Á¶¿ëÇÏ´ø 2010.12.18 06:36:42
$_SERVER[HTTP_REFERER]) =="" À̸é¼
$_SERVER['HTTP_USER_AGENT'] == MSIE 6.0 ÀÎ ³à¼® 2¸¶¸®°¡ µé¾î¿Â µÚ
/*
188.72.235.22 2010-12-18 06:48:18 MSIE 6.0 XP 2010-12-18 06:36:42
Host name films-gratuit.com / Country Germany / Country Code DE
79.142.68.99 http://c79.co.kr/bbs/board.php?bo_table=th&wr_id=90 MSIE 6.0 XP 2010-12-18 06:48:18
Host name hosted-by.altushost.com / Country Italy / Country Code IT
*/
À§ÀÇ µÎ IP¿Í °ü°è°¡ ÀÖ´ÂÁö ¸ð¸£Áö¸¸
2010-12-18 07:07:17 ~ 09:06:34 ¸·±â±îÁö 600°³ °¡±î¿î IP°¡ µ¿½Ã¿¡ µé¾î¿Ô´Ù.
°øÅëÁ¡Àº
$_SERVER[HTTP_REFERER]) =="" À̸é¼
$_SERVER['HTTP_USER_AGENT'] == "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
¹Û¿¡ ¾ø´Ù.
IPÀÇ ±¹°¡ ´ë¿ªÀº ³Ê¹« ´Ù¾çÇؼ Àǹ̰¡ ¾øÀ»µí ÇÏ°í.
190.220.169.18 MSIE 6.0 XP 2010-12-18 07:07:17 Country Argentina Country Code AR
202.120.37.134 MSIE 6.0 XP 2010-12-18 07:07:20 Country China Country Code CN
.
.
ÀÌ°Ç ¹º ½ÃÃò¿¡À̼ÇÀÌ³Ä Çϸ鼵µ
´ëóÇÒ ¼ö ÀÖ´Â ¹æ¹ýÀº ´«°¡¸®°í ¾Æ¿õ ¹Û¿¡ ¾ø´Ù´Â °Í.
die(); exit; ¶ÇÇÑ ´«À» °¨¾Æ¹ö¸®´Â ÇüÅÂÀÏ»Ó °è¼Ó Áã¾îÅÍÁö´Â »óÅÂ.
//
±âŸ PHPÃë¾àÄÚµå, ÄíÅ°º¯Á¶Åø cooxie $_POST['password']
http://search.naver.com/search.naver?sm=tab_hty&where=nexearch&query=PHP%C3%EB%BE%E0%C4%DA%B5%E5%2C+%C4%ED%C5%B0%BA%AF%C1%B6%C5%F8+cooxie+%24_POST%5B%27password%27%5D&x=20&y=14
//
DDOS°ø°Ý°ú ´ëó¹æ¾È PC/³×Æ®¿öÅ© 2010/01/16 17:50
[Ãâó]
http://blog.naver.com/corbikim/100097773590
DDoS (distributed denial-of-service attack) ; ºÐ»ê ¼ºñ½º °ÅºÎ
DDoS °ø°ÝÀº ´Ù¼öÀÇ ÀÌ¹Ì ÇØÅ·´çÇÑ ½Ã½ºÅÛµéÀ» ÀÌ¿ëÇÑ ºÐ»êµÈ °ø°ÝÀÌ´Ù.
ÀÌ¿¡´ëÇÑ ¹æ¾îµµ ¿©·¯ ½Ã½ºÅÛ¿¡¼ µ¿½Ã¿¡ ÀÌ·ç¾îÁö´Â °ÍÀÌ ÀåºñÀÇ °úºÎÇϵµ
ÇØ°íÇÒ ¼ö ÀÖÀ¸¸ç, °ø°Ý Æ®·¡ÇÈÀÌ ISP ³»ºÎ ¹éº»À¸·Î À¯ÀԵDZâ ÀÌÀü¿¡ °¢ edge
¶ó¿ìÅ͵鿡¼ »çÀü Â÷´ÜÇÔÀ¸·Î½á ¹æ¹öÈ¿°úµµ ±Ø´ëÈÇÒ ¼ö ÀÖ´Ù.
Blackhole Routing
(ÀåºñÀÇ ¼º´ÉÀúÇϸ¦ ÃÖ¼ÒÈÇÏ¸é¼ L3 ·¹º§¿¡¼ ÇÊÅ͸µ ÇÒ ¼ö ÀÖ´Â ¹æ¹ý)
(°³º° ¶ó¿ìÅÍ ¸¶´Ù Null0µÇ´Â ruleÀ» ÀÏÀÏÀÌ ¾÷µ¥ÀÌÆ® Çؾ߸¸ ÇÑ´Ù. )
Blackhole Routing Cisco Example
backbone#conf t
Enter configuration commands, one per line. End with CNTL/Z.
