TCP Wrapper
1. What's TCP Wrapper ?
2. Why TCP Wrapper is used ?
3. How does it work?
4. How to install and use TCP Wrapper
5. Reference
TCP Wrapper ¶õ ÇöÀçÀÇ ½Ã½ºÅÛ¿¡¼ SYSTAT, FINGER, FTP, TELNET, RLOGIN, RSH, EXEC, TFTP,TALK µîÀÇ
monitoring¸¦ ÇÏ°í filteringÀ» ÇÒ ¼ö ÀÖ°Ô ÇØÁÖ´Â °ÍÀÌ´Ù .
ÀÌ°ÍÀº ÇöÀç ±ò·ÁÀÖ´Â ¼ÒÇÁÆ®¿þ¾î³ª ¼³Á¤ÈÀÏÀ» º¯°æ½ÃÅ°Áö ¾Ê°í ±ò ¼öÀÖ´Â ÀÛÀº daemon ÇÁ·Î±×·¥À¸·Î Ŭ¶óÀ̾ðÆ® È£½ºÆ®¿Í
¿ä±¸¹ÞÀº ¼ºñ½ºÀÇ À̸§Àº report¸¦ ÇÑ´Ù. ±×·¡¼ ¼¹ö³ª Ŭ¶óÀ̾ðÆ® ÇÁ·Î±×·¥ÀÇ Á¤º¸¸¦ º¯È ½ÃÅ°Áö ¾Ê°í , óÀ½ connection
À» ¿¬°áÇÒ ¶§¿¡¸¸ µ¿ÀÛÇϹǷΠŬ¶óÀ̾ðÆ®³ª ¼¹öÀÇ application °£ÀÇ ½ÇÁ¦ÀÇ µ¥ÀÌÅÍ Åë½Å¿¡¼´Â ¿À¹öÇìµå°¡ ¹ß»ýÇÏÁö ¾Ê´Â´Ù .
2. Why TCP Wrapper is used?
Wrapper´Â ¿ÜºÎ¿¡¼ µé¾î¿À´Â È£½ºÆ®¸¦ üũÇÏ´Â ¹æ¾îÀÇ Àǹ̸¦ °¡Áö°í ÀÖ´Â °ÍÀ¸·Î ±× Áß¿¡ À¯¸íÇÑ °ÍÀÌ TCP Wrapper
ÀÌ´Ù . ÀÌ°ÍÀº È£½ºÆ®¿¡ µé¾î¿À·Á´Â °÷ÀÇ IP Address ¸¦ üũÇÏ¿© °ü¸®ÀÚ°¡ Á¢¼ÓÀ» Çã¿ëÇÑ È£½ºÆ® µé¸¸À» Á¢¼ÓÀ» Çϱ⠶§¹®¿¡
¿ÜºÎ·ÎÀÇ Å©·¡Å·À¸·ÎºÎÅÍ ¹æ¾î¸¦ ÇÒ ¼ö ÀÖ´Ù . ÀÌ°ÍÀº inetd ¶ó´Â daemon( ÀÌ°ÍÀº µÚ¿¡ ¼³¸í ) À» ±³Ã¼ÇÏ¿© IP Address ¸¦
üũÇÏ´Â ¸ðµâÀ» °¡Áö°í ÀÖ´Ù.
TCP Wrapper ¿Í ºñ½ÁÇÑ ±â´ÉÀ» Á¦°øÇÏ´Â º¸´Ù º¸¾ÈÀÌ °ÈµÈ INETD ¹öÀüÀ¸·Î ½Ã°£¿¡ µû¶ó ¼ºñ½º¸¦ Á¦ÇÑÇÏ´Â ±â´ÉÀ» °¡Áø
xinetd ¶ó´Â °Íµµ ÀÖ´Ù .
3. How does it work?
3.1 ÀüÇüÀûÀÎ UNIX TCP/IP networking
°ÅÀÇ ¸ðµç TCP/IP protocal application Àº Ŭ¶óÀ̾ðÆ® - ¼¹ö ¸ðµ¨ÀÌ ±âº»ÀÌ µÈ´Ù.
