Welcome to My Blog

• Home
  
• Mail
• Article
• CCNA Answer
• Tips and Trik Registry
• Linux
• News
• Top MP3 Hits
• Free Wallpaper
• Software Download

Joaquin Phoenix leaps into crowd at hip-hop show

By LISA ORKIN EMMANUEL, Associated Press Writer Lisa Orkin Emmanuel, Associated Press Writer – 58 mins ago

AP – Actor Joaquin Phoenix, left, poses for a portrait as Casey Affleck films in the background in Beverly …

• Play Video Video:Phoenix drama on stage AP
• Play Video Video:Joaquin Phoenix Takes On Fan At SoBe Show CBS4 Miami
• Play Video Movies Video:Eyeborg: Eye socket camera coming to humans AP

MIAMI BEACH, Fla. – Joaquin Phoenix appears to be getting into the act of being a petulant hip-hop star.

He jumped off the stage during a short performance at the LIV nightclub early Thursday morning and confronted an audience member who was heckling him. Security guards dragged him back on stage and escorted him away.

It's unknown whether the confrontation — and his pledge to quit acting and start rapping — was real or a put-on, but actor Casey Affleck recorded the performance on camera.

In October, Phoenix's publicist confirmed he was making the career switch. In January he performed at a Las Vegas nightclub and the next month he made a strange appearance on David Letterman's "Late Show." Actor Ben Stiller lampooned that appearance at the Oscars.

Hundreds of people packed the nightclub at the Fontainebleau Miami Beach hotel after the doors opened at 10:30 p.m. Wednesday night.

Several of those in the audience said they came just to see Phoenix, who left them cooling their heels for almost four hours while disc jockeys played house and hip-hop music.

Phoenix came out on stage before 2 a.m., smoking a cigarette and wearing a disheveled dark suit, sneakers and his scraggly long hair and beard.

He began rapping to a beat played by the DJ and nodding to the music, although most of the lyrics were unintelligible. Then he responded to someone who appeared to be heckling him in the audience near the stage.

"We have a (double-expletive) in the audience," he said before jumping into the crowd. It was not immediately clear whether the two men exchanged any blows.

"I saw the guy screaming at Joaquin, and Joaquin just came down," said Jorge Lledo, 30, of Miami Beach.

Security guards swarmed the scene and dragged Phoenix away.

The bizarre spectacle struck many in the audience as the latest prank in an extended farce staged by Phoenix. Affleck, an Oscar-nominated actor who is also Phoenix's brother-in-law, is making a documentary about Phoenix's career shift.

"(Affleck's) camera was filming the whole time, so it makes me think he has ulterior motives," said Luis Gendron, 23, of Miami.

"He knows the game he's playing, and he's good at it," Gendron said of Phoenix.

The Starting Point: Shoe tossing, bank attacks and Girl Scouts

1 hr 34 mins ago

AFP/File – Iraqi officials unveil a bronze shoe monument in the northern city of Tikrit, January 2009. An Iraqi …

More from The Yahoo! Newsroom:

• The Starting Point: From deadly shootings to 'Big Love'
• The Starting Point: War, homelessness and Phish fans
• The Starting Point: From North Korea to stem cell research
• The Starting Point: From government shutdowns to time changes
• The Starting Point: War crimes, gay marriage and T.O.
• Where are they now?
• Stress testing "nationalization"
• McCain blasts 'The View'

More »

While you were sleeping: A Baghdad court sentenced an Iraqi journalist to three years in jail for throwing his shoes at former President George W. Bush last year. According to Reuters, the head of Muntazer al-Zaidi's legal team called the punishment "harsh"; his sister burst into tears when she heard the verdict, then shouted "Down with Maliki, the agent of the Americans!" Click here to view the famous footwear fling.

Roche agreed to buy all outstanding shares of Genentech for $46.8 billion. The Swiss drugmaker plans to urge employees working in Genentech's research, early clinical development and sales departments to stay, though other cuts are possible.

Despite halts on new foreclosures by several major lenders, the number of U.S. households threatened with losing their homes rose 30 percent in February. Nearly 291,000 homes received at least one foreclosure-related notice last month.

Finally, the number of Americans filing initial claims for unemployment benefits rose to 654,000 last week, the Labor Department reported. Continuing jobless claims increased to 5.3 million, which is the most on records dating back to 1967.

Most popular stories overnight: A militant group called the Revolutionary Struggle claimed responsibility for the recent attacks against Citibank in Greece. In a statement published by the Pontiki weekly newspaper, the terror group claimed the bank was part of a "criminal network of international capital" and responsible for the global economic crisis. Also resonating with our readers is this Associated Press article about actor-turned-rapper Joaquin Phoenix, who jumped off the stage during a concert late last night in Miami Beach to confront a heckler in the audience. Actor-director Casey Affleck is currently filming a documentary about Phoenix's career change. It is unknown if the altercation was spontaneous or staged, but Affleck was reportedly at the club taping the performance.

Looking ahead: President Barack Obama and Vice President Joe Biden will meet with state officials at the White House to discuss how the states plan to use funds from the economic stimulus package. The Senate is expected to vote, and approve, Obama's pick for deputy attorney general. David Ogden sparked an angry debate on the floor for representing Playboy and librarians fighting congressionally mandated Internet filtering software while working as a private attorney. Treasury Secretary Timothy Geithner plans to defend administration policies on taxes and bank relief before the Senate Budget Committee. And First Lady Michelle Obama will visit Fort Bragg in N.C., and speak with military spouses. These stories and more will be covered as they happen on Yahoo! News and in the news box on Yahoo.com.

Today in history: In 1912, Juliette Gordon Low founded the Girl Guides, which later became the Girl Scouts of America.

Birthdays: Actor Aaron Eckhart, 41. Baseball player Darryl Strawberry, 47. Actor Courtney B. Vance, 49. Singer Marlon Jackson, 52. Author Carl Hiaasen, 56. Singer James Taylor, 61. Former presidential candidate Mitt Romney, 62. Singer/actress Liza Minnelli, 63. Singer Al Jarreau, 69. Playwright Edward Albee, 81.

Reminder: The Starting Point Twitter feed is available @ystartingpoint. Sign up today!

--Jade Walker is the overnight editor of Yahoo! News. While America sleeps…Jade keeps the rest of the world informed.

**Yahoo! News bloggers compile the best news content from our providers and scour the Web for the most interesting news stories so you don't have to.

The Starting Point: Shoe tossing, bank attacks and Girl Scouts

1 hr 34 mins ago

AFP/File – Iraqi officials unveil a bronze shoe monument in the northern city of Tikrit, January 2009. An Iraqi …

More from The Yahoo! Newsroom:

• The Starting Point: From deadly shootings to 'Big Love'
• The Starting Point: War, homelessness and Phish fans
• The Starting Point: From North Korea to stem cell research
• The Starting Point: From government shutdowns to time changes
• The Starting Point: War crimes, gay marriage and T.O.
• Where are they now?
• Stress testing "nationalization"
• McCain blasts 'The View'

More »

While you were sleeping: A Baghdad court sentenced an Iraqi journalist to three years in jail for throwing his shoes at former President George W. Bush last year. According to Reuters, the head of Muntazer al-Zaidi's legal team called the punishment "harsh"; his sister burst into tears when she heard the verdict, then shouted "Down with Maliki, the agent of the Americans!" Click here to view the famous footwear fling.

Roche agreed to buy all outstanding shares of Genentech for $46.8 billion. The Swiss drugmaker plans to urge employees working in Genentech's research, early clinical development and sales departments to stay, though other cuts are possible.

Despite halts on new foreclosures by several major lenders, the number of U.S. households threatened with losing their homes rose 30 percent in February. Nearly 291,000 homes received at least one foreclosure-related notice last month.

Finally, the number of Americans filing initial claims for unemployment benefits rose to 654,000 last week, the Labor Department reported. Continuing jobless claims increased to 5.3 million, which is the most on records dating back to 1967.

Most popular stories overnight: A militant group called the Revolutionary Struggle claimed responsibility for the recent attacks against Citibank in Greece. In a statement published by the Pontiki weekly newspaper, the terror group claimed the bank was part of a "criminal network of international capital" and responsible for the global economic crisis. Also resonating with our readers is this Associated Press article about actor-turned-rapper Joaquin Phoenix, who jumped off the stage during a concert late last night in Miami Beach to confront a heckler in the audience. Actor-director Casey Affleck is currently filming a documentary about Phoenix's career change. It is unknown if the altercation was spontaneous or staged, but Affleck was reportedly at the club taping the performance.

Looking ahead: President Barack Obama and Vice President Joe Biden will meet with state officials at the White House to discuss how the states plan to use funds from the economic stimulus package. The Senate is expected to vote, and approve, Obama's pick for deputy attorney general. David Ogden sparked an angry debate on the floor for representing Playboy and librarians fighting congressionally mandated Internet filtering software while working as a private attorney. Treasury Secretary Timothy Geithner plans to defend administration policies on taxes and bank relief before the Senate Budget Committee. And First Lady Michelle Obama will visit Fort Bragg in N.C., and speak with military spouses. These stories and more will be covered as they happen on Yahoo! News and in the news box on Yahoo.com.

Today in history: In 1912, Juliette Gordon Low founded the Girl Guides, which later became the Girl Scouts of America.

Birthdays: Actor Aaron Eckhart, 41. Baseball player Darryl Strawberry, 47. Actor Courtney B. Vance, 49. Singer Marlon Jackson, 52. Author Carl Hiaasen, 56. Singer James Taylor, 61. Former presidential candidate Mitt Romney, 62. Singer/actress Liza Minnelli, 63. Singer Al Jarreau, 69. Playwright Edward Albee, 81.

Reminder: The Starting Point Twitter feed is available @ystartingpoint. Sign up today!

--Jade Walker is the overnight editor of Yahoo! News. While America sleeps…Jade keeps the rest of the world informed.

**Yahoo! News bloggers compile the best news content from our providers and scour the Web for the most interesting news stories so you don't have to.

Why Rush Limbaugh Is Good for the Republicans

By RAMESH PONNURU Ramesh Ponnuru – Wed Mar 11, 2:20 pm ET

AP – In the March 16 issue of Newsweek (on newsstands Monday, March 9): 'Enough! A Conservative's Case Against …

Obama aides Rahm Emanuel and Robert Gibbs knew what they were doing when they declared Rush Limbaugh the leader of the Republican opposition. They were putting Republican politicians in a trap. Repudiating Limbaugh would mean alienating millions of conservatives and declaring Limbaugh's plainspoken conservatism - which many of those politicians share - outside the lines of the national debate. But neither could Republicans allow the insinuation that they take orders from a radio host stand. If voters got that impression, they would look weak. Worse, the polls show more people dislike Limbaugh than like him.

The Republicans escaped this trap by saying that the White House was talking about Limbaugh in order to avoid talking about Obama's failure to come up with a financial-rescue plan. But now one Limbaugh controversy has been replaced by another. Instead of squabbling with Democrats about him, Republicans are arguing with each other. The subject of the dispute: Does Limbaugh help spread conservatism among Americans - or turn them off from it? (Read "Criticizing Rush Limbaugh: Over the Line?")

Some conservatives have always winced at Limbaugh's in-your-face style. But the debate today has a special charge because, like the similar debate over Alaska Gov. Sarah Palin a few months ago, it is tied up with questions about the future of the Republican party.

In one camp are those who believe that the Republican party must modernize its message to account for changing circumstances. The columnist David Brooks has called these people the "reformers." Against them are the "traditionalists," who believe that Republicans need only recommit themselves to Ronald Reagan's agenda to succeed again. (Read "Can Michael Steele Broaden the Grand Old Party?")

The traditionalists push for upper-income tax cuts. The reformers want to cut the payroll taxes paid by the middle class. Traditionalists often deny that global warming is real. Reformers just want to make sure that our answer to it is cost-effective. The traditionalists want to hold the line on government spending. The reformers think that it's more important for Republicans to advocate market-friendly solutions to problems such as rising health-care costs and traffic congestion.

