traceroute·Î ³×Æ®¿öÅ© ÀÌ»ó ¿©ºÎ È®ÀÎ (±Û È«¼®¹ü) | ÀÛ¼ºÀÏ : 2003/09/11 18:42 |
Á¶È¸¼ö : 10377 |
sec-info ¸ÞÀϸµ¿¡¼ ¹ÞÀº ±ÛÀÔ´Ï´Ù. ¿øº» ±×´ë·Î ¿Ã¸³´Ï´Ù. -------------------------------------------------------------- Re: ³×Æ®¿öÅ© ÀÌ»ó ¿©ºÎ È®ÀÎ(traceroute) ³¯Â¥: Sat, 12 Jul 2003 10:38:35 +0900 º¸³½ÀÌ: "Sukbum Hong" <antihong@tt.co.kr> ¹Þ´ÂÀÌ: "À¯ ±âºÀ" <load_bong@hotmail.com>, <sec-info@cert.certcc.or.kr> ¾È³çÇϽʴϱî? ¿À´Ã°ú³»ÀÏÀÇ È«¼®¹üÀÔ´Ï´Ù. traceroute ´Â ¸ñÀûÁö±îÁö À̸£´Â ³×Æ®¿öÅ©ÀÇ °æ·Î(¶ó¿ìÅÍ)¸¦ º¸¿©ÁÖ´Â °ÍÀ¸·Î ¸ñÀûÁö¿¡ À̸£´Â outbound °æ·Î¸¸ º¸¿©ÁÙ »Ó, µ¹¾Æ¿À´Â inbound °æ·Î´Â ³×Æ®¿öÅ© ±¸Á¶¿Í »çÁ¤¿¡ µû¶ó °°À» ¼öµµ ÀÖ°í ´Ù¸¦ ¼öµµ ÀÖ½À´Ï´Ù. traceroute °¡ »ç¿ëÇÏ´Â ¿ø¸®´Â µ¿ÀÏÇÏÁö¸¸ ±¸Çö ¹æ¹ýÀº ½Ã½ºÅÛ¿¡ µû¶ó ´Ù¼Ò »óÀÌÇѵ¥, ÀϹÝÀûÀÎ *nix °è¿ ¹× cisco °è¿ ¶ó¿ìÅÍÀÇ °æ¿ì ¸ñÀûÁö ½Ã½ºÅÛÀÇ 33434~38000 Æ÷Æ®·Î TTL °ªÀ» 1¾¿ ´Ã·Á°¡¸é¼ udp ÆÐŶÀ» ¹ß¼ÛÇÏ¿© TTL °ªÀÇ ¸¸±â(expiration)·Î ÀÎÇÏ¿© µ¹¾Æ¿À´Â "ICMP time exceed" ¸Þ½ÃÁö¸¦ ÀÌ¿ëÇÕ´Ï´Ù. ¹Ý¸é Windows °è¿ÀÇ tracert ´Â ¸ñÀûÁö ½Ã½ºÅÛ¿¡ TTL°ªÀ» 1¾¿ ´Ã·Á°¡¸é¼ ICMP echo request ÆÐŶÀ» ¹ß¼ÛÇÏ¿© ¿ª½Ã TTL °ªÀÇ ¸¸±â·Î µ¹¾Æ¿À´Â "ICMP time exceed" ¸Þ½ÃÁö¸¦ ÀÌ¿ëÇÕ´Ï´Ù. ¾Æ·¡´Â traceroute ¿Í tracert ÀÇ ÆÐŶÀ» ÀâÀº ¿¹ÀÔ´Ï´Ù. ## traceroute (udp ÀÌ¿ë) Tracer.com.62615 > target.com.33456:udp 12 (DF) (ttl 1) Router.com > tracer.com:icmp time exceed in-transit ±×·±µ¥, traceroute Áß°£ °æ·Î(hop)¿¡¼ * (asterisk) °¡ º¸ÀÌ´Â °æ¿ì°¡ Àִµ¥, ´ÜÁö * ÀÌ º¸Àδٰí Çؼ ³×Æ®¿öÅ©¿¡ ¹®Á¦°¡ ÀÖ´Â °ÍÀº ¾Æ´Õ´Ï´Ù. Áï, °á·ÐÀûÀ¸·Î * ÀÌ º¸Àδٴ °ÍÀº ÇØ´ç hop À¸·ÎºÎÅÍ "ICMP time exceed" ¸¦ ¹ÞÁö ¸øÇÏ¿´´Ù´Â ¶æÀε¥, ÀÌ´Â ´ÙÀ½°ú °°Àº ÀÌÀ¯°¡ ÀÖÀ» ¼ö Àֱ⠶§¹®ÀÔ´Ï´Ù. (1) °¡Àå ¸¹Àº °æ¿ì·Î ¶ó¿ìÅÍÀÇ °ü¸®ÀÚ°¡ º¸¾ÈµîÀÇ ÀÌÀ¯·Î ¿ÜºÎ¿¡¼ÀÇ traceroute ¿äûÀ̳ª ÀÌ¿¡ ´ëÇÑ ÀÀ´äÀ» ÇÊÅ͸µÇÏ¿´±â ¶§¹®ÀÔ´Ï´Ù. (2) ½ÇÁ¦·Î ³×Æ®¿öÅ©ÀÇ °úºÎÇϵîÀ¸·Î traceroute ¿äûÆÐŶÀ̳ª ÀÀ´äÆÐŶÀÌ »ç¶óÁ³À» ¼öµµ Àֱ⠶§¹®ÀÔ´Ï´Ù. Åë»óÀûÀ¸·Î icmp ÆÐŶÀº ÆÐŶ ó¸® ¿ì¼±µµ Ãø¸é¿¡¼ °¡Àå ³·°Ô µÇ¾î ÀÖ´Â °æ¿ì°¡ ÀÖ½À´Ï´Ù. º¸³»ÁֽŠ°á°úÀÇ °æ¿ì Áß°£ °æ·Î¿¡¼¸¸ * °¡ Àá±ñ ³ªÅ¸³¯ »Ó ÀÌÈÄ °æ·Î¸¦ ÅëÇØ ÃÖÁ¾ ¸ñÀûÁö±îÁö µµÂøÇÏ¿´À¸¹Ç·Î (1)¹øÀÇ °æ¿ì¶ó°í ÃßÃøÇÒ ¼ö ÀÖ½À´Ï´Ù. Âü°í·Î traceroute ¿Í À¯»çÇÑ ´Ù¸¥ °æ·ÎÃßÀû ÇÁ·Î±×·¥µµ ¸¹Àºµ¥, whois ³ª AS Á¤º¸µî ºÎ°¡ ±â´ÉÀ» Á¦°øÇÏ¸é¼ ÃßÀû½Ã udp ³ª icmp ¸¦ »ç¿ëÇÏÁö ¾Ê°í tcp ¸¦ »ç¿ëÇÏ´Â lft ¶ó´Â ÇÁ·Î±×·¥µµ ±ÇÀåÇÒ ¸¸ ÇÕ´Ï´Ù. http://www.mainnerve.com/lft/ °¨»çÇÕ´Ï´Ù. ----- Original Message ----- From: "À¯ ±âºÀ" <load_bong@hotmail.com> To: <sec-info@cert.certcc.or.kr> Sent: Friday, July 11, 2003 3:24 PM Subject: ³×Æ®¿öÅ© ÀÌ»ó ¿©ºÎ È®ÀÎ(traceroute) ¾È³çÇϼ¼¿ä? ¹®Àǵ帳´Ï´Ù. ¾Æ·¡¿Í °°ÀÌ ¶ß´Âµ¥.. ³×Æ®¿öÅ©¿¡ ÀÌ»óÀÌ ÀÖ´ÂÁö È®ÀκÎŹµå¸®°Ú½À´Ï´Ù. ÀúÈñ ÂÊ ³×Æ®¿öÅ©¿¡´Â ¹®Á¦°¡ ¾ø´Â°Í °°Àºµ¥.. Àǽɽº·´³×¿ä.. ----- ¾Æ ·¡ ----- Router# traceroute 203.236.40.x Type escape sequence to abort. Tracing the route to 203.236.40.x 1 knmbba36-s1-1-2.rt.bora.net (211.180.12.41) 0 msec 4 msec 4 msec 2 210.120.48.61 4 msec 0 msec 4 msec 3 210.92.194.21 4 msec 4 msec 4 msec 4 210.120.192.205 4 msec 4 msec 4 msec 5 211.60.216.38 4 msec 4 msec 4 msec 6 203.236.0.70 4 msec 4 msec 4 msec 7 211.115.4.2 4 msec 4 msec 4 msec 8 192.168.23.50 8 msec 12 msec 4 msec 9 * * * 10 203.236.32.3 4 msec 8 msec 4 msec 11 203.236.40.21 8 msec 8 msec 4 msec Router# °¨»çÇÕ´Ï´Ù. |
Ä¿ÇǴнº, ½Ã½ºÅÛ ¿£Áö´Ï¾îÀÇ ½°ÅÍ / URL : http://coffeenix.net/board_view.php?bd_code=61 |