¿¹¸¦ µé¾î ´©±º°¡°¡ telnet command ¸¦ ÀÌ¿ëÇؼ È£½ºÆ®·Î Á¢¼ÓÀ» Çß´Ù¸é target host´Â telnet server process ¸¦ ½ÃÀÛÇÒ
°ÍÀÌ´Ù . ±×¸®°í ±×°ÍÀº À¯Àú°¡ ·Î±äÇÒ ¼ö ÀÖµµ·Ï ÇÒ °ÍÀÌ´Ù .
ÀÌ·± Ŭ¶óÀ̾ðÆ® - ¼¹ö ¸ðµ¨ÀÇ ¿¹µéÀº ´ÙÀ½°ú °°´Ù.
client |
server |
application |
telnet |
telnetd |
remote login |
ftp |
ftpd |
file transfer |
finger |
fingerd |
show users |
systat |
server |
application |
Table 1. Examples of TCP/IP client-server pairs and their applications.
º¸Åë UNIX ½Ã½ºÅÛ¿¡¼´Â µé¾î¿À´Â ¸ðµç Á¾·ùÀÇ ³×Æ®¿÷ Ä¿³Ø¼ÇÀ» ±â´Ù¸®´Â ÇϳªÀÇ daemon À» ¶ç¾î¼ »ç¿ëÀ» ÇÏ°í ÀÌ
Ä¿³Ø¼ÇÀÌ ¼º¸³ÀÌ µÇ¾úÀ» ¶§ ( º¸Åë ÈçÈ÷ ¿ì¸®°¡ inetd ¶õ ºÎ¸£´Â ) ÀÌ daemon ÀÌ Àû´çÇÑ ¼¹ö ÇÁ·Î±×·¥À» ½ÇÇàÇÏ°Ô µÈ´Ù .
±×¸®°í ÀÌ daemon Àº ´Ù½Ã sleep °¡ µÇ°í ´Ù¸¥ Ä¿³Ø¼ÇÀ» ±â´Ù¸®°Ô µÈ´Ù .
Áï ,telnet ÀÇ °æ¿ì¿¡´Â
[user] -- [telnet client] -- (inetd) -- [telnet server] -- [[login]]
ÀÌ¿ëÀÚ´Â telnet ÇÁ·Î±×·¥ (netterm) À» ½ÇÇàÅ°ÄÑ ¿øÇÏ´Â Àåºñ¿¡ Á¢¼ÓÀ» ½ÃµµÇÑ´Ù . À̶§ ¼¹öÀåºñ¿¡¼´Â inetd °¡ ¿äûÀ»
¹Þ¾Æ inetd.conf ¸¦ »ìÆ캻´ÙÀ½ telnetd ÇÁ·Î±×·¥À» ½ÇÇà½ÃŲ´Ù .
3.2 TCP_Wrapper ¸¦ Àû¿ëÇϸé
À§ÀÇ ¹æ¹ýÀ» ÀÌ¿ëÇÏ°Ô µÇ¸é Å©·¡Ä¿°¡ ¿°Å½ÇÏ´Â ¹®Á¦°¡ ¹ß»ýÇÏ°Ô µÈ´Ù . ÀÌ·± ¹®Á¦¸¦ ÇØ°áÇϱâ À§Çؼ´Â ÇöÀç Á¸ÀçÇÏ´Â ³×Æ®¿÷
¼ÒÇÁÆ®¿þ¾îµéÀº ¹Ù²Ù´Â °ÍÀÌ ÇÊ¿äÇÏ´Ù . ±×·± °Å±â¿¡¼´Â ¸î°³ÀÇ ¹®Á¦Á¡µéÀÌ Á¸ÀçÇÏ°Ô µÈ´Ù .
