tinjauan tentang buffer overflow dan denial of service attack
TRANSCRIPT
-
7/31/2019 TINJAUAN TENTANG BUFFER OVERFLOW DAN DENIAL OF SERVICE ATTACK
1/71
PJGKLULG PEGPLGC DUAAET IQETAHIS @LG
@EGJLH IA ^ETQJNE LPPLNM
Pucl~ Lmfjt
Retmuhjlflg Melolglg Kltjgclg Jgaitol~j &EJ/32
-
7/31/2019 TINJAUAN TENTANG BUFFER OVERFLOW DAN DENIAL OF SERVICE ATTACK
2/71
-
7/31/2019 TINJAUAN TENTANG BUFFER OVERFLOW DAN DENIAL OF SERVICE ATTACK
3/71
Meolglg Kltjgclg
`'0 TLO &Tlg`io Lnne~~ Oeoitz*
`'5 Jgep`
e' Nltl Reglgccuhlgclg
JJJ' REGUPUR
@LAPLT RU^PLML
HLORTLG/HLORJTLG
Hlorjtlg < NETP L`qj~itz NL/
-
7/31/2019 TINJAUAN TENTANG BUFFER OVERFLOW DAN DENIAL OF SERVICE ATTACK
4/71
Meolglg Kltjgclg
J' Ld~ptlm
Mepjml ~edulf miorupet petfudugc me `lhlo ~edulf kltjgclg miorupet dljm ~enltl himlh
olurug jgpetgep( olml ~lhlf ~lpu zlgc fltu~ `jretflpjmlg l`lhlf melolglg `ltj miorupet
~etqet' ^ehljg jpu miorupet zlgc petfudugc `egclg ~etqet kucl fltu~ oegkl`j retflpjlg mjpl'
Retplgzllggzl lrl zlgc oegkl`j clgcculg pet~edup9 Dlgzlm zlgc oegklsldgzl Flnmet hlf
zlgc oegcclgccu ~j~peo kltjgclg mjpl' Rl`lflh ougcmjg mltegl flgzl mepj`lm ~egclkllg
reclslj lplu duc rl`l ~j~peo iretl~j `lg lrhjml~j( `lrlp oegkl`j degnlgl dlcj kltjgclg
miorupet mjpl'
^eolmjg oegjgcmlpgzl regccugllg kltjgclg miorupet `esl~l jgj( ~eolmjg oegjgcmlp
ruhl ~etlgclg petfl`lr miorupet' Dedetlrl `jlgpltlgzl `jmeglh ~edlclj Duaaet Iqetahis `lg
@egjlh ia ^etqj~ Lpplnm'
Duaaet iqetahis oeojhjmj ltpj ~ulpu mel`llg `j olgl `lpl zlgc `jj~jmlg me ~ulpu duaaet
oeorugzlj umutlg zlgc hedjf de~lt `jdlg`jgcmlg umutlg duaaet jpu ~eg`jtj' Dlflzl zlgc
`jpjoduhmlggzl lgpltl hljg oeoitj oegkl`j reguf zlgc lmfjtgzl detfegpj ~emepjml( rtictlo
zlgc `jklhlgmlg oegkl`j pj`lm gitolh( ml`lgc/ml`lgc ku~ptu `lpl/`lpl oegkl`j fjhlgc mltegl
oeoitj oegkl`j reguf
@egjlh/ia/~etqjne oeturlmlg ~etlgclg `egclg `jplg`lj ihef ~ulpu u~lfl zlgc em~rhj~jp
`ltj regzetlgc ugpum oegneclf rltl reolmlj zlgc ~lf oegccuglmlg kl~l rehlzlglg kltjgclg'
^etlgclg @egjlh/Ia/^etqjne uplolgzl detpukulg oehuorufmlg miorupet lplu kltjgclg'
0
-
7/31/2019 TINJAUAN TENTANG BUFFER OVERFLOW DAN DENIAL OF SERVICE ATTACK
5/71
Meolglg Kltjgclg
J' Reg`lfuhulg
Jg`ige~jl petgzlpl pj`lm flgzl `jmlpecitjmlg ~edlclj ~lhlf ~lpu gecltl petmitur `j `ugjl'
@lhlo ~ilh meklflplg `ugjl olzl &nzdet ntjoe*( Jg`ige~jl kucl oegeorlpj retjgcmlp petlpl~'
Jtigj~gzl( `ltj ~ecj regeptl~j jgpetgep( Jg`ige~jl petol~um mlpecitj peteg`lf'
Det`l~ltmlg hlritlg Ae`etlh Dutelu ia Jgqe~pjclpjig &ADJ*/ itclgj~l~j jgpehjkeg te~oj
Loetjml ^etjmlp( Jg`ige~jl flgzl mlhlf `ltj Umtljgl `lhlo ~ilh meklflplg `ugjl olzl'
L`l `ul oi`u~ meklflplg `ugjl olzl zlgc rlhjgc ~etjgc `jhlmumlg l`lhlf nlt`jgclplu
oeolh~umlg gioit mltpu mte`jp itlgc hljg ugpum oeg`lplgcmlg detdlclj rti`um mioet~jlh
zlgc `jretkulh dehjmlg heslp jgpetgep' Oi`u~ me `ul l`lhlf ntlnmjgc lplu
oetu~lm)oegclnlumlg kltjgclg miorupet rjflm hljg'
Oegutup Ru~lp Miit`jgl~j NETP zlgc ouhlj detiretl~j plfug
-
7/31/2019 TINJAUAN TENTANG BUFFER OVERFLOW DAN DENIAL OF SERVICE ATTACK
6/71
Meolglg Kltjgclg
Clodlt < Ctlajm retpuoduflg ^etlgclg Melolglg
^ehlol lmfjt plfug
-
7/31/2019 TINJAUAN TENTANG BUFFER OVERFLOW DAN DENIAL OF SERVICE ATTACK
7/71
Meolglg Kltjgclg
regzu~ur zlgc oeojhjmj meolorulg zlgc teg`lf lmlg hehul~l `lg olmjg eaempja oehlmumlg
regzu~urlg( `j~edldmlg regzu~ur zlgc detregclhlolg oeodlcjmlg regceplfulggzl merl`l
regzu~ur `egclg regceplfulg zlgc teg`lf'
@lpl) jgaitol~j `j etl jgaitol~j ~eretpj ~emltlgc jgj( ~u`lf oegkl`j ~ulpu l~ep zlgc
~lgclp detfltcl' Dlfmlg dj~l `jmlplmlg ~lgclp ajplh ~efjgccl medinitlg( mefjhlgclg lplurug
metu~lmlg petfl`lr `lpl)jgaitol~j `ltj ~ulpu itclgj~l~j `lrlp oegclgnlo mehlgc~ugclg
fj`ur itcldj~l~j zlgc det~lgcmuplg' Oegcjgclp decjpu detfltclgzl ~ulpu `lpl)jgaitol~j olml
pj`lmhlf fetlg kjml detougnuhlg dedetlrl rjflm zlgc pj`lm detplgccugc klsld zlgc detu~lfl
oegnutj olurug oegcudlf `lg oetu~lm `lpl)jgaitol~j `ltj ~j~peo miorupet ojhjm ~ulpu
itclgj~l~j petpegpu'
Mepjml ~edulf miorupet petfudugc me `lhlo ~edulf kltjgclg miorupet dljm ~enltlhimlh lplurug me `ugjl oeheslpj jgpetgep( olml zlgc fltu~ `jretflpjmlg l`lhlf melolglg `ltj
miorupet ~etqet pet~edup' ^ehljg miorupet ~etqet pet~edup pj`lm dihef hurup `ltj retflpjlg
melolglg `ltj miorupet/miorupet hljg zlgc kucl petfudugc `egclg miorupet ~etqet pl`j'
Gloug zlgc lmlg `jdlfl~ `j~jgj l`lhlf clgcculg lrl ~lkl zlgc `lrlp petkl`j rl`l
~edulf miorupet ~etqet lrldjhl petfudugc `lhlo ~edulf kltjgclg lplu jgpetgep( Medlgzlmlg
itlgc detajmjt dlfsl clgcculg melolglg zlgc ougcmjg petkl j l`lhlf `j~edldmlg ihef
flnmet `ltj hult' @lhlo dlfl~lg pegplgc melolglg ~j~peo rethu `jretflpjmlg ~eoul ~edld
zlgc ougcmjg oegkl`j almpit clgcculg melolglg jpu petkl`j' ^edlclj nigpif l`lhlf ~eitlgc
regzu~ur zlgc oeorugzlj `eg`lo( mepj`lm ~egclkllg ~eitlgc reclslj( duc rl`l ~j~peo
iretl~j `lg lrhjml~j `j `lhlogzl lplu me~lhlflg `lhlo migajcutl~j'
Detjmup jgj lmlg `jrlrltmlg clgcculg melolglg zlgc detregcltuf dlcj melolglg
rl`l miorupet~etqet'
3
-
7/31/2019 TINJAUAN TENTANG BUFFER OVERFLOW DAN DENIAL OF SERVICE ATTACK
8/71
Meolglg Kltjgclg
JJ' Pjgklulg Duaaet Iqetahis @lg @egjlh Ia etqjne
-
7/31/2019 TINJAUAN TENTANG BUFFER OVERFLOW DAN DENIAL OF SERVICE ATTACK
9/71
Meolglg Kltjgclg
l'< Olglkeoeg oeoitj rl`l rti~e~
^edulf rti~e~ kjml `jhjflp `ltj ~u`up olglkeoeg oeoitj( `lrlp `jde`lmlg oegkl`j pjcl
dlcjlg '
Pevp( oeoulp jg~ptum~j mi`e rtictlo' Dlcjlg jgj djl~lgzl flgzl dj~l `jdlnl `lg
~epjlr u~lfl ugpum oeguhj~mlg `lpl me dlcjlg jgj lmlg oegzedldmlg me~lhlflg
~ecoegplpjig qjihlpjig'
@lpl( oeoulp `lpl( dljm zlgc pehlf `jjgj~jlhj~l~jmlg olurug zlgc dehuo' ^ehljg
`lrlp `jdlnl( djl~lgzl dlcjlg jgj kucl `jolgjruhl~j ~ulpu jg~ptum~j ugpum
oehlmumlg reguhj~lg rl`lgzl'
^plnm( zlgc `lrlp `jlhiml~jmlg~enltl `jgloj~( djl~lgzl `jolgallpmlg ugpum
oegzjorlg qltjldeh himlh olurug ugpum oeheslpmlg rltloepet augc~j'
Regclm~e~lg `lpl medlcjlg jgj oegccuglmlg oepi`e zlgc `j~edup HJAI &Hl~p Jg
Ajt~p Iup* ~eretpj zlgc glgpj lmlg `jpetlgcmlg ~enltl hedjf tjgnj' Kegj~ `lpl zlgc
kucl rlpup `jmeplfuj l`lhlf ~edlclj duaaet zlgc rl`l dlfl~l N
`jjorheoegpl~jmlg ~edlclj lttlz' Lttlz `lrlp `jde`lmlg me `lhlo `ul kegj~
det`l~ltmlg oepi`e regclhiml~jlggzl( zljpu lttlz ~plpj~ `lg lttlz `jgloj~'
Lttlz ~plpj~ `jlhiml~jmlg `jdlcjlg `lpl ~llp rtictlo `joulp me oeoitz(
~e`lgcmlg lttlz `jgloj~ `jlhiml~jmlg `j `lhlo~plnk ~llp tug pjoe'
l'4 ^plnm
^plnm `lrlp `jdlzlgcmlg ~edlclj ~edulf dhim `lg oeoitj zlgc `lrlp oeoulp `lpl
~enltl `jgloj~' Dedetlrl flh zlgc rlpup `jmeplfuj rl`l rtine~~it Jgpeh ~efudugclg `egclg
~plnml`lhlf ~edlclj detjmup'
Regccugllg oepi`e Djc Eg`jlg `lhlo oegcitclgj~l~jmlg ~j~peo oeoitj' @j~jgj
O^D &Oi~p ^jcgjajnlgp Djp* petheplm rl`l lhlolp oeoitj zlgc hedjf menjh
`jdlg`jgcmlg H^D &His ^jcgjajnlgp Djp*'
Reglodlflg de~lt~plnm `jhlmumlg me ltlf lhlolp oeoitj zlgc hedjf menjh' @j~jgj
ri~j~j dlslf `ltj ~plnmoeorugzlj lhlolp zlgc peplr' Ri~j~j lpl~ ~plnmzlgc lhlolp
oeoitjgzl hedjf menjh `ltj ri~j~j dlslf ~ehlhu detudlf'
Tecj~pet~plnm rijgpet &^R* ~ehlhu oegugkum meri~j~j lpl~ `ltj~plnm'
:
-
7/31/2019 TINJAUAN TENTANG BUFFER OVERFLOW DAN DENIAL OF SERVICE ATTACK
10/71
Meolglg Kltjgclg
Ugpum oeojg`lfmlg `lpl me ~plnm `jcuglmlg jg~ptum~j RU^F zlgc ~enltl ipiolpj~
lmlg oegutugmlg gjhlj ^R ~ede~lt 0 dzpe' ^e`lgcmlg ugpum oegclodjh `lpl `ltj~plnm
`jcuglmlg jg~ptum~j RIR zlgc ~enltl ipiolpj~ kucl lmlg oegljmmlg gjhlj ^R ~ede~lt 0
dzpe'