Limbaugh, needless to say, is a traditionalist, and some of the reformers have become fierce critics. The debate has gotten pretty hot over the last two weeks, with those critics going after Limbaugh's girth and his outraged fans accusing them of being closet liberals.

See the top 10 unfortunate political one-liners.

See pictures of the best Obama Inaugural merchandise.

It is not a smart battle for the reformers to fight. Most of their differences of opinion with Limbaugh do not really rise to the level of principle. (Whether global warming is happening and what risks it poses are empirical questions, not ideological ones.) Moreover, the vast majority of conservative voters agree with Limbaugh, not the reformers, on most of these questions. If Limbaugh were to disappear tomorrow - which, by the way, he is not going to do - most conservatives would still put upper-income tax cuts at the top of their agenda. It's not as though they believe what they believe because Limbaugh told them to.

It would be destructive for the traditionalists to attempt to purge the reformers, who have some good ideas. But for the reformers to attempt to purge the traditionalists, who outnumber them, is just plain batty. If the reformers succeed, it will be by persuading traditionalists such as Limbaugh, not bulldozing over them. (See the screwups of Campaign '08.)

Besides, Limbaugh plays a valuable role within conservatism. His show, like Fox News, is not as high-flown as conservative intellectual journals such as The New Criterion and First Things. But those publications have small circulations. Their influence is long-term and indirect. Conservatism needs mass media, too, to affect day-to-day politics: to jam phone lines; to pull the national conversation rightward. It needs Limbaugh and the many like-minded talkers elsewhere on the airwaves. Doubtless they could do their jobs better, as could the conservative writers who scorn them. But if Limbaugh did not exist, conservatives would have to invent him. And it would be hard to do - as liberals have found when they have tried and failed to come up with their own successful radio shows.

Talk radio is the only medium that conservatives dominate in America. Is it really shrewd for conservatives to begin their political exile by attacking the leading figure in that world? To ask is to answer.

Limbaugh and his conservative critics have more in common than they think. The political import of the last two weeks of Limbaugh-mania is this: The Republicans' decline is now entering a phase in which its members are more emotionally invested in attacking each other than in attacking Obama. As long as that holds true, the White House can safely ignore the opposition, no matter how loud it gets.

See who's who in Barack Obama's White House.

See pictures of presidential First Dogs.

View this article on Time.com

Related articles on Time.com:

• Conservative Radio Host Rush Limbaugh
• Team Obama's Petty Limbaugh Strategy
• Criticizing Rush Limbaugh: Over the Line?
• Bull Rush
• Can GOP Voters Spoil the Dem Race?

Exclusive: Steele names top RNC exec

Featured Topics:

• Barack Obama
• Presidential Transition

AP – In this Jan. 30, 2009 file photo, Republican National Committee Chairman Michael Steele speaks in Washington. …

• Play Video Presidential Transition Video:Dubai's Kiddie Cabinet Sounds Off ABC News
• Play Video Presidential Transition Video:Seattle's police chief may become next drug czar KING5 Seattle

Michael Steele, the embattled chairman of the Republican National Committee, has chosen as chief of staff Ken McKay, a New Englander he describes as being “not afraid of a challenge,” party sources tell POLITICO.

That’s a good qualification for the new top executive of a party that has been repeatedly embarrassed by Steele’s public statements. Last weekend, “Saturday Night Live” satirized him.

Steele went off the airwaves this week to focus on naming his team, but then GQ magazine released an interview Wednesday night in which Steele referred to abortion as an “individual choice.”

On Thursday morning, Steele released a statement saying: “I am pro-life, always have been, always will be.”

An announcement on McKay is planned for later Thursday.

Steele’s election at the end of January was heralded as a diversity breakthrough for the party, since he is the first African-American chairman. He has been conducting an audit of the party structure and has said he plans to have his team in place by the end of this month. But the party has been left without top officials – including a political, communications or finance director — during the first 100 days of Barack Obama’s presidency.

An e-mail to top supporters touts McKay’s experience managing two statewide campaigns for a pro life and pro gun candidate in a very blue state,” Rhode Islander.

The e-mail says: “Ken has proven that voters in both parties gravitate to reform minded conservative governance, proving you can govern with conservative philosophy, and those principles work everywhere. Ken is not a theorist; he’s a real life practitioner of both campaigning and governing. He has experience in managing very complex operations and making things work.

“Ken brings a ton of experience both in the campaign world and in government, and he brings a fresh approach from out in the states. Time and again our national party has found success by adopting innovations and strategies that come from out in the states, particularly from Governors. This was one of the most appealing traits for Chairman Steele."

Here is Ken McKay’s RNC bio:

Personal
— From Rhode Island. 42 years old. Wife and three boys.

Professional
— US Army, Infantry, for three years right after high school.
— Attorney at Law, currently has his own firm, formerly with Brown Rudnick — big firm headquartered in Boston, with offices in NY, Providence, London, Hartford, and Washington, DC.

Education
— High Point, NC, BS. Major in Biology
— Roger Williams University School of Law, JD

COS for a Republican Governor
— Gov. Don Carcieri’s COS for his first three and ½ years in office, following his election in 2002. COS, Transition Team for Governor elect Carcieri.
—Managed two successful Governor’s races in arguably the most Democrat state in America. Ken is not afraid of a challenge. Carcieri won reelection in the very difficult year of 2006.

Ala. town stunned by gunman's terrifying ride

By JAY REEVES and BOB JOHNSON, Associated Press Writers Jay Reeves And Bob Johnson, Associated Press Writers – 5 mins ago

Play Video ABC News – Unraveling Alabama Shooter's Motive

• Slideshow:Ala. Shooting
• Play Video Video:Details emerge about Ala. Shooting suspect AP
• Play Video Video:First Person: 'I don't have a tear left in me' AP

AP – The First Baptist Church of Samson, is silhouetted against an evening sky, Wednesday, March 11, 2009, …

SAMSON, Ala. – Many residents of this quiet, close-knit farming community could hear the rapid crackling of gunfire from a rampage that left 10 people and the shooter dead. Others got frantic phone calls from friends or relatives.

But none of them knew yet that the heavily armed gunman was someone who grew up among them, playing youth baseball, graduating from the local high school and working by their sides at local factories.

Those who knew 28-year-old Michael McLendon and even those who just remembered his name or face couldn't believe the bloodshed in two counties near the Florida border Tuesday that left him, five of his relatives and five bystanders dead.

Jessica Wise went to school with McLendon from kindergarten through graduation from Samson High School in 1999, a class that had about 50 students. She said he was quiet, nice and polite, didn't join other boys in pulling pranks and always had his shirt tucked in.

"You never saw him out at parties. He never got in trouble," Wise said.

Wise said McLendon played football and baseball in elementary and middle school, was a member of Future Farmers of America and talented in welding and woodworking. Wise said they fell out of touch after high school.

McLendon began his killing spree a dozen miles from Samson in Kinston in Coffee County, where he burned down the home he shared with his mother, killing her. It ended about an hour later with him taking his own life after a shootout with police in nearby Geneva at Reliable Metals, where he worked until 2003.

In between, he gunned down three relatives and the wife and 18-month-old daughter of a local sheriff's deputy on a wide front porch that looks like so many others in Samson. He then turned his gun next door and killed his 74-year-old grandmother and sent panicked bystanders fleeing and ducking behind cars.

McLendon then drove off, spraying bullets through the town lined with old brick buildings, killing three more bystanders.

The shootings cast a pall over an old town of 2,000 people that rarely changes. A black bow blew in the breeze in front of City Hall the day after. Across the street, workers replaced a window at Bradley True Value Hardware, which was hit in the hail of gunfire.

"God bless the victims and their families and God bless Samson," said a scrolling electric sign at Byrd's Nest Florist on Main Street.

Darrell "Smitty" Smith, a corporal with the Sansom Police Department, served in Iraq with the Alabama National Guard. He was shocked by the carnage at the home of McLendon's relatives.

"Walking up on that porch and seeing that, it was much worse than anything I ever saw in Iraq because at least in Iraq you expect it, you are prepared for it and you stand a chance to protect yourself," Smith said.

"We are just a small town and we were not prepared for anything like this," he said.

Authorities say McLendon had struggled to keep a job and left behind lists of employers and co-workers he believed had wronged him. The lists found in McLendon's home included Reliable Metals, which forced him to resign years ago, a sausage factory from which he suddenly quit last week and a poultry plant that suspended his mother, District Attorney Gary McAliley said.

Federal court records show McLendon and his mother are among Pilgrim Pride employees who filed a lawsuit in 2006 against the Pittsburg, Texas-based poultry firm over claims of unfair compensation. A company spokesman did not immediately respond to an e-mail seeking comment.

The pages torn from a spiral notebook included names of co-workers, including one who reported him for not wearing ear plugs, another who made him clean a meat grinder and a supervisor who didn't like the way he cut pork chops, McAliley said.

Investigators offered no immediate explanation for why McLendon targeted relatives and others who weren't on the list as he fired more than 200 rounds in the worst mass killing by a single gunman in Alabama history.

McAliley said McLendon's parents had divorced, although he didn't say when. McLendon apparently sided with his mother in the split and he developed bitter feelings against some members of his family, with his desire to possess a family Bible an issue, McAliley said.

As word about the killings spread, Samson high graduates scrambled to find their yearbooks, and many realized they knew the gunman.

Derek Weeks, 28, was senior class president of McLendon's class.

"He was kind of reserved and to himself. I can't tell you one bad thing about him," said Weeks, who lives in nearby Enterprise. "I don't remember him ever getting in any kind of trouble."

Like many, Weeks couldn't believe the terror that shattered the small community.

"But one benefit to living in a small town is the closeness of the people," he said. "So we know that if something happens, everyone will still be together and will be there for the families of those victims."

On Wednesday night, hundreds of community members gathered for a prayer service at First Baptist Church of Samson.

"Father, there are times in life when we don't have answers to the question 'Why?'" Rev. Steve Sellers told the congregation. "I don't know what set a young man off like that, but I, too, want to pray for his family."

The answers might never be known. Lt. Barry Tucker of Alabama Bureau of Investigations said McLendon was "somewhat depressed about job issues" but that investigators don't believe the shootings were job-related.

"There's no specific indication of 'This is why I did it,'" said Tucker who wouldn't release a motive.

It was not clear how long McLendon had been planning the attack, but authorities said he armed himself with four guns — two assault rifles with high-capacity magazines taped together, a shotgun and a .38-caliber pistol — and may have planned a bigger massacre than he had time to carry out.

"I'm convinced he went over there to kill more people," said Sheriff Dave Sutton.

___

Associated Press Writers Jessica Gresko and Melissa Nelson in Samson, Gary Mitchell in Mobile and Kate Brumback in Montgomery contributed to this report.

(This version CORRECTS to three relatives killed on porch, instead of four.)

Germany grieves after school shooting

by Gilles Laffon Gilles Laffon – 1 hr 41 mins ago

Play Video AP – German school mourns following deadly attack

• Slideshow:Deadly German School Shooting
• Play Video Video:German school gunman 'kills 15' BBC
• Play Video Video:Merkel: Shootings are 'incomprehensible' BBC

AFP/DDP – A copy of the "Bild" tabloid with a picture of teenage gunman Tim Kretschmer. German authorities …

WINNENDEN, Germany (AFP) – A teenager who went on a bloody rampage in his old school had announced his intentions on the Internet just hours earlier, it emerged Thursday as Germany mourned the 15 people he gunned down.

"I have weapons here and tomorrow morning I will go to my old school and really whip up a storm," Tim Kretschmer said in a chat room, according to the interior minister of the state where Wednesday's massacre took place.

