truefeel Ä«Æä °ü¸®ÀÚ
°¡ÀÔ: 2003³â 7¿ù 24ÀÏ ¿Ã¸° ±Û: 1277 À§Ä¡: ´ëÇѹα¹
|
¿Ã·ÁÁü: 2004.1.28 ¼ö, 7:10 pm ÁÖÁ¦: Re: iplog ·Î±×ºÐ¼® ¹®ÀÇ µå¸³´Ï´Ù. |
|
|
iplog ÀÇ ·Î±× ºÐ¼®¿¡ ´ëÇÑ ÀÚ·á°¡ ºÎÁ·ÇÑ °ÍÀº ·Î±×¸¦ º¸¸é Á÷°üÀûÀ¸·Î ¾Ë ¼ö ÀÖ´Â ÇüÅ·ΠµÇ¾î Àֱ⠶§¹®ÀÏ °Ì´Ï´Ù.
¹Ì¸§´ÔÀÌ ¸»¾¸ÇϽŴë·Î °Åµç¿ä.
¾Æ·¡ ¿¹¸¦ º¸ÁÒ.
Àοë: |
Jan xx 17:48:16 TCP: port 135 connection attempt from 211.1.2.3:3935
Jan xx 18:58:41 TCP: port scan detected [ports 259,301,928,485,842,724,490,160,797,1671,...] from 211.1.2.4 [ports 50409,50410,50411,50412,50413,...]
|
1¹ø° ÁÙÀº IP 211.1.2.3ÀÇ 3935Æ÷Æ®¿¡¼ -> ¼¹öÀÇ TCP 135Æ÷Æ®·Î Á¢¼ÓÀ» ½ÃµµÇß´Ù¶ó´Â °ÍÀÔ´Ï´Ù.
ÀÌ°Ç Æ÷Æ®½ºÄ³´×ÀÏ ¼öµµ ÀÖ°í ¾Æ´Ò ¼öµµ ÀÖ½À´Ï´Ù. Á¢¼Ó½Ãµµ¸¦ ÀǹÌÇÕ´Ï´Ù.
2¹ø° ÁÙÀº IP 211.1.2.4ÀÇ 50409~50413, ...Æ÷Æ®¿¡¼ -> ¼¹öÀÇ TCP 259,301, ... µîÀÇ Æ÷Æ®¿¡ ´ëÇØ ½ºÄ³´×À» Çß´Ù´Â °ÍÀÔ´Ï´Ù.
ÀÌ°Ç Æ÷Æ®½ºÄ³´×À» Çß´Ù´Â °ÍÀÌ°ÚÁö¿ä.
iplog´Â /etc/iplog.conf (¶Ç´Â /usr/local/etc/iplog.conf)¿¡ ·Î±×¿¡ ³²±âÁö ¾ÊÀ» Æ÷Æ®³ª IP¸¦ ¼³Á¤ÇÒ ¼ö ÀÖ½À´Ï´Ù.
À̸¦Å׸é 80Æ÷Æ®(http)·Î µé¾î¿À´Â °ÍÀº ´ç¿¬È÷ ³²±æ ÇÊ¿äµµ ¾ø´Â °ÍÀÌ´Ï±î ´ÙÀ½°ú °°ÀÌ ¼³Á¤µÇ¾î ÀÖÀ»°Ì´Ï´Ù.
ÄÚµå: |
ignore tcp dport 80
|
|
|