Clodlt 4 `j dlslf oeorethjflpmlg `jlctlo `ltj ~edulf ~plnm rl`l rti~e~~it Jgpeh'
Clodlt 4 ^plnm Rl`l Oeoitj
Dhim oeoitj `ltj ~plnm jgj djl~lgzl `jdlcj hlcj oegkl j lrl zlgc `j~edup `egclg
tecj~pet~plnm atloe' ^epjlr tecj~pet~plnm atloe detj~j `lpl zlgc detfudugclg `egclg
reolgccjhlg ~ulpu augc~j' Djl~lgzl ri~j~j lslh `ltjatloe jgj `jpugkummlg ihefatloe rijgpet
&AP*'
@egclg dlgpulg AR jgj( olml regclm~e~lg me qltjldeh himlh olurug rltloepet augc~j
`lrlp `jhlmumlg oegccuglmlg ~j~peo regclhlolplgo tehlpja' Rl`l NRU Jgpeh( tecj~pet EDR
detaugc~j ~edlcljatloe rijgpet'
^epehlf dlfl~lg `j lpl~( ~emltlgc lmlg `jkehl~mlg regcetpjlg duaaet iqetahis'Duaaet
iqetahis oeojhjmj ltpj ~ulpu mel`llg `j olgl `lpl zlgc `jj~jmlg me ~ulpu duaaetoeorugzlj
umutlg zlgc hedjf de~lt `ltj `jdlg`jgcmlg umutlg duaaet jpu ~eg`jtj' Ugpum hedjf oeolfloj
duaaet iqetahis( ougcmjg `lrlp mjpl peoumlg rl`lglggzl `lhlo mefj`urlg ~efltj/fltj( zljpu
~llp eodet `jj~j `egclg ljt( ~efjgccl ljt zlgc `jpulgcmlg ~lorlj oehulr & iqetahis*'
-
7/31/2019 TINJAUAN TENTANG BUFFER OVERFLOW DAN DENIAL OF SERVICE ATTACK
11/71
Meolglg Kltjgclg
^e`lgcmlg rl`l em~rhijpl~j duaaet iqetahis( ~enltl rtjg~jr l`l `ul flh regpjgc zlgc
fltu~ `jhlmumlg `lhlo rti~e~ em~rhijpl~j duaaet iqetahis( zljpu ~edlclj detjmup'
-
7/31/2019 TINJAUAN TENTANG BUFFER OVERFLOW DAN DENIAL OF SERVICE ATTACK
12/71
Meolglg Kltjgclg
Rtictlo `j lpl~ lrldjhl `jmiorjhl~j `lg `jklhlgmlg rl`l ~j~peo iretl~j Hjguv lmlg
`j`lrlpmlg re~lg ~ecoegplpjig qjihlpjig' Flh jgj `j~edldmlg rl`l augc~j augc~j&* dltjldeh
lttlz duaaet`j`eajgj~jmlg flgzl detumutlg 0 dzpe( ~e`lgcmlg `lpl zlgc `j~lhjgmlg merl`lgzl
detumutlg
-
7/31/2019 TINJAUAN TENTANG BUFFER OVERFLOW DAN DENIAL OF SERVICE ATTACK
13/71
Meolglg Kltjgclg
Mi`e `j lpl~ detdlflzl mltegl lttlz glol pj`lm `jdlpl~j de~ltgzl' ^ihu~j zlgc hedjf
dljm l`lhlf ~edlclj detjmup'
Zlgc oeodlpl~j~ptjgcglol zlgc `jolm~ummlg ~ede~lt 455 mltlmpet'
^ehljg oeoetjm~l umutlg jgrup zlgc `jol~ummlg( rtictlo kucl fltu~ oeoetjm~l dlfsl
`lpl zlgc `jol~ummlg l`lhlf `lpl zlgc qlhj`' Oj~lhgzl( kjml rtictlo oeojgpl jgrup
deturl pjre `lpl jgpetcet( olml rtictlo fltu~ oeol~pjmlg dlfsl jgrup zlgc `jdetjmlg
ihef u~et deglt/deglt detpjre jgpecet( dumlg pjre hljggzl'
`'4 Duaaet Gig/EvenupldheMig~ergzl l`lhlf oeodulp ~ecoegp`lpl ~edulf rtictlo pj`lm `lrlp `jem~emu~j'
@egclg oegkl`jmlggzl pj`lm `lrlp `jem~emu~j( olml pj`lmhlf ougcmjg dlcj regzetlgc
ugpum oegcem~emu~j mi`e zlgc oeteml ol~ummlg me duaaet jgruprtictlo mitdlg'
Nltl jgj `jcuglmlg rl`l ~j~peo iretl~j miorupet hlol( peplrj rl`l ~j~peo iretl~j
UGJV `lg O^ Sjg`is~pemgjm jgj pj`lm `jcuglmlg( mltegl me`ulgzl petclgpugc rl`l
meolorulg oeol~ummlg mi`e `jgloj~ me `lhlo ~ecoegp `lpl rtictlo ugpum
oeg`umugc detdlclj irpjoj~l~j mjgetkl'
`'> Lttlz Diug`~ Nfenmjgc
Oe~mjrug oeol~ummlg mi`e l`lhlf ~edulf pjg`lmlg rjhjflg dlcj ~etlgclg duaaet
iqetahis( regcmitur~jlg lhjtlg meg`lhj oeturlmlg flh zlgc regpjgc' @egclg
oegccuglmlg oepi`e lttlz diug` nfenmjgc lmlg oegcfegpjmlg qugetldjhjpz `lg
~etlgclg duaaet iqetahis'Kjml ~edulf lttlz pj`lm `lrlp `j/iqetahis( olml lttlz pj`lm
`lrlp `jcuglmlg ugpum oegcmitur~j rtictlo zlgc petheplm `j lhlolp oeoitj detjmupgzl'
Ugpum oegcjorheoegpl~jmlg oepi`e jgj( ~eoul reodlnllg `lg reguhj~lg me lttlz zlgc
fltu~ `jretjm~l ugpum oeol~pjmlg dlfsl oeteml pj`lm oehlorluj dlpl~lg lttlz'
`'0 Ni`e Rijgpet Jgpectjpz Nfenmjgc
-
7/31/2019 TINJAUAN TENTANG BUFFER OVERFLOW DAN DENIAL OF SERVICE ATTACK
14/71
Meolglg Kltjgclg
Pukulg `lt oepi`e jgj lclm detde`l `egclg diug`~ nfemjgc' Lhjf/lhjf detu~lfl
oegneclf mitur~j mi`e rijgpet( jl detu~lfl oeg`epem~j dlfsl ~edulf mi`e rijgpet
pehlf petmitur~j ~edehuo jl `j`eaeteg~jmlg' Kl j oe~mjrug regzetlgc ~um~e~ `lhlo
oegcmitur~j mi`e rijgpet( mi`e rijgpet zlgc petmitur~j pj`lm lmlg `jcuglmlg mltegl
mitur~j pet`epem~j ~epjlr ~llp ~edehuo `jcuglmlg'
`'5 Oeoetjm~l Jg`ev
Jg`em~ zlgc `jcuglmlg ugpum oeolgjruhl~j ~edulf lttlz fltu~ `jretjm~l `egclg
pehjpj' Retflpjmlg nigpif mi`e `j dlslf jgj'
4' @egjlh Ia ^etqjne Lpplnm
' ^uodet `lzl kltjgclg zlgc ~lgclp detfltcl lgpltl hljg miorupet( `lpldl~e `lg hlzlglg/
hlzlglg hljg zlgc `j~e`jlmlg ihef kl~l kltjgclg' Kltjgclg jgj ~lgclp `jdupufmlg ihef u~et
`jmlteglmlg hlzlglg/hlzlglg pet~edup oeou`lfmlg remetkllg ~efjgccl remetkllg pet~edup
hedjf eaj~jeg' Djhl hlzlglg jgj tu~lm lplu pj`lm `lrlp demetkl( olml lmlg oegzedldmlg
fjhlgcgzl rti`umpjajpl~' Flh/flh zlgc oegzedldmlg kltjgclg pj`lm demetkl `lrlp deturl lrl~lkl petol~um sito zlgc ~etjgcmlhj oehuorufmlg ~ekuohlf de~lt miorupet `j `ugjl'
Regzedld `egjlh ia ~etqjne `jlgpltlgzl l`lhlf ~edlclj detjmup'
Meougcmjglg kltjgclg oegkl`j pj`lm deaugc~j `j~edldmlg medlgkjtlg klhut hlhu hjgpl~'
Meougcmjglg kltjgclg `jrltpj~j `egclg nltl oeodulp miorigeg kltjgclg ~eretpj
tiupet lgc oegkl`j regcfudugc kltjgclg pj`lm detaugc~j'
Meougcmjglg l`l qjtu~ zlgc oegzedlt `lg oegzedldmlg ~j~peo miorupet oegkl`j
hlodlp lplu dlfmlg huoruf'
Meougcmjglg `eqjne zlgc oehjg`ugcj kltjgclg `jtu~lmmlg'
Regccugllg ~uodet `lzl zlgc jhheclh `lrlp ruhl oegclmjdlpmlg `egjlh ia ~etqjne ' ^edlclj
nigpif( ~ulpu regzetlgc `lrlp oegccuglmlg sjhlzlf apr ltel plm detpulg ~edlclj peorlp
-
7/31/2019 TINJAUAN TENTANG BUFFER OVERFLOW DAN DENIAL OF SERVICE ATTACK
15/71
Meolglg Kltjgclg
ugpum oegzjorlg ~lhjglg zlgc pj`lm ~lf ~ulpu retlgcmlp huglm mioet~jh( oeolgallpmlg
tulgc `j~m `lg oeol`lpmlg hlhu hjgpl~ kltjgclg'
l' @e~mtjr~j
@egjlh ia ^etqjne Lpplnmhedjf `jmeglh `egclg j~pjhlf @i^ lpplnm' ^etlgclg jgj `jhlmumlg
ugpum pukulg oeolpjmlg ~lhlf ~lpu lplu ~eoul hlzlglg zlgc l`l rl`l ~ulpu ~j~peo plgrl
retoj~j `ltj regcul~l ~j~peo'
@egjlh/ia/~etqjne lpplnm oeturlmlg ~edulf urlzl ~etlgclg `egclg klhlg oegutugmlg
mjgetkl ~edulf sed ~jpe `egclg petu~ oegetu~ oegcuhlgc te|ue~p me ~etqet `ltj dlgzlm
~uodet ~enltl ~jouhplg' Pukulg ~etlgclg ~eretpj jgj detlmjdlp ~etqet mitdlg kl`j meslhlflg
oehlzlgj te|ue~p zlgc petmjtjo `lg detlmfjt `egclg oegcfegpjmlg lmpjqjpl~ lplu detfegpj
`egclg ~eg`jtjgzl mltegl plm oloru oehlzlgj te|ue~p' Ml`lgc ~etlgclg zlgc `jhlmumlg
`egclg nltl jgj `lrlp oetu~lm lplu oeolpjmlg ~j~peo ~enltl me~ehutuflg'
@egjlh/ia/~etqjne oeturlmlg ~etlgclg `egclg `jplg`lj ihef ~ulpu u~lfl zlgc em~rhj~jp `ltj
regzetlgc ugpum oegneclf rltl reolmlj zlgc ~lf oegccuglmlg kl~l rehlzlglg kltjgclg'
Nigpifgzl oehjrupj ;
oegnidl ugpum oeodlgkjtj ~ulpu kltjgclg( `egclg `eojmjlg oegcflodlp hlhu hjgpl~
kltjgclg zlgc l`l(
oegnidl ugpum oegcclgccu migem~j lgplt miorupet( ~efjgccl kl~l rehlzlglg oegkl`j
petflodlp( oegnidl ugpum oegneclf jg`jqj`u petpegpu ugpum oegclm~e~ ~ulpu hlzlglg(
oegnidl ugpum oegcclgccu rehlzlglg ~e~eitlgc lplu ~ulpu ~j~peo zlgc ~re~jajm'
Kegj~ ~etlgclg hljggzl `lrlp oehjrupj `egjlh ia ~etqjne ~edlclj miorigeg( peplrj `egjlh
ia ~etqjne `lrlp deturl dlcjlg `ltj ~etlgclg zlgc hedjf de~lt'
Regccugllg ~uodet `lzl zlgc jhheclh `lrlp ruhl oegclmjdlpmlg `egjlh ia ~etqjne '
^edlclj nigpif( ~ulpu regzetlgc `lrlp oegccuglmlg sjhlzlf apr ltel plm detpulg ~edlclj
peorlp ugpum oegzjorlg oegnutj `lpl ~ulpu retlgcmlp huglm mioet~jh( oeolgallpmlg tulgc
`j~m `lg oeol`lpmlg hlhu hjgpl~ kltjgclg'
-
7/31/2019 TINJAUAN TENTANG BUFFER OVERFLOW DAN DENIAL OF SERVICE ATTACK
16/71
Meolglg Kltjgclg
d' Pltcep `lg Dlflzl @egjlh ia ^etqjne Lpplnm
^etlgclg @egjlh/Ia/^etqjne uplolgzl detpukulg oehuorufmlg miorupet lplu kltjgclg'
Petclgpugc rl`l ~jalp lhloj retu~lfllg( flh jgj zlgc ~enltl eaempja oehuorufmlg itclgj~l~j''