"I have had enough of this crummy life ... Always the same. People are laughing at me, no one recognises my potential ... You will hear about me tomorrow. Make note of the name of the place: Winnenden," the 17-year-old said.

The entry, made in a conversation with another 17-year-old from Bavaria who told his father about it after the shooting, was made at 2:45 am (0145 GMT), said Heribert Rech, interior minister of Baden-Wuerttemberg state.

Less than seven hours later, at around 9:30 am, Kretschmer entered the school in Winnenden near Stuttgart, armed with a handgun taken from his father's bedroom and more than 100 rounds of ammunition.

He killed eight girls, one boy and three female teachers, mostly expertly with shots to the head. He then fled, hijacked a car and randomly shot dead three bystanders.

Three hours later Kretschmer was dead after a manhunt ended in a shootout 30 kilometres (20 miles) away. State police chief Erwin Hetger said it was believed he had turned the gun on himself.

Kretschmer went into one classroom three times, the Bild daily said. On the third visit he told the class: "Aren't you all dead yet?" A teacher threw herself in front of a female pupil -- and was shot by the gunman, Bild said.

The bloodbath left Germany in shock. Flags flew at half mast across the country, and in Winnenden hundreds of candles were left outside the school.

Thousands of people packed churches for special services on Wednesday night and a vigil was held outside the school on what Chancellor Angela Merkel called "a day of mourning for all of Germany."

"Our thoughts go out to the families and the friends. We are thinking of you and we are praying for you," she said.

Details also emerged on Thursday on Kretschmer's background.

His father is a successful businessman who employs 150 people at a packaging firm, according to police, but his son found it difficult to fit in at school and had few friends.

"He was simply not accepted by anyone and just sat all day in front of his computer," Mario, a schoolmate, told German television station N24.

Reports also said he was very keen on computer shooting games -- especially the violent "Counter-Strike" -- and had become a real-life crack shot at the shooting range where his father was a member.

After leaving school last year, Kretschmer had enrolled on a course to train as a salesman. He regularly worked out at the gym and belonged to a sports club.

"He was completely unremarkable, there was nothing in his background to suggest this could have happened," Rech said. Fellow students described him as "quiet" and "reserved," even "friendly."

His father owned more than a dozen guns, all locked away except the nine millimetre Beretta pistol that caused the carnage.

Rech said Kretschmer had "destroyed the soul of an entire school and ripped into the heart of a town."

The school remains cordoned off and there have been calls for it to stay closed for ever.

The tragedy brought back haunting memories of a similar bloodbath in Erfurt in eastern Germany in 2002 that left 17 dead, including the gunman, and reheated a debate over gun control.

Gun laws were tightened after Erfurt and there have already been calls for even stricter laws and a ban on violent computer games.

Wolfgang Dicke, a police gun crime expert told Spiegel: "Our gun laws can barely be tightened because they are already so tight."

But a Bild editorial said: "The best laws in the world are useless, if parents do not know what is going on in their children's heads, what they are thinking and dreaming and what are their fears."

More Companies At Risk of Failing

Tuesday March 10, 12:46 pm ET
By Rick Newman

Everybody hopes the economy bottoms out and starts to improve tomorrow. Or sooner. But there are few signs of an imminent recovery. One obvious indicator is the health of big companies - you know, the ones that have been announcing all those four- and five-digits layoffs recently. And the outlook for them seems to be getting worse, not better.

ADVERTISEMENT
Moody's, the ratings agency, recently published a list of "bottom rung" companies most likely to default on their debt. The criteria are technical, but the upshot is that a lot of companies are in deep trouble - and the list is getting longer, not shorter. Moody's predicts that the default rate on corporate bonds this year will be three times higher than in 2008, and 15 times higher than in 2007. Defaults are often the last step before a bankruptcy filing. And bankrupt companies, obviously, don't usually hire people. They dramatically shed costs and workers and sometimes liquidate completely, firing everybody.

[See 15 firms that might not survive 2009.]

So the Moody's findings help explain why most economists expect the unemployment rate, now 8.1 percent, to rise as high as 9 or 10 percent before it starts to drift back down. And right now, real and perceived fears about job security are the main force driving a contraction in consumer spending, and the economy as a whole. Here's what the bottom-rung report tells us about the next several months:

There will be a lot more bankruptcies. Moody's places 283 companies on its bottom-rung list, up from 157 a year ago. Since the quarterly list was last updated, 73 additional companies have fallen to the bottom rung. Twenty-four companies made their way off the list - but mostly because they defaulted on their debts. Only one company, Landry's Restaurants, got off the list because its circumstances improved.

[See why bank nationalization terrifies Wall Street.]

Companies exposed to consumer spending have it toughest. The industries most represented on the list are media, automotive, retail and manufacturing. Companies in the most acute danger are those with reduced cash flow and a high debt load. A lot of big, well-known companies are in danger. On the list: Advanced Micro Devices; AirTran; AMR (parent of American Airlines); Chrysler; Duane Reade; Eastman-Kodak; Ford; General Motors; JetBlue; Krispy Kreme; Palm; R.H. Donnelly; Reader's Digest Association; Rite-Aid; UAL (parent of United Airlines); Unisys; and US Airways.

Many of the other firms on the list are second- or third-tier suppliers to automakers, airlines, and other troubled firms. Being on the list doesn't mean a firm is destined for bankruptcy. But it does mean the company faces severe constraints in terms of raising new capital, making new investments, and hiring. Instead of expanding, it may be far more inclined to sell assets, streamline or close divisions, and lay people off to cut costs and raise cash.

[See 6 possible upsides to a GM bankruptcy.]

America's malls are going to end up looking a lot different. The retail sector is obviously getting hammered, with chains like Circuit City and Linens 'n Things already out of business. Many other retail chains are in trouble. Also on the bottom-rung list: Barney's; BCBG Maz Azria; Blockbuster; Brookstone; Claire's Stores; Eddie Bauer; Finlay Fine Jewelry; Harry & David; Loehmann's; Michael's Stores; Oriental Trading Co.; and Sbarro. Again, this doesn't mean the company is doomed. But many of these firms will restructure, close outlets, shrink, and find ways to transform themselves. So if you ever go back to the mall, and your favorite shop has disappeared, you'll know why.

News

More Companies At Risk of Failing
Germany grieves after school shooting
Ala. town stunned by gunman's terrifying ride
Exclusive: Steele names top RNC exec
Why Rush Limbaugh Is Good for the Republicans
The Starting Point: Shoe tossing, bank attacks and Girl Scouts
Joaquin Phoenix leaps into crowd at hip-hop show

Tips and Trik Registry Modification

• Mengakhiri layanan & program lbh cepat
• Mencegah Perubahan Menu Start
• Mencegah dekripsi File ketika dipindahkan
• Mencegah dekripsi File ketika dipindahkan
• Menunjukkan Hidden Folders And Files
• Menambahkan Pilihan Menu Copy To Dan Move To Folder Pada Menu Konteks
• Menambahkan Pilihan Send To Pada Menu Konteks ...
• Memunculkan Option My Computer Yang Tersembuny...
• Memunculkan Menu Administrative Tools
  
• Memproteksi data saat Shut down
  
• Memperkecil Ukuran Thumbnail Untuk Windows Exp...
• Memperkecil Ikon Start Menu
• Mempercepat Proses Shutdown Windows XP
• Memilih Ikon Desktop Yang Pertama
• Membuka Regedit yang terkunci / enabling
  
• Membuat Tips Of The Day Windows Explorer
  
• Membuat Shortcut Menu Pribadi Di Windows Explo...
• Membuat Desktop Lebih Stabil
• Memblokir folder My Recent Document
• Membersihkan Sampah Uninstall
• Membersihkan Recent Documents
• Membersihkan Semua Ikon Pada Desktop
• Membatasi Jumlah Login Otomatis
• Mematikan Secara Otomatis Program Not Responding
• Memaksa penggunaan Login Otomatis
• Melihat Informasi Prosesor
• Larangan Penggunaan Pilihan Tombol Logoff Pada Sta...
• Menggunakan Windows Update Tanpa Harus Melakukan R...
• Login Otomatis
• Larangan Penginstallan Program Lewat ActiveX Pada ...
• Larangan Pada Internet Explorer
• Kotak Dialog Sebelum Logon
• Kustomisasi Windows Logon Dan Judul Dialog Keamana...
• Informasi Terperinci Di Device Manager
• Menonaktifkan Firewall & mengaktifkan lwt Icon des...
• Hide File Extention
• Hidden Shares Otomatis
• Fungsi Restore Windows Folder Pada Startup
• Expand secara otomatis
• Change Icon Recycle Bin
• Blokir SPAM pada message servis
• Jangan disalah gunakan

Mail

Google
login

Yahoo
login

Webhost
login

CCNA Discovery 2 : Working at a Small-to-Medium Business or ISP

• CCNA Discovery 2 : Module 1 Exam Answers
  
  
• CCNA Discovery 2 : Module 2 Exam Answers
  
  
• CCNA Discovery 2 : Module 3 Exam Answers
  
  
• CCNA Discovery 2 : Module 4 Exam Answers
  
  
• CCNA Discovery 2 : Module 5 Exam Answers
  
  
• CCNA Discovery 2 : Module 6 Exam Answers
  
  
• CCNA Discovery 2 : Module 7 Exam Answers
  
  
• CCNA Discovery 2 : Module 8 Exam Answers
  
  
• CCNA Discovery 2 : FINAL Exam Answers

CCNA Discovery 1 : Networking for Home and Small Businesses

• CCNA Discovery 1 : Module 1 Exam Answers
  
  
• CCNA Discovery 1 : Module 2 Exam Answers
  
  
• CCNA Discovery 1 : Module 3 Exam Answers
  
  
• CCNA Discovery 1 : Module 4 Exam Answers
  
  
• CCNA Discovery 1 : Module 5 Exam Answers
  
  
• CCNA Discovery 1 : Module 6 Exam Answers
  
  
• CCNA Discovery 1 : Module 7 Exam Answers
  
  
• CCNA Discovery 1 : Module 8 Exam Answers
  
  
• CCNA Discovery 1 : Module 9 Exam Answers

Lumayan lah daripada tidak

CCNA Discovery V 4.0

CCNA Discovery 1 : Networking for Home and Small Businesses

CCNA Discovery 2 : Working at a Small-to-Medium Business or ISP

Mikrotik

MikroTik RouterOS™, merupakan system operasi Linux base yang diperuntuk
kan sebagai network router. Didesain untuk memberikan kemudahan bagi
penggunanya. Administrasinya bisa dilakukan melalui Windows application
(WinBox). Webbrowser serta via Remote Shell (telnet dan SSH). Selain
itu instalasi dapat dilakukan pada Standard computer PC. PC yang akan
dijadi kan router mikrotikpun tidak memerlukan resource yang cukup besar
untuk penggunaan standard, misalnya hanya sebagai gateway. Untuk keperluan
beban yang besar ( network yang kompleks, routing yang rumit dll)
disarankan untuk mempertimbangkan pemilihan resource PC yang memadai.

Fasilitas pada mikrotik antara lain sebagai berikut :
- Protokoll routing RIP, OSPF, BGP.
- Statefull firewall
- HotSpot for Plug-and-Play access
- remote winbox GUI admin

Lebih lengkap bisa dilihat di www.mikrotik.com.

Meskipun demikian Mikrotik bukanlah free software, artinya kita harus
membeli licensi terhadap segala fasiltas yang disediakan. Free trial
hanya untuk 24 jam saja. Kita bisa membeli software mikrotik dalam
bentuk CD yang diinstall pada Hard disk atau disk on module (DOM).
Jika kita membeli DOM tidak perlu install tetapi tinggal menancapkan
DOM pada slot IDE PC kita.

Instalasi Mikrotik ada beberapa cara :
1. Instalasi melalui NetInstall via jaringan
2. Instalasi melalui Floppy disk
3. Instalasi melalui CD-ROM.