backbone(config)#ip route 58.120.227.250 255.255.255.255 Null0 = /32 bit ºí·¯Å·
DDoS Tools
trinoo : 1524/tcp , 27665/tcp , 27444/tcp , 31335/udp
TFN : ICMP , ECHO, ICMP , ECHO RePLY
stacheldraft : 16660/tcp , 65000/tcp , ICMP ECHO , ICMP ECHO REPLY
Shaft : 20432/tcp , 18753/udp, 20433/udp
TFN2k : random
´ëÃ¥ ¹æ¾È
³×Æ®¿öÅ© Â÷¿ø¿¡¼ ¼ºñ½º°ÅºÎ°ø°Ý¿¡ ´ëÇÑ ±âÁ¸ÀÇ ¹æ¾î±â¼ú·Î½á ´ëÇ¥ÀûÀÎ °ÍÀº
ACL, Blackhole Routing(Null0 Routing), uRPF, Rate-Limit µîÀÌ ÀÖÀ¸¸ç,
°ø°Ý¿¡ ´ëÇÑ ÃßÀûÀ» À§Çؼ´Â Æ®·¡ÇÈ È帧À» ºÐ¼®ÇÒ ¼ö ÀÖ´Â NetFlow
±â¼úÀÌ ´ëÇ¥ÀûÀ¸·Î ÀÖ´Ù.
ACL (Access Control List)
°¡Àå ÀϹÝÀûÀÎ À¯ÇØ Æ®·¡ÇÈ Â÷´Ü ±â¼ú·Î½á IPÁÖ¼Ò, ¼ºñ½º Æ÷Æ® ±×¸®°í ÄÁÅÙÃ÷¸¦
±â¹ÝÀ¸·Î ÇÑ Â÷´ÜÀÌ °¡´ÉÇÏ´Ù. ÇÏÁö¸¸ ÀÌ ¹æ¹ýÀº Á¢±ÙÅëÁ¦¸¦ À§ÇÑ º°µµÀÇ
ASIC ÈµÈ ¸ðµâÀÌ ¾øÀ» °æ¿ì ³×Æ®¿öÅ© Àåºñ¿¡ ¸¹Àº ºÎ´ãÀ» ÁÖ¾î ¼º´ÉÀúÇÏÀÇ ¿øÀÎÀÌ
µÉ ¼ö ÀÖ´Ù. ¶ÇÇÑ ISP¿Í °°Àº ¸¹Àº ³×Æ®¿öÅ© Àåºñ¸¦ º¸À¯ÇÏ°í ÀÖ´Â ±â°üÀÇ °æ¿ì,
À̵é Àåºñµé¿¡ Á¢±ÙÅëÁ¦ Á¤Ã¥À» ¾÷µ¥ÀÌÆ®Çϱâ À§Çؼ º°µµÀÇ ½ºÅ©¸³Æ®¸¦ ÀÛ¼ºÇϰųª,
±×·¸Áö ¾ÊÀº °æ¿ì °³º°ÀûÀ¸·Î ·Î±×ÀÎÇÏ¿© ¼³Á¤À» º¯°æÇÏ¿©¾ß ÇÏ´Â ¾î·Á¿òÀÌ ÀÖ´Ù.
Null0 Routing
ƯÁ¤ÇÑ ¸ñÀûÁö·Î ÇâÇÏ´Â ÆÐŶµéÀ» Null0¶ó´Â °¡»ó ÀÎÅÍÆäÀ̽º¿¡ Æ÷¿öµù ÇÔÀ¸·Î½á drop
½Ãų ¼ö ÀÖ´Â ±â¼ú. ±¹¿Ü¿¡¼´Â Blackhole Routing ¶Ç´Â ºí·¢ ÇÊÅ͸µ À̶ó ºÒ¸®°í ÀÖÁö¸¸
±¹³»¿¡¼´Â Null0 ¶ó¿ìÆà À̶ó°í ÇÑ´Ù. ÀÌ ±â¼úÀº ³×Æ®¿öÅ© ÀåºñÀÇ ±âº» ±â´ÉÀÎ Æ÷¿öµù
±â´ÉÀ» ½Ã¿ëÇϹǷΠACL ±â¼ú¿¡ ºñÇØ ÀåºñÀÇ °úºÎÇÏ°¡ °ÅÀÇ ¾øÀ¸³ª, IP ±â¹Ý(L3)ÀÇ
ÇÊÅ͸µ¸¸ Á¦°øÇÒ ¼ö ÀÖ°í, ¼ºñ½º Æ÷Æ®(L4)³ª ÄÁÅÙÃ÷(L7)¿¡ ÀÇÇÑ 핕Å͸µÀº
ºÒ°¡´ÉÇÑ ´ÜÁ¡À» °¡Áö°í ÀÖ´Ù.
