DUMP MTCNA EXAM Q&A

1. For static routing functionality, additionally to the RouterOS system package, you will also need the following software package:

        A.None

        B.DHCP

        C.Routing

        D.Advance-Tools

2.  From which of the following locations can you obtain Winbox?

        A.Router’s webpage

        B.Files menu in your router

        C.Via the console cable

        D.mikrotik.com

Document Box

Python Basix :
https://drive.google.com/open?id=1isX_wSOjt9W0XPu4mLIdR4YzU6ROzZJI

Juniper Day :
https://drive.google.com/open?id=1yzIrFdcFkqZRPq4XDNJiw8sU9Fqg40j4

Hardening Mikrotik

Change port telnet,ssh and winbox
disable service not use


bandwith server disable

/tool bandwidth-server set enabled=no

dns cache disable

ip dns set allow-remote-requests=no

proxy disable

/ip proxy set enabled=no

sock disable

/ip socks set enabled=no

upnp disable

/ip upnp set enabled=no

check traffic flow wtih torch

via CLI : 

tool torch sfp1 port=any ip-protocol=any

or 

Via Winbox

Change owner folder on Linux

Command line: File ownership

Changing the ownership of a file or folder is equally as simple. Say Jacob moved a folder for Bethany into the SHARE directory – but Jacob still has ownership. This can be changed with a simple command:

sudo chown -R bethany /DATA/SHARE

Let's break this down.

• sudo – admin rights must be used since we are dealing with a folder that belongs to another user
  
• chown – the command for changing ownership
  
• -R – the recursive switch to make sure all child objects get the same ownership changes
  
• bethany – the new owner of the folder
  
• /DATA/SHARE – the directory to be modified
  
  Ref :
  https://www.linux.com/learn/how-manage-file-and-folder-permissions-linux
  

Django Python3 Framework on Ubuntu 16.04

Install Python versi 3

#apt-get install python3

Check Version python

#python3 -V

install pip3

#apt-get install -y python3-pip

check pip3 version

#pip3 -V

install virtualenv

#pip3 install virtualenv 

check version virtualenv

#virtualenv --version

buat direkstory baru untuk nanti aplikasi berjalan 

#mkdir django-apps 

#cd django-apps 

membuat virtual env

#virtualenv env

dan kemudian activate

#. env/bin/activate

(env) root@TS1:/home/snev/django-belajar#
 

Install django

#pip install django

check version

#django-admin --version

Membuat project

#django-admin startproject testsite

#cd testsite  

#cd testsite/   

masuk dan edit setting.py 

#nano ~/django-apps/testsite/testsite/settings.py 

# Edit the line below with your server IP address
ALLOWED_HOSTS = ['192.168.100.6']

SAVE

cd ~/django-apps/testsite/

cara Run web service nya 

#python manage.py runserver 192.168.100.6:1818   

Referensi :

https://www.digitalocean.com/community/tutorials/how-to-install-django-and-set-up-a-development-environment-on-ubuntu-16-04 

Transparant Proxy on Mikrotik

From Winbox :

From CLI :

# Ini untuk enable proxy kita set di port 8080
/ip proxy set enabled=yes port=8080

 # Ini kita set setiap ada traffic dari interface LAN akan di redirect ke proxy dengan port 8080
/ip firewall nat add action=redirect chain=dstnat dst-port=80,8080,3128 in-interface=ether4-LAN protocol=tcp to-ports=8080

###> Keterangan :
in-interface=ether4-LAN >>>>> ini inteface yang ke pasang ke LAN user


# Ini kita gunakan untuk alasan security jadi kita block dari interface Internet/WAN untuk menggunakan Mikrotik kita sebagai Proxy Public
/ip firewall filter add action=drop chain=input dst-port=8080 in-interface=eth1-WAN protocol=tcp 

###> Keterangan :
in-interface=eth1-WAN >>>> ini interface yang ke arah WAN/POP

Software Box

Elementary OS :
https://drive.google.com/file/d/19iWAelxEWWT53AtH0SNdCbvj0oZrPi24/view?usp=sharing

Putty :
https://drive.google.com/open?id=1tK-t0XvqijCub1j8Cmn9bQw0kjU1Ypoy

nfdump :
https://drive.google.com/open?id=143IOux8ktdUCavhZvVCEphgw1peQdTrx

Mikrotik ISO :
https://drive.google.com/open?id=1RaLq3Q1TF32CXBVORxaDOHei2ErQyQp_