Kali ini kita akan membahasnya instalasi melalui CD-ROM. Untuk percobaan
ini silahkan download ISOnya di http://adminpreman.web.id/download

Langkah-langkah berikut adalah dasar-dasar setup mikrotik yang
dikonfigurasikan untuk jaringan sederhana sebagai PC Router/Gateway,
Web Proxy, DNS Server, DHCP, Firewall serta Bandwidth Management.
Konfigurasi ini dapat dimanfaatkan untuk membangun jaringan pada
Internet Cafe atau untuk Testing pada Laboratorium Pribadi. 

--[2.1]-- Topologi Jaringan

Topologi jaringan ini di anggap koneksi Internetnya melalui MODEM
xDSL (ADSL atau SDSL). Dengan catatan konfigurasi IP Publiknya
ditanam didalam MODEM, artinya perlu pula dipilih MODEM yang memiliki
fasilitas seperti Routing, Firewall, dan lain-lain. Semakin lengkap
semakin bagus, namun biasanya harga semakin mahal, yang patut
dipertimbangkan pilihlah MODEM yang memiliki fasilitas Firewall yang
bagus.

Untuk MODEM SDSL, biasanya, IP dibawah NAT, artinya IP nya bukan IP
Publik langsung. Dan umumnya untuk MODEM ADSL, IP Publiknya langsung
ditanam di MODEM itu sendiri.

Saat ini kita anggap IP Publiknya di tanam di MODEM, dimana Interface
PPPoE nya sudah di konfigurasikan dan sudah bisa DIAL ke server RASnya.

Agar memudahkan konfigurasi, perlu dirancang topologi jaringan yang
dikonfigurasi. Sebagai contoh, skema dibawah ini:

(a) Skema Jaringan

             _(
o--+      ____|
  |     /    |  Telpon
  |   _/     -(
  +--[_] Splitter
      |
      |   +----+
      +---|    | Modem xDSL
          +--*-+
          (1)|             +---+
             |             |   |   (3)
             |             |  +|---------+
             |   +-----+   |  |. . . . . |
             |  a|     |   |  +--|-|-|-|-+
             +---|=====|   |     | | | |
                 |     |   |     | | | |
                 |     |---+     +-|-|-|--[client 1]
                 |     |b          +-|-|------------[client 2]
                 |     |             +-|----------------------[client 3]
                 L-----J               +--------[client n]
                   (2)

Keterangan skema
(1) = Modem xDSL (Ip Address : 192.168.1.1/24)
(2) = Mikrotik Box dengan 2 ethernet card yaitu a (publik) dan b (local)
(3) = Switch
     Untuk sambungan ke Client. Asumsi Client Jumlahnya 20 Client
     Range Ip Address : 192.168.0.0/27
     Alokasi Ip Client = 192.168.0.1-192.168.0.30
                         Ip Net ID    : 192.168.0.0/27
                         Ip Broadcast : 192.168.0.31/27

(b) Alokasi IP Address

[*] Mikrotik Box

   Keterangan Skema
   a = ethernet card 1 (Publik) -> Ip Address : 192.168.1.2/24
   b = ethernet card 2 (Local)  -> Ip Address : 192.168.0.30/27

   Gateway    : 192.168.1.1 (ke Modem)

[*] Client
   Client 1 - Client n, Ip Address : 192.168.0.n .... n (1-30)

   Contoh:
   Client 6
   Ip Address : 192.168.0.6/27
   Gateway    : 192.168.0.30 (ke Mikrotik Box)

CATATAN :
Angka dibelakang Ip address ( /27) sama dengan nilai netmasknya
untuk angka (/27) nilainya sama dengan 255.255.255.224.

Untuk Sub Netmask blok ip address Local kelas C, dapat diuraikan
sebagai berikut :

Subnetmask kelas C
-------------------
255.255.255.0   = 24 -> 254 mesin
    ..    .128 = 25 -> 128 mesin
    ..    .192 = 26 ->  64 mesin
    ..    .224 = 27 ->  32 mesin
    ..    .240 = 28 ->  16 mesin
    ..    .248 = 29 ->   8 mesin
    ..    .252 = 30 ->   4 mesin
    ..    .254 = 31 ->   2 mesin
    ..    .255 = 32 ->   1 mesin

--[2.2]-- Persiapan

- Untuk PC Router Siapkan PC, minimal Pentium I, RAM 64, HD 500M
atau pake flash memory 64 - Sebagai Web proxy, Siapkan PC, minimal
Pentium III 450Mhz, RAM 256 Mb, HD 20 Gb.  Melihat berapa minimum
RAM dan HD yang dibutuhkan untuk Cache Silahkan lihat
http://adminpreman.web.id/download/Rumus Web Proxy Mikrotik.xls

- Siapkan minimal 2 ethernet card, 1 ke arah luar/Internet dan 1
 lagi ke Network local
– Burn Source CD Mikrotik OS masukan ke CDROM.
- Versi mikrotik yang digunakan adalah Mikrotik RouterOS versi 2.9.27

--[3]-- Installasi Mikrotik Router
Setelah desain skema jaringan serta perangkat yang dibutuhkan telah
disiapkan, sekarang saatnya kita mulai proses instalasi ini.

--[3.1]-- Booting melalui CD-ROM

  Atur di BIOS agar, supaya boot lewat CD-ROM, kemudian tunggu beberapa
  saat di monitor akan muncul proses Instalasi.

-------------------------------------------------------------------------

ISOLINUX 2.08 2003-12-12 Copyrigth (C) 1994-2003 H. Peter Anvin
Loading linux..................
Loading initrd.rgz.............
Ready
Uncompressing Linux... Ok, booting the kernel

------------------------------------------------------------------------

--[3.2]-- Memilih paket software

  Setelah proses booting akan muncul menu pilihan software yang
  mau di install, pilih sesuai kebutuhan yang akan direncanakan.

  Paket yang tersedia di Mikrotik

  advanced-tools-2.9.27.npk
  arlan-2.9.27.npk
  dhcp-2.9.27.npk
  gps-2.9.27.npk
  hotspot-2.9.27.npk
  hotspot-fix-2.9.27.npk
  isdn-2.9.27.npk
  lcd-2.9.27.npk
  ntp-2.9.27.npk
  ppp-2.9.27.npk
  radiolan-2.9.27.npk
  routerboard-2.9.27.npk
  routing-2.9.27.npk
  routing-test-2.9.27.npk
  rstp-bridge-test-2.9.27.npk
  security-2.9.27.npk
  synchronous-2.9.27.npk
  system-2.9.27.npk
  telephony-2.9.27.npk
  ups-2.9.27.npk
  user-manager-2.9.27.npk
  web-proxy-2.9.27.npk
  webproxy-test-2.9.27.npk
  wireless-2.9.27.npk
  wireless-legacy-2.9.27.npk

--------------------------------------------------------------------------

       Welcome to Mikrotik Router Software Installation

Move around menu using 'p' and 'n' or arrow keys, select with 'spacebar'.
Select all with 'a', minimum with 'm'. Press 'i' to install locally or 'r' to
install remote router or 'q' to cancel and reboot.

 [X] system             [ ] lcd                 [ ] telephony
 [ ] ppp                [ ] ntp                 [ ] ups
 [ ] dhcp               [ ] radiolan            [ ] user-manager
 [X] andvanced-tools    [ ] routerboard         [X] web-proxy
 [ ] arlan              [ ] routing             [ ] webproxy-test
 [ ] gps                [ ] routing-test        [ ] wireless
 [ ] hotspot            [ ] rstp-bridge-test    [ ] wireless-legacy
 [ ] hotspot            [X] security
 [ ] isdn               [ ] synchronous

--------------------------------------------------------------------------

Umumnya Paket Mikrotik untuk Warnet, Kantor atau SOHO adalah :

a. SYSTEM           : Paket ini merupakan paket dasar, berisi Kernel dari
                     Mikrotik

b. DHCP             : Paket yang berisi fasilitas sebagai DHCP Server, DHCP
                     client, pastikan memilih paket ini jika Anda menginginkan
                     agar Client diberikan IP address otomatis dari DHCP Server

c. SECURITY         : Paket ini berisikan fasilitas yang mengutamakan Keamanan
                     jaringan, seperti Remote Mesin dengan SSH, Remote via MAC
                     Address 

d. WEB-PROXY        : Jika Anda memilih paket ini, maka Mikrotik Box anda telah
                     dapat menjalan service sebagai Web proxy yang akan menyimpan
                     cache agar traffik ke Internet dapat di reduksi serta browsing
                     untuk Web dapat dipercepat.

e. ADVANCED TOOLS   : Paket yang berisi Tool didalam melakukan Admnistrasi jaringan,
                     seperti Bandwidth meter, Scanning, Nslookup, dan lain sebagainya.

--[3.3]-- Instalasi Paket

ketik "i" setelah selesai memilih software, lalu akan muncul menu
  pilihan seperti ini :

  - Do you want to keep old configuration ? [y/n] ketik Y
  - continue ? [y/n] ketik Y

  Setelah itu proses installasi system dimulai, disini kita tidak
  perlu membuat partisi hardsik karena secara otomatis mikrotik akan
  membuat partisi sendiri.

----------------------------------------------------------------------------

wireless-legacy (depens on system):
Provides support for Cisco Aironet cards and for PrismlI and Atheros wireless
station and AP.

Do you want to keep old configuraion? [y/n]:y

Warning: all data on the disk will be erased!

Continue? [y/n]:y

Creating partition..........
Formatting disk.......................................

Installing system-2.9.27 [##################                ]

---------------------------------------------------------------------------

Proses installasi

---------------------------------------------------------------------------

Continue? [y/n]:y

Creating partition.......................
Formatting disk............................

Installed system-2.9.27
Installed advanced-tools-2.9.27
Installed dhcp-2.9.27
Installed security-2.9.27
installed web-proxy-2.9.27

Software installed.
Press ENTER to reboot

------------------------------------------------------------------------------

CATATAN :
Proses Installasi normalnya tidak sampai 15 menit, jika lebih berarti gagal,ulangi
ke step awal. Setelah proses installasi selesai maka kita akan diminta untuk
merestart system, tekan enter untuk merestart system.

--[3.5]-- Proses Check system disk

Setelah komputer booting kembali ke system mikrotik, akan ada pilihan untuk
melakukan check system disk, tekan "y".

----------------------------------------------------------------------------
Loading system with initrd
Uncompressing Linux... Ok, booting the kernel.
Starting.

It is recomended to check your disk drive for error,
but it may take while (~1min for 1Gb).
It can be done later with "/system check-disk".
Do you want to do it now? [y/n]
-----------------------------------------------------------------------------

--[3.6]-- Proses Instalasi Selesai

Setelah proses instalasi selesai, maka akan muncul menu login dalam modus
terminal, kondisi sistem saat ini dalam keadaan default.

  Mikrotik login = admin
  Password = (kosong, enter saja)

---------------------------------------------------------------------------
Mikrotik 2.9.27
Mikrotik Login:

 MMM      MMM       KKK                          TTTTTTTTTTT      KKK
 MMMM    MMMM       KKK                          TTTTTTTTTTT      KKK
 MMM MMMM MMM  III  KKK  KKK  RRRRRR     OOOOOO      TTT     III  KKK  KKK
 MMM  MM  MMM  III  KKKKK     RRR  RRR  OOO  OOO     TTT     III  KKKKK
 MMM      MMM  III  KKK KKK   RRRRRR    OOO  OOO     TTT     III  KKK KKK
 MMM      MMM  III  KKK  KKK  RRR  RRR   OOOOOO      TTT     III  KKK  KKK

 MikroTik RouterOS 2.9.27 (c) 1999-2005       http://www.mikrotik.com/

Terminal vt102 detected, using multiline input mode
[admin@Mikrotikl] >

----------------------------------------------------------------------------

CATATAN :
Konfigurasi Standar untuk mikrotik ada 2 modus, yaitu modus teks dan
modus GUI. Modus Gui ada 2 juga, yaitu Via Browser serta Via Winbox.
Untuk sekarang saya akan bahas via Teks. Karena cepat serta lebih memahami
terhadap sistem operasi ini.

