025
\nNov 11 10:42:53 svr29 snmpd[28113]: Connection from UDP: [24.201.x.x]:1025
\nNov 11 10:43:31 svr29 snmpd[28113]: Connection from UDP: [103.x.x.x]:45655
\nNov 11 10:44:34 svr29 snmpd[28113]: Connection from UDP: [103.x.x.x]:41150<\/p>\n

[\/bash]<\/p>\n

Halang IP dengan CSF Firewall<\/p>\n

[bash]
\nroot@svr29 [~]# csf -d 201.229.x.x
\nroot@svr29 [~]# csf -d 24.201.x.x
\n[\/bash]<\/p>\n

Lepas tu pastikan cuma ip dari monitoring server connect ke snmp<\/p>\n

[bash]
\nroot@svr29 [~]# tail -f \/var\/log\/messages | grep “Connection from UDP”
\nNov 11 10:44:34 svr29 snmpd[28113]: Connection from UDP: [103.x.x.x]:40872
\nNov 11 10:44:34 svr29 snmpd[28113]: Connection from UDP: [103.x.x.x]:55844
\nNov 11 10:44:34 svr29 snmpd[28113]: Connection from UDP: [103.x.x.x]:41199
\n[\/bash]<\/p>\n

*Update
\nAda cara nak allow hanya certain IP akses snmp guna \/etc\/hosts.allow. Firewall tidak diperlukan.
\nContoh setting dalam \/etc\/hosts.allow<\/p>\n

[bash]
\n.
\n.<\/p>\n

#snmpd
\nsnmpd : 103.x.x.x : allow
\nsnmpd : ALL : deny<\/p>\n

[\/bash]<\/p>\n

Log yang akan keluar apabila buat setting macam ni:<\/p>\n

[bash]
\nNov 15 11:19:05 svr29 snmpd[14384]: Connection from UDP: [142.167.x.x]:8699 REFUSED
\nNov 15 11:19:06 svr29 snmpd[14384]: Connection from UDP: [142.167.x.x]:19461 REFUSED
\nNov 15 11:19:08 svr29 snmpd[14384]: Connection from UDP: [142.167.x.x]:8920 REFUSED
\nNov 15 11:19:09 svr29 snmpd[14384]: Connection from UDP: [142.167.x.x]:41155 REFUSED
\n[\/bash]<\/p>\n

*Artikel ini adalah daripada terjemahan<\/a>.<\/p>\n

 <\/p>\n","protected":false},"excerpt":{"rendered":"