Dedetlrl ~etlgclg `egjlh/ia/~etqjne `lrlp `jem~emu~j `egclg ~uodet `lzl petdlpl~
oehlslg petfl`lr ~ulpu ~jpu~de~lt zlgc nlgccjf ' ^etlgclg kegj~ jgj ml`lgc/ml`lgc
`j~edup)`jrlgccjh ~ulpu $ ~etlgclg pj`lm ~joeptj~ &l~zooeptjn lpplnm*'$ ^edlclj nigpif( ~ulpu
regzetlgc `egclg ~edulf RN pul `lg ~edulf oi`eo zlgc hlodlp ougcmjg oloru
oehuorufmlg dlgzlm kltjgclg lplu oe~jg zlgc hedjf nlgccjf `lg hedjf nerlp'
^etlgclg @egjlh/Ia/^etqjne pet`jtj `ltj detdlclj degpum `lg kegj~ hlzlglg' L`l pjcl kegj~
`l~lt ~etlgclg zljpu ;
regccugllg flh zlgc hlgcml( petdlpl~( lplu ~uodet `lzl pj`lm `lrlp `jretdltuj(
retu~lmlg lplu retudlflg migajcutl~j jgaitol~j(
retu~lmlg ~enltl aj~jm lplu retudlflg miorigeg/miorigeg kltjgclg'
d'< Regccugllg ^uodet `lzl Hlgcml
Miorupet @lg Kltjgclg oeoethumlg detdlclj flh petpegpu ugpum detiretl~j; dlg`sjpf
kltjgclg( oeoitj `lg tulgc regzjorlg( NRU pjoe( ~ptumput `lpl( oegclm~e~ me miorupet `lg
kltjgclg hljggzl( `lg ~uodet `lzl hjgcmugclg petpegpu ~eretpj riset( reg`jgcjg u`ltl( lplu
dlfmlg ljt'
d'
-
7/31/2019 TINJAUAN TENTANG BUFFER OVERFLOW DAN DENIAL OF SERVICE ATTACK
17/71
Meolglg Kltjgclg
miorupet mitdlg oegzu`lfj migem~j' Fl~jhgzl l`lhlf dlfsl migem~j zlgc ~lf `jpihlm rl`l
~llp miorupet mitdlg ~e`lgc oeglgpj ugpum oehegcmlrj migem~j'
Rethu `jnlplp dlfsl ~etlgclg kegj~ jgj pj`lm petclgpugc rl`l regzetlgc pet~edup
oeolmlj de~ltgzl dlg`sj pf kltjgclg' @lhlo flh jgj( regcclgccu ~e`lgc oegccuglmlg
metgeh ~ptumput `lpl `egclg oehjdlpmlg ~ulpu migem~j kltjgclg' Lmjdlpgzl l`lhlf dlfsl
regcclgccu `lrlp oehlm~lglmlg regzetlgclg `ltj ~ulpu `jlh/ur migem~j oegzetlgc ~ulpu
oe~jg kltjgclg ~`egclg ~lgclp nerlp' & Jgj l`lhlf ~ulpu nigpif zlgc dljm `ltj ~ulpu ~etlgclg
l~zoeptjn'*
d' Oetu~lm Dlg`sj pf
^eitlgc regzetlgc `lrlp oeolmlg ~eoul dlg`sj`pf zlgc pet~e`jl rl`l kltjgclg
`egclg oegcjtjomlg ~ekuohlf de~lt rlmep zlgc hlgc~ugc `jltlfmlg rl`l kltjgclg pet~edup'
^enltl mfu~u~( rlmep jgj l`lhlf rlmep JNOR ENFI( peplrj rl`l rtjg~jrgzl oeteml `lrlp
deturl lrlrug' Hedjf hlgkup( regcclgccu pj`lm rethu detiretl~j `ltj ~edulf miorupet= dj~l
kl`j jl demetkl `ltj dedetlrl miorupet zlgc detiretl~j `jkltjgclg zlgc detde`l `egclg eaem
zlgc ~lol
d'
-
7/31/2019 TINJAUAN TENTANG BUFFER OVERFLOW DAN DENIAL OF SERVICE ATTACK
18/71
-
7/31/2019 TINJAUAN TENTANG BUFFER OVERFLOW DAN DENIAL OF SERVICE ATTACK
19/71
-
7/31/2019 TINJAUAN TENTANG BUFFER OVERFLOW DAN DENIAL OF SERVICE ATTACK
20/71
Meolglg Kltjgclg
Jg~plh rtictlo cult` ugpum oegklcl `ltj oeodlgkjtgzl e/oljh zlgc pj lm
`jmefeg`lmj' Rl`l flmemlpgzl nltl jgj lrlp oegcutlgcj ~etlgclg `egjlh ia ~etqjne'
Dulgc dedetlrl ~etqj~ kltjgclg zlgc pj`lm `jrethumlg lplu plm petrlmlj' Flh jgj `lrlp
oeodlpl~j meolorulg regzetlgc ugpum oegclodjh meugpugclg `ltj ~eoul ~etqj~
jpu cugl oehlm~lglmlg ~ulpu ~etlgclg `egjlh/ia/~etqjne'
Dulphlf ~j~peo muipl rl`l ~j~peo iretl~j kjml hlzlglg pet~edup pet~e`jl' ^edlclj
nigpif( kjml ~j~peo iretl~j oeg`umugc muipl regzjorlglg( oeougcmjgmlg ugpum
oegcjkjgmlg reolmljlg kltjgclg( mfu~u~gzl lnniugp zlgc `jjkjjgmlg
oegciretl~jmlg kltjgclg' ^edlclj plodlflg( kjml ~j~peo iretl~j oeg`umugc rltpj~j
lplu qihuoe & zljpu'( ~j~peo ajhe ~enltl petrj~lf `egclg lptjdup olg`jtj* `lrlp
`jretpjodlgcmlg oeorltpj~j ~j~peo ajhe ~urlzl `jrj~lfmlg lgpltl augc~j zlgc reml
`ltj lmpjqjpl~ hljggzl'
Lolpj petu~ mecjlplg ~j~peo `lg peplrmlg dlpl~/dlpl~ ugpum lmpjqjpl~ djl~l' Cuglmlg
dlpl~lg ugpum oegcumut pjgcmlplg lmpjqjpl~ `j~m zlgc pj`lm hl{jo( reolmljlg NRU(
lplu hlhu hjgpl~ kltjgclg'
^enltl tupjg oegcukj melolglg aj~jm miorupet detmegllg `egclg medupuflg ~llp jgj'
Retpjodlgcmlg ~etqet( tiupet( petojglh plgrl meg`lhj( kltjgclg lnne~ rijgp( sjte
nhi~ep( ~j~peo hjgcmugclg ~eretpj u`ltl `lgriset( `lg miorigeg hljg `ltj ~j~peo'
Cuglmlg Ptjrsjte lplu ~ulpu lhlp ~eturl ugpum oeg`epem~j retudlflg migajcutl~j
jgaitol~j lplu ajhe hljggzl' Ugpum jgaitol~j hedjf hlgkup ( hjflp r` sed detjmup lplu
Hlorjtlg 3
fppr;))sss'netp'itc)penfYpjr~)~enutjpzYpiih~'fpoh
Oegzjlrmlg oi`lh ugpum regcclgpjlg retlgcmlp `lg reoehjfltllg oe~jg zlgc `lrlp
`jiretl~jmlg ~eslmpu/slmpu djhl l`l miorupet zlgc oegclhloj ~etlgclg'
^enltl tecuhet `jpeplrmlg kl`ulh reoehjfltllg `lg dlnmur `lpl petuplol jgaitol~j/
jgaitol~j zlgc regpjgc' Pegpumlg medjklmlg reodlfltulg mlpl ~lg`j zlgc ~e~ulj `lg oeoretdljmj ~lg`j
~enltl tecuhet petuplol dlcj lnniugpzlgc mfu~u~ ~eretpj l`ojgj~ptlpit'
`' Pltcep lg dlflzl @egjlh ia ^etqjne rl`l Hjguv
42
http://www.cert.org/tech_tips/security_tools.htmlhttp://www.cert.org/tech_tips/security_tools.html -
7/31/2019 TINJAUAN TENTANG BUFFER OVERFLOW DAN DENIAL OF SERVICE ATTACK
21/71
Meolglg Kltjgclg
Rl`l ~j~peo iretl~j Hjguv dlgzlm pltcep zlgc dj~l `jcuglmlg ugpum pukulg
oeolpjmlg ~etqjne rl`l ~j~peo lplu ~j~peo ~enltl me~ehutuflg' Detjmup l`lhlf pltcep
zlgc `lrlp `jcuglmlg ~l~ltlg ~etlgclg'
`'< Tulgc slr
Tulgc ~slr rl`l ~j~peo iretl~j Hjguv djl~lgzl `jcuglmlg ~edlclj Jqjtpulh oeoitz'
Tulgc jgj lmlg oegzjorlg ajhe/ajhe ~eoegpltl zlgc djl~l `jcuglmlg rl`l ~llp ~ulpu
rtictlo `jklhlgmlg'
@egclg nltl oegcfldj~mlg tulgc mi~igc rl`l ~slr lmlg l`l rtictlo/rtictlo zlgc
pj`lm `lrlp `jklhlgmlg mltegl pj`lm l`lgzl tulgc ugpum oeglorugc ajhe/ajhe ~eoegpltl
`ltj lrhjml~j pet~edup'
^ehljg flh pet~edup clgcculg zlgc hljg l`lhlf olpjgzl ~etqjne/~etqjne zlgc l`l rl`l
~j~peo`lg pj`lm `lrlp `jregufjgzl te|ue~p`ltj u~etmltegl regufgzl tulgc~slr jgj'
`'4 Dlg`sj`pf
Pltcep hljg `ltj ~etlgclg @i^ l`lhlf `egclg nltl oeoegufj dlg`sj`pf zlgc pet~e`jl
fjgccl miougjml~j rl`l kltjgclg oegkl`j detlp lplu olpj'
`'> Pldeh Metgeh
Lhiml~j oeoitzrl`l metgeh oeturlmlg ~lhlf ~lpu pltcep zlgc `lrlp `jcuglmlg ~l~ltlg
~etlgcg' Metgeh oeorugzlj dlpl~ rl`l metgeh olr( kjml ~j~peo pehlf oegnlrlj dlpl~gzl
`lg pj`lm dj~l oeolmlj oeoitj metgeh hlcj olml zlgc fltu~ `jhlmumlg l`lhlf oe/
tediip~j~peo' Oeoitj metgeh pj`lm flgzl `jcuglmlg ihef TLO `lg NRU ~lkl ( plrj kucl
`jcuglmlg ihef rti~e~ djl~l' ^efjgccl `egclg reolmljlg rti~e~ zlgc pethlhu dlgzlm
lmlg oegzedldmlg ~j~peo fltu~ `j tediip'
`'0 TLO &Tlg`io Lnne~~ Oeoitz*
Regccugllg ~ekuohlf de~lt TLO lmlg oegzedldmlg ol~lhlf rl`l ~j~peo' Regccugllg
TLO zlgc dethedjflg rl`l ~j~peo pegpgzl lmlg oegzedldmlg ~j~peo demetkl detlp `lg
ugpum oegcutlgcjgzl( ~j~peo `egclg ~eg`jtjgzl lmlg oeolpjmlg hlzlglg lplu lrhjml~j
zlgc pj`lm`jrtjitjpl~mlg'
4
-
7/31/2019 TINJAUAN TENTANG BUFFER OVERFLOW DAN DENIAL OF SERVICE ATTACK
22/71
Meolglg Kltjgclg
`'5 Jgep`
Jgep` l`lhlf `leoig rl`l ~j~peo iretl~j Hjguv zlgc cuglgzl ugpum oegcfj`urmlg
~etqjne/~etqjne hljg ~eretpj pehgep ( apr lplu ~etqjne ugpum oljh ~etqet' @egclg
oeolpjmlg jgep`pegpugzl lmlg dlgzlm ~etqjne zlgc lmlg olpj'
e' Nltl Reglgccuhlgclg
Ugpum oegcfjg`ltj ~j~peo `ltj mel`llg `j lpl~ zlgc dj~l `jhlmumlg l`lhlf ~edlclj
detjmup'
Oehlmumlg lputlg |uipl rl`l u~et/u~et zlgc l`l rl`l ~j~peo ~egjgccl l`l
reodlpl~lg kuohlf ajhe `lg de~lt tulgc zlgc `jojhjmj ihef u~et/u~etpet~edup'
Oehlmumlg reodlpl~lg dlgzlmgzl rti~e~ zlgc dj~l `jdulp ihef u~e~ ~efjgcclajhe/
ajhe peorittz &~eoegpltl* zlgc `jdulp ihef rti~e~ pet~edup lmlg petdlpl~ kucl'
44
-
7/31/2019 TINJAUAN TENTANG BUFFER OVERFLOW DAN DENIAL OF SERVICE ATTACK
23/71
Meolglg Kltjgclg
JQ' REGUPUR
@lpl)Jgaitol~j ~lgclp regpjgc ltpjgzl dlcj ~ulpu itclgj~l~j `esl~l jgj' Ml`lgc mlhl
Jgaitol~j oeturlmlg l~ep zlgc ~lgclp ajplh( ~efjgccl metu~lmlg( mefjhlgclg `lg medinitlg
~ulpu jgaitol~j oeturlmlg olhlreplml dlcj ~ulpu itclgj~l~j'
