Ä¿ÇÇÇâÀÌ ³ª´Â *NIX
Ä¿ÇǴнº
½Ã½ºÅÛ/³×Æ®¿÷/º¸¾ÈÀ» ´Ù·ç´Â °÷
*
HanIRCÀÇ #coffeenix ¹æ
[
Àåºñ ¹× ȸ¼± ÈÄ¿ø
]
> Forum <
IT ÀÏÁ¤
N
e
w
!
ÀÚµ¿È ÇÁ·ÎÁ§Æ®
HOME
>
º¸¾È(security)
>
º¸¾È¹®¼ - ½Ã½ºÅÛ º¸¾È
µµ¿ò¸»
°Ë»ö :
»çÀÌÆ®
WHOIS
À¥¼¹ö Á¾·ù
¼Ö¶ó¸®½ºÀÇ syn flooding¿¡ ´ëÇØ(±Û John Lee)
ÀÛ¼ºÀÏ : 2003/09/06 14:48
±Û¾´ÀÌ : ÁÁÀºÁøÈ£ (
http://coffeenix.net/
)
Á¶È¸¼ö : 6875
[
ÀÌÀüȸé
/
¼öÁ¤
] ºñ¹Ð¹øÈ£ :
sec-info ¸ÞÀϸµ¸®½ºÆ®¿¡ John Lee´ÔÀÌ ¿Ã¸° ±ÛÀÔ´Ï´Ù.
³»¿ëÀº ±×´ë·ÎÀ̸ç, ´ÜÁö ÁÙ¹Ù²Þ Á¤µµ¸¸ ¼öÁ¤Çß½À´Ï´Ù. ^^
¾Æ·¡ºÎÅÍ ¿ø±ÛÀԴϵð.
---------------------------------------------------------------------
Á¦¸ñ : ¼Ö¶ó¸®½ºÀÇ TCP_SYN_FLOODING
From : John Lee (dhlee@oullim.co.kr)
Date : Sat Jul 14 2001 - 10:54:52 KST
ÁÁÀº ¹®¼ °¨»çµå¸³´Ï´Ù. µµ¿òÀÌ ¸¹À̵Ǿú½À´Ï´Ù. Á¦°¡ ¾Ë°í ÀÖ´Â ¾ÆÁÖ ÀÛÀº°Í Çϳª ¸»¾¸µå¸®·Á°í ÇÕ´Ï´Ù.
»ó¿ë ¿î¿µÃ¼Á¦ÀÎ ¼Ö¶ó¸®½º ½Ã½ºÅÛ¿¡ ´ëÇÑ °Çµ¥¿ä. Á¦°¡ ¿¾³¯¿¡ ÀÛ¼ºÇÑ ¹®¼°¡ À־®.
¼Ö¶ó¸®½º ¿î¿µÃ¼Á¦¸¦ »ç¿ëÇϽô ºÐ²²¼´Â ÂüÁ¶ÇØ º¸½Ã±â ¹Ù¶ø´Ï´Ù.
================================================================================
Àßµé ¾Æ½Ã°ÚÁö¸¸... ¼Ö¶ó¸®½º´Â ÀϹÝÀûÀ¸·Î syn floodingÀÌ ÅëÇÏÁö ¾Ê½À´Ï´Ù. ¾Æ¹«¸® syn packetÀ» ³¯·Áµµ
½Ã½ºÅÛÀÌ ²ÞÀûµµ ÇÏÁö ¾Ê´Â °É·ç ¾Ë°íÀÖ½À´Ï´Ù.
ÀϹÝÀûÀÎ ¸®´ª½º ½Ã½ºÅÛÀÌ packetÀ» 5000°³ Á¤µµ¸¸ ³¯·Áµµ ¸ÔÅëÀÌ µÇ¾ú´ø °Í°ú´Â ¸¹ÀÌ ´Ù¸¨´Ï´Ù.
¾î´À ¼¹ö Ŭ¶óÀ̾ðÆ® ÇÁ·Î±×·¥ÀÌ ´Ù ±×·¸°ÚÁö¸¸, ¼¹öÇÁ·Î±×·¥ÀÌ listen À» call ÇÏ°Ô µÇ¸é kernelÀÌ TCP
»óŸ¦ closed ¿¡¼ listenÀ¸·Î ¹Ù²Ù°Ô µÇÁÒ. ÀÌ°É passive listen À̶ó°í ÇÏ¸ç ¹¹ ±×°Ô Áß¿äÇÑ°Ô ¾Æ´Ï±¸¿ä.
passive listenÀ» ÇÏ¸é¼ µ¿½Ã¿¡ socket buffer ¿Í °°Àº ±¸Á¶Ã¼¿Í µÎ°³ÀÇ Å¥¸¦ ¸¸µé°Ô µË´Ï´Ù.
