FreeBSD¿¡¼ Limiting open port RST response... ó¸® | ÀÛ¼ºÀÏ : 2007/07/11 17:06 |
Á¶È¸¼ö : 12391 |
Á¦ ¸ñ : FreeBSD¿¡¼ Limiting open port RST response... ó¸® ÀÛ¼ºÀÚ : ÁÁÀºÁøÈ£(truefeel, http://coffeenix.net/ ) ÀÛ¼ºÀÏ : 2007.1.4(¸ñ) Á¤¸®ÀÏ : 2007.7.10(È) FreeBSD ¼¹ö¿¡ 'Limiting (open|closed) port RST response from ??? to 200 packets per second' ÀÇ ·Î±×°¡ ¸¹ÀÌ ½×¿©ÀÖ´Ù¸é ¿ÜºÎ·Î ºÎÅÍ SYN ÆÐŶÀÌ °úµµÇÏ°Ô µé¾î¿Í RST ÀÀ´äÀ» ¼¹ö¿¡¼ º¸³½ °ÍÀÌ´Ù. 200À̶õ ¼ýÀÚ´Â FreeBSD¿¡¼ 1ÃÊ´ç RST ÀÀ´äÀ» 200°³±îÁö º¸³»Áöµµ·Ï Á¦ÇѵǾî Àֱ⠶§¹®ÀÌ´Ù. 'open port'·Î Ç¥½ÃµÇ¸é ¿·ÁÁø Æ÷Æ®·Î, 'closed port'ÀÌ¸é ´ÝÇôÁø Æ÷Æ®·ÎÀÇ ¿äûÀÌ µé¾î¿Â °ÍÀÌ´Ù. ÀÌ·¯ÇÑ °ø°Ý¼º ÆÐŶÀ» Â÷´ÜÇغ¸ÀÚ.
1. tcpdump·Î IP È®ÀÎÇϱâ tcpdump( http://www.tcpdump.org/ )·Î ÆÐŶÀ» »ìÆ캸ÀÚ.
-p ¿É¼ÇÀº promiscuous mode·Î ÀüȯÇÏÁö ¾Ê°í, -n Àº DNS loookupÀ» ÇÏÁö ¾Ê´Â´Ù. ±× ´ÙÀ½ Ç¥ÇöÀÌ Áß¿äÇÑ ºÎºÐÀ¸·Î TCP flagsÁß¿¡ RST, SYN flags°¡ setµÇ¾î ÀÖ´Â ÆÐŶÀÇ ÇØ´õ¸¸ Ç¥½ÃÇ϶ó´Â °ÍÀÌ´Ù. SYN ÆÐŶÀ» º¸·Á¸é 'tcp[tcpflags] & tcp-syn != 0' °ú °°ÀÌ ÇÏ¸é µÈ´Ù. ÆÐŶÀÌ ¼¹ö·Î µé¾î¿À´Â °Í¸¸ º¸¸é µÇ¹Ç·Î 'and dst host ¼¹ö_IP' ¸¦ Ãß°¡ÇÏ¿© º¸´Ù ¼¼¹ÐÇÑ Á¶°ÇÀ» ºÎ¿©ÇÒ ¼ö°¡ ÀÖ´Ù.
tcpdump·Î »ìÆ캻 ÆÐŶ ÇØ´õ¸¦ ÆÄÀÏ·Î ÀúÀåÇÑ´Ù. ¸î ºÐµ¿¾È¸¸ ÀúÀåÇÏ°í Ctrl+C·Î Áß´ÜÇÑ´Ù.
2. ipfw·Î Â÷´ÜÇϱ⠴ÙÀ½ ½ºÅ©¸³Æ®´Â tcpdump °á°ú ÆÄÀÏÀ» ÀÌ¿ëÇÏ¿© SYN ÆÐŶÀ» º¸³½ IP¸ñ·Ï¸¸ »Ì¾Æ³»´Â ½ºÅ©¸³Æ®ÀÌ´Ù.
ÀúÀåÇÑ ÆÄÀϸíÀÌ tcpdump_2007_0104.txt À̶ó°í ÇÒ ¶§ ´ÙÀ½°ú °°ÀÌ ½ÇÇàÇÏ¸é °á°ú¸¦ È®ÀÎÇÒ ¼ö ÀÖ´Ù. # ./ip_list.sh tcpdump_2007_0104.txt ... »ý·« ... 137 xxx.113.1.176 183 xxx.138.55.217 294 xxx.xxx.xxx.254 16260 xxx.187.218.50 115010 xxx.127.127.158 xxx.187.218.50 IP¿Í xxx.127.127.158´Â ÀǽÉÀÌ °¡´Â IP·Î, SYN ÆÐŶ ÀÌ¿Ü¿¡ Àü¼ÛµÇ´Â µ¥ÀÌÅÍ°¡ ÀÖ´ÂÁö ngrep µîÀÇ È®ÀÎÀ» Çغ»´Ù. ¸¸¾à Àü¼ÛµÇ´Â µ¥ÀÌÅÍ°¡ ¾øÀÌ SYNÆÐŶ¸¸ º¸³½ °ÍÀ̶ó¸é ½ºÄ³´×À̳ª SYN Ç÷¯µù °ø°ÝÀÏ °¡´É¼ºÀÌ ÀÖÀ¸¹Ç·Î ipfw µîÀÇ ¹æȺ® Åø·Î IP¸¦ Â÷´ÜÇÑ´Ù.
´ùºÙ¿©¼ ¿·ÁÀÖÁö ¾Ê´Â Æ÷Æ®·ÎÀÇ Á¢¼Ó½Ãµµ°¡ ÀÖÀ» ¶§ ·Î±×°¡ ³²µµ·Ï /etc/sysctl.conf¿¡ ´ÙÀ½ 2ÁÙÀ» Ãß°¡ÇØÁØ´Ù. ¸®ºÎÆþøÀÌ sysctl net.inet.tcp.log_in_vain=1 ó·³ shell¿¡¼ ¸í·ÉÀ» Á÷Á¢ ÀÔ·ÂÇØÁ൵ µÈ´Ù.
3. Âü°íÀÚ·á * Re: [KFUG] dmesg .. [.../kernel: Limiting open port RST response from 333 to 200 packets per second] http://www.kr.freebsd.org/ml//questions/2003/11/msg00069.shtml * Prevent Port scaning http://lists.freebsd.org/pipermail/freebsd-questions/2003-December/030489.html * A basic guide to securing FreeBSD 4.x-STABLE http://draenor.org/securebsd/secure.txt |
Ä¿ÇǴнº, ½Ã½ºÅÛ ¿£Áö´Ï¾îÀÇ ½°ÅÍ / URL : http://coffeenix.net/board_view.php?bd_code=1513 |