CCPROXY :
https://drive.google.com/open?id=1r1dPRUVLvLvvkRD4uQ8v0jF2YoKJGwmb

NetPerSec :
https://drive.google.com/open?id=1RRZRN_AHWCBXasw25dQgiis-zUhLMcgH

Winbox :
https://drive.google.com/open?id=1Bc81JilsVOWx8QvX3FG9Ze5tCOU_eXaP

Btest Winbox for Windows :
https://drive.google.com/open?id=1M3ld6D10Ovvj-5v0Q56-erFPUP6-UPZT

Xshel Netsarang ver 5 :
https://drive.google.com/open?id=1wLD05nu7ALQcFX-_csjXIimRvKjylAjg

Install NFSEN & NFDUMP on Ubuntu 16.04

install depedency :

apt install make gcc flex rrdtool librrd-dev libpcap-dev php librrds-perl libsocket6-perl apache2 libapache2-mod-php7.0

install nfdump :

masuk ke folder nfdump >
./configure --enable-nsel --enable-nfprofile --enable-sflow --enable-readpcap --enable-nfpcapd

make
make install
nfdump -V

cd ../nfsen-1.3.8

cpan  App::cpanminus
cpann Mail::Header
cpann Mail::Internet
nano ./etc/nfsen-dist.conf
>
# user and group of the web server process
# All netflow processing will be done with this user
$WWWUSER  = "www-data";
$WWWGROUP = "www-data";

# number of nfprofile processes to spawn during the profiling phase
# depends on how busy your system is and how many CPUs you have
# on very busy systems increase it to a higher value
#$PROFILERS = 2;

useradd -M -s /bin/false -G www-data netflow
mkdir -p /data/nfsen
./install.pl ./etc/nfsen-dist.conf


nano /etc/apache2/sites-enabled/000-default.conf
>
<VirtualHost *:80>
        # The ServerName directive sets the request scheme, hostname and port that
        # the server uses to identify itself. This is used when creating
        # redirection URLs. In the context of virtual hosts, the ServerName
        # specifies what hostname must appear in the request's Host: header to
        # match this virtual host. For the default virtual host (this file) this
        # value is not decisive as it is used as a last resort host regardless.
        # However, you must set it for any further virtual host explicitly.
        #ServerName www.example.com

        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/nfsen
        DirectoryIndex nfsen.php

service apache2 restart
/data/nfsen/bin/nfsen start

#############################################
Testing >>> on Mikrotik

nano /data/nfsen/etc/nfsen.conf
%sources = (
'MIKROTIK NOC'    => { 'port' => '2055', 'col' => '#00ff00', 'type' => 'netflow' },
#    'upstream1'    => { 'port' => '9995', 'col' => '#0000ff', 'type' => 'netflow' },
#    'peer1'        => { 'port' => '9996', 'IP' => '172.16.17.18' },
#    'peer2'        => { 'port' => '9996', 'IP' => '172.16.17.19' },
);

/etc/init.d/nfsen reconfig


Ref :
 https://www.youtube.com/watch?v=rge1mBvzj5E
https://www.youtube.com/watch?v=Lfrvjbc_QtA

Proxy on Linux

add this to /etc/apt/apt.conf

acquire::http:proxy "http://user:password@10.14.3.226:808/";
acquire::ftp:proxy "ftp://user:password@10.14.3.226:2121/";