Oegcjgclp `lpl)jgaitol~j dethlhu hlhlgc `j kltjgclg miorupet( olml ~lgclp
`jougcmjgmlg jgaitol~j pet~edup `j~l`lr( `j`egclt dlfmlg `jnutj itlgc/itlgc zlgc pj`lm
detplgccugc klsld' Ml`lgc/ml`lgc plgrl ~egclkl jgaitol~j oegkl`j fjhlgc lplu dlfmlg
`jdetjmlg merl`l itlgc zlgc pj`lm detflm'
@ltj plfug me plfug reolmljlg kltjgclg miorupet ~eolmjg oegjgcmlp( ~efjgccl
~eolmjg dlgzlm ~etlgclg petfl`lr kltjgclg miorupet' Flh `eojmjlg oegclmjdlpmlg
melolglg kltjgclg oeturlmlg ~lhlf ~lpu retflpjlg zlgc pj`lm `lrlp `jfjg`ltj hlcj'
Pet`lrlp detdlclj olnlo ~etlgclg petfl`lr kltjgclg miorupet( `jlgpltlgzl l`lhlf
Duaaet Iqetahis `lg@egjlh ia ^etqjne'
Duaaet iqetahis oeojhjmj ltpj ~ulpu mel`llg `j olgl `lpl zlgc `jj~jmlg me ~ulpu duaaet
oeorugzlj umutlg zlgc hedjf de~lt `ltj `jdlg`jgcmlg umutlg duaaet jpu ~eg`jtj' Duaaet
iqetahis oeturlmlg regzedld `ltj 52% ~eoul duc melolglg zlgc jhlritmlg `lg `jkl`jmlg
l`qj~itj ihef NETP)NN' Duaaet iqetahis oeturlmlg ~edulf meheolflg zlgc ou`lf ugpum
`jpeoumlg `lg `jolgallpmlg ihef regzetlgc `lhlo ~edulf ~j~peo'
@egjlh ia ^etqjne Lpplnm hedjf `jmeglh `egclg j~pjhlf @i^ lpplnm( oeturlmlg ~etlgclgjgj `jhlmumlg ugpum pukulg oeolpjmlg ~lhlf ~lpu lplu ~eoul hlzlglg zlgc l`l rl`l ~ulpu
~j~peo plgrl retoj~j `ltj regcul~l ~j~peo' ^j~peo zlgc `j~etlgc `lrlp detlmjdlp alplh zljpu
oegutuggzl mjgetkl ~edulf sed( ~efjgccl ~etqet mitdlg lmlg muslhlflg oehlzlgj te|ue~p
zlgc `lplgc detuhlgc/uhlgc( zlgc detlmfjt `egclg petfegpjgzl ~etqet pet~edup'
Dedetlrl hlgcmlf oegclpl~j ~etlgclg duaaet iqetahis l`lhlf ~edlclj detjmup'
Oeoqlhj`l~j @lpl'
Duaaet Gig/Evenupldhe'
Lttlz Diug`~ Nfenmjgc'
Ni`e Rijgpet Jgpectjpz Nfenmjgc'
Oeoetjm~l Jg`ev'
L`lrug nltl regneclflg `ltj ~etlgclg @egjlh Ia ^etqjne l`lhlf ~edlclj detjmup'
4>
-
7/31/2019 TINJAUAN TENTANG BUFFER OVERFLOW DAN DENIAL OF SERVICE ATTACK
24/71
Meolglg Kltjgclg
Oehlmumlg lputlg |uipl rl`l u~et/u~et zlgc l`l rl`l ~j~peo ~egjgccl l`l
reodlpl~lg kuohlf ajhe `lg de~lt tulgc zlgc `jojhjmj ihef u~et/u~etpet~edup'
Oehlmumlg reodlpl~lg dlgzlmgzl rti~e~ zlgc dj~l `jdulp ihef u~e~ ~efjgccl
ajhe/ajhe peorittz &~eoegpltl* zlgc `jdulp ihef rti~e~ pet~edup lmlg petdlpl~ kucl
40
-
7/31/2019 TINJAUAN TENTANG BUFFER OVERFLOW DAN DENIAL OF SERVICE ATTACK
25/71
Meolglg Kltjgclg
@laplt Ru~plml
]
-
7/31/2019 TINJAUAN TENTANG BUFFER OVERFLOW DAN DENIAL OF SERVICE ATTACK
26/71
Meolglg Kltjgclg
HLORJTLG/HLORJTLG
Hlorjtlg >060 RPA UT01102'c{
Pfe rlpnf lhhis~ pnr)jr rtine~~jgc pi nigpjgue l~ gitolh( ugpjh pfe |ueue cep~ nhi~e pi auhh' Pfeg(
jg~pel` ia ku~p ~eg`jgc pfe ~zglnm dlnm( jp ~eg`~ l ~zg niimje dlnm( lg` sljp~ ait l te~rig~e pi JP
deaite ~eg`jgc pfe ~zglnm' Sfeg jp ~eg`~ pfe niimje( jp nhelt~ pfe ~zg atio pfe |ueue( ~i sfjhe ug`et
lpplnm( pfe |ueue sjhh geqet ajhh ur' Niimje~ evrjte ~fitphz lapet pfez lte ~egp' Dl~jnlhhz pfj~ rteqegp~
reirhe atio ajhhjgc ur pfe |ueue niorhepehz' Gi ige ahii`jgc atio l ~riia sjhh de ldhe pi terhz pi pfe
niimje( ~i gipfjgc nlg de iqethil`e`' Lg` ja pfez lteg#p ahii`jgc atio l ~riia( pfez siuh` de ceppjgc l
niimje pfez siuh` flqe pi te~rig` pi( lg` siuh` flqe l flt` pjoe te~rig`jgc pi lhh pfe niimje~ lg`
nigpjgujgc pfe ahii`'
>4
http://service.software.ibm.com/aixsupport/mailto:http://www.kernel.org/pub/linux/kernel/v2.0/patch-2.0.30.gzhttp://www.kernel.org/pub/linux/kernel/v2.0/patch-2.0.30.gzhttp://service.software.ibm.com/aixsupport/mailto:http://www.kernel.org/pub/linux/kernel/v2.0/patch-2.0.30.gz -
7/31/2019 TINJAUAN TENTANG BUFFER OVERFLOW DAN DENIAL OF SERVICE ATTACK
33/71
Meolglg Kltjgclg
Hjqjgc~pig Egpetrtj~e~( Jgn'
Teaet pi pfe aihhisjgc Lrrhjnlpjig~ Gipe ait oite jgaitolpjig ig nigajcutjgc l Hjqjgc~pig JTV it
RitpOl~pet pi fehr dhinm iupcijgc ^ZG lpplnm~ atio lg J^R#~ u~et~;
apr;))apr'hjqjgc~pig'nio)rud)he)`in)gipe~)ajhpet~'~zg/lpplnm
^jhjnig Ctlrfjn~( Jgn'
Ur`lpe` ^jhjnig Ctlrfjn~ jgaitolpjig nignetgjgc ^ZG lpplnm~ nlg de aiug` jg ^CJ ^enutjpz L`qj~itz(
$JTJV JR ^riiajgc)PNR ^e|uegne Lpplnm Ur`lpe($
-
7/31/2019 TINJAUAN TENTANG BUFFER OVERFLOW DAN DENIAL OF SERVICE ATTACK
34/71
Meolglg Kltjgclg
U~jgc egntzrpjig
Se ~ptigchz utce ziu pi egntzrp ~eg~jpjqe jgaitolpjig ~egp dz eoljh' Iut rudhjn RCR mez j~ lqljhldhe
atio
fppr;))sss'netp'itc)NETPYRCR'mez
Ja ziu rteaet pi u~e @E^( rhel~e nlhh pfe NETP fiphjge ait oite jgaitolpjig'
Ceppjgc ~enutjpz jgaitolpjig
NETP rudhjnlpjig~ lg` ipfet ~enutjpz jgaitolpjig lte lqljhldhe atio iut sed ~jpe
fppr;))sss'netp'itc)
Pi ~ud~ntjde pi pfe NETP oljhjgc hj~p ait l`qj~itje~ lg` duhhepjg~( ~eg` eoljh pi olkit`ioiBnetp'itc'Rhel~e jgnhu`e jg pfe di`z ia ziut oe~~lce~ud~ntjde netp/l`qj~itz+ $NETP$ lg` $NETP
Niit`jglpjig Negpet$ lte tecj~pete` jg pfe U'^' Rlpegp lg` Ptl`eoltm Iaajne'
Hlorjtlg 4
NETPL`qj~itz NL/
-
7/31/2019 TINJAUAN TENTANG BUFFER OVERFLOW DAN DENIAL OF SERVICE ATTACK
35/71
Meolglg Kltjgclg
olnfjge&~* sfete pfe ~etqjne~ lte iaaete`' Lgzige sjpf gepsitm niggenpjqjpz nlg hlugnf lg lpplnm= gi
lnniugp lnne~~ j~ gee`e`'
Ait evlorhe( dz niggenpjgc l fi~p#~ nfltceg ~etqjne pi pfe enfi ~etqjne ig pfe ~loe it lgipfet
olnfjge( lhh laaenpe` olnfjge~ olz de eaaenpjqehz plmeg iup ia ~etqjne denlu~e ia pfe evne~~jqehz fjcf
guodet ia rlnmep~ rti`une`' Jg l``jpjig( ja psi it oite fi~p~ lte ~i niggenpe`( pfe jgpetqegjgc
gepsitm olz lh~i denioe nigce~pe` lg` `egz ~etqjne pi lhh fi~p~ sfi~e ptlaajn ptlqet~e~ pflpgepsitm'
JJ' Jorlnp
Lgzige sjpf gepsitm niggenpjqjpz nlg nlu~e l `egjlh ia ~etqjne' Pfj~ lpplnm `ie~ gip egldhe pfeo pi
cljg l``jpjiglh lnne~~'
JJJ' ^ihupjig
Se teniooeg` plmjgc lhh pfe ~per~ `e~ntjde` dehis'
' Nlu~e pfe jgep` rtine~~ pi tetel` pfe nigajcutlpjig ajhe &e'c'( dz ~eg`jgc jp l FUR ~jcglh*'
4' @j~ldhe lg` ajhpet ipfet ugu~e` U@R ~etqjne~'
Pi rtipenp lcljg~p ~jojhlt lpplnm~ lcljg~p ipfet ~etqjne~( se teniooeg`;
/ `j~ldhjgc lhh ugu~e` U@R ~etqjne~ ig fi~p~ lg`
/ dhinmjgc lp ajteslhh~ lhh U@R ritp~ he~~ pflg :22 sjpf pfe evnerpjig ia ~renjajn ~etqjne~ ziu
te|ujte( ~unf l~ @G^ &ritp 5>*'
>' Ja ziu ou~p rtiqj`e evpetglh lnne~~ pi ~ioe U@R ~etqjne~( nig~j`et u~jgc l rtivz
oenflgj~o pi rtipenp pflp ~etqjne atio oj~u~e'
Penfgj|ue~ pi `i pfj~ lte `j~nu~~e` jg Nflrpet 6( $Nigajcutjgc Jgpetgep ^etqjne~($ jg YDujh`jgc JgpetgepAjteslhh~Y dz Nflrolg lg` [sjnmz &~ee ^enpjig JQ dehis*'
0' Oigjpit ziut gepsitm'
Ja ziu `i rtiqj`e evpetglh U@R ~etqjne~( se teniooeg` oigjpitjgc ziut gepsitm pi heltg sfjnf
~z~peo~ lte u~jgc pfe~e ~etqjne~ lg` pi oigjpit ait ~jcg~ ia oj~u~e' Piih~ ait `ijgc ~i jgnhu`e Ltcu~(
pnr`uor( lg` gephic'
Ltcu~ j~ lqljhldhe atio
>5
-
7/31/2019 TINJAUAN TENTANG BUFFER OVERFLOW DAN DENIAL OF SERVICE ATTACK
36/71
Meolglg Kltjgclg
apr;))apr'gep'nou'e`u)rud)ltcu~/a>n
Gipe pflp Ltcu~ te|ujte~ pfe PNR stlrret~ pi jg~plhh;
apr;))apr'netp'itc)rud)piih~)pnrYstlrret~)
O@5 &pnrYstlrret~Y3'4'plt'[* ? 66>`22nd`4`e``:dan36>d3215302e30
pnr`uor j~ lqljhldhe atio
apr;))apr'ee'hdh'ciq)pnr`uor/>'2'4'plt'[
O@5 &pnr`uor/>'2'4'plt'[* ? n353126`564>ll16e021e5:6
mailto:[email protected]:[email protected]:[email protected] -
7/31/2019 TINJAUAN TENTANG BUFFER OVERFLOW DAN DENIAL OF SERVICE ATTACK
39/71
Meolglg Kltjgclg
Hlorjtlg >
Eoljh Diodjgc lg` ^rloojgc
Pfj~ `inuoegp rtiqj`e~ l cegetlh iqetqjes ia rtidheo~ l~~injlpe` sjpf ehenptigjn oljh
diodjgc lg` eoljh ~rloojgc' Jp jgnhu`e~ jgaitolpjig pflp sjhh fehr ziu te~rig` pi lg`
teniqet atio pfj~ lnpjqjpz'
Jgpti`unpjig
J' @e~ntjrpjig
JJ' Penfgjnlh J~~ue~JJJ' Sflp Ziu Nlg @i
L' @epenpjig
D' Telnpjig
N' Rteqegpjig
JQ' L``jpjiglh ^enutjpz Oel~ute~ Pflp Ziu Nlg Plme