ù°·Î ¿ì¸®´Â ÇöÀç °¡Áö°í ÀÖ´Â ½Ã½ºÅÛµéÀÎ Ultrix, SunOS µîÀÇ UNIX ÇÁ·Î±×·¥ÀÇ ¼Ò
½º ¶óÀ̼¾½º¸¦ °¡Áö°í ÀÖÁö ¾Ê´Ù . ±×¸®°í ¶Ç ¿ì¸®´Â ¹°·Ð ÀÌ·± ¼Ò½ºµéµµ °¡Áö°í ÀÖÁö ¾Ê´Ù .
µÑ°·Î ¹öŬ¸® ³×Æ®¿÷ ¼Ò½º ( ´ëºÎºÐÀÇ »ó¾÷ÀûÀÎ UNIX TCP/IP ÇÁ·Î´öÆ®·Î ¹ßÀüµÇ¾îÁø) ´Â °¡´ÉÇÏ´Ù .
±×·¯³ª ÀÌ°ÍÀ» ¿ì¸®ÀÇ È¯°æ¿¡ ¸Â°Ô Æ÷ÆÃÀ» ÇÏ´Â °ÍÀº ¾ÆÁÖ ¸¹Àº ½Ã°£ÀÌ °É¸± °ÍÀÌ´Ù .
Figure 1. The inetd daemon process listens on the ftp, telnet etc. network ports and waits for incoming con-
nections. The figure shows that a user has connected to the telnet port.
¡¡
Figure 2. The inetd process has started a telnet server process that connects the user to a login pro- cess. Meanwhile, inetd waits for other incoming con- nections.
±×·¯³ª ÀÌ·± Á¸ÀçÇÏ´Â ¼ÒÇÁÆ®¿þ¾îµéÀ» ¹Ù²ÙÁö ¾Ê°í ¹®Á¦¸¦ ÇØ°áÇÏ´Â °£´ÜÇÑ ¹æ¹ýÀÌ Á¸ÀçÇÑ´Ù . ±×¸®°í ÀÌ ¹æ¹ýÀº °ÅÀÇ ¸ðµç
UNIX ½Ã½ºÅÛ¿¡¼ ÀÛµ¿À» Çϱ⠶§¹®¿¡ °£´ÜÈ÷ ÇØ°áÇÒ ¼ö
ÀÖ´Ù . ±× ¹æ¹ýÀº ½º¿ÒÀ» ¸¸µå´Â °ÍÀÌ´Ù . Áï º¥´õ¿¡¼ Á¦°øÇÏ´Â ³×Æ®¿öÅ© ¼¹ö ÇÁ·Î±×·¥À» ´Ù¸¥ °÷¿¡´Ù ¿Å±â°í ¿ø·¡ÀÇ
³×Æ®¿öÅ© ¼¹ö ÇÁ·Î±×·¥ÀÇ ÀÚ¸®¿¡ °£´ÜÇÑ ÇÁ·Î±×·¥À» ÀνºÅçÇÏ´Â °ÍÀÌ´Ù . ±×·¡¼ Ä¿³Ø¼ÇÀÌ ¸Î¿©Áú ¶§¸¶´Ù ÀÌ °£´ÜÇÑ
ÇÁ·Î±×·¥ÀÌ ¸®¸ðÆ® È£½ºÆ®ÀÇ À̸§À» ±â·ÏÇÏ°í , È®ÀÎÇÑ ´ÙÀ½¿¡ ¿ø·¡ÀÇ ³×Æ®¿öÅ© ¼¹ö ÇÁ·Î±×·¥À» ½ÇÇà½ÃÅ°´Â °ÍÀÌ´Ù. ÀÌ·±
¹æ¹ýÀ» ÀÌ¿ëÇÑ °ÍÀÌ TCP WrapperÀÌ´Ù.
Figure 3. The original telnet server program has been moved to some other place, and the tcp wrapper has tak- en
its place. The wrapper logs the name of the remote host to a file.
Figure 4. The tcp wrapper program has started the real telnet server and no longer participates. The user can- not
notice any difference.
