Ä¿ÇǴнº, ½Ã½ºÅÛ ¿£Áö´Ï¾îÀÇ ½°ÅÍ
  ping, arp, dns°ü·ÃÇÏ¿© (±Û È«¼®¹ü) ÀÛ¼ºÀÏ : 2003/10/06 02:43
 
  • ±Û¾´ÀÌ : ÁÁÀºÁøÈ£ ( http://coffeenix.net/ )
  • Á¶È¸¼ö : 10382
     
    Ãâó : sec-info ¸ÞÀϸµ ¸®½ºÆ®

    ---------------------------------------------------------------------
    Re: ping, arp, dns°ü·ÃÇÏ¿©
    ³¯Â¥: Thu, 24 Jul 2003 16:20:59 +0900
    º¸³½ÀÌ: "Sukbum Hong" <antihong@tt.co.kr>
    ¹Þ´ÂÀÌ: "i" <imalcol@mail.affis.or.kr>, <sec-info@cert.certcc.or.kr>

    ¾È³çÇϽʴϱî?

    ¿À´Ã°ú³»ÀÏÀÇ È«¼®¹üÀÔ´Ï´Ù.

    #### ping °ú DNS ¿¡ ´ëÇØ

    ½Ã½ºÅÛ¿¡ µû¶ó ping Àº Reverse lookup À» ½ÇÇàÇÕ´Ï´Ù.
    (Âü°í·Î Reverse lookup(¿ªÁúÀÇ) À̶õ IP ¸¦ È£½ºÆ®À̸§À¸·Î º¯°æÇÏ´Â °ÍÀ» ¶æÇÕ´Ï´Ù.)
    µû¶ó¼­ 10.10.10.6 À¸·Î ping À» ÇÏ¿´À» °æ¿ì ÀÌ IP ¸¦ È£½ºÆ® À̸§À¸·Î º¯°æÇÏ·Á´Â
    ½Ãµµ¸¦ ÇÏ°Ô µÇ°í, °á±¹ ÃÖ»óÀ§ root DNS ¼­¹ö·ÎºÎÅÍ °á°ú¸¦ ã¾Æ°¡°Ô µË´Ï´Ù.  
    ±×·¯³ª 10.10.10.6 Àº »ç¼³ IP À̹ǷΠ¾î¶² DNS ¼­¹öµµ ÀÌ IP ¿¡ ´ëÇÑ
    À§ÀÓ ±ÇÇÑÀ» °®°í ÀÖÁö ¾Ê±â ¶§¹®¿¡ °á±¹Àº timeout ÀÌ µÉ ¶§±îÁö ´ë±âÇÑ ÈÄ¿¡¾ß
    Reverse lookup À» Æ÷±âÇÏ°í ¿ªÁúÀÇ ¾øÀÌ ÇØ´ç IP ·Î ping À» ½ÃµµÇÏ°Ô µÇ´Â °ÍÀÔ´Ï´Ù.
    ¸»¾¸ÇϽŠ57ÃÊ°¡ ¹Ù·Î DNS ÀÇ timeout ½Ã°£À̶ó ÇÒ ¼ö ÀÖ½À´Ï´Ù.

    À̸¦ À§Çؼ­´Â ´ÙÀ½°ú °°ÀÌ ÇÒ ¼ö ÀÖ½À´Ï´Ù.

    * -n ¿É¼Ç ÀÌ¿ë
    ping -n 10.10.10.6 ¿Í °°ÀÌ -n ¿É¼ÇÀ» ÀÌ¿ëÇϸé reverse lookup À» ½ÃÇàÇÏÁö ¾Ê½À´Ï´Ù.

    * /etc/hosts ÀÌ¿ë
    /etc/hosts ´Â ÀÏÁ¾ÀÇ ¼ÒÇü DNS ¶ó°í »ý°¢ÇÏ½Ã¸é µË´Ï´Ù.
    /etc/hosts ¿¡ ÇØ´ç IP ¸¦ Á¤ÀÇÇØ ÁÖ¸é ¿ªÁúÀǸ¦ ÇÏÁö ¾Ê½À´Ï´Ù.

    * /etc/named.conf ÀÌ¿ë
    /etc/named.conf ¿¡ 10.10.10.0/8 ´ë¿ª¿¡ ´ëÇØ À§ÀÓ ±ÇÇÑÀ» ÁöÁ¤ÇØ ÁÖ¸é
    ÃÖ»óÀ§ root DNS ¼­¹ö±îÁö reverse lookup À» ÇÏÁö ¾Ê°Ô µË´Ï´Ù.


    #### arp ¿Í DNS ¿¡ ´ëÇØ

    arp -a ¸¦ ½ÇÇàÇÏ¿´À» ¶§ÀÇ °á°ú¸¦ º¸¸é ½±°Ô ÀÌÇØÇÒ ¼ö ÀÖ½À´Ï´Ù.