¹®Á¦ÀÇ ÇØ°áÀº ¹Ù·Î ÀÌ Å¥¿¡ ÀÖÁ®...
incomplete connection queue ¿Í complete connection queue µÎ°³¸¦ ¸¸µé°Ô µË´Ï´Ù.
ÀüÀÚ´Â ½Ã½ºÅÛ¿¡ Àü´ÞµÇ´Â ¸ðµç syn packetÀ» ÀúÀåÇÏ°Ô µË´Ï´Ù.(±×·¯´Ï±î óÀ½À¸·Î Á¢¼ÓÀ» ½ÃµµÇÏ´Â ³ðÀº
ÀÏ´Ü ¿©±â¿¡ ¸Ó¹°°Ô µÇÁ®..)
BSD source ¿¡ º¸¸é ÀÌ°Ç so_q0len À̶ó´Â entry·Î µÇ¾îÀÖ±¸¿ä..3¹ø ¾Ç¼ö¸¦ ÅëÇؼ ¿Ïº®ÇÏ°Ô established
»óÅ°¡ µÇÁö ¾ÊÀº ¸ðµç connection ¿¡ ´ëÇÑ ³»¿ëÀÌ ¹Ù·Î ÀÌ Å¥¿¡ ÀúÀåµÇ°Ô µË´Ï´Ù. ¶ÇÇÑ ¿Ïº®ÇÏÁö ¾ÊÀº
Á¢¼Ó»óÅ´ RTT(Round Trip Time)µ¿¾È Å¥¿¡ ¸Ó¹°°Ô µÇ¸ç 1ÃÊ¶óµµ ³Ñ°ÔµÇ¸é °¡Â÷¾øÀÌ Ã³ºÐµË´Ï´Ù.
ÈÄÀÚ´Â 3¹ø ¾Ç¼ö¸¦ ÅëÇؼ connection ÀÌ ¼º¸³µÈ °ÍµéÀÌ ÀúÀåµÇ´Â Å¥ÀÔ´Ï´Ù. ±×·¯´Ï±î complete Å¥¿¡¼
´ë±âÇÏ¸é¼ ´Ù½Ã accept ¸¦ call ÇÏ´Â °É ±â´Ù¸®´Â °ÅÁÒ. accept µÈ °ÍµéÀº Å¥¿¡¼ »ç¶óÁö°Ô µÇ±¸¿ä.
¸ðµç Å¥´Â ÁöÁ¤µÈ entryÀÇ ¼ö (¸Ó ÁöÁ¤µÈ ¼ö°¡ ÀÖ°ÚÁ®. 128°³ ¶óµç°¡..)¿¡ ÀÇÇؼ Á¦ÇÑÀ» ¹Þ°Ô µË´Ï´Ù.
¾î¶°ÇÑ ÀÌÀ¯¿¡¼µç complete connetction queue¿¡¼ Áö¿öÁöÁö ¾Ê°í, Å¥°¡ ²ËÂ÷°Ô µÇ¸é Ä¿³ÎÀº ´õÀÌ»óÀÇ
Á¢¼ÓÀ» ¹ÞÁö ¾Ê½À´Ï´Ù. timeout °ªÀº Å¥¿¡ ÀúÀåµÈ syn segment¿¡ ÀÇÇØ °áÁ¤µÇ¸ç. Å¥¿¡ ÀúÀåµÈ syn packet
¿¡ ´ëÇؼ ack°¡ ¼ö½ÅµÇÁö ¾Ê´Â°æ¿ì(±×·¯´Ï±î SYN_RCVD »óÅ°¡ µÇ°ÚÁ®.. -_-;)½Ã°£ÀÌ °æ°úµÇ°í ±×°á°ú
±×³É packetÀÌ drop µË´Ï´Ù. tiemout °ªÀº syn_flood µîÀ» ¸·´Âµ¥ °¡Àå Áß¿äÇÑ °ÍÀÌ µÉ²¨±¸¿ä.