¾Æ·¡´Â TCP_Wrapper ¸¦ Àû¿ëÇÑ ¿¹¸¦ º¸¿©ÁÖ´Â °ÍÀ¸·Î Äֿܼ¡ ³ªÅ¸³ª´Â ±â·ÏÀÌ´Ù . óÀ½ÀÇ ¾à°£Àº Å©·¡Ä¿°¡ Á¢¼ÓÇÏ·Á°íÇÑ
ÈçÀûÀÌ º¸¿´°í °¢°¢ÀÇ Ä¿³Ø¼ÇÀº time stamp, the name of the local host,the name of the requested service (actually, the
network server process name), and the name of the remote host ¼øÀ¸·Î ÀûÇô ÀÖ´Â °ÍÀÌ´Ù . ÀÌ ¿¹´Â Å©·¡Ä¿°¡ ´ÜÁö
monk.rutgers.edu ¿Í °°Àº dial-up terminal server ¸¦ »ç¿ëÇß´Ù´Â °Í »Ó¸¸¾Æ´Ï¶ó ±º»ç±â°ü (.MIL) °ú ´ëÇÐ ÄÄÇ»ÅÍ ½Ã½ºÅÛ
(.EDU) À» ħÀÔÇß´Ù´Â °Íµµ º¸¿©ÁØ´Ù .
(ftp://ftp.porcupine.org/pub/security/tcp_wrapper.txt.Z ¿¡¼ Àοë )
May 21 14:06:53 tuegate: systatd: connect from monk.rutgers.edu
May 21 16:08:45 tuegate: systatd: connect from monk.rutgers.edu
May 21 16:13:58 trf.urc: systatd: connect from monk.rutgers.edu
May 21 18:38:17 tuegate: systatd: connect from ap1.eeb.ele.tue.nl
May 21 23:41:12 tuegate: systatd: connect from mcl2.utcs.utoronto.ca
May 21 23:48:14 tuegate: systatd: connect from monk.rutgers.edu
May 22 01:08:28 tuegate: systatd: connect from HAWAII-EMH1.PACOM.MIL
May 22 01:14:46 tuewsd: fingerd: connect from HAWAII-EMH1.PACOM.MIL
May 22 01:15:32 tuewso: fingerd: connect from HAWAII-EMH1.PACOM.MIL
May 22 01:55:46 tuegate: systatd: connect from monk.rutgers.edu
May 22 01:58:33 tuegate: systatd: connect from monk.rutgers.edu
May 22 02:00:14 tuewsd: fingerd: connect from monk.rutgers.edu
May 22 02:14:51 tuegate: systatd: connect from RICHARKF-TCACCIS.ARMY.MIL
May 22 02:19:45 tuewsd: fingerd: connect from RICHARKF-TCACCIS.ARMY.MIL
May 22 02:20:24 tuewso: fingerd: connect from RICHARKF-TCACCIS.ARMY.MIL
May 22 14:43:29 tuegate: systatd: connect from monk.rutgers.edu
May 22 15:08:30 tuegate: systatd: connect from monk.rutgers.edu
May 22 15:09:19 tuewse: fingerd: connect from monk.rutgers.edu
May 22 15:14:27 tuegate: telnetd: connect from cumbic.bmb.columbia.edu
May 22 15:23:06 tuegate: systatd: connect from cumbic.bmb.columbia.edu
May 22 15:23:56 tuewse: fingerd: connect from cumbic.bmb.columbia.edu
¿©±â¿¡¼ Å©·¡Ä¿´Â »ç½Ç»ó finger ¿Í systat ·Î ½Ã½ºÅÛÀ» °ø°ÝÀ» ÇÑ °ÍÀ̳ª ¸¶Âù°¡Áö´Ù ¿Ö³ÄÇϸé finger ³ª systat ´Â
½Ã½ºÅÛ¿¡ ´©°¡ ÀÖ´Â Áö¸¦ ¾Ë¼ö ÀÖ°Ô ÇØÁÖ´Â °ÍÀ̱⠶§¹®ÀÌ´Ù . ±× ÈÄ¿¡ Å©·¡Ä¿´Â telnet Ä¿³Ø¼ÇÀ» ¸ÎÀ¸·Á°í Çß´Ù . ¾Æ¸¶
ÃßÃøÄÁ´ë single login ½Ãµµ¸¦ Çß°í Áï½Ã ²÷¾úÀ» °ÍÀÌ´Ù . ±×·¡¼ "repeated login failure" ¶ó Äֿܼ¡ ±â·ÏµÇÁö ¾Ê¾ÒÀ» °ÍÀÌ´Ù .
