¶ó¿ìÅÍ¿¡¼ÀÇ ÇÊÅ͸µ ±â¹ý ¿¹Á¦ (±Û ÃÖ¿ìÇü) | ÀÛ¼ºÀÏ : 2003/09/09 23:58 |
Á¶È¸¼ö : 8211 |
sec-info¿¡ ¿Ã¶ó¿Â ÃÖ¿ìÇü´ÔÀÇ ±ÛÀÔ´Ï´Ù. ¿øº» ±×´ë·Î ¿Ã¸³´Ï´Ù. ----------------------------------------------------------------- ³¯Â¥: Fri, 13 Jun 2003 21:38:35 +0900 º¸³½ÀÌ: "Woo Hyung Choi (whchoi)" <whchoi@cisco.com> ¹Þ´ÂÀÌ: <sec-info@cert.certcc.or.kr> ¾È³çÇϼ¼¿ä? ½Ã½ºÄÚ ½Ã½ºÅÛÁî ÄÚ¸®¾Æ ÃÖ ¿ì Çü ÀÔ´Ï´Ù. Áö³ ¿ù¿äÀÏ¿¡ 2003³âµµ Á¦ 1Â÷ CONCERT Seminar°¡ ÀÖ¾ú½À´Ï´Ù. ¸¹Àº ºÐµéÀÌ Âü¼®Çϼ̴õ±º¿ä.... ù¼¼¼Ç ºÎÅÍ µÚ¿¡ ¾É¾Æ¼ ¸ðµÎ Â÷±Ù Â÷±Ù ´Ù µé¾ú½À´Ï´Ù. Á¦°¡ ¸¶Áö¸· " ÃÖ±Ù ³×Æ®¿öÅ© °ø°Ý±â¹ý°ú ¹æ¾î" ¿¡ ´ëÇؼ 5½ÃºÎÅÍ 50ºÐµ¿¾È °¿¬À» Çß½À´Ï´Ù. ½Ã°£ÀÌ ³Ê¹« ¸ðÀÚ¶ó µ¥¸ð¸¦ ¸øº¸¿©µå¸®°í, ÀÚ¼¼ÇÑ ¼³¸íµµ ¸øÇصå·Á¼ ¾Æ½¬¿ü½À´Ï´Ù. °¿¬ ÈÄ Q&A ½Ã°£¿¡ Áú¹®µµ ¸¹¾Ò°í, ¼¼¹Ì³ª Á¾·áÈÄ¿¡ °³ÀÎÀûÀ¸·Î Áú¹®À» Áֽô ºÐµéµµ ¸¹¾Ò°í, À̸ÞÀÏÀ» ÅëÇÑ Áú¹®µéµµ ¸¹¾Ò´Âµ¥, Á¦°¡ À̹øÁÖ¿¡ ³Ê¹« ¹Ùºü¼ ¾ÆÁ÷ ´äº¯À» ¸øµå¸®°í ÀÖ½À´Ï´Ù.(°ð ´äÀå µå¸®°Ú½À´Ï´Ù.) ±×Áß¿¡¼ ÇÔ²² °øÀ¯Çϸé ÁÁÀº Áú¹®Àº Sec-Info¸¦ ÅëÇؼ °øÀ¯ÇÏ°íÀú ÇÕ´Ï´Ù. °¿¬ ÈÄ °³ÀÎÀûÀ¸·Î Áú¹®À» Á̴ּµ¥....Á˼Û...(¼ºÇÔÀÌ »ý°¢ÀÌ ¾È³ª¼.....^^) ¶ó¿ìÅÍ¿¡¼ Nimda,code-red filtering À» Çϸé ÀåºñºÎÇÏ·Î ÀÎÇØ Å« ¹®Á¦°¡ »ý±ä´Ù´øµ¥.... ¾î¶»°Ô Çϳª¿ä? ÇÏ´Â Áú¹®ÀÌ ÀÖ¾ú½À´Ï´Ù. ¸¶Ä§ ¿À´Ã Àú³á¶§ ±ÞÇÏ°Ô Äڵ巹µå ´Ô´Ù ÇÊÅ͸µ°ú P2P Á¦ÇÑ ¿äûÀÌ µé¾î¿Í¼ ¿ø°ÝÀ¸·Î 30ºÐÁ¤µµ ÀÛ¾÷À» ÇÑ ÈÄ ±× °á°ú¸¦ ¿Ã¸³´Ï´Ù. ¹®ÀǸ¦ ÁֽŠºÐÀÇ »çÀÌÆ® ±Ô¸ðº¸´Ù ¾à°£ Å« »çÀÌÆ®ÀÎ°Í °°À¸´Ï, µµ¿òÀÌ µÇ½Ç °Í °°°í, ´Ù¸¥ ºÐµéµµ µµ¿òÀÌ µÇ½Ç °Í °°½À´Ï´Ù. »çÀÌÆ® ÇöÀç »óÅ »çÀÌÆ® »çÀÌÁî : 2500node »çÀÌÆ® ÇöÀç »ç¿ë ¶ó¿ìÅÍ : 7200VXR NPE225 --> 3³â Àü ±¸¸Å ¶ó¿ìÅÍ Æò±Õ CPU »ç¿ë·ü : 25%~30% ¿ÜºÎ ÀÎÅÍ³Ý »ç¿ëȸ¼± : T3(45Mbps) Æò±Õ ÀÎÅÍ³Ý »ç¿ë·® : 80~90% ¶ó¿ìÅÍ Æ©´× ¿ä±¸ »çÇ× Äڵ巹µå,´Ô´ÙÇÊÅ͸µ P2P ÇÁ·Î±×·¥ Worktime Á¦ÇÑ configuration º¯°æ ÈÄ ¿ÜºÎ·Î ºÎÅÍ À¯ÀԵǴ Äڵ巹µå,´Ô´ÙÇÊÅ͸µ °¡´É P2P Worktime Á¦ÇÑ --> ÀÎÅÍ³Ý È¸¼± »ç¿ë·ü 50%·Î ±Þ°¨. ÀÎÅÍ³Ý Á¢¼Ó ü°¨ ¼Óµµ Å©°Ô °³¼±. version 12.2 no service single-slot-reload-enable service timestamps debug datetime service timestamps log datetime service password-encryption ! hostname Router ! boot system flash slot0:c7200-is-mz.122-1d.bin logging rate-limit console 10 except errors ! clock timezone KST 0 ip subnet-zero no ip source-route ip cef ! ! no ip finger no ip domain-lookup ! no ip bootp server no ip dhcp-client network-discovery ! class-map match-any http-hacks --> Code-Red,Nimda Pattern Á¤ÀÇ match protocol http url "*.default.ida*" match protocol http url "*x.ida*" match protocol http url "*.ida*" match protocol http url "*cmd.exe*" match protocol http url "*root.exe*" match protocol http url "*readme.eml" ! ! policy-map mark-inbound-http-hacks --> Code-Red,Nimda Pattern¿¡ MatchµÇ¸é Packet¿¡ Marking class http-hacks set ip dscp 1 ! interface FastEthernet4/0 ip address 192.168.10.1 255.255.255.0 ip