--[4]-- Perintah Dasar

Perintah mikrotik sebenarnya hampir sama dengan perintah yang ada dilinux,
sebab pada dasarnya mikrotik ini merupakan kernel Linux, hasil pengolahan
kembali Linux dari Distribusi Debian. Pemakaian perintah shellnya sama,
seperti penghematan perintah, cukup menggunakan tombol TAB di keyboard
maka perintah yang panjang, tidak perlu lagi diketikkan, hanya ketikkan
awal nama perintahnya, nanti secara otomatis Shell akan menampilkan sendiri
perintah yang berkenaan. Misalnya perintah IP ADDRESS di mikrotik. Cukup
hanya mengetikkan IP ADD spasi tekan tombol TAB, maka otomatis shell
akan mengenali dan menterjemahkan sebagai perintah IP ADDRESS.

Baiklah kita lanjutkan pengenalan perintah ini.

Setelah login, cek kondisi interface atau ethernet card.

--[4.1]-- Melihat kondisi interface pada Mikrotik Router

[admin@Mikrotik] > interface print
  Flags: X - disabled, D - dynamic, R - running
#    NAME                         TYPE             RX-RATE    TX-RATE    MTU
0  R ether1                        ether            0          0          1500
1  R ether2                       ether            0          0          1500 

[admin@Mikrotik]>

Jika interfacenya ada tanda X (disabled) setelah nomor (0,1), maka periksa lagi
etherned cardnya, seharusnya R (running).

a. Mengganti nama interface
  [admin@Mikrotik] > interface(enter)

b. Untuk mengganti nama Interface ether1 menjadi Public (atau terserah namanya), maka
  [admin@Mikrotik] interface> set 0 name=Public

c. Begitu juga untuk ether2, misalkan namanya diganti menjadi Local, maka
  [admin@Mikrotik] interface> set 1 name=Local

d. atau langsung saja dari posisi root direktori, memakai tanda "/", tanpa tanda kutip
  [admin@Mikrotik] > /interface set 0 name=Public 

e. Cek lagi apakah nama interface sudah diganti.
  [admin@Mikrotik] > /interface print

  Flags: X - disabled, D - dynamic, R - running
  #    NAME                         TYPE             RX-RATE    TX-RATE    MTU
  0  R Local                        ether            0          0          1500
  1  R Public                       ether            0          0          1500

--[4.2]-- Mengganti password default
Untuk keamanan ganti password default
   [admin@Mikrotik] > password
   old password: *****
   new password: *****
   retype new password: *****
   [admin@ Mikrotik]]>

--[4.3]-- Mengganti nama hostname
Mengganti nama Mikrotik Router untuk memudahkan konfigurasi, pada langkah ini
   nama server akan diganti menjadi “routerku"

   [admin@Mikrotik] > system identity set name=routerku
   [admin@routerku]>

--[5]-- Setting IP Address, Gateway, Masqureade dan Name Server

--[5.1]-- IP Address

Bentuk Perintah konfigurasi

   ip address add address ={ip address/netmask} interface={nama interface}

a. Memberikan IP address pada interface Mikrotik. Misalkan Public akan kita gunakan untuk
  koneksi ke Internet dengan IP 192.168.1.2 dan Local akan kita gunakan untuk network LAN
  kita dengan IP 192.168.0.30 (Lihat topologi)

   [admin@routerku] > ip address add address=192.168.1.2
   netmask=255.255.255.0 interface=Public comment="IP ke Internet"

   [admin@routerku] > ip address add address=192.168.0.30
   netmask=255.255.255.224 interface=Local comment = "IP ke LAN"

b. Melihat konfigurasi IP address yang sudah kita berikan

   [admin@routerku] >ip address print
   Flags: X - disabled, I - invalid, D - dynamic
   #   ADDRESS            NETWORK         BROADCAST       INTERFACE
   0   ;;; IP Address ke Internet
       192.168.0.30/27   192.168.0.0    192.168.0.31      Local
   1   ;;; IP Address ke LAN
       192.168.1.2/24    192.168.0.0    192.168.1.255     Public
   [admin@routerku]>

--[5.2]-- Gateway

Bentuk Perintah Konfigurasi

    ip route add gateway={ip gateway}

a. Memberikan default Gateway, diasumsikan gateway untuk koneksi internet adalah
  192.168.1.1

  [admin@routerku] > /ip route add gateway=192.168.1.1

b. Melihat Tabel routing pada Mikrotik Routers

  [admin@routerku] > ip route print

   Flags: X - disabled, A - active, D - dynamic,
   C - connect, S - static, r - rip, b - bgp, o - ospf
   #     DST-ADDRESS     PREFSRC       G GATEWAY        DISTANCE   INTERFACE
   0 ADC 192.168.0.0/24   192.168.0.30                             Local
   1 ADC 192.168.0.0/27  192.168.1.2                               Public
   2 A S 0.0.0.0/0                     r 192.168.1.1               Public
   [admin@routerku]>

c. Tes Ping ke Gateway untuk memastikan konfigurasi sudah benar

   [admin@routerku] > ping 192.168.1.1
   192.168.1.1  64 byte ping: ttl=64 time<1 ms
   192.168.1.1  64 byte ping: ttl=64 time<1 ms
   2 packets transmitted, 2 packets received, 0% packet loss
   round-trip min/avg/max = 0/0.0/0 ms
   [admin@routerku]>

--[5.3]-- NAT (Network Address Translation)

Bentuk Perintah Konfigurasi

  ip firewall nat add chain=srcnat action=masquerade out-inteface={ethernet
  yang langsung terhubung ke Internet atau Public}

a. Setup Masquerading, Jika Mikrotik akan kita pergunakan sebagai gateway server maka agar
  client computer pada network dapat terkoneksi ke internet perlu kita masquerading.

   [admin@routerku] > ip firewall nat add chain=scrnat out-interface=Public action=masquerade
   [admin@routerku]>

b. Melihat konfigurasi Masquerading

   [admin@routerku] ip firewall nat print
   Flags: X - disabled, I - invalid, D - dynamic
   0   chain=srcnat out-interface=Public action=masquerade
   [admin@routerku]>

--[5.4] Name server

 Bentuk Perintah Konfigurasi

     ip dns set primary-dns={dns utama} secondary-dns={dns ke dua}

a. Setup DNS pada Mikrotik Routers, misalkan DNS dengan Ip Addressnya
   Primary = 202.134.0.155, Secondary = 202.134.2.5

   [admin@routerku] > ip dns set primary-dns=202.134.0.155 allow-remoterequests=yes
   [admin@routerku] > ip dns set secondary-dns=202.134.2.5 allow-remoterequests=yes

b. Melihat konfigurasi DNS

   [admin@routerku] > ip dns print
   primary-dns: 202.134.0.155
   secondary-dns: 202.134.2.5
   allow-remote-requests: no
   cache-size: 2048KiB
   cache-max-ttl: 1w
   cache-used: 16KiB

   [admin@routerku]>

c. Tes untuk akses domain, misalnya dengan ping nama domain

   [admin@routerku] > ping yahoo.com
   216.109.112.135 64 byte ping: ttl=48 time=250 ms
   10 packets transmitted, 10 packets received, 0% packet loss
   round-trip min/avg/max = 571/571.0/571 ms
   [admin@routerku]>

Jika sudah berhasil reply berarti seting DNS sudah benar.

Setelah langkah ini bisa dilakukan pemeriksaan untuk koneksi dari jaringan local. Dan jika
berhasil berarti kita sudah berhasil melakukan instalasi Mikrotik Router sebagai Gateway
server. Setelah terkoneksi dengan jaringan Mikrotik dapat dimanage menggunakan WinBox yang
bisa di download dari Mikrotik.com atau dari server mikrotik kita. Misal Ip address server
mikrotik kita 192.168.0.30, via browser buka http://192.168.0.30. Di Browser akan ditampilkan
dalam bentuk web dengan beberapa menu, cari tulisan Download dan download WinBox dari situ.
Simpan di local harddisk. Jalankan Winbox, masukkan Ip address, username dan password.

--[7]-- DHCP Server

DHCP merupakan singkatan dari Dynamic Host Configuration Protocol, yaitu suatu program yang
memungkinkan pengaturan IP Address di dalam sebuah jaringan dilakukan terpusat di server,
sehingga PC Client tidak perlu melakukan konfigurasi IP Addres. DHCP memudahkan administrator
untuk melakukan pengalamatan ip address untuk client.

Bentuk perintah konfigurasi

ip dhcp-server setup
dhcp server interface = { interface yang digunakan }
dhcp server space = { network yang akan di dhcp }
gateway for dhcp network = { ip gateway }
address to give out = { range ip address }
dns servers = { name server }
lease time = { waktu sewa yang diberikan }

Jika kita menginginkan client mendapatkan IP address secara otomatis maka perlu kita setup
dhcp server pada Mikrotik. Berikut langkah-langkahnya :

a. Tambahkan IP address pool

   /ip pool add name=dhcp-pool ranges=192.168.0.1-192.168.0.30

b. Tambahkan DHCP Network dan gatewaynya yang akan didistribusikan ke client.
  Pada contoh ini networknya adalah 192.168.0.0/27 dan gatewaynya 122.168.0.30

   /ip dhcp-server network add address=192.168.0.0/27 gateway=192.168.0.30 dns-server=192.168.0.30
   comment=""

c. Tambahkan DHCP Server ( pada contoh ini dhcp diterapkan pada interface Local )

   /ip dhcp-server add interface=local address-pool=dhcp-pool

d. Lihat status DHCP server

   [admin@routerku] > ip dhcp-server print

   Flags: X - disabled, I - invalid

   # NAME INTERFACE RELAY ADDRESS-POOL LEASE-TIME ADD-ARP

   0dhcp1 Local

Tanda X menyatakan bahwa DHCP server belum enable maka perlu dienablekan terlebih
dahulu pada langkah e.

e. Jangan Lupa dibuat enable dulu dhcp servernya

   /ip dhcp-server enable 0

kemudian cek kembali dhcp-server seperti langkah 4, jika tanda X sudah tidak ada berarti
sudah aktif

f. Tes Dari client

Misalnya :
D:>ping www.yahoo.com

--[8]-- Transparent Proxy Server

Proxy server merupakan program yang dapat mempercepat akses ke suatu web
yang sudah diakses oleh komputer lain, karena sudah di simpan didalam
caching server.Transparent proxy menguntungkan dalam management client,
karena system administrator tidak perlu lagi melakukan setup proxy di
setiap browser komputer client karena redirection dilakukan otomatis di sisi
server.