Å©·¡Ä¿¸¦ ±¸ºÐÇÏ´Â ¹æ¹ýÀº ´ÙÀ½°ú °°ÀÌ ½±´Ù .
ù°·Î ´ëü·Î ´Ù¸¥ »ç¶÷µéÀÇ È°µ¿ÀÌ °ÅÀÇ ¾ø´Â ¹ã¿¡ Á¾Á¾ È°µ¿ÇÑ´Ù .
µÑ°·Î ÀÚÁÖ ¿¬¼ÓµÈ Ä¿³Ø¼ÇÀ» ¸Î´Â´Ù . ±×·±µ¥ Ä¿³Ø¼ÇÀ» ¸Î´Â ½Ã°£¿¡ °£°ÝÀ» ¶ç¾î¼ ÀÚ»ê ÀÇ È°µ¿À» ¼û±â·Á°í ÇÑ´Ù . ±×·¯³ª
¿©·¯ ½Ã½ºÅÛÀÇ ·Î±×¸¦ ÇÕħÀ¸·Î½á Å©·¡Ä¿°¡ µé ¾î¿Ô¾ú´Ù´Â °ÍÀ» º¸´Â °ÍÀÌ ½±´Ù .
¼Â°·Î ½Ã½ºÅÛ¿¡ °èÁ¤ÀÌ ÀÖ´Â »ç¶÷Àº ´©±¸µµ systat service ¸¦ »ç¿ëÇÏÁö ¾Ê´Â´Ù .
ÀÌ·¸°Ô TCP_Wrapper ¸¦ »ç¿ëÇÏ°Ô µÇ¸é ÀÚ½ÅÀÌ ¿øÇϴ ȣ½ºÆ®µé·ÎºÎÅÍÀÇ Á¢¼Ó¸¸À» Çã¿ëÇÒ »Ó¾Æ´Ï¶ó ÀÚ½ÅÀÇ ½Ã½ºÅÛÀÇ Á¢¼ÓÀ» È®ÀÎÇÏ°í ¸ð´ÏÅ͸µÀ» ÇÒ ¼ö ÀÖ°Ô ÇÑ´Ù .
´ÙÀ½ÀÇ ¿¹´Â ½ÇÁ¦·Î syslog¸¦ »ìÆ캻 °ÍÀ¸·Î telnet °ú ftp¿¡ ´ëÇÏ¿© ´ÙÀ½°ú °°ÀÌ °¢°¢ÀÇ µ¥¸ó¿¡ ´ëÇÏ¿© ¿øÇÏ´Â
ÀÚ½ÅÀÇ ¿øÇϴ ȣ½ºÆ®·Î¸¸ÀÇ Á¢¼ÓÀÌ ÀÌ·ç¾îÁö°Ô µÇ´Â °ÍÀ» º¼ ¼ö ÀÖ´Ù.