Terkadang server monitoring system yang menggunakan SNMP akan mengeluarkan false alarm service down. Biasanya perkara ini berlaku akibat daripada UDP flood pada service SNMP. Server tidak down tetapi disebabkan oleh port tersebut flood, maklumat yang perlu ditarik oleh monitoring server tidak dapat dicapai.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[9],"tags":[4580,3252,4491],"class_list":["post-5828","post","type-post","status-publish","format-standard","hentry","category-linux","tag-false-alarm","tag-linux","tag-snmp-ddos"],"yoast_head":"\nCegah false alarm snmp monitoring server kerana DDOS port UDP - https:\/\/inertz.com\/blog<\/title>\n<meta name=\"description\" content=\"Terkadang server monitoring system yang menggunakan SNMP akan mengeluarkan false alarm service down. Biasanya perkara ini berlaku akibat daripada UDP\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/inertz.com\/blog\/cara-nak-cegah-false-alarm-pada-snmp-monitoring-server-disebabkan-oleh-ddos-pada-port-udp\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Cegah false alarm snmp monitoring server kerana DDOS port UDP - https:\/\/inertz.com\/blog\" \/>\n<meta property=\"og:description\" content=\"Terkadang server monitoring system yang menggunakan SNMP akan mengeluarkan false alarm service down. Biasanya perkara ini berlaku akibat daripada UDP\" \/>\n<meta property=\"og:url\" content=\"https:\/\/inertz.com\/blog\/cara-nak-cegah-false-alarm-pada-snmp-monitoring-server-disebabkan-oleh-ddos-pada-port-udp\/\" \/>\n<meta property=\"og:site_name\" content=\"https:\/\/inertz.com\/blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/facebook.com\/inertz\" \/>\n<meta property=\"article:author\" content=\"https:\/\/web.facebook.com\/inertz\" \/>\n<meta property=\"article:published_time\" content=\"2017-06-11T03:48:50+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2020-02-24T03:05:10+00:00\" \/>\n<meta property=\"og:image\" content=\"http:\/\/inertz.com\/blog\/wp-content\/uploads\/2016\/11\/snmp-620x482.jpg\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@https:\/\/twitter.com\/inertz\" \/>\n<meta name=\"twitter:site\" content=\"@inertz\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Cegah false alarm snmp monitoring server kerana DDOS port UDP - https:\/\/inertz.com\/blog","description":"Terkadang server monitoring system yang menggunakan SNMP akan mengeluarkan false alarm service down. Biasanya perkara ini berlaku akibat daripada UDP","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/inertz.com\/blog\/cara-nak-cegah-false-alarm-pada-snmp-monitoring-server-disebabkan-oleh-ddos-pada-port-udp\/","og_locale":"en_US","og_type":"article","og_title":"Cegah false alarm snmp monitoring server kerana DDOS port UDP - https:\/\/inertz.com\/blog","og_description":"Terkadang server monitoring system yang menggunakan SNMP akan mengeluarkan false alarm service down. Biasanya perkara ini berlaku akibat daripada UDP","og_url":"https:\/\/inertz.com\/blog\/cara-nak-cegah-false-alarm-pada-snmp-monitoring-server-disebabkan-oleh-ddos-pada-port-udp\/","og_site_name":"https:\/\/inertz.com\/blog","article_publisher":"https:\/\/facebook.com\/inertz","article_author":"https:\/\/web.facebook.com\/inertz","article_published_time":"2017-06-11T03:48:50+00:00","article_modified_time":"2020-02-24T03:05:10+00:00","og_image":[{"url":"http:\/\/inertz.com\/blog\/wp-content\/uploads\/2016\/11\/snmp-620x482.jpg","type":"","width":"","height":""}],"author":"admin","twitter_card":"summary_large_image","twitter_creator":"@https:\/\/twitter.com\/inertz","twitter_site":"@inertz","twitter_misc":{"Written by":"admin","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/inertz.com\/blog\/cara-nak-cegah-false-alarm-pada-snmp-monitoring-server-disebabkan-oleh-ddos-pada-port-udp\/#article","isPartOf":{"@id":"https:\/\/inertz.com\/blog\/cara-nak-cegah-false-alarm-pada-snmp-monitoring-server-disebabkan-oleh-ddos-pada-port-udp\/"},"author":{"name":"admin","@id":"https:\/\/inertz.com\/blog\/#\/schema\/person\/d27d47b78673d67d4de15a57cd609ed9"},"headline":"Cegah false alarm snmp monitoring server kerana DDOS port UDP","datePublished":"2017-06-11T03:48:50+00:00","dateModified":"2020-02-24T03:05:10+00:00","mainEntityOfPage":{"@id":"https:\/\/inertz.com\/blog\/cara-nak-cegah-false-alarm-pada-snmp-monitoring-server-disebabkan-oleh-ddos-pada-port-udp\/"},"wordCount":293,"commentCount":1,"publisher":{"@id":"https:\/\/inertz.com\/blog\/#organization"},"image":{"@id":"https:\/\/inertz.com\/blog\/cara-nak-cegah-false-alarm-pada-snmp-monitoring-server-disebabkan-oleh-ddos-pada-port-udp\/#primaryimage"},"thumbnailUrl":"http:\/\/inertz.com\/blog\/wp-content\/uploads\/2016\/11\/snmp-620x482.jpg","keywords":["false alarm","Linux","snmp. ddos"],"articleSection":["Linux"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/inertz.com\/blog\/cara-nak-cegah-false-alarm-pada-snmp-monitoring-server-disebabkan-oleh-ddos-pada-port-udp\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/inertz.com\/blog\/cara-nak-cegah-false-alarm-pada-snmp-monitoring-server-disebabkan-oleh-ddos-pada-port-udp\/","url":"https:\/\/inertz.com\/blog\/cara-nak-cegah-false-alarm-pada-snmp-monitoring-server-disebabkan-oleh-ddos-pada-port-udp\/","name":"Cegah false alarm snmp monitoring server kerana DDOS port UDP - https:\/\/inertz.com\/blog","isPartOf":{"@id":"https:\/\/inertz.