J' @e~ntjrpjig
Eoljh diodjgc j~ nfltlnpetj{e` dz ldu~et~ terelpe`hz ~eg`jgc lg eoljh oe~~lce pi l
rltpjnuhlt l``te~~ lp l ~renjajn qjnpjo ~jpe' Jg olgz jg~plgne~( pfe oe~~lce~ sjhh de hltce lg`
nig~ptunpe` atio oelgjgche~~ `lpl jg lg eaaitp pi nig~uoe l``jpjiglh ~z~peo lg` gepsitmte~iutne~' Ouhpjrhe lnniugp~ lp pfe pltcep ~jpe olz de ldu~e`( jgntel~jgc pfe `egjlh ia ~etqjne
jorlnp'
Eoljh ~rloojgc j~ l qltjlgp ia diodjgc= jp teaet~ pi ~eg`jgc eoljh pi fug`te`~ it pfiu~lg`~ia u~et~ &it pi hj~p~ pflp evrlg` pi pflp olgz u~et~*' Eoljh ~rloojgc nlg de ol`e sit~e jatenjrjegp~ terhz pi pfe eoljh( nlu~jgc lhh pfe itjcjglh l``te~~ee~ pi tenejqe pfe terhz' Jp olz
lh~i innut jgginegphz( l~ l te~uhp ia ~eg`jgc l oe~~lce pi oljhjgc hj~p~ lg` gip telhj{jgc pflp
pfe hj~p evrhi`e~ pi pfiu~lg`~ ia u~et~( it l~ l te~uhp ia l te~rig`et oe~~lce &~unf l~
qlnlpjig&:
http://www.cert.org/tech_tips/email_bombing_spamming.html#Ihttp://www.cert.org/tech_tips/email_bombing_spamming.html#IIhttp://www.cert.org/tech_tips/email_bombing_spamming.html#IIIhttp://www.cert.org/tech_tips/email_bombing_spamming.html#III.Ahttp://www.cert.org/tech_tips/email_bombing_spamming.html#III.Bhttp://www.cert.org/tech_tips/email_bombing_spamming.html#III.Chttp://www.cert.org/tech_tips/email_bombing_spamming.html#IVhttp://www.cert.org/tech_tips/email_spoofing.htmlhttp://www.cert.org/tech_tips/email_bombing_spamming.html#Ihttp://www.cert.org/tech_tips/email_bombing_spamming.html#IIhttp://www.cert.org/tech_tips/email_bombing_spamming.html#IIIhttp://www.cert.org/tech_tips/email_bombing_spamming.html#III.Ahttp://www.cert.org/tech_tips/email_bombing_spamming.html#III.Bhttp://www.cert.org/tech_tips/email_bombing_spamming.html#III.Chttp://www.cert.org/tech_tips/email_bombing_spamming.html#IVhttp://www.cert.org/tech_tips/email_spoofing.html -
7/31/2019 TINJAUAN TENTANG BUFFER OVERFLOW DAN DENIAL OF SERVICE ATTACK
40/71
Meolglg Kltjgclg
Ja ziu rtiqj`e eoljh ~etqjne~ pi ziut u~et nioougjpz( ziut u~et~ lte quhgetldhe pi
eoljh diodjgc lg` ~rloojgc'
Eoljh ~rloojgc j~ lhoi~p jori~~jdhe pi rteqegp denlu~e l u~et sjpf l qlhj` eoljh
l``te~~ nlg ~rlo lgz ipfet qlhj` eoljh l``te~~( ges~ctiur( it duhhepjg/dilt` ~etqjne'
Sfeg hltce loiugp~ ia eoljh lte `jtenpe` pi it pftiucf l ~jgche ~jpe( pfe ~jpe olz
~uaaet l `egjlh ia ~etqjne pftiucf hi~~ ia gepsitm niggenpjqjpz( ~z~peo ntl~fe~( italjhute ia l ~etqjne denlu~e ia
i iqethil`jgc gepsitm niggenpjig~
i u~jgc lhh lqljhldhe ~z~peo te~iutne~
i ajhhjgc pfe `j~m l~ l te~uhp ia ouhpjrhe ri~pjgc~ lg` te~uhpjgc ~z~hic egptje~
JJJ' Sflp Ziu Nlg @i
@epenpjig
Ja ziut ~z~peo ~u``eghz denioe~ ~huccj~f &eoljh j~ ~his it `ie~g#p lrrelt pi de ~egp
it tenejqe`*( pfe tel~ig olz de pflp ziut oljhet j~ ptzjgc pi rtine~~ l hltce guodet ia
oe~~lce~'Telnpjig
-
7/31/2019 TINJAUAN TENTANG BUFFER OVERFLOW DAN DENIAL OF SERVICE ATTACK
41/71
Meolglg Kltjgclg
fppr;))sss'netp'itc)penfYpjr~)ajg`jgcY~jpeYnigplnp~'fpoh
>' Eg~ute ziu lte ur pi `lpe sjpf pfe oi~p nuttegp qet~jig ia ziut eoljh `ehjqetz
~iapslte &~eg`oljh( ait evlorhe* lg` jgntel~e hiccjgc nlrldjhjpje~ l~ gene~~ltzpi `epenp it lhetp ziu pi ~unf lnpjqjpz'
Rteqegpjig
Ugaitpuglpehz( lp pfj~ pjoe( pfete j~ gi slz pi rteqegp eoljh diodjgc it ~rloojgc&ipfet pflg `j~niggenpjgc atio pfe Jgpetgep*( lg` jp j~ jori~~jdhe pi rte`jnp pfe itjcjg
ia pfe gevp lpplnm' Jp j~ ptjqjlh pi idpljg lnne~~ pi hltce oljhjgc hj~p~ it jgaitolpjig
te~iutne~ pflp nigpljg hltce qihuoe~ ia eoljh l``te~~e~ pflp sjhh rtiqj`e `e~pjglpjig
eoljh l``te~~e~ ait pfe ~rlo'
0' @eqehir jg/fiu~e piih~ pi fehr ziu tenicgj{e lg` te~rig` pi pfe eoljh
diodjgc)~rloojgc lg` ~i ojgjoj{e pfe jorlnp ia ~unf lnpjqjpz' Pfe piih~
~fiuh` jgntel~e pfe hiccjgc nlrldjhjpje~ l~ sehh l~ nfenm ait lg` lhetp ziu pi
jgniojgc)iupcijgc oe~~lce~ pflp itjcjglpe atio pfe ~loe u~et it ~loe ~jpe jg lqetz ~fitp ~rlg ia pjoe' Igne ziu j`egpjaz pfe lnpjqjpz( ziu nlg u~e ipfet jg/
fiu~e piih~ pi `j~nlt` pfe oe~~lce~ atio pfe iaaeg`jgc u~et~ it ~jpe~'
5' Ja ziut ~jpe u~e~ l ~olhh guodet ia eoljh ~etqet~( ziu olz slgp pi nigajcuteziut ajteslhh pi eg~ute pflp ^OPR niggenpjig~ atio iup~j`e ziut ajteslhh nlg
de ol`e ighz pi ziut negptlh eoljh fud~ lg` pi gige ia ziut ipfet ~z~peo~'
Lhpfiucf pfj~ sjhh gip rteqegp lg lpplnm( jp ojgjoj{e~ pfe guodet ia olnfjge~lqljhldhe pi lg jgptu`et ait lg ^OPR/dl~e` lpplnm &sfepfet pflp lpplnm j~ l
eoljh ~rlo it lg lppeorp pi dtelm jgpi l fi~p*' Jp lh~i oelg~ pflp ~fiuh` ziu
sj~f pi nigptih jgniojgc ^OPR jg l rltpjnuhlt slz &pftiucf ajhpetjgc itlgipfet oelg~*( ziu flqe ighz l ~olhh guodet ia ~z~peo~//pfe oljg eoljh fud
lg` lgz dlnmur eoljh fud~//pi nigajcute' Oite jgaitolpjig ig ajhpetjgc j~lqljhldhe atio
fppr;))sss'netp'itc)penfYpjr~)rlnmepYajhpetjgc'fpoh
1' Nig~j`et nigajcutjgc ziut oljh flg`hjgc ~z~peo&~* pi `ehjqet eoljh jgpiajhe~z~peo~ pflp flqe ret/u~et |uipl~ egldhe`' @ijgc pfj~ nlg ojgjoj{e pfe
jorlnp ia lg eoljh diodjgc lpplnm dz hjojpjgc pfe `lolce pi ighz pfe pltcepe`
lnniugp~ lg` gip pfe egpjte ~z~peo'3' E`unlpe ziut u~et~ pi nlhh ziu ldiup eoljh diodjgc lg` ~rloojgc'
6' @i gip rtirlclpe pfe rtidheo dz aitslt`jgc &it terhzjgc pi* ~rlooe` eoljh'
JQ' L``jpjiglh ^enutjpz Oel~ute~ Pflp Ziu Nlg Plme
0
-
7/31/2019 TINJAUAN TENTANG BUFFER OVERFLOW DAN DENIAL OF SERVICE ATTACK
42/71
Meolglg Kltjgclg
L' Ja ziu flqe |ue~pjig~ nignetgjgc heclh j~~ue~( se egniutlce ziu pi sitm sjpf ziut
heclh niug~eh'
U'^' ~jpe~ jgpete~pe` jg lg jgqe~pjclpjig ia pfj~ lnpjqjpz nlg nigplnp pfe Ae`etlh Duteluia Jgqe~pjclpjig &ADJ*' Jgaitolpjig ldiup fis pfe ADJ jgqe~pjclpe~ niorupet ntjoe~
nlg de aiug` fete
fppr;))sss'netp'itc)penfYpjr~)ADJYjgqe~pjclpe~Yntjoe'fpoh
Ait jgaitolpjig ig ajg`jgc lg` nigplnpjgc ziut hinlh ADJ ajeh` iaajne( ~ee
fppr;))sss'adj'ciq)nigplnp)ai)ai'fpo
Gig/U'^' ~jpe~ olz slgp pi `j~nu~~ pfe lnpjqjpz sjpf pfejt hinlh hls egaitneoegp
lcegnz pi `epetojge pfe lrrtirtjlpe ~per~ ait rut~ujgc lg jgqe~pjclpjig'
D' Ait cegetlh ~enutjpz jgaitolpjig( rhel~e ~ee
fppr;))sss'netp'itc)
N' Pi teritp lg jgnj egp( rhel~e niorhepe lg` teputg
fppr;))sss'netp'itc)teritpjgc)jgnj`egpYaito'pvp
It u~e pfe sed/dl~e` Jgnj`egp Teritpjgc Aito lp
fppr~;))jta'nn'netp'itc)
Pfj~ `inuoegp j~ lqljhldhe atio;
fppr;))sss'netp'itc)penfYpjr~)eoljhYdiodjgcY~rloojgc'fpoh
NETP)NN Nigplnp Jgaitolpjig
Eoljh;netpBnetp'itc
Rfige; -< 0
-
7/31/2019 TINJAUAN TENTANG BUFFER OVERFLOW DAN DENIAL OF SERVICE ATTACK
43/71
Meolglg Kltjgclg
NETP)NN ret~iggeh lg~set pfe fiphjge 26;22/
http://www.cert.org/CERT_PGP.keyhttp://www.cert.org/mailto:[email protected]://www.cert.org/CERT_PGP.keyhttp://www.cert.org/mailto:[email protected] -
7/31/2019 TINJAUAN TENTANG BUFFER OVERFLOW DAN DENIAL OF SERVICE ATTACK
44/71
Meolglg Kltjgclg
Hlorjtltlg 0
Lgigzoiu~ APR Nigajcutlpjig Cuj`ehjge~
Jgpti`unpjig
J' Nigajcutjgc lgigzoiu~ APR
L' APR `leoigD' ^eppjgc ur pfe lgigzoiu~ APR `jtenpitje~
N' U~jgc rtiret rl~~sit` lg` ctiur ajhe~
JJ' Rtiqj`jgc stjpldhe `jtenpitje~ jg ziut lgigzoiu~ APR nigajcutlpjig
L' Oi`jaje` APR `leoig
D' U~jgc rtipenpe` `jtenpitje~N' U~jgc l ~jgche `j~m `tjqe
JJJ' Tehlpe` NETP L`qj~itje~
Lgigzoiu~ APR nlg de l qlhuldhe ~etqjne ja nittenphz nigajcute` lg` l`ojgj~pete`' Pfe ajt~p
~enpjig ia pfj~ `inuoegp rtiqj`e~ cegetlh cuj`lgne jg jgjpjlh nigajcutlpjig ia lg lgigzoiu~APR ltel' Pfe ~enig` ~enpjig l``te~~e~ pfe j~~ue~ lg` nflhhegce~ jgqihqe` sfeg l ~jpe slgp~
pi rtiqj`e stjpldhe `jtenpitje~ sjpfjg pfejt lgigzoiu~ APR ltel~' Pfe pfjt` ~enpjig rtiqj`e~