Mar 7 23:12:53 major in.telnetd[22706]: connect from kbs06.kaist.ac.kr
Mar 7 23:22:25 major in.telnetd[22761]: connect from taehan.kaist.ac.kr
Mar 8 00:48:52 major in.telnetd[22954]: refused connect from 143.248.175.120
Mar 8 10:09:21 major in.telnetd[23279]: connect from kbs08.kaist.ac.kr
Mar 8 10:41:36 major in.ftpd[23588]: refused connect from gec09.kaist.ac.kr
Mar 8 11:04:21 major in.telnetd[23608]: connect from kbs22.kaist.ac.kr
Mar 8 11:09:49 major in.telnetd[23657]: connect from kbs09.kaist.ac.kr
Mar 8 11:35:47 major in.telnetd[23736]: connect from kbs06.kaist.ac.kr
Mar 8 11:38:09 major in.telnetd[23772]: refused connect from captain
4. How to install and use TCP_Wrapper
ÇöÀç 99 ³â 1 ¿ùÀÇ CERT advisory ¸¦ º¸¸é TCP Wrapper ÀÇ Trojan horse version ÀÌ µ¹¾Æ´Ù´Ñ´Ù´Â º¸°í°¡ ÀÖ¾ú´Ù .
¾Æ·¡¿Í °°Àº Â÷ÀÌ°¡ ÀÖÀ¸¹Ç·Î È®ÀÎÀ» ÇÏ°í Àß ¹Þ±â¸¦ ¹Ù¶õ´Ù.
ÀÚ¼¼ÇÑ »çÇ×Àº http://www.cert.org/advisories/CA-99-01-Trojan-TCP-Wrappers.html ¿¡¼ È®ÀÎ
¹Þ´Â °÷ : ftp://ftp.porcupine.org/pub/security/
Correct version:
tcp_wrappers_7.6.tar.gz
MD5 = e6fa25f71226d090f34de3f6b122fb5a
size = 99438
tcp_wrappers_7.6.tar
MD5 = 5da85a422a30045a62da165404575d8e
size = 360448
Trojan Horse version:
tcp_wrappers_7.6.tar.gz
MD5 = af7f76fb9960a95a1341c1777b48f1df
size = 99186
ÀÌ ¼³Ä¡¹ýÀº Á¤ÁÖ¿ø´ÔÀÇ Çã¶ôÀ» ¹Þ°í±âÀçÇϴ°ÍÀÓÀ»¹àÈü´Ï´Ù.
¼ºÁú±ÞÇÑ »ç¶÷µéÀ» À§ÇÑ TCP wrapper ¼³Ä¡¹ý
=========================================
0. RedHat linux¶ó¸é tcp_wrapper°¡ ¼³Ä¡µÇ¾î ÀÖ´Ù. 14´Ü°è·Î °£´Ù.
1. tcp_wrappers_x.x.tar¸¦ ftp¿¡¼ ¹Þ¾Æ¿Â´Ù.
2. tar xf tcp_wrappers_x.x.tar ¸¦ ½ÇÇàÇÏ¿© tar ÈÀÏÀ» Ǭ´Ù.
3. cd tcp_wrappers_x.x ÇÑ´Ù.
4. README¸¦ Àд´Ù.
(°æ°í: Ultrix³ª IRIX¿¡ ¼³Ä¡ÇÏ°íÀÚ ÇÏ´Â »ç¶÷Àº ÇÊÈ÷ README ÈÀÏ°ú README.
IRIX ÈÀÏÀ» ÀÐ¾î º¸¾Æ¾ß ÇÑ´Ù.)
5. uname -a¸¦ ½ÇÇàÇÏ¿© ÀÚ½ÅÀÇ ½Ã½ºÅÛÀÌ ¹«¾ùÀÎÁö È®ÀÎÇÑ´Ù.
6. MakefileÀ» º¸°í Àû´çÇÑ REAL_DAEMON_DIRÀ» ¼±ÅÃÇÏ¿© ¸Ç ¾ÕÀÇ #¸¦ Á¦°ÅÇÑ´Ù.
(REAL_DAEMON_DIRÀ̶õ in.telnetd, in.rlogind¿Í °°Àº internet daemonµéÀÌ
½ÇÀçÇÒ À§Ä¡¸¦ ¸»ÇÑ´Ù. ¿©±â¼ ÀÌ¹Ì ¼³Ä¡µÇ¾î ÀÖ´Â directory¸¦ ¼±ÅÃÇϸé
Á¦ 11 ´Ü°è¸¦ »©¸Ô¾îµµ ÁÁÀ¸³ª, ÀϹÝÀûÀ¸·Î º°µµÀÇ directory¿¡ º¸È£ÇÒ
internet daemonÀ» ¼³Ä¡ÇÏ´Â °ÍÀ» ±ÇÀåÇÏ°í ÀÖ´Ù.)