    # arp -a
    ? (192.168.1.246) at 00:D0:B7:9A:25:20 [ether] on eth0
    ? (192.168.1.191) at 00:D0:B7:88:E8:0D [ether] on eth0
    webserver (192.168.1.45) at 00:01:02:54:C2:E7 [ether] on eth0
    ? (192.168.1.102) at <incomplete> on eth0

    ¿©±â¿¡¼­ eth0 ÀÎÅÍÆäÀ̽º¸¦ ÅëÇØ 192.168.1.246 ÀÇ MAC ÁÖ¼Ò´Â 00:D0:B7:9A:25:20,
    192.168.1.191ÀÇ MAC ÁÖ¼Ò´Â 00:D0:B7:88:E8:0D ¶ó´Â °ÍÀ» ¾Ë ¼ö ÀÖ½À´Ï´Ù.
    ±×·±µ¥, Á¦ÀÏ ¾Õ ºÎºÐÀÌ ´Ù¸¥ 3ÁÙÀº  ? À¸·Î µÇ¾î Àִµ¥, ¼¼ ¹ø°ÁÙ¸¸ ? ´ë½Å
    webserver ¶ó°í µÇ¾î ÀÖ½À´Ï´Ù.  
    ÀÌ Â÷ÀÌÁ¡Àº ? Àº °¢°¢ÀÇ IP ÁÖ¼Ò¿¡ ´ëÇØ ¿ªÁúÀÇ(reverse lookup)¸¦ Çߴµ¥,
    ÇØ´çÇϴ ȣ½ºÆ® À̸§ÀÌ Á¸ÀçÇÏÁö ¾Ê¾Æ ? ·Î Ç¥½ÃµÈ °ÍÀÌ°í 192.168.1.45ÀÇ °æ¿ì
    ¿ªÁúÀÇÇÑ °ªÀÌ  webserver ·Î Á¸ÀçÇÏ¿© À§¿Í °°ÀÌ Ç¥ÇöµÈ °ÍÀÔ´Ï´Ù.

    Âü°í°¡ µÇ¼Ì±â¸¦ ¹Ù¶ø´Ï´Ù.


    °¨»çÇÕ´Ï´Ù.

      ----- Original Message -----
      From: i
      To: sec-info@cert.certcc.or.kr
      Sent: Wednesday, July 23, 2003 7:04 PM
      Subject: ping, arp, dns°ü·ÃÇÏ¿©