jgaitolpjig ldiup rteqjiu~ NETP l`qj~itje~ tehlpe` pi APR ~etqjne~'
Pfe aihhisjgc cuj`ehjge~ lte l ~ep ia ~ucce~pe` teniooeg`lpjig~ pflp flqe deeg degeajnjlh piolgz ~jpe~' Se tenicgj{e pflp pfete sjhh de ~jpe~ pflp flqe ugj|ue te|ujteoegp~ lg` gee`~( lg`
pflp pfe~e ~jpe~ olz nfii~e pi jorheoegp `jaaetegp nigajcutlpjig~'
Nigajcutjgc lgigzoiu~ APR
APR `leoig
^jpe~ ~fiuh` eg~ute pflp pfez lte u~jgc pfe oi~p tenegp qet~jig ia pfejt APR
`leoig'
^eppjgc ur pfe lgigzoiu~ APR `jtenpitje~
Pfe lgigzoiu~ APR tiip `jtenpitz &wapr* lg` jp~ ~ud`jtenpitje~ ~fiuh` gip de
isge` dz pfe apr lnniugp it de jg pfe ~loe ctiur l~ pfe apr lnniugp' Pfj~ j~ l
niooig nigajcutlpjig rtidheo' Ja lgz ia pfe~e `jtenpitje~ lte isge` dz apr itlte jg pfe ~loe ctiur l~ pfe apr lnniugp lg` lte gip stjpe rtipenpe`( lg jgptu`et
sjhh de ldhe pi l`` ajhe~ &~unf l~ l 'tfi~p~ ajhe* it oi`jaz ipfet ajhe~' Olgz ~jpe~
ajg` jp lnnerpldhe pi u~e pfe tiip lnniugp' Olmjgc pfe apr tiip `jtenpitz lg` jp~~ud`jtenpitje~ isge` dz tiip( rltp ia pfe ~z~peo ctiur( lg` rtipenpe` ~i pflp
ighz tiip fl~ stjpe retoj~~jig sjhh fehr pi meer ziut lgigzoiu~ APR ~etqjne
~enute'
00
http://www.cert.org/tech_tips/anonymous_ftp_config.html#introhttp://www.cert.org/tech_tips/anonymous_ftp_config.html#Ihttp://www.cert.org/tech_tips/anonymous_ftp_config.html#I.Ahttp://www.cert.org/tech_tips/anonymous_ftp_config.html#I.Bhttp://www.cert.org/tech_tips/anonymous_ftp_config.html#I.Chttp://www.cert.org/tech_tips/anonymous_ftp_config.html#IIhttp://www.cert.org/tech_tips/anonymous_ftp_config.html#II.Ahttp://www.cert.org/tech_tips/anonymous_ftp_config.html#II.Bhttp://www.cert.org/tech_tips/anonymous_ftp_config.html#II.Chttp://www.cert.org/tech_tips/anonymous_ftp_config.html#IIIhttp://www.cert.org/tech_tips/anonymous_ftp_config.html#introhttp://www.cert.org/tech_tips/anonymous_ftp_config.html#Ihttp://www.cert.org/tech_tips/anonymous_ftp_config.html#I.Ahttp://www.cert.org/tech_tips/anonymous_ftp_config.html#I.Bhttp://www.cert.org/tech_tips/anonymous_ftp_config.html#I.Chttp://www.cert.org/tech_tips/anonymous_ftp_config.html#IIhttp://www.cert.org/tech_tips/anonymous_ftp_config.html#II.Ahttp://www.cert.org/tech_tips/anonymous_ftp_config.html#II.Bhttp://www.cert.org/tech_tips/anonymous_ftp_config.html#II.Chttp://www.cert.org/tech_tips/anonymous_ftp_config.html#III -
7/31/2019 TINJAUAN TENTANG BUFFER OVERFLOW DAN DENIAL OF SERVICE ATTACK
45/71
Meolglg Kltjgclg
Fete j~ lg evlorhe ia lg lgigzoiu~ APR `jtenpitz ~epur;
`tsvt/vt/v 3 tiip ~z~peo 543
-
7/31/2019 TINJAUAN TENTANG BUFFER OVERFLOW DAN DENIAL OF SERVICE ATTACK
46/71
Meolglg Kltjgclg
netp;+;42;apr;+;:2;
Rtiqj`jgc stjpldhe `jtenpitje~ jg ziut lgigzoiu~ APR nigajcutlpjig
Pfete j~ l tj~m pi iretlpjgc lg lgigzoiu~ APR ~etqjne pflp retojp~ u~et~ pi ~pite ajhe~'
Se ~ptigchz teniooeg` pflp ~jpe~ `i gip lupiolpjnlhhz ntelpe l $`tir iaa$ `jtenpitz
ughe~~ pfiucfp fl~ deeg cjqeg pi pfe ri~~jdhe tj~m~ ia flqjgc ~unf l ~etqjne' Pfe NETPjgnj`egp te~rig~e ~plaa fl~ tenejqe` olgz teritp~ sfete pfe~e `jtenpitje~ flqe deeg
u~e` l~ $`tir iaa$ `jtenpitje~ pi `j~ptjdupe diiphecce` qet~jig~ ia nirztjcfpe` ~iapslte
it pi ptl`e jgaitolpjig ig niortioj~e` lnniugp~ lg` rl~~sit` ajhe~' Pfe NETP ~plaafl~ lh~i tenejqe` teritp~ ia ajhe ~z~peo~ dejgc olhjnjiu~hz ajhhe` nlu~jgc `egjlh ia
~etqjne rtidheo~'
Pfj~ ~enpjig `j~nu~~e~ pftee slz~ pi l``te~~ pfe~e rtidheo~' Pfe ajt~p j~ pi u~e l
oi`jaje` APR `leoig' Pfe ~enig` oepfi` j~ pi rtiqj`e te~ptjnpe` stjpe nlrldjhjpzpftiucf pfe u~e ia ~renjlh `jtenpitje~' Pfe pfjt` oepfi` jgqihqe~ pfe u~e ia l ~erltlpe
`jtenpitz'
Oi`jaje` APR `leoig
Ja ziut ~jpe j~ rhlggjgc pi iaaet l $`tir iaa$ ~etqjne( se ~ucce~p u~jgc loi`jaje` APR `leoig pflp sjhh nigptih lnne~~ pi pfe $`tir iaa$ `jtenpitz' Pfj~
j~ pfe de~p slz pi rteqegp ugslgpe` u~e ia stjpldhe ltel~' ^ioe ~ucce~pe`
oi`jajnlpjig~ lte;
' Hjojp pfe iqetlhh loiugp ia `lpl ptlg~aette` dl~e` ig lqljhldhe `j~m~rlne'
0' Jgntel~e hiccjgc pi egldhe elthjet `epenpjig ia ldu~e~'
Ait pfi~e jgpete~pe` jg oi`jazjgc pfe APR `leoig( ~iutne ni`e j~ u~ulhhz
lqljhldhe atio ziut qeg`it' Rudhjn `ioljg ~iutne~ lte lqljhldhe atio;
sultnfjqe'su~ph'e`u wapr)rlnmlce~)sultnfjqe/apr`
apr'uu'gep wapr)~z~peo~)ugjv)d~ /~iutne~)hjdeven)apr`clpemeeret'`en'nio wapr)rud)@EN)cspiih~)apr`'plt'[
Pfe NETP Niit`jglpjig Negpet fl~ gip aitolhhz teqjese`( eqlhulpe ( iteg`it~e` pfe APR `leoig~ `e~ntjde`' Pfe `enj~jig pi u~e pfe APR `leoig~
`e~ntjde` j~ pfe te~rig~jdjhjpz ia elnf u~et it itclgj{lpjig( lg` se egniutlce
elnf itclgj{lpjig pi pfitiucfhz eqlhulpe pfe~e rtictlo~ deaite jg~plhhlpjig it
u~e'
01
-
7/31/2019 TINJAUAN TENTANG BUFFER OVERFLOW DAN DENIAL OF SERVICE ATTACK
47/71
Meolglg Kltjgclg
U~jgc rtipenpe` `jtenpitje~
Ja ziut ~jpe j~ rhlggjgc pi iaaet l $`tir iaa$ ~etqjne lg` j~ ugldhe pi oi`jaz pfeAPR `leoig( jp j~ ri~~jdhe pi nigptih lnne~~ dz u~jgc l ol{e ia rtipenpe`
`jtenpitje~' Pfj~ oepfi` te|ujte~ rtjit niit`jglpjig lg` nlggip cultlgpee
rtipenpjig atio ugslgpe` u~e ia pfe stjpldhe APR ltel( dup fl~ deeg u~e`eaaenpjqehz dz olgz ~jpe~'
Rtipenp pfe pir heqeh `jtenpitz &wapr)jgniojgc* cjqjgc ighz evenupe retoj~~jig
pi pfe lgigzoiu~ u~et &nfoi` 35< wapr)jgniojgc*' Pfj~ sjhh retojp pfe
lgigzoiu~ u~et pi nflgce `jtenpitz &n`*( dup sjhh gip lhhis pfe u~et pi qjes
pfe nigpegp~ ia pfe `jtenpitz'
`tsvt/v//v 0 tiip ~z~peo 5
-
7/31/2019 TINJAUAN TENTANG BUFFER OVERFLOW DAN DENIAL OF SERVICE ATTACK
48/71
-
7/31/2019 TINJAUAN TENTANG BUFFER OVERFLOW DAN DENIAL OF SERVICE ATTACK
49/71
Meolglg Kltjgclg
Hlorjtlg 5NETP L`qj~itz NL/1 inpep~ &< inpep ? 6 djp~ ia `lpl*( nigpljgjgc l ojgjouo ia 42 inpep~ ia JR
fel`et jgaitolpjig lg` 2 it oite inpep~ ia irpjiglh jgaitolpjig( sjpf pfe te~p ia pfe rlnmep dejgc `lpl'
Jp j~ mgisg pflp ~ioe ~z~peo~ sjhh telnp jg lg ugrte`jnpldhe al~fjig sfeg tenejqjgc iqet~j{e` JR
rlnmep~' Teritp~ jg`jnlpe l tlgce ia telnpjig~ jgnhu`jgc ntl~fjgc( atee{jgc( lg` tediipjgc'
Jg rltpjnuhlt( pfe teritp~ tenejqe` dz pfe NETP Niit`jglpjig Negpet jg`jnlpe pflp Jgpetgep Nigptih
Oe~~lce Rtipinih &JNOR* rlnmep~ j~~ue` qjl pfe $rjgc$ nioolg` flqe deeg u~e` pi ptjccet pfj~
deflqjit' JNOR j~ l ~ud~ep ia pfe PNR)JR ~ujpe ia rtipinih~ pflp ptlg~ojp~ ettit lg` nigptih oe~~lce~
depseeg ~z~peo~' Psi ~renjajn jg~plgne~ ia pfe JNOR lte pfe JNOR ENFIYTE\UE^P lg` JNOR
ENFIYTE^RIG^E `lplctlo~' Pfe~e psi jg~plgne~ nlg de u~e` dz l hinlh fi~p pi `epetojge
sfepfet l teoipe ~z~peo j~ telnfldhe qjl pfe gepsitm= pfj~ j~ niooighz lnfjeqe` u~jgc pfe $rjgc$
nioolg`'
@j~nu~~jig jg rudhjn aituo~ fl~ negpete` ltiug` pfe u~e ia pfe $rjgc$ nioolg` pi nig~ptunp iqet~j{e`
JNOR `lplctlo~ &sfjnf lte egnlr~uhlpe` sjpfjg lg JR rlnmep*' Olgz rjgc jorheoegplpjig~ dz `ealuhp
~eg` JNOR `lplctlo~ nig~j~pjgc ighz ia pfe 6 inpep~ ia JNOR fel`et jgaitolpjig dup lhhis pfe u~et pi
~renjaz l hltcet rlnmep ~j{e ja `e~jte`'
Ziu nlg tel` oite jgaitolpjig ldiup pfj~ quhgetldjhjpz ig Ojme Dteoait`#~ Sed rlce' &Gipe pflp pfj~ j~
gip l NETP)NN oljgpljge` rlce' Se rtiqj`e pfe UTH fete ait ziut nigqegjegne'*
fppr;))sss'~irfj~p'`eoig'ni'um)rjgc)jg`ev'fpoh
JJ' Jorlnp
^z~peo~ tenejqjgc iqet~j{e` JNOR `lplctlo~ olz ntl~f( atee{e( it tediip( te~uhpjgc jg `egjlh ia
~etqjne'
0:
http://www.sophist.demon.co.uk/ping/index.htmlhttp://www.sophist.demon.co.uk/ping/index.htmlhttp://www.sophist.demon.co.uk/ping/index.html -
7/31/2019 TINJAUAN TENTANG BUFFER OVERFLOW DAN DENIAL OF SERVICE ATTACK
50/71