°á°úÀûÀ¸·Î ¿ì¸®°¡ ¾Ï¸¸ synÀ» ³¯·ÁµÎ ÀÌ·¯ÇÑ Á¢¼ÓÀº incomplete connection queue¿¡ ¸Ó¹°°Ô µÇ¸ç. 3¹ø
¾Ç¼ö¸¦ ÇÏÁö ¾ÊÀ¸¹Ç·Î complete connection queue·Î ³Ñ¾î°¡Áö ¾Ê´Â´Ù´Â Á¡,,, ±×¸®°í RTT¿¡ ÀÇÇؼ
connectionÀÌ drop µÇ¸ç ÀÌ·¯ÇÑ °æ¿ì¿¡µµ ¾ÆÁÖ special ÇÑ ¾Ë°í¸®ÁòÀ» ÀÌ¿ëÇؼ valid ÇÑ Á¢¼Ó ¿ä±¸´Â
¹Þ¾Æµé¿©Áø´Ù´Â Á¡ÀÔ´Ï´Ù. (ÀÌ°É ¾Ë¼ö°¡ ¾ø½À´Ï´Ù. special ÇÑ ¾Ë°í¸®ÁòÀ»..¾îµôºÁµµ ±×³É ¿ø¹® ±×´ë·Î
ÀÔ´Ï´Ù.special algorithm makes sure that valid connections can still get through )
ndd ¸í·ÉÀ» ÀÌ¿ëÇؼ ÀÌ°É È®ÀÎÇØ º¼¼öÀÖ½À´Ï´Ù.
¿ì¼± tcp_conn_req_max ¶ó´Â °ªÀÌ Àִµ¥ ÀÌ°Ç solaris 2.5 ¹öÀü¿¡¼ Å¥ ÇÑ°³¸¦ ¾µ¶§ connetction À» ¸î°³
±îÁö ¹ÞÀ»°ÍÀΰ¡¿¡ ´ëÇÑ°ªÀÔ´Ï´Ù. ÀÌ·¸°Ô ¾Æ¼ö¿ï¾¥°¡.
Å¥¸¦ ÇÑ°³¹Û¿¡ ¸ø¾²´Ù´Ï.. ±×·¡¼ ½ã¿¡¼ Á¦°øÇØ ÁÖ´Â patch°¡ ÀÖ½À´Ï´Ù. 103582-12 ¹ø ÆÐÄ¡¸¦ ¹Þ¾Æ´Ù ¼³Ä¡
Çϸé Å¥¸¦ µÎ°³·Î ´Ã·ÁÁÝ´Ï´Ù. ¾Æ 2.5 ÀÌÀü ¹öÀü¿¡ ÇØ´çÇϴϱñ 2.5.1 ¿¡¼´Â »ó°üÀÌ ¾ø½À´Ï´Ù.
solaris2.6 À̳ª 7 ¿¡¼± ÀÌ·± º¯¼ö°¡ ¾øÁ®? ´ç¿¬ÇÏÁ®. Å¥¸¦ µÎ°³¸¦ ¾²´Ï±ñ.
tcp_conn_req_max_q0 ¿Í tcp_conn_req_max_q µÎ°³ÀÇ°ªÀÔ´Ï´Ù. À½..À½..À½... ¿ì¸® color¿¡¼ º¸´Ï ÀüÀÚÀÇ
°ªÀº 1024·Î µÇ¾îÀֳ׿ä.. Å¥ Ä¡°í´Â ¾ÆÁÖ Å« Å¥¶ó°í ÇÒ¼öÀÖ½À´Ï´Ù.
(±¸´Ú´Ù¸® ¸®´ª½º°¡ ÇϳªÀÇ Å¥·Î Å©±â°¡ 16°³ ¿´À»¶§°¡ ÀÖ¾úÀ¸´Ï±ñ¿©) ±×¸®°í ÈÄÀÚÀÇ Å¥´Â 128°³ ³×¿ä.
ÀÌ°Ô ÁøÂ¥ Å¥ÀÔ´Ï´Ù. ( ¸Ó ¾î´À°ÍÀº °¡Â¥À̰ڳĸ¸Àº ÇÏ´Â ÀÏÀÌ ´Ù¸£´Ï±ñ -_-;)
°¢°¢ º¯¼öÀÇ °ªµéÀº °ü¸®ÀÚÀÇ ¸¾´ë·Î ¼³Á¤ÀÌ °¡´ÉÇÕ´Ï´Ù. ÈÄÀÚ´Â sun¿¡¼ recommendation ÇÏ´Â ¼öÄ¡°¡ 128
À̳׿ä. max·Î 1024°³ ±îÁö ´Ã¸±¼öÀÖ´Ù°í ÇÕ´Ï´Ù..