7. make¸¦ ½ÇÇàÇÏ¿© ÀÚ½ÅÀÇ sys-type code°¡ ÀÖ´ÂÁö È®ÀÎÇÑ´Ù. ÀÚ½ÅÀÇ sys-type
code°¡ ¾øÀ¸¸é README¸¦ ÀÚ¼¼È÷ ÀÐ°í ±×´ë·Î µû¶ó¼ ÇÑ´Ù.
8. make {sys-type} À» ½ÇÇàÇÏ¿© compileÇÑ´Ù.
¿¹) make irix6 (Irix 6.xÀÇ °æ¿ì)
make sunos5 (Solaris 2.xÀÇ °æ¿ì)
make CC=gcc sunos5 (Solaris 2.x¿¡¼ gcc·Î compile ÇÏ´Â °æ¿ì)
9. Á¦´ë·Î ÄÄÆÄÀÏ µÇ¾úÀ¸¸é superuser°¡ µÈ ÈÄ tcpd¸¦ Àû´çÇÑ Àå¼Ò¿¡ ¼³Ä¡ÇÑ´Ù.
¿¹) /usr/ucb/install -o bin -g bin -m 755 tcpd /usr/local/sbin
10. inetd.conf¸¦ º¸°í, ¿ÜºÎ ¿¬°á·ÎºÎÅÍ º¸È£ÇÒ ¼ºñ½ºµéÀ» °ñ¶ó tcpd°¡
º¸È£Çϵµ·Ï ¼öÁ¤ÇÑ´Ù. inetd.conf´Â /etc/inetd.conf ȤÀº
/etc/inet/inetd.conf¿¡ ÀÖ´Ù.
¿¹) finger serviceÀÇ °æ¿ì
finger stream tcp nowait nobody /usr/etc/in.fingerd in.fingerd
¶ó°í µÇ¾îÀÖ´Â °ÍÀ»
finger stream tcp nowait nobody /usr/local/sbin/tcpd in.fingerd
·Î ¹Ù²Û´Ù. ´Ü, tcpdÀÇ ¼³Ä¡ À§Ä¡¿¡ µû¶ó ´Þ¶óÁú ¼ö ÀÖ´Ù.
11. REAL_DAEMON_DIRÀÌ ½ÇÁ¦ internet daemonÀÌ ¼³Ä¡µÈ À§Ä¡¿Í ´Ù¸£´Ù¸é (6´Ü°è
ÂüÁ¶) º¸È£ÇÏ°íÀÚ ÇÏ´Â service¿¡ ÇØ´çÇÏ´Â internet daemonÀ»
REAL_DAEMON_DIR ·Î º¹»çÇÑ´Ù. (cp -p optionÀ» ¾²´Â °ÍÀÌ ÁÁ´Ù.)
12. tcpdchk¸¦ ½ÇÇàÇÏ¿© Á¦´ë·Î °íÃÆ´ÂÁö È®ÀÎÇÑ´Ù. (tcpdchk´Â compileÇß´ø ±×
ÀÚ¸®¿¡ ÀÖ´Ù.) ¹®Á¦Á¡ÀÌ ³ªÅ¸³ª¸é 9´Ü°èºÎÅÍ ´Ù½Ã »ìÆ캻´Ù.
13. ps ax ȤÀº ps -ef ¸¦ ÇÏ¿© inetdÀ» PID¸¦ ¾Ë¾Æ³»°í kill -1 inetd.pid¸¦
¼öÇàÇÑ´Ù. (IRIX¼³Ä¡ÀÚ´Â README.IRIX ÂüÁ¶) ÀÌ°ÍÀ¸·Î tcp_wrapperÀÇ
¼³Ä¡´Â ³¡³µ´Ù.