Bentuk perintah konfigurasi :
a. Setting web proxy :

- ip proxy set enable=yes
 port={ port yang mau digunakan }
 maximal-client-connections=1000
 maximal-server-connections=1000

- ip proxy direct add src-address={ network yang akan di
 NAT} action=allow

- ip web-proxy set parent-proxy={proxy parent/optional}
 hostname={ nama host untuk proxy/optional}
 port={port yang mau digunakan}
 src-address={ address yang akan digunakan untuk koneksi
               ke parent proxy/default 0.0.0.0}
 transparent-proxy=yes
 max-object-size={ ukuran maximal file yang akan disimpan
 sebagai cache/default 4096 in Kilobytes}
 max-cache-size= { ukuran maximal hardisk yang akan
                   dipakai sebagai penyimpan file cache/unlimited
                   | none | 12 in megabytes}
 cache-administrator={ email administrator yang akan digunakan
                       apabila proxy error, status akan dikirim
                       ke email tersebut}
 enable==yes

Contoh konfigurasi
-------------------

a. Web proxy setting

/ ip web-proxy
set enabled=yes src-address=0.0.0.0 port=8080
   hostname="proxy.routerku.co.id" transparent-proxy=yes
   parent-proxy=0.0.0.0:0 cache-administrator="support@routerku.co.id"
   max-object-size=131072KiB cache-drive=system max-cache-size=unlimited
   max-ram-cache-size=unlimited

Nat Redirect, perlu ditambahkan yaitu rule REDIRECTING untuk membelokkan
traffic HTTP menuju ke WEB-PROXY.

b. Setting firewall untuk Transparant Proxy

  Bentuk perintah konfigurasi :

  ip firewall nat add chain=dstnat
  protocol=tcp
  dst-port=80
  action=redirect
  to-ports={ port proxy }

Perintahnya:

--------------------------------------------------------------------------------
/ ip firewall nat
add chain=dstnat protocol=tcp dst-port=80 action=redirect to-ports=8080
   comment="" disabled=no
add chain=dstnat protocol=tcp dst-port=3128 action=redirect to-ports=8080
   comment="" disabled=no
add chain=dstnat protocol=tcp dst-port=8000 action=redirect to-ports=8080
--------------------------------------------------------------------------------

perintah diatas dimaksudkan, agar semua trafik yang menuju Port 80,3128,8000
dibelokkan menuju port 8080 yaitu portnya Web-Proxy.

CATATAN:
Perintah

/ip web-proxy print { untuk melihat hasil konfigurasi web-proxy}
/ip web-proxy monitor { untuk monitoring kerja web-proxy}

--[9]-- Bandwidth Management

QoS memegang peranan sangat penting dalam hal memberikan pelayanan
yang baik pada client. Untuk itu kita memerlukan bandwidth management
untuk mengatur tiap data yang lewat, sehingga pembagian bandwidth menjadi
adil. Dalam hal ini Mikrotik RouterOs juga menyertakan packet software
untuk memanagement bandwidth.

Bentuk perintah konfigurasi:

queue simple add name={ nama }
target-addresses={ ip address yang dituju }
interface={ interface yang digunakan untuk melewati data }
max-limit={ out/in }

Dibawah ini terdapat konfigurasi Trafik shaping atau bandwidth management
dengan metode Simple Queue, sesuai namanya, Jenis Queue ini memang
sederhana, namun memiliki kelemahan, kadangkala terjadi kebocoran bandwidth
atau bandwidthnya tidak secara real di monitor. Pemakaian untuk 10 Client,
Queue jenis ini tidak masalah.

Diasumsikan Client ada sebanyak 15 client, dan masing-masing client diberi
jatah bandwidth minimum sebanyak 8kbps, dan maksimum 48kbps. Sedangkan
Bandwidth totalnya sebanyak 192kbps. Untuk upstream tidak diberi rule,
berarti masing-masing client dapat menggunakan bandwidth uptream secara
maksimum. Perhatikan perintah priority, range priority di Mikrotik sebanyak
delapan. Berarti dari 1 sampai 8, priority 1 adalah priority tertinggi,
sedangkan priority 8 merupakan priority terendah.

Berikut Contoh kongirufasinya.
--------------------------------------------------------------------------------
/ queue simple
add name="trafikshaping" target-addresses=192.168.0.0/27 dst-address=0.0.0.0/0
   interface=all parent=none priority=1 queue=default/default
   limit-at=0/64000 max-limit=0/192000 total-queue=default disabled=no
add name="01" target-addresses=192.168.0.1/32 dst-address=0.0.0.0/0
   interface=all parent=trafikshaping priority=1 queue=default/default
   limit-at=0/8000 max-limit=0/48000 total-queue=default disabled=no
add name="02" target-addresses=192.168.0.2/32 dst-address=0.0.0.0/0
   interface=all parent=trafikshaping priority=1 queue=default/default
   limit-at=0/8000 max-limit=0/48000 total-queue=default disabled=no
add name="03" target-addresses=192.168.0.3/32 dst-address=0.0.0.0/0
   interface=all parent=trafikshaping priority=1 queue=default/default
   limit-at=0/8000 max-limit=0/48000 total-queue=default disabled=no
add name="04" target-addresses=192.168.0.4/32 dst-address=0.0.0.0/0
   interface=all parent=trafikshaping priority=1 queue=default/default
   limit-at=0/8000 max-limit=0/48000 total-queue=default disabled=no
add name="10" target-addresses=192.168.0.25/32 dst-address=0.0.0.0/0
   interface=all parent=trafikshaping priority=1 queue=default/default
   limit-at=0/8000 max-limit=0/48000 total-queue=default disabled=no
add name="05" target-addresses=192.168.0.5/32 dst-address=0.0.0.0/0
   interface=all parent=trafikshaping priority=1 queue=default/default
   limit-at=0/8000 max-limit=0/48000 total-queue=default disabled=no
add name="06" target-addresses=192.168.0.6/32 dst-address=0.0.0.0/0
   interface=all parent=trafikshaping priority=1 queue=default/default
   limit-at=0/8000 max-limit=0/48000 total-queue=default disabled=no
add name="07" target-addresses=192.168.0.7/32 dst-address=0.0.0.0/0
   interface=all parent=trafikshaping priority=1 queue=default/default
   limit-at=0/8000 max-limit=0/48000 total-queue=default disabled=no
add name="08" target-addresses=192.168.0.8/32 dst-address=0.0.0.0/0
   interface=all parent=trafikshaping priority=1 queue=default/default
   limit-at=0/8000 max-limit=0/48000 total-queue=default disabled=no
add name="09" target-addresses=192.168.0.9/32 dst-address=0.0.0.0/0
   interface=all parent=trafikshaping priority=1 queue=default/default
   limit-at=0/8000 max-limit=0/48000 total-queue=default disabled=no
add name="10" target-addresses=192.168.0.10/32 dst-address=0.0.0.0/0
   interface=all parent=trafikshaping priority=1 queue=default/default
   limit-at=0/8000 max-limit=0/48000 total-queue=default disabled=no
add name="11" target-addresses=192.168.0.11/32 dst-address=0.0.0.0/0
   interface=all parent=trafikshaping priority=1 queue=default/default
   limit-at=0/8000 max-limit=0/48000 total-queue=default disabled=no
add name="12" target-addresses=192.168.0.12/32 dst-address=0.0.0.0/0
   interface=all parent=trafikshaping priority=1 queue=default/default
   limit-at=0/8000 max-limit=0/48000 total-queue=default disabled=no
add name="13" target-addresses=192.168.0.13/32 dst-address=0.0.0.0/0
   interface=all parent=trafikshaping priority=1 queue=default/default
   limit-at=0/8000 max-limit=0/48000 total-queue=default disabled=no
add name="14" target-addresses=192.168.0.14/32 dst-address=0.0.0.0/0
   interface=all parent=trafikshaping priority=1 queue=default/default
   limit-at=0/8000 max-limit=0/48000 total-queue=default disabled=no
add name="15" target-addresses=192.168.0.15/32 dst-address=0.0.0.0/0
   interface=all parent=trafikshaping priority=1 queue=default/default
   limit-at=0/8000 max-limit=0/48000 total-queue=default disabled=no

Perintah diatas karena dalam bentuk command line, bisa juga di copy
paste, selanjutnya di paste saja ke consol mikrotiknya. ingat lihat
dulu path atau direktory aktif. Silahkan dipaste saja, kalau posisi
direktorynya di Root.

-------------------------------------------------------------------
Terminal vt102 detected, using multiline input mode
[admin@mikrotik] >
------------------------------------------------------------------

Pilihan lain metode bandwidth manajemen ini, kalau seandainya ingin
bandwidth tersebut dibagi sama rata oleh Mikrotik, seperti bandwidth
256kbps downstream dan 256kbps upstream. Sedangkan client yang akan
mengakses sebanyak 10 client, maka otomatis masing-masing client
mendapat jatah bandwidth upstream dan downstream sebanyak 256kbps
dibagi 10. Jadi masing-masing dapat 25,6kbps. Andaikata hanya 2 Client
yang mengakses maka masing-masing dapat 128kbps.

Untuk itu dipakai type PCQ (Per Connection Queue), yang bisa secara
otomatis membagi trafik per client. Tentang jenis queue di mikrotik
ini dapat dibaca pada manualnya di http://www.mikrotik.com/testdocs/
ros/2.9/root/queue.php.

Sebelumnya perlu dibuat aturan di bagian MANGLE. Seperti :

--------------------------------------------------------------------
/ip firewall mangle add chain=forward src-address=192.168.0.0/27
  action=mark-connection new-connection-mark=users-con
/ip firewall mangle add connection-mark=users-con action=mark-packet
  new-packet-mark=users chain=forward
----------------------------------------------------------------------

Karena type PCQ belum ada, maka perlu ditambah, ada 2 type PCQ ini.
Pertama diberi nama pcq-download, yang akan mengatur semua trafik
melalui alamat tujuan/destination address. Trafik ini melewati
interface Local. Sehingga semua traffik download/downstream yang
datang dari jaringan 192.168.0.0/27 akan dibagi secara otomatis.

Tipe PCQ kedua, dinamakan pcq-upload, untuk mengatur semua trafik upstream
yang berasal dari alamat asal/source address. Trafik ini melewati
interface public. Sehingga semua traffik upload/upstream yang berasal
dari jaringan 192.168.0.0/27 akan dibagi secara otomatis.

Perintah:
-------------------------------------------------------------------------
/queue type add name=pcq-download kind=pcq pcq-classifier=dst-address
/queue type add name=pcq-upload kind=pcq pcq-classifier=src-address
-------------------------------------------------------------------------

Setelah aturan untuk PCQ dan Mangle ditambahkan, sekarang untuk aturan
pembagian trafiknya. Queue yang dipakai adalah Queue Tree, Yaitu:

-------------------------------------------------------------------------
/queue tree add parent=Local queue=pcq-download packet-mark=users
/queue tree add parent=Public queue=pcq-upload packet-mark=users
-------------------------------------------------------------------------

Perintah diatas mengasumsikan, kalau bandwidth yang diterima dari provider
Internet berflukstuasi atau berubah-rubah. Jika kita yakin bahwa bandwidth
yang diterima, misalkan dapat 256kbs downstream, dan 256kbps upstream, maka
ada lagi aturannya, seperti :

Untuk trafik downstreamnya :
------------------------------------------------------------------------
/queue tree add name=Download parent=Local max-limit=256k
/queue tree add parent=Download queue=pcq-download packet-mark=users
-------------------------------------------------------------------------

Dan trafik upstreamnya :
---------------------------------------------------------------------------
/queue tree add name=Upload parent=Public max-limit=256k
/queue tree add parent=Upload queue=pcq-upload packet-mark=users
---------------------------------------------------------------------------

--[10]-- Monitor MRTG via Web

Fasilitas ini diperlukan untuk monitoring trafik dalam bentuk grafik, dapat
dilihat dengan menggunakan browser. MRTG (The Multi Router Traffic Grapher)
telah dibuild sedemikian rupa, sehingga memudahkan kita memakainya. Telah
tersedia dipaket dasarnya.

Contoh konfigurasinya

-------------------------------------------------------------------------
/ tool graphing
set store-every=5min
/ tool graphing interface
add interface=all allow-address=0.0.0.0/0 store-on-disk=yes disabled=no
---------------------------------------------------------------------------

Perintah diatas akan menampilkan grafik dari trafik yang melewati interface
jaringan baik berupa Interface Public dan Interface Local, yang dirender
setiap 5 menit sekali. Juga dapat diatur Alamat apa saja yang dapat mengakses
MRTG ini, pada parameter allow-address.