BGP dan OSPF pada Juniper

lab@JunOS-01> show configuration | display set
set version 12.1R1.9
set system host-name JunOS-01
set system root-authentication encrypted-password "$1$KTMPqph5$0A.0bR77PuLuYCU5j.FBY."
set system login user lab full-name lab
set system login user lab uid 2000
set system login user lab class super-user
set system login user lab authentication encrypted-password "$1$5.JcMZvh$cwkjDOpkXw80eMMJJEZMH0"
set system services ssh
set system syslog user * any emergency
set system syslog file messages any notice
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands any
set interfaces em0 unit 0 description LAN
set interfaces em0 unit 0 family inet address 192.168.1.1/24
set interfaces em1 description "Link To JunOS-02"
set interfaces em1 unit 0 family inet address 10.1.2.1/29
set interfaces em2 unit 0 description "Link TO JunOS-03"
set interfaces em2 unit 0 family inet address 10.1.3.1/29
set interfaces lo0 unit 0 family inet address 10.10.10.1/32
set routing-options static route 10.2.3.0/29 next-hop 10.1.2.2
set routing-options static route 192.168.3.0/24 next-hop 10.1.3.3
set routing-options static route 192.168.2.0/24 next-hop 10.1.2.2
deactivate routing-options static
set routing-options router-id 10.10.10.1
set routing-options autonomous-system 12
set protocols bgp group INT-AS-12 type internal
set protocols bgp group INT-AS-12 local-address 10.10.10.1
set protocols bgp group INT-AS-12 neighbor 10.10.10.2
set protocols bgp group EXT-AS-30 type external
set protocols bgp group EXT-AS-30 export ADV-TO-EBGP
set protocols bgp group EXT-AS-30 peer-as 30
set protocols bgp group EXT-AS-30 neighbor 10.1.3.3
set protocols ospf area 0.0.0.0 interface em0.0
set protocols ospf area 0.0.0.0 interface em1.0
set protocols ospf area 0.0.0.0 interface lo0.0
set policy-options policy-statement ADV-TO-EBGP term OSPF from protocol ospf
set policy-options policy-statement ADV-TO-EBGP term OSPF then accept
set policy-options policy-statement ADV-TO-EBGP term DIRECT from protocol direct
set policy-options policy-statement ADV-TO-EBGP term DIRECT then accept


###############
lab@JunOS-02> show configuration | display set
set version 12.1R1.9
set system host-name JunOS-02
set system root-authentication encrypted-password lab123
set system login user lab full-name lab
set system login user lab uid 2000
set system login user lab class super-user
set system login user lab authentication encrypted-password "$1$NoeajaUr$LISb6g.SBDm63SXFNRV3Q0"
set system services ssh
set system syslog user * any emergency
set system syslog file messages any notice
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands any
set interfaces em0 description "Link To JunOS-01"
set interfaces em0 unit 0 family inet address 10.1.2.2/29
set interfaces em1 unit 0 description "Link To JunOS-03"
set interfaces em1 unit 0 family inet address 10.2.3.2/29
set interfaces em2 unit 0 description LAN
set interfaces em2 unit 0 family inet address 192.168.2.1/24
set interfaces lo0 unit 0 family inet address 10.10.10.2/32
set routing-options static route 10.1.3.0/29 next-hop 10.1.2.1
set routing-options static route 192.168.1.0/24 next-hop 10.1.2.1
set routing-options static route 192.168.3.0/24 next-hop 10.2.3.3
deactivate routing-options static
set routing-options router-id 10.10.10.2
set routing-options autonomous-system 12
set protocols bgp group INT-AS-12 type internal
set protocols bgp group INT-AS-12 local-address 10.10.10.2
set protocols bgp group INT-AS-12 neighbor 10.10.10.1
set protocols bgp group EXT-AS-30 type external
set protocols bgp group EXT-AS-30 export ADV-TO-EBGP
set protocols bgp group EXT-AS-30 peer-as 30
set protocols bgp group EXT-AS-30 neighbor 10.2.3.3
set protocols ospf area 0.0.0.0 interface em0.0
set protocols ospf area 0.0.0.0 interface lo0.0
set protocols ospf area 0.0.0.0 interface em2.0
set policy-options policy-statement ADV-TO-EBGP term OSPF from protocol ospf
set policy-options policy-statement ADV-TO-EBGP term OSPF then accept
set policy-options policy-statement ADV-TO-EBGP term DIRECT from protocol direct
set policy-options policy-statement ADV-TO-EBGP term DIRECT then accept