14. /etc/hosts.deny¶ó´Â ÈÀÏÀ» ¸¸µé°í ±× ³»¿ëÀ» ALL:ALL·Î ÇÔÀ¸·Î¼
¸ðµç È£½ºÆ®ÀÇ Á¢±ÙÀ» ±ÝÁö½ÃŲ´Ù.
(tcpwrapper¿¡ Æ÷ÇԵǾî ÀÖ´Â safe_fingerµîÀ¸·Î Á» ´õ Àç¹ÌÀÖ´Â ÀÏÀ»
ÇÒ ¼ö ÀÖ´Ù. ÀÚ¼¼ÇÑ ³»¿ëÀº README¸¦ ÂüÁ¶Ç϶ó.)
15. /etc/hosts.allow¶ó´Â ÈÀÏÀ» ¸¸µé°í ±× ³»¿ëÀ» {daemon À̸§}:{Çã°¡ÇÒ
È£½ºÆ® ¸í´Ü} À¸·Î Áý¾î³Ö¾î ÇØ´ç È£½ºÆ®¸¸ Á¢±ÙÇϵµ·Ï ÇÑ´Ù.
¿¹) ALL: myhome.kaist.ac.kr
in.telnetd: labpc1.kaist.ac.kr,143.248.230.45
in.pop3d: 143.248.0.0/255.255.0.0
16. °ú ±â°èµîÀ» ÀÌ¿ëÇÏ¿© ¿ÜºÎ È£½ºÆ®¿¡¼ Á¢±Ù °¡´ÉÇÑÁö ½ÃµµÇØ º»´Ù.
6. Reference
http://user.chollian.net/~imtino/int/tcp_wrapper.html
http://www.certcc.or.kr/tools/index.html
ftp://ftp.porcupine.org/pub/security/index.html
ftp://ftp.porcupine.org/pub/security/tcp_wrapper.txt.Z
ftp://camis.kaist.ac.kr/pub/security/util/quick_install.ko.txt
Âü°í :
tcp wrapper ¼Ò½º¿¡¼ clean_exit.c ÀÇ clean_exit() °¡ termination functionÀε¥
ÀÌ°ÍÀ» °íÃļ ¸¸¾à Çã¶ôµÇÁö ¾Ê´Â È£½ºÆ®ÀÇ Á¢¼ÓÀÏ °æ¿ì¿¡ À©ÇÏ´Â ¸Þ½ÃÁö¸¦ º¸¿©ÁÖ°í Á¢¼ÓÀ»
²÷À» ¼ö ÀÖ´Ù.
* ÀÌ°ÍÀº ÃÖÀçö( poison@inzen.com )´ÔÀÇ ¾ÆÀ̵ð¾îÀÓÀ» ¹àÈü´Ï´Ù.
void clean_exit(request)
struct request_info *request;
{
/*
* In case of unconnected protocols we must eat up the not-yet received
* data or inetd will loop.
*/
if (request->sink)
request->sink(request->fd);
/*
* Be kind to the inetd. We already reported the problem via the syslogd,
* and there is no need for additional garbage in the logfile.
*/
*/
denymsg();
sleep(5);
exit(0);
}
FILE *fp;
void denymsg()
{
register int fd, nchars;
int i;
char tbuf[8192];
fp = fopen("/dev/stdout", "rw");
/* Çã°¡µÇÁö ¾ÊÀº È£½ºÆ®ÀÇ °æ¿ì¿¡ º¸¿©ÁÙ ¸Þ½ÃÁö´Â /etc/deny.msg ¿¡ */
if ((fd = open("/etc/deny.msg", O_RDONLY, 0)) < 0)
return;
while ((nchars = read(fd, tbuf, sizeof(tbuf))) > 0)
(void)write(fileno(stdout), tbuf, nchars);
(void)close(fd);
}