ÇÑÆí¿¡¼´Â Å¥¸¦ µÎ°³¾²´Â°ÍÀÌ ÇÊ¿ä°¡ ¾ø´Ù´Â ÁÖÀåÀÌ ³ª¿À±âµµ ÇÏ´õ±º¿ä.. ¾ÆÁÖ busy ÇÑ web µîÀÇ
application serverÀÇ °æ¿ì ½ÇÁ¦·Î incomplete connection queue¿¡ ÀúÀåµÇ¾ú´Ù°¡ Æó±âµÇ´Â (±×·¯´Ï±î
È®½ÇÇÏ°Ô 3¹ø ¾Ç¼ö¸¦ ÇÏÁö ¾ÊÀº connection µé..)¾çÀÌ Àüü packetÀÇ 15%µµ µÇÁö ¾Ê´Â´Ù°í Çϳ׿ä.
¾î¶µç µÎ°³ÀÇ Å¥¸¦ »ç¿ëÇÑ´Ù´Â Á¡ ±×¸®°í ±× ¾Ë¼ö¾ø´Â special ¾Ë°í¸®ÁòÀ» »ç¿ëÇÑ´Ù´Â°Ô ´Ù¸£³×¿ä.
¸Ó ±×·¸´Ù°í Çϳ׿©. ¿Í ÀÌ·±°É ¾ðÁ¦ ´Ù °øºÎÇÏÁö. À½.. À½...
================================================================================
Ä¿ÇǴнº Ä«Æä ÃÖ±Ù ±Û
[04/19]
Á¦ÁÖ
[04/18]
??? ?????
[04/17]
???? onion ?????? -
[04/11]
±¹°¡
[04/10]
Stride Into Dream:
[03/20]
Re: ¿Â¶óÀΰÔÀÓÀÇ Á¾ÁÖ±¹ ´ëÇѹα¹
[10/20]
Cross Compiler ±ò
[07/14]
SSL ¬¡¬°
[04/26]
Re: µµ½ºÈ¸é ¿ø°ÝÁ¶Á¾ ¿©ºÎ
[04/25]
µµ½ºÈ¸é ¿ø°ÝÁ¶Á¾ ¿©ºÎ
[10/30]
Cshell¿¡¼ ³¼ö ¼³Á¤
[10/23]
°øÇ×öµµÁÖ½Äȸ»ç SE ±¸ÀÎ Ëì
[01/26]
Re: wgetÀ¸·Î ´Ù¸¥¼¹ö¿¡ÀÖ´Â µð·ºÅ丮¸¦ °¡Á®¿À·Á°íÇÕ´Ï´Ù.
[01/25]
wgetÀ¸·Î ´Ù¸¥¼¹ö¿¡ÀÖ´Â µð·ºÅ丮¸¦ °¡Á®¿À·Á°íÇÕ´Ï´Ù.
[01/11]
ƯÁ¤ ¾Èµå·ÎÀ̵å WebView ¹öÀü¿¡¼ SSL ¹®Á¦ (WebView ¹ö±×)
N
e
w
! ÃÖ±Ù¿¡ µî·ÏÇÑ ÆäÀÌÁö
KiCad EDA Suite project (Free/Libre/Open-Source EDA Suite) (CAD)
¿ÀÇÂij½ºÄÉÀ̵å ijµå (OpenCASCADE CAD)
QCad for Windows --- GNU GPL (Free Software)
The Hello World Collection
IPMI¸¦ È°¿ëÇÑ ¸®´ª½º ¼¹ö°ü¸®
DNS ¼³Á¤ °Ë»ç
nagiosgraph ¼³Ä¡ ¹æ¹ý
Slony-I ¼³Ä¡ ¹æ¹ý (postgresql replication tool)
Qmail±â¹ÝÀÇ Anti spam ½Ã½ºÅÛ ±¸ÃàÇϱâ
clusterssh
[ ÇÔ²²ÇÏ´Â »çÀÌÆ® ]
¿î¿µÁø :
ÁÁÀºÁøÈ£(truefeel)
, ¾ß¼ö(yasu), ¹ü³ÃÀÌ, sCag
2003³â 8¿ù 4ÀÏ~