--[11]-- Keamanan di Mikrotik

Setelah beberapa Konfigurasi diatas telah disiapkan, tentu tidak lupa kita
perhatikan keamanan dari Mesin gateway Mikrotik ini, ada beberapa fasilitas
yang dipergunakan. Dalam hal ini akan dibahas tentang Firewallnya. Fasilitas
Firewall ini secara pringsip serupa dengan IP TABLES di Gnu/Linux hanya saja
beberapa perintah telah di sederhanakan namun berdaya guna.

Di Mikrotik perintah firewall ini terdapat dalam modus IP, yaitu

[admin@routerku] > /ip firewall

Terdapat beberapa packet filter seperti mangle, nat, dan filter.

-------------------------------------------------------------------------
[admin@routerku] ip firewall> ?

Firewall allows IP packet filtering on per packet basis.

.. -- go up to ip
mangle/ -- The packet marking management
nat/ -- Network Address Translation
connection/ -- Active connections
filter/ -- Firewall filters
address-list/ --
service-port/ -- Service port management
export --
--------------------------------------------------------------------------

Untuk kali ini kita akan lihat konfigurasi pada ip firewall filternya.

Karena Luasnya parameter dari firewall filter ini untuk pembahasan Firewall
Filter selengkapnya dapat dilihat pada manual mikrotik, di
http://www.mikrotik.com/testdocs/ros/2.9/ip/filter.php

Konfigurasi dibawah ini dapat memblokir beberapa Trojan, Virus, Backdoor
yang telah dikenali sebelumnya baik Nomor Port yang dipakai serta Protokolnya.
Juga telah di konfigurasikan untuk menahan Flooding dari Jaringan Publik dan
jaringan Lokal. Serta pemberian rule untuk Access control agar, Rentang
jaringan tertentu saja yang bisa melakukan Remote atau mengakses service
tertentu terhadap Mesin Mikrotik kita.

Contoh Aplikasi Filternya
-----------------------------------------------------------------------------
/ ip firewall filter
add chain=input connection-state=invalid action=drop comment="Drop Invalid
   connections" disabled=no
add chain=input src-address=!192.168.0.0/27 protocol=tcp src-port=1024-65535
   dst-port=8080 action=drop comment="Block to Proxy" disabled=no
add chain=input protocol=udp dst-port=12667 action=drop comment="Trinoo"
   disabled=no
add chain=input protocol=udp dst-port=27665 action=drop comment="Trinoo"
   disabled=no
add chain=input protocol=udp dst-port=31335 action=drop comment="Trinoo"
   disabled=no
add chain=input protocol=udp dst-port=27444 action=drop comment="Trinoo"
   disabled=no
add chain=input protocol=udp dst-port=34555 action=drop comment="Trinoo"
   disabled=no
add chain=input protocol=udp dst-port=35555 action=drop comment="Trinoo"
   disabled=no
add chain=input protocol=tcp dst-port=27444 action=drop comment="Trinoo"
   disabled=no
add chain=input protocol=tcp dst-port=27665 action=drop comment="Trinoo"
   disabled=no
add chain=input protocol=tcp dst-port=31335 action=drop comment="Trinoo"
   disabled=no
add chain=input protocol=tcp dst-port=31846 action=drop comment="Trinoo"
   disabled=no
add chain=input protocol=tcp dst-port=34555 action=drop comment="Trinoo"
   disabled=no
add chain=input protocol=tcp dst-port=35555 action=drop comment="Trinoo"
   disabled=no
add chain=input connection-state=established action=accept comment="Allow
   Established connections" disabled=no
add chain=input protocol=udp action=accept comment="Allow UDP" disabled=no
add chain=input protocol=icmp action=accept comment="Allow ICMP" disabled=no
add chain=input src-address=192.168.0.0/27 action=accept comment="Allow access
   to router from known network" disabled=no
add chain=input action=drop comment="Drop anything else" disabled=no
add chain=forward protocol=tcp connection-state=invalid action=drop
   comment="drop invalid connections" disabled=no
add chain=forward connection-state=established action=accept comment="allow
   already established connections" disabled=no
add chain=forward connection-state=related action=accept comment="allow
   related connections" disabled=no
add chain=forward src-address=0.0.0.0/8 action=drop comment="" disabled=no
add chain=forward dst-address=0.0.0.0/8 action=drop comment="" disabled=no
add chain=forward src-address=127.0.0.0/8 action=drop comment="" disabled=no
add chain=forward dst-address=127.0.0.0/8 action=drop comment="" disabled=no
add chain=forward src-address=224.0.0.0/3 action=drop comment="" disabled=no
add chain=forward dst-address=224.0.0.0/3 action=drop comment="" disabled=no
add chain=forward protocol=tcp action=jump jump-target=tcp comment=""
   disabled=no
add chain=forward protocol=udp action=jump jump-target=udp comment=""
   disabled=no
add chain=forward protocol=icmp action=jump jump-target=icmp comment=""
   disabled=no
add chain=tcp protocol=tcp dst-port=69 action=drop comment="deny TFTP"
   disabled=no
add chain=tcp protocol=tcp dst-port=111 action=drop comment="deny RPC
   portmapper" disabled=no
add chain=tcp protocol=tcp dst-port=135 action=drop comment="deny RPC
   portmapper" disabled=no
add chain=tcp protocol=tcp dst-port=137-139 action=drop comment="deny NBT"
   disabled=no
add chain=tcp protocol=tcp dst-port=445 action=drop comment="deny cifs"
   disabled=no
add chain=tcp protocol=tcp dst-port=2049 action=drop comment="deny NFS"
   disabled=no
add chain=tcp protocol=tcp dst-port=12345-12346 action=drop comment="deny
   NetBus" disabled=no
add chain=tcp protocol=tcp dst-port=20034 action=drop comment="deny NetBus"
   disabled=no
add chain=tcp protocol=tcp dst-port=3133 action=drop comment="deny
   BackOriffice" disabled=no
add chain=tcp protocol=tcp dst-port=67-68 action=drop comment="deny DHCP"
   disabled=no
add chain=udp protocol=udp dst-port=69 action=drop comment="deny TFTP"
   disabled=no
add chain=udp protocol=udp dst-port=111 action=drop comment="deny PRC
   portmapper" disabled=no
add chain=udp protocol=udp dst-port=135 action=drop comment="deny PRC
   portmapper" disabled=no
add chain=udp protocol=udp dst-port=137-139 action=drop comment="deny NBT"
   disabled=no
add chain=udp protocol=udp dst-port=2049 action=drop comment="deny NFS"
   disabled=no
add chain=udp protocol=udp dst-port=3133 action=drop comment="deny
   BackOriffice" disabled=no
add chain=input protocol=tcp psd=21,3s,3,1 action=add-src-to-address-list
   address-list="port scanners" address-list-timeout=2w comment="Port
   scanners to list " disabled=no
add chain=input protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg
   action=add-src-to-address-list address-list="port scanners"
   address-list-timeout=2w comment="NMAP FIN Stealth scan" disabled=no
add chain=input protocol=tcp tcp-flags=fin,syn action=add-src-to-address-list
   address-list="port scanners" address-list-timeout=2w comment="SYN/FIN
   scan" disabled=no
add chain=input protocol=tcp tcp-flags=syn,rst action=add-src-to-address-list
   address-list="port scanners" address-list-timeout=2w comment="SYN/RST
   scan" disabled=no
add chain=input protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack
   action=add-src-to-address-list address-list="port scanners"
   address-list-timeout=2w comment="FIN/PSH/URG scan" disabled=no
add chain=input protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg
   action=add-src-to-address-list address-list="port scanners"
   address-list-timeout=2w comment="ALL/ALL scan" disabled=no
add chain=input protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
   action=add-src-to-address-list address-list="port scanners"
   address-list-timeout=2w comment="NMAP NULL scan" disabled=no
add chain=input src-address-list="port scanners" action=drop comment="dropping
   port scanners" disabled=no
add chain=icmp protocol=icmp icmp-options=0:0 action=accept comment="drop
   invalid connections" disabled=no
add chain=icmp protocol=icmp icmp-options=3:0 action=accept comment="allow
   established connections" disabled=no
add chain=icmp protocol=icmp icmp-options=3:1 action=accept comment="allow
   already established connections" disabled=no
add chain=icmp protocol=icmp icmp-options=4:0 action=accept comment="allow
   source quench" disabled=no
add chain=icmp protocol=icmp icmp-options=8:0 action=accept comment="allow
   echo request" disabled=no
add chain=icmp protocol=icmp icmp-options=11:0 action=accept comment="allow
   time exceed" disabled=no
add chain=icmp protocol=icmp icmp-options=12:0 action=accept comment="allow
   parameter bad" disabled=no
add chain=icmp action=drop comment="deny all other types" disabled=no
add chain=tcp protocol=tcp dst-port=25 action=reject
   reject-with=icmp-network-unreachable comment="Smtp" disabled=no
add chain=tcp protocol=udp dst-port=25 action=reject
   reject-with=icmp-network-unreachable comment="Smtp" disabled=no
add chain=tcp protocol=tcp dst-port=110 action=reject
   reject-with=icmp-network-unreachable comment="Smtp" disabled=no
add chain=tcp protocol=udp dst-port=110 action=reject
   reject-with=icmp-network-unreachable comment="Smtp" disabled=no
add chain=tcp protocol=udp dst-port=110 action=reject
   reject-with=icmp-network-unreachable comment="Smtp" disabled=no
-----------------------------------------------------------------------------

--[11.1]-- Service dan Melihat Service yang Aktif dengan PortScanner

Untuk memastikan Service apa saja yang aktif di Mesin mikrotik, perlu kita
pindai terhadap port tertentu, seandainya ada service yang tidak dibutuhkan,
sebaiknya dimatikan saja.

Untuk menonaktifkan dan mengaktifkan servise, perintah adalah :

Kita periksa dahulu service apa saja yang aktif

----------------------------------------------------------------------------------
[admin@routerku] > ip service
[admin@routerku] ip service> print
Flags: X - disabled, I - invalid
#   NAME                                  PORT  ADDRESS            CERTIFICATE
0 X telnet                                23    0.0.0.0/0
1   ftp                                   21    0.0.0.0/0
2   www                                   80    0.0.0.0/0
3   ssh                                   22    0.0.0.0/0
4   www-ssl                               443   0.0.0.0/0          none
[admin@routerku] ip service>
----------------------------------------------------------------------------------

Misalkan service FTP akan dinonaktifkan, yaitu di daftar diatas terletak pada
nomor 1 (lihat bagian Flags) maka :

---------------------------------------------------------------------------------
[admin@routerku] ip service> set 1 disabled=yes
---------------------------------------------------------------------------------

Perlu kita periksa lagi,

---------------------------------------------------------------------------------
[admin@routerku] ip service> print
Flags: X - disabled, I - invalid
#   NAME                                  PORT  ADDRESS            CERTIFICATE
0 X telnet                                23    0.0.0.0/0
1 X ftp                                   21    0.0.0.0/0
2   www                                   80    0.0.0.0/0
3   ssh                                   22    0.0.0.0/0
4   www-ssl                               443   0.0.0.0/0          none
[admin@router.dprd.provinsi] ip service>
---------------------------------------------------------------------------------

Sekarang service FTP telah dinonaktifkan.

Dengan memakai tool nmap kita dapat mencek port apa saja yang aktif pada mesin
gateway yang telah dikonfigurasikan.