access-group 190 in ip access-group 190 out no ip redirects ip nbar protocol-discovery duplex full no cdp enable ! interface Hssi6/0 bandwidth 45000 ip address 2.2.2.6 255.255.255.252 ip access-group 100 in no ip redirects no ip proxy-arp ip accounting output-packets no ip mroute-cache service-policy input mark-inbound-http-hacks --> Code-Red,Nimda°¡ ¿ÜºÎ·Î ºÎÅÍ µé¾î¿À¸é Marking ½ÃÅ´ no cdp enable ! ip classless ip route 0.0.0.0 0.0.0.0 2.2.2.4 ip route 192.168.1.0 255.255.255.0 192.168.10.2 ip route 192.168.2.0 255.255.255.0 192.168.10.2 ip route 192.168.3.0 255.255.255.0 192.168.10.2 ip route 192.168.4.0 255.255.255.0 192.168.10.2 ip route 192.168.9.0 255.255.255.0 192.168.10.2 ip route 192.168.10.0 255.255.255.0 192.168.10.2 ip route 192.168.11.0 255.255.255.0 192.168.10.2 ip route 111.2.30.0 255.255.255.0 192.168.10.2 ip route 111.2.31.0 255.255.255.0 192.168.10.2 ip route 111.2.32.0 255.255.248.0 192.168.10.2 ! ! access-list compiled --> Turbo ACL Àû¿ë access-list 100 permit tcp any any established access-list 100 deny ip 10.0.0.0 0.255.255.255 any ¿ÜºÎ·Î ºÎÅÍ »ç¼³ IP À¯ÀÔ Á¦ÇÑ access-list 100 deny ip 192.168.0.0 0.0.255.255 any access-list 100 deny ip 172.16.0.0 0.0.15.255 any access-list 100 deny tcp any any eq 31337 access-list 100 deny udp any any eq 31337 access-list 100 deny tcp any any eq lpd access-list 100 deny tcp any any eq 137 access-list 100 deny udp any any eq netbios-ns access-list 100 deny tcp any any eq 138 access-list 100 deny udp any any eq netbios-dgm access-list 100 deny tcp any any eq 139 access-list 100 deny tcp any any eq 391 access-list 100 deny udp any any eq 391 access-list 100 deny tcp any any eq 445 access-list 100 deny tcp any any eq 705 access-list 100 deny tcp any any eq 1052 access-list 100 deny udp any any eq 1052 access-list 100 deny tcp any any eq 1434 access-list 100 deny udp any any eq 1434 access-list 100 deny tcp any any eq 1993 access-list 100 deny udp any any eq 1993 access-list 100 deny tcp any any eq 1978 access-list 100 deny udp any any eq 1978 access-list 100 deny tcp any any eq 2002 access-list 100 deny udp any any eq 2002 access-list 100 deny tcp any any eq 4156 access-list 100 deny udp any any eq 4156 access-list 100 deny tcp any any eq 4661 access-list 100 deny udp any any eq 4661 access-list 100 deny tcp any any eq 4662 access-list 100 deny udp any any eq 4662 access-list 100 deny tcp any any eq 6112 access-list 100 deny udp any any eq 6112 access-list 100 deny tcp any any eq 6699 access-list 100 deny udp any any eq 6699 access-list 100 deny tcp any any eq 9292 access-list 100 deny udp any any eq 9292 access-list 100 deny tcp any any eq 12345 access-list 100 deny udp any