Meolglg Kltjgclg
JJJ' ^ihupjig
Ajt~p( ~jgne ntl~fjgc l tiupet it ajteslhh olz de rltp ia l hltcet( ouhpj~plce lpplnm ~negltji( se
egniutlce ziu pi jg~renp pfe tuggjgc nigajcutlpjig ia lgz ~unf ~z~peo~ pflp flqe ntl~fe` pi eg~ute
pflp pfe nigajcutlpjig jgaitolpjig j~ sflp ziu evrenp jp pi de'
Pfeg jg~plhh l rlpnf atio ziut qeg`it'
Dehis j~ l hj~p ia qeg`it~ sfi flqe rtiqj`e` jgaitolpjig ldiup rlpnfe~ ait pfj~ rtidheo' @epljh~ lte jg
Lrreg`jv L ia pfj~ l`qj~itz= se sjhh ur`lpe pfe lrreg`jv l~ se tenejqe oite jgaitolpjig' Ja ziut
qeg`it#~ gloe j~ gip ig pfj~ hj~p( rhel~e nigplnp pfe qeg`it `jtenphz'
Detmehez ^iapslte @e~jcg( Jgn' &D^@J*
Niorupet L~~injlpe~( Jgph' &rti`unp~ ait GNT*
Ntlz Te~eltnf
@jcjplh E|ujroegp Nitritlpjig
Atee D^@( Jgn'
Feshepp/Rlnmlt` NiorlgzJDO Nitritlpjig
Hjguv ^z~peo~
GNT Nitritlpjig
GEN Nitritlpjig
Ireg ^iapslte Aiug`lpjig &I^A*
Pfe ^lgpl Ntu{ Iretlpjig( Jgn' &^NI*
^ug Ojnti~z~peo~( Jgn'
Lrreg`jv L / Qeg`it Jgaitolpjig
Dehis j~ l hj~p ia pfe qeg`it~ sfi flqe rtiqj`e` jgaitolpjig ait pfj~ l`qj~itz' Se sjhh ur`lpe pfj~
lrreg`jv l~ se tenejqe l``jpjiglh jgaitolpjig' Ja ziu `i gip ~ee ziut qeg`it#~ gloe( rhel~e nigplnppfe qeg`it `jtenphz'
Detmehez ^iapslte @e~jcg( Jgn' &D^@J*
D^@)I^ 4'< j~ gip quhgetldhe pi pfj~ rtidheo' Jp nittenphz flg`he~ hltce rlnmep~ sjpfiup lgz rtidheo~'
Niorupet L~~injlpe~( Jgph'
&rti`unp~ ait GNT*
Gip quhgetldhe'
Ntlz Te~eltnf
Lppeorp~ pi ~eg` iqet~j{e` JNOR `lplctlo~ lte tekenpe` sjpf lrrtirtjlpe ettit oe~~lce~' Se dehjeqe
pflp iqet~j{e` JNOR `lplctlo~ ~egp pi Ugjni~ ~z~peo~ sjhh lh~i de tekenpe` sjpfiup ntl~fjgc'
52
-
7/31/2019 TINJAUAN TENTANG BUFFER OVERFLOW DAN DENIAL OF SERVICE ATTACK
51/71
Meolglg Kltjgclg
@lpl Cegetlh Nitritlpjig
@ue pi pfe slz @C)UV rtine~~e~ pnr rlnmep~( @C)UV j~ gip quhgetldhe pi pfj~ lpplnm'
@jcjplh E|ujroegp Nitritlpjig
O^C J@; ^^TP204: Atio @^Ghjgm)@JL @lpldl~e
Pfe aihhisjgc j~ joritplgp jgaitolpjig nignetgjgc l ripegpjlh `egjlh ia ~etqjne j~~ue sfjnf laaenp~
@jcjplh UGJV Iretlpjgc ^z~peo( @jcjplh UGJV OH^-( Ajteslhh jorheoegplpjig~( lg` @jcjplh PNR)JR
^etqjne~ ait IregQO^ LVR ! QLV
NIORIGEGP; ^z~peo ^enutjpz ) Ripegpjlh @egjlh ia ^etqjne
@JCJPLH UGJV Qet~jig; >'2( >'2d( >'4( >'4n( >'4`e'4`e4(>'4a( >'4c( 0'2( 0'2l
@JCJPLH UGJV OH^- Qet~jig >'l( 0'0( 0'5@JCJPLH Ajteslhh ait UGJV@JCJPLH LhplQj~pl Ajteslhh ait UGJV@JCJPLH QLV)EHG
Ait oite jgaitolpjig nfenm pfe @^Ghjgm)@JL Ltpjnhe~ &mezsit` RJGC*( it pfe UTH
fppr;))sss'~etqjne'`jcjplh'nio)fpoh)sflp~/ges'fpoh ait pfe hlpe~p jgaitolpjig'
L@QJ^ITZ JGAITOLPJIG;
@jcjplh tenegphz `j~niqete` l ripegpjlh `egjlh ia ~etqjne j~~ue pflp olz innut dz teoipe ~z~peo~
evrhijpjgc l tenegphz rudhj~fe` rtidheo sfjhe evenupjgc pfe #rjgc# nioolg`' ^ihupjig~ lg` jgjpjlh
nioougjnlpjig~ declg lrreltjgc jg @^Ghjgm)@JL AHL^F)ltpjnhe~ jg hlpe Inpidet(
-
7/31/2019 TINJAUAN TENTANG BUFFER OVERFLOW DAN DENIAL OF SERVICE ATTACK
52/71
Meolglg Kltjgclg
Se flqe ajve` pfe rtidheo jg 4')5)3* ; RFGEY3454 ou~p ajt~p de jg~plhhe`RFGEY:2>2 &~322 < &~622 4*
Pi `epetojge ja ziu flqe pfj~ RPA ig ziut ~z~peo( tug pfe aihhisjgc nioolg`;
h~hrr /hD U000443 U0004>4
LJV 0'
Pi `epetojge ja ziu flqe pfj~ LRLT ig ziut ~z~peo( tug pfe aihhisjgc nioolg`;
jg~pajv /jm JV5:05>
It tug pfe aihhisjgc nioolg`;h~hrr /f di~'gep'pnr'nhjegp
Ziut qet~jig ia di~'gep'pnr'nhjegp ~fiuh` de 0'
-
7/31/2019 TINJAUAN TENTANG BUFFER OVERFLOW DAN DENIAL OF SERVICE ATTACK
53/71
Meolglg Kltjgclg
LJV 0'4
Lrrhz pfe aihhisjgc ajv pi ziut ~z~peo;
LRLT / JV1>060 RPA UT0110
http://service.software.ibm.com/aixsupport/mailto:[email protected]:[email protected]:[email protected]://ftp.cs.helsinki.fi/pub/Software/Linuxhttp://www.uk.linux.org/big-ping-patchftp://ftp.redhat.com/pub/redhat/redhat-4.0/updates/i386/kernel-2.0.18-6.i386.rpmftp://ftp.redhat.com/pub/redhat/redhat-4.0/updates/i386/kernel-2.0.18-6.i386.rpmhttp://service.software.ibm.com/aixsupport/mailto:[email protected]://ftp.cs.helsinki.fi/pub/Software/Linuxhttp://www.uk.linux.org/big-ping-patchftp://ftp.redhat.com/pub/redhat/redhat-4.0/updates/i386/kernel-2.0.18-6.i386.rpm -
7/31/2019 TINJAUAN TENTANG BUFFER OVERFLOW DAN DENIAL OF SERVICE ATTACK
54/71
Meolglg Kltjgclg
GNT Nitritlpjig
Ait OR/TL^ >'22 lg` ldiqe( u~jgc PNR)JR l~ rlnmlce gloe $jgep$( gip quhgetldhe'
GEN Nitritlpjig
/ //////////////////////////////////////////////////////////////////////////I^ Qet~jig ^plpu~
/ ////////////////// //////////// /////////////////////////////////////ES^/UV)Q&Teh0'2* T oljgpeglgne tehel~e jgnhu`e~ l ~ihupjig ait pfj~ rtidheo'
Pfe ^lgpl Ntu{ Iretlpjig( Jgn' &^NI*
Pfe aihhisjgc ^NI rti`unp~ lte mgisg pi de quhgetldhe;
^NI Ireg^etqet 5'2'2( 5'2'4
^NI Jgpetgep Al~p^pltp
-
7/31/2019 TINJAUAN TENTANG BUFFER OVERFLOW DAN DENIAL OF SERVICE ATTACK
55/71
Meolglg Kltjgclg
O@5///
O@5 &i~~00:l'[* ? e6an6l4:``5:16>ne5d:d6`
-
7/31/2019 TINJAUAN TENTANG BUFFER OVERFLOW DAN DENIAL OF SERVICE ATTACK
56/71
Meolglg Kltjgclg
NETP Niit`jglpjig Negpet
^iapslte Egcjgeetjgc Jg~pjpupe
Nltgecje Oehhig Ugjqet~jpz
Rjpp~dutcf RL 6:2
U'^'L'
NETP)NN ret~iggeh lg~set pfe fiphjge 26;22/
-
7/31/2019 TINJAUAN TENTANG BUFFER OVERFLOW DAN DENIAL OF SERVICE ATTACK
57/71
Meolglg Kltjgclg
Luc' 3(
-
7/31/2019 TINJAUAN TENTANG BUFFER OVERFLOW DAN DENIAL OF SERVICE ATTACK
58/71
-
7/31/2019 TINJAUAN TENTANG BUFFER OVERFLOW DAN DENIAL OF SERVICE ATTACK
59/71
Meolglg Kltjgclg
Se egniutlce ziu pi teqjes pfe `inuoegp~ pflp retpljg pi ziut ~z~peo&~*( lg` pi nig~j`et plmjgc pfe
~ucce~pe` ~per~ pi rtipenp ziut ~z~peo&~* atio lpplnm' Se lh~i egniutlce ziu pi nfenm sjpf ziut
qeg`it&~* tecuhlthz ait lgz ~iapslte ur`lpe~ it ges ~iapslte rlpnfe~ pflp tehlpe pi ziut ~z~peo~'
L' Niooighz Evrhijpe` Nigajcutlpjig Rtidheo~
`e~ntjde~ jgptu`et lnpjqjpz pflp j~
dl~e` ig l ~piheg rl~~sit` ajhe'
fppr;))sss'netp'itc)jgnj`egpYgipe~)JG/:6'2>'fpoh
Ja ziu dehjeqe pflp ziut rl~~sit` ajhe olz flqe deeg plmeg( nflgce lhh pfe rl~~sit`~
ig pfe ~z~peo' Lp pfe qetz hel~p( ziu ~fiuh` nflgce lhh ~z~peo rl~~sit`~ denlu~e lg
jgptu`et olz nignegptlpe ig pfi~e lg` olz de ldhe pi cue~~ eqeg l tel~igldhz
$cii`$ rl~~sit`' Jgptu`et~ iapeg u~e niortioj~e` lnniugp~ pi lppeorp pi cljg
rtjqehlce` lnne~~ ig quhgetldhe ~z~peo~( ~i se egniutlce ziu pi aihhis pfe ~per~ jg
fppr;))sss'netp'itc)penfYpjr~)jgptu`etY`epenpjigYnfenmhj~p'fpoh
fppr;))sss'netp'itc)penfYpjr~)sjg/UGJV/~z~peoYniortioj~e'fpoh
Ait autpfet jgaitolpjig ldiup rtipenpjgc ziut ~z~peo atio rl~~sit`/dl~e` lpplnm~(
~ee
fppr;))sss'netp'itc)penfYpjr~)rl~~s`YajheYrtipenpjig'fpoh
5:
http://www.cert.org/incident_notes/IN-98.03.htmlhttp://www.cert.org/incident_notes/IN-98.03.htmlhttp://www.cert.org/tech_tips/intruder_detection_checklist.htmlhttp://www.cert.org/tech_tips/intruder_detection_checklist.htmlhttp://www.cert.org/tech_tips/win-UNIX-system_compromise.htmlhttp://www.cert.org/tech_tips/win-UNIX-system_compromise.htmlhttp://www.cert.org/tech_tips/passwd_file_protection.htmlhttp://www.cert.org/tech_tips/passwd_file_protection.htmlhttp://www.cert.org/incident_notes/IN-98.03.htmlhttp://www.cert.org/tech_tips/intruder_detection_checklist.htmlhttp://www.cert.org/tech_tips/win-UNIX-system_compromise.htmlhttp://www.cert.org/tech_tips/passwd_file_protection.html -
7/31/2019 TINJAUAN TENTANG BUFFER OVERFLOW DAN DENIAL OF SERVICE ATTACK
60/71
Meolglg Kltjgclg
jj' Lnniugp~ sjpf `ealuhp rl~~sit`~
Jgptu`et~ evrhijp ~z~peo `ealuhp rl~~sit`~ pflp flqe gip deeg nflgce` ~jgne
jg~plhhlpjig( jgnhu`jgc lnniugp~ sjpf qeg`it/~urrhje` `ealuhp rl~~sit`~' Jg ~ioe