Perintah : nmap -vv -sS -sV -P0 192.168.0.30

Hasil :

-------------------------------------------------------------------------------------
Starting Nmap 4.20 ( http://insecure.org ) at 2007-04-04 19:55 SE Asia Standard Time
Initiating ARP Ping Scan at 19:55
Scanning 192.168.0.30 [1 port]
Completed ARP Ping Scan at 19:55, 0.31s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 19:55
Completed Parallel DNS resolution of 1 host. at 19:55, 0.05s elapsed
Initiating SYN Stealth Scan at 19:55
Scanning  192.168.0.30 [1697 ports]
Discovered open port 22/tcp on 192.168.0.30
Discovered open port 53/tcp on 192.168.0.30
Discovered open port 80/tcp on 192.168.0.30
Discovered open port 21/tcp on 192.168.0.30
Discovered open port 3986/tcp on 192.168.0.30
Discovered open port 2000/tcp on 192.168.0.30
Discovered open port 8080/tcp on 192.168.0.30
Discovered open port 3128/tcp on 192.168.0.30
Completed SYN Stealth Scan at 19:55, 7.42s elapsed (1697 total ports)
Initiating Service scan at 19:55
Scanning 8 services on 192.168.0.30
Completed Service scan at 19:57, 113.80s elapsed (8 services on 1 host)
Host  192.168.0.30 appears to be up ... good.
Interesting ports on 192.168.0.30:
Not shown: 1689 closed ports
PORT     STATE SERVICE         VERSION
21/tcp   open  ftp             MikroTik router ftpd 2.9.27
22/tcp   open  ssh             OpenSSH 2.3.0 mikrotik 2.9.27 (protocol 1.99)
53/tcp   open  domain?
80/tcp   open  http            MikroTik router http config
2000/tcp open  callbook?
3128/tcp open  http-proxy      Squid webproxy 2.5.STABLE11
3986/tcp open  mapper-ws_ethd?
8080/tcp open  http-proxy      Squid webproxy 2.5.STABLE11
2 services unrecognized despite returning data. If you know the service/version,
please submit the following fingerprints at
http://www.insecure.org/cgi-bin/servicefp-submit.cgi :

==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port53-TCP:V=4.20%I=7%D=4/4%Time=4613A03C%P=i686-pc-windows-windows%r(D
SF:NSVersionBindReq,E,"�x0c�x06x81x84��������")%r(DNSStatusR
SF:equest,E,"�x0c��x90x84��������");
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port2000-TCP:V=4.20%I=7%D=4/4%Time=4613A037%P=i686-pc-windows-windows%r
SF:(NULL,4,"x01���")%r(GenericLines,4,"x01���")%r(GetRequest,18,"
SF:x01���x02���d?xe4{x9dx02x1axccx8bxd1Vxb2Fxff9xb0")%r(
SF:HTTPOptions,18,"x01���x02���d?xe4{x9dx02x1axccx8bxd1Vx
SF:b2Fxff9xb0")%r(RTSPRequest,18,"x01���x02���d?xe4{x9dx02x
SF:1axccx8bxd1Vxb2Fxff9xb0")%r(RPCCheck,18,"x01���x02���d?
SF:xe4{x9dx02x1axccx8bxd1Vxb2Fxff9xb0")%r(DNSVersionBindReq,18,"
SF:x01���x02���d?xe4{x9dx02x1axccx8bxd1Vxb2Fxff9xb0")%r(
SF:DNSStatusRequest,4,"x01���")%r(Help,4,"x01���")%r(X11Probe,4,"
SF:x01���")%r(FourOhFourRequest,18,"x01���x02���xb9x15&xf1A
SF:]+x11nxf6x9bxa0,xb0xe1xa5")%r(LPDString,4,"x01���")%r(LDAP
SF:BindReq,4,"x01���")%r(LANDesk-RC,18,"x01���x02���xb9x15&
SF:xf1A]+x11nxf6x9bxa0,xb0xe1xa5")%r(TerminalServer,4,"x01��
SF:0")%r(NCP,18,"x01���x02���xb9x15&xf1A]+x11nxf6x9bxa0,
SF:xb0xe1xa5")%r(NotesRPC,18,"x01���x02���xb9x15&xf1A]+x1
SF:1nxf6x9bxa0,xb0xe1xa5")%r(NessusTPv10,4,"x01���");
MAC Address: 00:90:4C:91:77:02 (Epigram)
Service Info: Host: routerku; Device: router

Service detection performed. Please report any incorrect results at
http://insecure.org/nmap/submit/ .

Nmap finished: 1 IP address (1 host up) scanned in 123.031 seconds
              Raw packets sent: 1706 (75.062KB) | Rcvd: 1722 (79.450KB)

---------------------------------------------------------------------------

Dari hasil scanning tersebut dapat kita ambil kesimpulan, bahwa service dan
port yang aktif adalah FTP dalam versi MikroTik router ftpd 2.9.27. Untuk
SSH dengan versi OpenSSH 2.3.0 mikrotik 2.9.27 (protocol 1.99). Serta Web
proxy memakai Squid dalam versi Squid webproxy 2.5.STABLE11.

Tentu saja pihak vendor mikrotik telah melakukan patch terhadap Hole atau
Vulnerabilities dari Versi Protocol diatas.

--[11.2]-- Tool administrasi Jaringan

Secara praktis terdapat beberapa tool yang dapat dimanfaatkan dalam mela
kukan troubleshooting jaringan, seperti tool ping, traceroute, SSH, dll.
Beberapa tool yang sering digunakan nantinya dalam administrasi sehari-hari
adalah :

o Telnet
o SSH
o Traceroute
o Sniffer

a. Telnet
Perintah remote mesin ini hampir sama penggunaan dengan telnet yang ada
di Linux atau Windows.

[admin@routerku] > system telnet ?

Perintah diatas untuk melihat sekilias paramater apa saja yang ada. Misalnya
mesin remote dengan ip address 192.168.0.21 dan port 23. Maka

[admin@routerku] > system telnet 192.168.0.21

Penggunaan telnet sebaiknya dibatasi untuk kondisi tertentu dengan alasan
keamanan, seperti kita ketahui, packet data yang dikirim melalui telnet
belum di enskripsi. Agar lebih amannya kita pergunakan SSH.

b. SSH
Sama dengan telnet perintah ini juga diperlukan dalam remote mesin, serta
pringsipnya sama juga parameternya dengan perintah di Linux dan Windows.

[admin@routerku] > system ssh 192.168.0.21

Parameter SSH diatas, sedikit perbedaan dengan telnet. Jika lihat helpnya
memiliki parameter tambahan yaitu user.

------------------------------------------------------------------------------
[admin@routerku] > system ssh ?
The SSH feature can be used with various SSH Telnet clients to securely connect
to and administrate the router
 --
user -- User name
port -- Port number

[admin@routerku] >
------------------------------------------------------------------------------

Misalkan kita akan melakukan remote pada suatu mesin dengan sistem
operasinya Linux, yang memiliki Account, username Root dan Password
123456 pada Address 66.213.7.30. Maka perintahnya,

-----------------------------------------------------------------------------
[admin@routerku] > system ssh 66.213.7.30 user=root
root@66.213.7.30's password:
----------------------------------------------------------------------------

c. Traceroute

Mengetahui hops atau router apa saja yang dilewati suatu packet sampai packet
itu terkirim ke tujuan, lazimnya kita menggunakan traceroute. Dengan tool ini
dapat di analisa kemana saja route dari jalannya packet.

Misalkan ingin mengetahui jalannya packet yang menuju server yahoo, maka:

----------------------------------------------------------------------------
[admin@routerku] > tool traceroute yahoo.com  ADDRESS  STATUS
  1 63.219.6.nnn    00:00:00 00:00:00 00:00:00
  2 222.124.4.nnn   00:00:00 00:00:00 00:00:00
  3 192.168.34.41   00:00:00 00:00:00 00:00:00
  4 61.94.1.253     00:00:00 00:00:00 00:00:00
  5 203.208.143.173 00:00:00 00:00:00 00:00:00
  6 203.208.182.5   00:00:00 00:00:00 00:00:00
  7 203.208.182.114 00:00:00 00:00:00 00:00:00
  8 203.208.168.118 00:00:00 00:00:00 00:00:00
  9 203.208.168.134  timeout 00:00:00 00:00:00
 10 216.115.101.34  00:00:00  timeout  timeout
 11 216.115.101.129  timeout  timeout 00:00:00
 12 216.115.108.1    timeout  timeout 00:00:00
 13 216.109.120.249 00:00:00 00:00:00 00:00:00
 14 216.109.112.135 00:00:00  timeout  timeout
------------------------------------------------------------------------------

d. Sniffer

Kita dapat menangkap dan menyadap packet-packet yang berjalan
di jaringan kita, tool ini telah disediakan oleh Mikrotik yang berguna
dalam menganalisa trafik.

----------------------------------------------------------------------------
[admin@routerku] > tool sniffer
Packet sniffering

.. -- go up to tool
start -- Start/reset sniffering
stop -- Stop sniffering
save -- Save currently sniffed packets
packet/ -- Sniffed packets management
protocol/ -- Protocol management
host/ -- Host management
connection/ -- Connection management
print --
get -- get value of property
set --
edit -- edit value of property
export --
----------------------------------------------------------------------------

Untuk memulai proses sniffing dapat menggunakan perintah Start, sedangkan
menghentikannya dapat menggunaka perintah Stop.

[admin@routerku] > tool sniffer start

Proses sniffing sedang dikerjakan, tunggu saja beberapa lama, kemudian
ketikkan perintah stop jika ingin menghentikannya. Melihat hasil packet
yang ditangkap dapat menggunakan perintah print, untuk mengeksportnya
dalam bentuk file dapat digunakan perintah export.

--[12]-- Kesimpulan

Untuk pemakaian jaringan berskala Kecil-menengah produk dari Latvia ini,
dapat menjadi pilihan, saya disini bukan untuk mempromosikan Produk ini.
Namun sebagai gambaran, bagaimana memanfaatkan produk ini untuk berbagai
keperluan, lagipula sebagai alternatif dari produk sejenis yang harganya
cenderung mahal.

Dengan Mikrotik yang saat ini sedang populernya diterapkan pada berbagai
ISP Wireless, Warnet-warnet serta beberapa Perusahaan. Maka Administrasi
Sistem Jaringan dapat lebih mudah dan sederhana. Yang jelas untuk sekedar
memanfaatkan fasilitas Routing saja, PC TUA anda dapat digunakan.

Mudah-mudahan paparan diatas dapat membantu pembaca dalam memahami, apa
dan bagaimana mikrotik ini.

--[13]-- Referensi

Artikel ini merupakan kompilasi dari berbagai sumber

1. Web Blog
  - http://dhanis.web.id
  - http://okawardhana.web.id
  - http://harrychanputra.web.id

2. Website
  - http://www.cgd.co.id
  - http://www.ilmukomputer.org
  - http://www.mikrotik.com
  - http://www.mikrotik.co.id
  - http://forum.mikrotik.com

oO Using no way as a way, Using no limitations as a limitation Oo

Salam dan terimakasih,
r0t0r
-----------------------------------------------------------------------
Copyleft Unreserved by Law 1995 - 2007 Kecoak Elektronik Indonesia
http://www.kecoak-elektronik.net
 
.L.A.M.P.I.R.A.N.

Daftar Port dan Protocol berbagai jenis Trojan, Backdoor, Virus.
daftar ini dapat saja tidak berlaku, atau dapat pula perlu ditambah
seiring perkembangan Malware tersebut. Update terus Filter Rule
mesin mikrotik anda. ########## Pembatasan Brute Force  #################################
/ ip firewall filter
add chain=input protocol=tcp dst-port=22 connection-limit=1,32
   action=add-src-to-address-list address-list=ssh_logins
   address-list-timeout=2m comment="" disabled=no
add chain=input protocol=tcp dst-port=22 src-address-list=!ssh_logins
   action=accept comment="" disabled=no
add chain=forward src-address=192.168.1.10 protocol=tcp src-port=21
   content="password incorrect" action=add-dst-to-address-list
   address-list=ftp_logins address-list-timeout=1m comment="" disabled=no
add chain=forward src-address-list=ftp_logins action=drop comment="" disabled=no
########################################################################

Pemblokiran beberapa URL tertentu dapat dilakukan pada mikrotik.
Jika paket web-proxy telah terinstall dan web-proxynya juga telah
dikonfigurasi, maka perintah dibawah ini dapat disertakan.