any eq 12345 access-list 100 deny tcp any any eq 12346 access-list 100 deny udp any any eq 12346 access-list 100 deny tcp any any eq 7674 access-list 100 deny udp any any eq 7674 access-list 100 deny tcp any any eq 7676 access-list 100 deny udp any any eq 7676 access-list 100 deny tcp any any eq 22321 access-list 100 deny udp any any eq 22321 access-list 100 deny tcp any any eq 161 access-list 100 deny udp any any eq snmp access-list 100 deny tcp any any eq 162 access-list 100 deny udp any any eq snmptrap access-list 100 deny tcp any any eq 199 access-list 100 deny udp any any eq 199 access-list 100 deny tcp any any eq 6723 access-list 100 deny udp any any eq 6723 access-list 100 deny tcp any any eq 15104 access-list 100 deny udp any any eq 15104 access-list 100 deny tcp any any eq 12754 access-list 100 deny udp any any eq 12754 access-list 100 deny tcp any any eq 9325 access-list 100 deny udp any any eq 9325 access-list 100 deny tcp any any eq 6838 access-list 100 deny udp any any eq 6838 access-list 100 deny tcp any any eq 7983 access-list 100 deny udp any any eq 7983 access-list 100 deny tcp any any eq 10498 access-list 100 deny udp any any eq 10498 access-list 100 deny ip any host 146.20.80.97 access-list 100 deny ip any host 24.203.80.202 access-list 100 deny icmp any ³»ºÎ IP address echo --> ¿ÜºÎ¿¡¼ ¿À´Â Ping Â÷´Ü access-list 100 deny icmp any ³»ºÎ IP address echo-reply access-list 100 deny icmp ³»ºÎ IP address any echo access-list 100 deny icmp ³»ºÎ IP address any echo-reply access-list 100 permit ip any any À̺κРºÎÅÍ Áß¿ä....^^; access-list 190 deny ip any any dscp 1 --> Code-Red,Nimda´Â ¸ðµÎ Packet ³»ºÎ DSCP field¿¡ 1À» Marking access-list 190 deny tcp any any eq 8282 time-range test --> P2P °ü·Ã ÇÁ·Î±×·¥Àº ¸ðµÎ ACLÀ» Àû¿ë(Work-time¿¡¸¸....) QoSµµ ½Ã°£´ë º°·Î °¡´É.... access-list 190 deny tcp any eq 8282 any time-range test access-list 190 deny tcp any eq 31200 any time-range test access-list 190 deny tcp any any eq 31200 time-range test access-list 190 deny tcp any any eq 6699 time-range test access-list 190 deny tcp any eq 6699 any time-range test access-list 190 deny tcp any eq 4661 any time-range test access-list 190 deny tcp any any eq 4661 time-range test access-list 190 deny tcp any any eq 4665 time-range test access-list 190 deny tcp any eq 4665 any time-range test access-list 190 deny tcp any any eq 1236 time-range test access-list 190 deny tcp any eq 1236 any time-range test access-list 190 deny tcp any any eq 1214 time-range test access-list 190 deny tcp any eq 1214 any time-range test access-list 190 deny tcp any any eq 9292 time-range test access-list 190 deny tcp any eq 9292 any time-range test access-list 