uRPF(unicast Reverse Path Forwarding)
Ãâ¹ßÁö IPÁÖ¼Ò¸¦ À§Àå(IP Spoofing)ÇÑ °ø°ÝÀ» Â÷´ÜÇØ ÁÙ ¼ö ÀÖ´Â ±â¼ú·Î½á, ¶ó¿ìÅÍ°¡
ÆÐŶÀ» ¹ÞÀ¸¸é Ãâ¹ßÁö IP ÁÖ¼Ò¸¦ È®ÀÎÇÏ¿© ÇØ´ç IP·Î °¥ ¼ö ÀÖ´Â ¿ª°æ·Î(Reverse Path)°¡
Á¸ÀçÇÏ´ÂÁö È®ÀÎÇÔÀ¸·Î½á Ãâ¹ßÁö IP ÁÖ¼Ò¸¦ ½Å·ÚÇÑ´Ù. ´ëºÎºÐ DoS ¶Ç´Â DDoS °ø°ÝÀÌ
ÀÚ½ÅÀÇ Ãâ¹ßÁö ÁÖ¼Ò¸¦ À§ÀåÇϹǷΠuRPF´Â »ó´çÈ÷ È¿°úÀûÀÎ ¼ºñ½º°ÅºÎ°ø°Ý Â÷´Ü ¼ö´ÜÀÌ
µÉ ¼ö ÀÖ´Ù. ÇÏÁö¸¸, ÀÌ ±â¼ú ¿ª½Ã ´Ù¼öÀÇ ¶ó¿ìÆà °æ·Î°¡ Á¸ÀçÇÏ´Â ºñ´ëĪ ¸Á±¸Á¶¸¦
°¡Áö°í ÀÖÀ» °æ¿ì Àû¿ëÀÇ ÇÑ°è(stricy ¸ðµå »ç¿ë ¸øÇÔ)°¡ ÀÖÀ¸¸ç, Spoofing À» ¹æÁöÇÏ´Â
°Í ÀÌ¿Ü¿¡ ´Ù¾çÇÑ ¼ºñ½º°ÅºÎ°ø°Ý¿¡ ´ëÇÑ ´ëÀÀ ±â´ÉÀÌ Á¸Àç ÇÏÁö ¾Ê´Â´Ù
Rate-Limit
ƯÁ¤ ¼ºñ½º ¶Ç´Â ÆÐÅÏÀ» °¡Áø ÆÐŶÀÌ ´ÜÀ§½Ã°£ µ¿¾È ÀÏÁ¤·® ÀÌ»ó ÃÊ°úÇÒ °æ¿ì
±× ÀÌ»óÀÇ ÆÐŶÀ» Åë°ú½ÃÅ°Áö ¾Êµµ·Ï ÇÏ´Â ±â¼úÀ» Rate-Limit ±â¼úÀ̶ó ÇÔ.
ÀÌ°ÍÀº Ratefiltering À̶ó°íµµ Çϸç, Cisco¿¡¼´Â CAR(Commit Access Rate)·Î
±¸ÇöÇÏ°í ÀÖ´Ù. ÀÌ ±â¼úÀº Syn flooding °ø°Ý½Ã Syn ÆÐŶÀÇ Bandwth Á¦ÇÑ,
Smurf °ø°ÝÀÌ ICMP ÆÐŶÀÇ Bandwith Á¦ÇÑ µî¿¡ À¯¿ëÇÏ°Ô »ç¿ëµÉ ¼ö ÀÖ´Ù.
ÇÏÁö¸¸, ºñÁ¤»óÀûÀÎ ÆÐŶ »Ó¸¸ ¾Æ´Ï¶ó Á¤»óÀûÀÎ ÆÐŶµµ Â÷´ÜµÉ ¼ö ÀÖÀ¸¸ç,
ÇØ´ç ±â´ÉÀ» ¼öÇàÇÏ´Â Àü¿ë ¸ðµâÀÌ ¾øÀ» °æ¿ì ¶ó¿ìÅÍ¿¡ °úºÎÇϸ¦ À¯¹ß½Ãų
¼ö ÀÖ´Â ´ÜÁ¡ÀÌ ÀÖ´Ù.
//
ÀÏ¹Ý »ç¿ëÀÚ Ã³·³ Å©·Ñ·¯ÀÇ Á¤º¸¸¦ ³²±âÁö ¾Ê´Â Å©·Ñ·¯ðéµµ ÀÖ´Ù.
IP Information - 119.161.13.194
Host name crawler12.dls.srch.kr3.yahoo.com
Country Korea, Republic of
Country Code KR
Region Seoul-t'ukpyolsi
City Seoul
Latitude 37.5664
Longitude 126.9997
119.161.13.189 MSIE 7.0 XP 2011-01-17 01:16:19
119.161.13.188 MSIE 7.0 XP 2011-01-17 01:16:19
119.161.13.191 MSIE 7.0 XP 2011-01-17 01:16:18
119.161.13.194 MSIE 7.0 XP 2011-01-17 01:16:18
¡Ø Æ÷Åп¡¼ °Ë»öµÈµÚ ¿øÇϽô ¸µÅ©°¡ ¾øÀ» °æ¿ì
È¸é »ó´ÜÀÇ Àüü°Ë»öÀ» ÀÌ¿ëÇϽʽÿÀ.
|