#########################
lab@JunOS-03> show configuration | display set
set version 12.1R1.9
set system host-name JunOS-03
set system root-authentication encrypted-password lab123
set system login user lab full-name lab
set system login user lab uid 2000
set system login user lab class super-user
set system login user lab authentication encrypted-password "$1$BFY2bP9a$owL4lizDHURAIglozXQsE0"
set system services ssh
set system syslog user * any emergency
set system syslog file messages any notice
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands any
set interfaces em0 unit 0 description "Link To JunOS-02"
set interfaces em0 unit 0 family inet address 10.2.3.3/29
set interfaces em1 unit 0 description "Link To JunOS-01"
set interfaces em1 unit 0 family inet address 10.1.3.3/29
set interfaces em2 unit 0 description LAN
set interfaces em2 unit 0 family inet address 192.168.3.1/24
set interfaces em3 unit 0 family inet address 1.1.1.1/24
set interfaces em4 unit 0 family inet address 2.2.2.2/24
set interfaces em5 unit 0 family inet address 1.1.1.1/24
set interfaces em5 unit 0 family inet address 3.3.3.3/24
set interfaces em6 unit 0 family inet address 2.2.2.1/24
set interfaces em7 unit 0 family inet address 8.8.8.1/24
set interfaces lo0 unit 0 family inet address 10.10.10.3/32
set routing-options static route 10.1.2.0/29 next-hop 10.2.3.2
deactivate routing-options static route 10.1.2.0/29
set routing-options static route 192.168.1.0/24 next-hop 10.1.3.1
deactivate routing-options static route 192.168.1.0/24
set routing-options static route 192.168.2.0/24 next-hop 10.2.3.2
deactivate routing-options static route 192.168.2.0/24
set routing-options router-id 10.10.10.3
set routing-options autonomous-system 30
set protocols bgp group EXT-AS-30 type external
set protocols bgp group EXT-AS-30 export ADV-TO-EBGP
set protocols bgp group EXT-AS-30 peer-as 12
set protocols bgp group EXT-AS-30 neighbor 10.1.3.1
set protocols bgp group EXT-AS-30 neighbor 10.2.3.2
set policy-options policy-statement ADV-TO-EBGP term DIRECT from protocol direct
set policy-options policy-statement ADV-TO-EBGP term DIRECT then accept
set policy-options policy-statement EXT-NET term 1 from protocol direct
set policy-options policy-statement EXT-NET term 1 from interface em3.0
set policy-options policy-statement EXT-NET term 1 from interface em4.0
set policy-options policy-statement EXT-NET term 1 from interface em5.0
set policy-options policy-statement EXT-NET term 1 then metric 200
set policy-options policy-statement EXT-NET term 1 then accept


###############################
Pengecekan :

lab@JunOS-03> show bgp summary
Groups: 1 Peers: 2 Down peers: 0
Table          Tot Paths  Act Paths Suppressed    History Damp State    Pending
inet.0                12          5          0          0          0          0
Peer                     AS      InPkt     OutPkt    OutQ   Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped...
10.1.3.1                 12         77         72       0       0       33:08 3/6/6/0              0/0/0/0
10.2.3.2                 12         82         80       0       0       36:39 2/6/6/0              0/0/0/0

lab@JunOS-01> show bgp summary
Groups: 2 Peers: 2 Down peers: 0
Table          Tot Paths  Act Paths Suppressed    History Damp State    Pending
inet.0                13          6          0          0          0          0
Peer                     AS      InPkt     OutPkt    OutQ   Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped...
10.1.3.3                 30         71         78       0       0       33:33 6/7/7/0              0/0/0/0
10.10.10.2               12         89         90       0       0       40:33 0/6/6/0              0/0/0/0


lab@JunOS-02> show bgp summary
Groups: 2 Peers: 2 Down peers: 0
Table          Tot Paths  Act Paths Suppressed    History Damp State    Pending
inet.0                13          6          0          0          0          0
Peer                     AS      InPkt     OutPkt    OutQ   Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped...
10.2.3.3                 30         82         85       0       0       37:20 6/7/7/0              0/0/0/0
10.10.10.1               12         91         90       0       0       40:48 0/6/6/0              0/0/0/0

lab@JunOS-03> show route receive-protocol bgp 10.1.3.1

inet.0: 18 destinations, 25 routes (18 active, 0 holddown, 0 hidden)
  Prefix                  Nexthop              MED     Lclpref    AS path
* 10.1.2.0/29             10.1.3.1                                12 I
  10.1.3.0/29             10.1.3.1                                12 I
* 10.10.10.1/32           10.1.3.1                                12 I
  10.10.10.2/32           10.1.3.1             1                  12 I
* 192.168.1.0/24          10.1.3.1                                12 I
  192.168.2.0/24          10.1.3.1             2                  12 I

lab@JunOS-01> show route receive-protocol bgp 10.1.3.3

inet.0: 16 destinations, 23 routes (16 active, 0 holddown, 0 hidden)
  Prefix                  Nexthop              MED     Lclpref    AS path
* 1.1.1.0/24              10.1.3.3                                30 I
* 2.2.2.0/24              10.1.3.3                                30 I
* 3.3.3.0/24              10.1.3.3                                30 I
  10.1.3.0/29             10.1.3.3                                30 I
* 10.2.3.0/29             10.1.3.3                                30 I
* 10.10.10.3/32           10.1.3.3                                30 I
* 192.168.3.0/24          10.1.3.3                                30 I