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/inertz.com\/blog\/cara-nak-cegah-false-alarm-pada-snmp-monitoring-server-disebabkan-oleh-ddos-pada-port-udp\/#primaryimage"},"image":{"@id":"https:\/\/inertz.com\/blog\/cara-nak-cegah-false-alarm-pada-snmp-monitoring-server-disebabkan-oleh-ddos-pada-port-udp\/#primaryimage"},"thumbnailUrl":"http:\/\/inertz.com\/blog\/wp-content\/uploads\/2016\/11\/snmp-620x482.jpg","datePublished":"2017-06-11T03:48:50+00:00","dateModified":"2020-02-24T03:05:10+00:00","description":"Terkadang server monitoring system yang menggunakan SNMP akan mengeluarkan false alarm service down. Biasanya perkara ini berlaku akibat daripada UDP","breadcrumb":{"@id":"https:\/\/inertz.com\/blog\/cara-nak-cegah-false-alarm-pada-snmp-monitoring-server-disebabkan-oleh-ddos-pada-port-udp\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/inertz.com\/blog\/cara-nak-cegah-false-alarm-pada-snmp-monitoring-server-disebabkan-oleh-ddos-pada-port-udp\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/inertz.com\/blog\/cara-nak-cegah-false-alarm-pada-snmp-monitoring-server-disebabkan-oleh-ddos-pada-port-udp\/#primaryimage","url":"https:\/\/inertz.com\/blog\/wp-content\/uploads\/2016\/11\/snmp.jpg","contentUrl":"https:\/\/inertz.com\/blog\/wp-content\/uploads\/2016\/11\/snmp.jpg","width":840,"height":653},{"@type":"BreadcrumbList","@id":"https:\/\/inertz.com\/blog\/cara-nak-cegah-false-alarm-pada-snmp-monitoring-server-disebabkan-oleh-ddos-pada-port-udp\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/inertz.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Cegah false alarm snmp monitoring server kerana DDOS port UDP"}]},{"@type":"WebSite","@id":"https:\/\/inertz.com\/blog\/#website","url":"https:\/\/inertz.com\/blog\/","name":"https:\/\/inertz.com\/blog","description":"19 tahun blog belum pupus","publisher":{"@id":"https:\/\/inertz.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/inertz.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/inertz.com\/blog\/#organization","name":"https:\/\/inertz.com\/blog","url":"https:\/\/inertz.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/inertz.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/inertz.com\/blog\/wp-content\/uploads\/2021\/05\/server.png","contentUrl":"https:\/\/inertz.com\/blog\/wp-content\/uploads\/2021\/05\/server.png","width":512,"height":512,"caption":"https:\/\/inertz.com\/blog"},"image":{"@id":"https:\/\/inertz.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/facebook.com\/inertz","https:\/\/x.com\/inertz"]},{"@type":"Person","@id":"https:\/\/inertz.com\/blog\/#\/schema\/person\/d27d47b78673d67d4de15a57cd609ed9","name":"admin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/inertz.com\/blog\/wp-content\/litespeed\/avatar\/9cb42e3829b77fd9cc6fefd707ea0f1a.jpg?ver=1780245170","url":"https:\/\/inertz.com\/blog\/wp-content\/litespeed\/avatar\/9cb42e3829b77fd9cc6fefd707ea0f1a.jpg?ver=1780245170","contentUrl":"https:\/\/inertz.com\/blog\/wp-content\/litespeed\/avatar\/9cb42e3829b77fd9cc6fefd707ea0f1a.jpg?ver=1780245170","caption":"admin"},"sameAs":["http:\/\/inertz.com\/blog","https:\/\/web.facebook.com\/inertz","https:\/\/www.instagram.com\/inertz\/","https:\/\/www.linkedin.com\/in\/inertz\/","https:\/\/x.com\/https:\/\/twitter.com\/inertz"],"url":"https:\/\/inertz.com\/blog\/author\/admin\/"}]}},"_links":{"self":[{"href":"https:\/\/inertz.com\/blog\/wp-json\/wp\/v2\/posts\/5828","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/inertz.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/inertz.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/inertz.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/inertz.com\/blog\/wp-json\/wp\/v2\/comments?post=5828"}],"version-history":[{"count":0,"href":"https:\/\/inertz.com\/blog\/wp-json\/wp\/v2\/posts\/5828\/revisions"}],"wp:attachment":[{"href":"https:\/\/inertz.com\/blog\/wp-json\/wp\/v2\/media?parent=5828"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/inertz.com\/blog\/wp-json\/wp\/v2\/categories?post=5828"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/inertz.com\/blog\/wp-json\/wp\/v2\/tags?post=5828"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}