nl~e~( lnniugp~ `i gip flqe l rl~~sit` l~~jcge` dz `ealuhp' NETP Jgnj`egp Gipe JG/
:6'2< `e~ntjde~ jgptu`et lnpjqjpz pflp j~ dl~e` ig evrhijplpjig~ ia lnniugp~ sjpfiup
rl~~sit`~'
fppr;))sss'netp'itc)jgnj`egpYgipe~)JG/:6'2
-
7/31/2019 TINJAUAN TENTANG BUFFER OVERFLOW DAN DENIAL OF SERVICE ATTACK
61/71
Meolglg Kltjgclg
fppr;))sss'~~f'nio)jg`ev'fpoh
fppr;))sss'ireg~~f'nio)
4' U~e ia PAPR &Ptjqjlh Ajhe Ptlg~aet Rtipinih* pi idpljg rl~~sit` ajhe~
Pi pe~p ziut ~z~peo ait pfj~ quhgetldjhjpz( niggenp pi ziut ~z~peo u~jgc papr lg` ptz
cep )epn)oip`
Ja ziu nlg `i pfj~( lgzige eh~e ig pfe gepsitm nlg rtidldhz cep ziut rl~~sit` ajhe' Pi lqij`
pfe rtidheo( `j~ldhe papr`' Ja ziu ou~p flqe papr`( eg~ute pflp jp j~ nigajcute` sjpf te~ptjnpe`
lnne~~' Ait autpfet jgaitolpjig( ~ee
fppr;))sss'netp'itc)l`qj~itje~)NL/:
-
7/31/2019 TINJAUAN TENTANG BUFFER OVERFLOW DAN DENIAL OF SERVICE ATTACK
62/71
Meolglg Kltjgclg
4' Oj~nigajcute` lgigzoiu~ APR
Jg l``jpjig pi olmjgc ~ute pflp ziu lte tuggjgc pfe oi~p tenegp qet~jig ia apr`( nfenm ziut
lgigzoiu~ APR nigajcutlpjig' Jp j~ joritplgp pi aihhis pfe jg~ptunpjig~ rtiqj`e` sjpf pfe
iretlpjgc ~z~peo pi rtirethz nigajcute pfe ajhe~ lg` `jtenpitje~ lqljhldhe pftiucf lgigzoiu~
APR &ait evlorhe( ajhe lg` `jtenpitz retoj~~jig~( isget~fjr lg` ctiur*' Gipe pflp ziu ~fiuh`
gip u~e ziut ~z~peo#~ ~plg`lt` rl~~sit` ajhe it ctiur ajhe l~ pfe rl~~sit` ajhe it ctiur ajhe aitAPR' Pfe lgigzoiu~ APR tiip `jtenpitz lg` jp~ psi ~ud`jtenpitje~( epn lg` djg( ~fiuh` gip de
isge` dz apr' Ait oite jgaitolpjig ldiup nigajcutjgc lgigzoiu~ APR( ~ee
fppr;))sss'netp'itc)penfYpjr~)lgigzoiu~YaprYnigajc'fpoh
>' Jglrrtirtjlpe gepsitm nigajcutlpjig ajhe egptje~
^eqetlh qeg`it~ ~urrhz )epn)fi~p~'e|ujq ajhe~ sjpf l #-# &rhu~ ~jcg* egptz' Pfe #-# egptz ~fiuh` de
teoiqe` atio pfj~ ajhe denlu~e jp oelg~ pflp ziut ~z~peo sjhh ptu~p lhh ipfet ~z~peo~' Ipfet
ajhe~ pflp ~fiuh` gip nigpljg l #-# egptz jgnhu`e lhh 'tfi~p~ ajhe~ ig pfe ~z~peo' Pfe~e ajhe~ ~fiuh`
gip de sith`/stjpldhe'
Ja ziut )u~t)hjd)V
-
7/31/2019 TINJAUAN TENTANG BUFFER OVERFLOW DAN DENIAL OF SERVICE ATTACK
63/71
Meolglg Kltjgclg
ur pi `lpe lg` lrrhz ~enutjpz rlpnfe~ lrrtirtjlpe pi ziut ~z~peo&~* l~ ~iig l~ pfez denioe
lqljhldhe'
6' U~e ia ~epuj` ~fehh ~ntjrp~
^epuj` ~fehh ~ntjrp~ &e~renjlhhz ~epuj` tiip* nlg ri~e ripegpjlh ~enutjpz rtidheo~( l alnp pflp fl~
deeg sehh `inuoegpe` jg olgz UGJV ~z~peo l`ojgj~ptlpjig pevp~' @i gip ntelpe it lhhis~epuj` ~fehh ~ntjrp~( e~renjlhhz ~epuj` tiip'
:' Jglrrtirtjlpe evritp ~eppjgc~
U~e pfe ~fisoiugp&6* upjhjpz pi nfenm pflp pfe nigajcutlpjig ia pfe )epn)evritp~ ajhe~ ig ziut
fi~p~ lte nittenp'
i Sfeteqet ri~~jdhe( ajhe ~z~peo~ ~fiuh` de evritpe` tel`/ighz'
i @i gip ~eha/teaetegne lg GA^ ~etqet jg jp~ isg evritp~ ajhe' Pflp j~( pfe evritp~ ajhe
~fiuh` gip evritp lg GA^ ~etqet pi jp~eha git pi lgz gepctiur~ pflp jgnhu`e pfe GA^
~etqet'
i @i gip lhhis pfe evritp~ ajhe pi nigpljg l $hinlhfi~p$ egptz'i Evritp ajhe ~z~peo~ ighz pi fi~p~ pflp te|ujte pfeo'
i Evritp ighz pi auhhz |ulhjaje` fi~pgloe~'
i Eg~ute pflp evritp hj~p~ `i gip evnee` 451 nfltlnpet~ &lapet pfe lhjl~e~ flqe deeg
evrlg`e`* it pflp lhh ~enutjpz rlpnfe~ tehlpjgc pi pfj~ rtidheo flqe deeg lrrhje`'
Pfe NETP Niit`jglpjig Negpet j~ lslte pflp jgptu`et~ lte u~jgc piih~ pflp evrhijp l guodet ia
GA^ quhgetldjhjpje~' Pfj~ nlg te~uhp jg l tiip niortioj~e( `ereg`jgc ig pfe quhgetldjhjpz dejgc
evrhijpe`' Se egniutlce ziu pi hjojp ziut evri~ute pi pfe~e lpplnm~ dz jorheoegpjgc pfe
~enutjpz oel~ute~ iuphjge` jg NETP l`qj~itz NL/:0;
-
7/31/2019 TINJAUAN TENTANG BUFFER OVERFLOW DAN DENIAL OF SERVICE ATTACK
64/71
-
7/31/2019 TINJAUAN TENTANG BUFFER OVERFLOW DAN DENIAL OF SERVICE ATTACK
65/71
Meolglg Kltjgclg
Hlorjtlg 3Hj~p ia ^enutjpz Piih~
Jgpti`unpjig
Gipe~
Gepsitm Oigjpitjgc Piih~
-
7/31/2019 TINJAUAN TENTANG BUFFER OVERFLOW DAN DENIAL OF SERVICE ATTACK
66/71
Meolglg Kltjgclg
Pfj~ `inuoegp `e~ntjde~ piih~ pflp nlg de u~e` pi fehr ~enute l ~z~peo lg` `epet dtelm/jg~'
Jg l``jpjig pi pfe jgaitolpjig jg pfj~ `inuoegp( se rtiqj`e pftee niorlgjig `inuoegp~ pflp olz fehr
ziu;
fppr;))sss'netp'itc)penfYpjr~)ugjvYnigajcutlpjigYcuj`ehjge~'fpoh
nigpljg~ ~ucce~pjig~ ait lqij`jgc niooig UGJV ~z~peo nigajcutlpjig rtidheo~ pflp flqedeeg evrhijpe`
fppr;))sss'netp'itc)penfYpjr~)jgptu`etY`epenpjigYnfenmhj~p'fpoh
nigpljg~ ~ucce~pjig~ ait `epetojgjgc ja ziut ~z~peo fl~ deeg niortioj~e`
fppr;))sss'netp'itc)penfYpjr~)tiipYniortioj~e'fpoh
nigpljg~ ~ucce~pe` ~per~ ait teniqetjgc atio l tiip niortioj~e ig l UGJV ~z~peo
Lh~i( rhel~e ~ee iut NETP l`qj~itz rlce( iut NETP jgnj`egp gipe~ rlce( lg` iut NETP quhgetldjhjpz
gipe~ rlce sfjnf nigpljg dtjea `e~ntjrpjig~ ia lhh rl~p NETP l`qj~itje~( jgnj`egp gipe~( lg`
quhgetldjhjpz gipe~' Pfe~e ajhe~ lte lqljhldhe atio
fppr;))sss'netp'itc)l`qj~itje~)
fppr;))sss'netp'itc)jgnj`egpYgipe~)
fppr;))sss'netp'itc)quhYgipe~)
Se egniutlce ziu pi cep lhh l`qj~itje~ pflp retpljg pi ziut ~z~peo&~*( lg` pi jg~plhh pfe rlpnfe~ it
sitmltiug`~ `e~ntjde` jg pfe l`qj~itje~' Se lh~i egniutlce ziu pi nfenm sjpf ziut qeg`it&~*
tecuhlthz ait lgz ur`lpe~ it ges rlpnfe~ pflp tehlpe pi ziut ~z~peo~'
Gipe~
Sfeg jg~plhhjgc lg` u~jgc lgz ~enutjpz piih( tel` lg` aihhis lhh lqljhldhe `jtenpjig~' Eg~ute pflp u~e ia
pfe piih nigaito~ pi ziut itclgj{lpjig#~ rihjnje~ lg` rtine`ute~' Meer ~eg~jpjqe ajhe~( ~unf l~ O@5
nfenm~uo~ lg` hic ajhe~( iaa/hjge it ig tel`/ighz oe`jl'
Pfe NETP Niit`jglpjig Negpet `ie~ gip aitolhhz teqjes( eqlhulpe( it eg`it~e pfe piih~ lg`
penfgj|ue~ `e~ntjde`' Pfe `enj~jig pi u~e pfe piih~ lg` penfgj|ue~ `e~ntjde` j~ pfe
te~rig~jdjhjpz ia elnf u~et it itclgj{lpjig( lg` se egniutlce elnf itclgj{lpjig pi pfitiucfhz
eqlhulpe ges piih~ lg` penfgj|ue~ deaite jg~plhhjgc it u~jgc pfeo'
Gepsitm Oigjpitjgc Piih~
-
7/31/2019 TINJAUAN TENTANG BUFFER OVERFLOW DAN DENIAL OF SERVICE ATTACK
67/71
Meolglg Kltjgclg
^slpnf( pfe ^jorhe SLPNFet rtictlo( j~ lg el~jhz nigajcutldhe hic ajhe ajhpet)oigjpit'
^slpnf oigjpit~ hic ajhe~ lg` lnp~ pi ajhpet iup ugslgpe` `lpl lg` plme ige it oite
u~et/~renjaje` lnpjig~ dl~e` ig rlppetg~ jg pfe hic' ^slpnf j~ lqljhldhe atio
apr;))apr'~plgait`'e`u)cegetlh)~enutjpz/piih~)~slpnf)
Lupfegpjnlpjig)Rl~~sit` Piih~
-
7/31/2019 TINJAUAN TENTANG BUFFER OVERFLOW DAN DENIAL OF SERVICE ATTACK
68/71
-
7/31/2019 TINJAUAN TENTANG BUFFER OVERFLOW DAN DENIAL OF SERVICE ATTACK
69/71
Meolglg Kltjgclg
fppr;))sss'rcrj'itc)
Pfe niooetnjlh qet~jig ia RCR( atio RCR ^enutjpz( Jgn' nlg de aiug` lp
fppr;))sss'rcr'nio)
4' CguRC &Cgu Rtjqlnz Cult`*
Cgu Rtjqlnz Cult` &CguRC* j~ lg lhpetglpe atee ~ud~pjpupe ait RCR' Jp nlg de aiug` lp pfe Cgu
Rtjqlnz Cult` sed ~jpe
fppr;))sss'cgurc'itc)
Ipfet Piih~
-
7/31/2019 TINJAUAN TENTANG BUFFER OVERFLOW DAN DENIAL OF SERVICE ATTACK
70/71
Meolglg Kltjgclg
Se egniutlce ziu pi u~e ~ot~f teclt`he~~ ia sfepfet ziu u~e pfe qeg`it#~ ~urrhje`
~eg`oljh it jg~plhh ~eg`oljh ziut~eha( lg` teclt`he~~ ia rlpnfe~ pflp flqe deeg jg~plhhe`'
Decjggjgc sjpf ~eg`oljh qet~jig 6'3' UGJV lte quhgetldhe denlu~e ia pjojgc sjg`is~
jg pfe slz )djg)oljh u~e~ rudhjnhz stjpldhe `jtenpitje~' Ja ziu nlggip jg~plhh l rlpnf atio ziut
qeg`it( terhlne )djg)oljh sjpf oljh'hinlh' Decjggjgc sjpf ~eg`oljh qet~jig 6'3'
-
7/31/2019 TINJAUAN TENTANG BUFFER OVERFLOW DAN DENIAL OF SERVICE ATTACK
71/71
Meolglg Kltjgclg
Nltgecje Oehhig Ugjqet~jpz
Rjpp~dutcf RL 6:2
U'^'L'
NETP)NN ret~iggeh lg~set pfe fiphjge 26;22/