      L2½ºÀ§Ä¡¿¡ ¼­¹öµéÀÌ ¿¬°áµÇ¾î ÀÖ°í
      sun ¼­¹ö¿¡¼­ °°Àº ³×Æ®¿÷ÀÇ ´Ù¸¥ ¼­¹ö·Î pingÀ» Çϸé
      marine# ping -s 10.10.10.6
      PING 10.10.10.6: 56 data bytes
      64 bytes from 10.10.10.6: icmp_seq=0. time=0. ms
      64 bytes from 10.10.10.6: icmp_seq=1. time=55417. ms
      64 bytes from 10.10.10.6: icmp_seq=2. time=54417. ms
      64 bytes from 10.10.10.6: icmp_seq=3. time=53417. ms
      64 bytes from 10.10.10.6: icmp_seq=4. time=52417. ms
      64 bytes from 10.10.10.6: icmp_seq=5. time=51417. ms
      64 bytes from 10.10.10.6: icmp_seq=6. time=50418. ms
      64 bytes from 10.10.10.6: icmp_seq=7. time=49418. ms
      64 bytes from 10.10.10.6: icmp_seq=8. time=48418. ms
      64 bytes from 10.10.10.6: icmp_seq=9. time=47418. ms
      64 bytes from 10.10.10.6: icmp_seq=10. time=46418. ms
      64 bytes from 10.10.10.6: icmp_seq=11. time=45418. ms
      64 bytes from 10.10.10.6: icmp_seq=12. time=44418. ms
      64 bytes from 10.10.10.6: icmp_seq=13. time=43418. ms
      64 bytes from 10.10.10.6: icmp_seq=14. time=42418. ms
      64 bytes from 10.10.10.6: icmp_seq=15. time=41419. ms
      64 bytes from 10.10.10.6: icmp_seq=16. time=40419. ms
      64 bytes from 10.10.10.6: icmp_seq=17. time=39419. ms
      64 bytes from 10.10.10.6: icmp_seq=18. time=38419. ms
      64 bytes from 10.10.10.6: icmp_seq=19. time=37419. ms
      64 bytes from 10.10.10.6: icmp_seq=20. time=36419. ms
      64 bytes from 10.10.10.6: icmp_seq=21. time=35419. ms
      64 bytes from 10.10.10.6: icmp_seq=22. time=34419. ms
      64 bytes from 10.10.10.6: icmp_seq=23. time=33419. ms
      64 bytes from 10.10.10.6: icmp_seq=24. time=32420. ms
      64 bytes from 10.10.10.6: icmp_seq=25. time=31420. ms
      64 bytes from 10.10.10.6: icmp_seq=26. time=30420. ms
      64 bytes from 10.10.10.6: icmp_seq=27. time=29420. ms
      64 bytes from 10.10.10.6: icmp_seq=28. time=28420. ms
      64 bytes from 10.10.10.6: icmp_seq=29. time=27420. ms
      64 bytes from 10.10.10.6: icmp_seq=30. time=26421. ms
      64 bytes from 10.10.10.6: icmp_seq=31. time=25421. ms
      64 bytes from 10.10.10.6: icmp_seq=32. time=24421. ms
      64 bytes from 10.10.10.6: icmp_seq=33. time=23421. ms
      64 bytes from 10.10.10.6: icmp_seq=34. time=22421. ms
      64 bytes from 10.10.10.6: icmp_seq=35. time=21421. ms
      64 bytes from 10.10.10.6: icmp_seq=36. time=20421. ms
      64 bytes from 10.10.10.6: icmp_seq=37. time=19421. ms
      64 bytes from 10.10.10.6: icmp_seq=38. time=18421. ms
      64 bytes from 10.10.10.6: icmp_seq=39. time=17422. ms
      64 bytes from 10.10.10.6: icmp_seq=40. time=16422. ms
      64 bytes from 10.10.10.6: icmp_seq=41. time=15422. ms
      64 bytes from 10.10.10.6: icmp_seq=42. time=14422. ms
      64 bytes from 10.10.10.6: icmp_seq=43. time=13422. ms
      64 bytes from 10.10.10.6: icmp_seq=44. time=12422. ms
      64 bytes from 10.10.10.6: icmp_seq=45. time=11422. ms
      64 bytes from 10.10.10.6: icmp_seq=46. time=10422. ms
      64 bytes from 10.10.10.6: icmp_seq=47. time=9422. ms
      64 bytes from 10.10.10.6: icmp_seq=48. time=8423. ms
      64 bytes from 10.10.10.6: icmp_seq=49. time=7422. ms
      64 bytes from 10.10.10.6: icmp_seq=50. time=6423. ms
      64 bytes from 10.10.10.6: icmp_seq=51. time=5423. ms
      64 bytes from 10.10.10.6: icmp_seq=52. time=4423. ms
      64 bytes from 10.10.10.6: icmp_seq=53. time=3423. ms
      64 bytes from 10.10.10.6: icmp_seq=54. time=2423. ms
      64 bytes from 10.10.10.6: icmp_seq=55. time=1423. ms
      64 bytes from 10.10.10.6: icmp_seq=56. time=424. ms
      64 bytes from 10.10.10.6: icmp_seq=57. time=0. ms
      64 bytes from 10.10.10.6: icmp_seq=58. time=0. ms
      64 bytes from 10.10.10.6: icmp_seq=59. time=0. ms
      64 bytes from 10.10.10.6: icmp_seq=60. time=0. ms
      64 bytes from 10.10.10.6: icmp_seq=61. time=0. ms
      64 bytes from 10.10.10.6: icmp_seq=62. time=0. ms
      64 bytes from 10.10.10.6: icmp_seq=63. time=0. ms
      64 bytes from 10.10.10.6: icmp_seq=64. time=0. ms
      64 bytes from 10.10.10.6: icmp_seq=65. time=0. ms
      64 bytes from 10.10.10.6: icmp_seq=66. time=0. ms
      »ý·«...

      ±×·¯´Ï±î pingÀ» ÇÏ¸é °è¼Ó¸ØÃçÀÖ´Ù 57ÃÊ Á¤µµ µÇ¸é °©ÀÚ±â 1- 57 ±îÁö ÇѲ¨¹ø¿¡ ³ª¿À°í
      ±×ÀÌÈķδ Àߵ˴ϴÙ...
      ±×·¡¼­ /etc/nsswitch.conf ¿¡¼­ dns ÂüÁ¶ºÎºÐÀ» Áö¿ì¸é Àß µË´Ï´Ù.
      arp -a ¸¦ Çصµ ¾öû´À¸®±¸¿ä....À̰͵µ dnsºÎºÐÀ» Áö¿ì¸é Àߵ˴ϴÙ
      pingÀ̳ª arp µµ dns¿Í »ó°üÀÌ ÀÖ³ª¿ä?


    Ä¿ÇǴнº, ½Ã½ºÅÛ ¿£Áö´Ï¾îÀÇ ½°ÅÍ / URL : http://coffeenix.net/board_view.php?bd_code=91