190 deny tcp any eq 4662 any time-range test access-list 190 deny tcp any any eq 4662 time-range test access-list 190 deny tcp any any eq 28290 time-range test access-list 190 deny tcp any eq 28290 any time-range test access-list 190 deny udp any eq 22321 any time-range test access-list 190 deny udp any any eq 22321 time-range test access-list 190 deny udp any eq 7674 any time-range test access-list 190 deny udp any any eq 7674 time-range test access-list 190 deny udp any eq 7675 any time-range test access-list 190 deny udp any any eq 7675 time-range test access-list 190 deny udp any any eq 1236 time-range test access-list 190 deny udp any eq 1236 any time-range test access-list 190 deny ip any host 211.43.216.56 time-range test access-list 190 deny ip any 211.218.152.0 0.0.0.255 time-range test access-list 190 permit ip any any access-list 190 remark P2PÁ¦ÇÑ_GameSite_Access_Deny ! ! »ý·« ! time-range test --> ¾Æħ 9½Ã ºÎÅÍ 19½Ã ±îÁö P2P¸¦ Á¦ÇÑ periodic daily 09:00 to 19:00 ! end Router#sh ip access-lists 190 Extended IP access list 190 deny ip any any dscp 1 (13469 matches) --> Code Red,Nimda Àû¿ë ÈÄ 10ºÐµ¿¾È Filtering Packet deny tcp any any eq 8282 time-range test (active) --> P2P ÇÁ·Î±×·¥µéÀÌ Worktime¿¡ Àû¿ëµÇ°í ÀÖÀ½, Àú³á 7½Ã ºÎÅÍ´Â ÀÚµ¿ ÇØÁ¦.... deny tcp any eq 8282 any time-range test (active) deny tcp any eq 31200 any time-range test (active) deny tcp any any eq 31200 time-range test (active) deny tcp any any eq 6699 time-range test (active) (59 matches) deny tcp any eq 6699 any time-range test (active) (28 matches) deny tcp any eq 4661 any time-range test (active) (58 matches) deny tcp any any eq 4661 time-range test (active) (337 matches) deny tcp any any eq 4665 time-range test (active) (40 matches) deny tcp any eq 4665 any time-range test (active) (46 matches) deny tcp any any eq 1236 time-range test (active) deny tcp any eq 1236 any time-range test (active) (42 matches) deny tcp any any eq 1214 time-range test (active) (2 matches) deny tcp any eq 1214 any time-range test (active) (53 matches) deny tcp any any eq 9292 time-range test (active) deny tcp any eq 9292 any time-range test (active) deny tcp any eq 4662 any time-range test (active) (2098 matches) deny tcp any any eq 4662 time-range test (active) (17216 matches) deny tcp any any eq 28290 time-range test (active) (561 matches) deny tcp any eq 28290 any time-range test (active) (17 matches) deny udp any eq 22321 any time-range test (active) (6976 matches) deny udp any any eq 22321 time-range test (active) deny udp any eq 7674 any time-range test (active) (1162 matches) deny udp any any eq 7674 time-range test (active) deny udp any eq 7675 any time-range test (active) deny udp any any eq 7675 time-range test (active) deny udp any any eq 1236 time-range test (active) deny udp any eq 1236 any time-range test (active) (1 match) deny ip any host 211.43.216.56 time-range test (active) deny ip any 211.218.152.0 0.0.0.255 time-range test (active) (31 matches) permit ip any any (3701785 matches) Router#sh proce Router#sh processes cpu --> Code Red,Nimda, P2P filtering ÈÄ¿¡ CPU Load ÇöȲ CPU utilization for five seconds: 29%/29%; one minute: 34%; five minutes: 34% PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process 1 0 19961 0 0.00% 0.00% 0.00% 0 Load Meter 2 44 1664 26 0.00% 0.00% 0.00% 0 CEF Scanner 3 22164 10136 2186 0.00% 0.02% 0.00% 0 Check heaps 4 0 1 0 0.00% 0.00% 0.00% 0 Chunk Manager ÀÌÇÏ »ý·« Router#sh version Cisco Internetwork Operating System Software IOS (tm) 7200 Software (C7200-IS-M), Version 12.2(1d), RELEASE SOFTWARE (fc1) Copyright (c) 1986-2002 by cisco Systems, Inc. Compiled Mon 04-Feb-02 22:26 by srani Image text-base: 0x60008960, data-base: 0x61320000 ROM: System Bootstrap, Version 12.2(1r) [dchih 1r], RELEASE SOFTWARE (fc1) BOOTFLASH: 7200 Software (C7200-BOOT-M), Version 12.0(17)S, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1) Áß°£ »ý·«.. cisco 7206VXR (NPE225) processor (revision A) with 114688K/16384K bytes of memory. Processor board ID 21292902 R527x CPU at 262Mhz, Implementation 40, Rev 10.0, 2048KB L2 Cache 6 slot VXR midplane, Version 2.0 ÀÌÇÏ »ý·« 7200 Router ±×°Íµµ ¹«·Á 3³âÀü NPE225 Processor·Îµµ Nimda,Code Red FilteringÀÌ ²ô´ö¾øÁÒ???^^; Çʵ忡¼ ÀϾ´Â ÇöȲÀ» º¸¿©µå¸®´Â °ÍÀÌ µµ¿òÀÌ µÉ °Í °°¾Æ ¿Ã·È½À´Ï´Ù. IP Address´Â Á¦°¡ ÀÓÀ¸·Î ¹Ù²Ù¾ú½À´Ï´Ù. Ȥ¿© ½Ã½ºÄÚ ¶ó¿ìÅÍ, ½ºÀ§Ä¡ »ç¿ëÇϽô ºÐµéÀº ¾Æ·¡¿Í °°Àº ¿ä¼ÒµéÀ» ÂüÁ¶ÇϽñ⠹ٶó¸ç, µÇµµ·ÏÀ̸é, ISPº¸´Ù´Â Enterprise Site(±â¾÷,Çб³,°ü°ø¼,º´¿ø,¿¬±¸¼Ò µî...)¿¡¼ ±Ç°í ÇÕ´Ï´Ù. ½Ã½ºÄÚ ¶ó¿ìÅÍ, ½ºÀ§Ä¡¿¡¼ °¡´ÉÇÑ º¸¾È ¿ä¼Òµé... ±âÁ¸ ¶ó¿ìÅÍ Code-Red,Nimda µî ÀϺΠVirus Filtering CAR¸¦ ÅëÇÑ Æ¯Á¤ Traffic Á¦ÇÑ --> ½Ã°£´ëº°·Î ÀÚµ¿ Á¶Àý °¡´É IP º¯Á¶ ¹æ¾î TCP syn Attack Á¦ÇÑ Smurf ¹æ¾î UDP Flooding Á¦ÇÑ Ping Á¦ÇÑ Ping Fragmentation Attack Á¦ÇÑ Æ¯Á¤ IP,Port ½Ã°£´ëº°·Î Á¦ÇÑ µîµî.. ±âÁ¸ ½ºÀ§Ä¡ µ¿ÀÏ Subnet ³»¿¡¼ ƯÁ¤ port,IP Á¦ÇÑ CAR¸¦ ÅëÇÑ Æ¯Á¤ Traffic Á¦ÇÑ --> ½Ã°£´ëº°·Î ÀÚµ¿ Á¶Àý °¡´É Code-Red,Nimda µî ÀϺΠVirus Filtering (WAN »ç¿ë½Ã, Metro´Â ºÒ°¡) IP º¯Á¶ ¹æ¾î TCP syn Attack Á¦ÇÑ Smurf ¹æ¾î UDP Flooding Á¦ÇÑ Ping Á¦ÇÑ Ping Fragmentation Attack Á¦ÇÑ Æ¯Á¤ IP,Port ½Ã°£´ëº°·Î Á¦ÇÑ µ¿ÀÏ VLAN,Subnet ³»ºÎ¿¡¼ÀÇ Á¢±Ù Á¦¾î µîµî... ³ª¸ÓÁö´Â »ý°¢ÀÌ ¾È³ª³×¿ä.... »ý°¢³ª´Â µ¥·Î Á¤¸®Çؼ ¿Ã¸®°Ú½À´Ï´Ù. ³Ê¹« ±æ°Ô ½è³×¿ä...^^ ±×·³ ÁÁÀº ÁÖ¸» µÇ½Ã±æ ¹Ù¶ó¸ç.... °¨»çÇÕ´Ï´Ù. |
Ä¿ÇǴнº, ½Ã½ºÅÛ ¿£Áö´Ï¾îÀÇ ½°ÅÍ / URL : http://coffeenix.net/board_view.php?bd_code=60 |