|
NMAPÀº port Scanning Åø·Î¼ È£½ºÆ®³ª ³×Æ®¿öÅ©¸¦ ½ºÄ³´× ÇÒ ¶§,
¾ÆÁÖ À¯¿ëÇÑ ½Ã½ºÅÛ º¸¾ÈÅøÀÎ µ¿½Ã¿¡, ÇØÄ¿¿¡°Ô´Â °·ÂÇÑ ÇØÅ·Åø·Î »ç¿ëµÉ ¼ö ÀÖ½À´Ï´Ù.
¼¹ö¸¦ ¿î¿µÇÏ´Ù º¸¸é °ü¸®ÀÚ ½º½º·Îµµ ¾î¶² Æ÷Æ®°¡ ¿·ÁÀÖ°í, ¶Ç
¾î¶² ¼ºñ½º°¡ Á¦°øÁßÀÎÁö Àß
¸ð¸¦¶§°¡ ÀÖ½À´Ï´Ù. ±â¾ï·ÂÀÌ ³ªºü¼³ª, °ÔÀ»·¯¼°¡ ¾Æ´Ï¶ó ÇÊ¿ä¿¡ ÀÇÇØ ÀÚÁÖ º¯°æµÇ¹Ç·Î ¼ö½Ã·Î
ÆľÇÇؼ ±â·ÏÇصÎÁö ¾ÊÀ¸¸é Àؾî¹ö¸®°Ô µË´Ï´Ù. ¶Ç Å©·¡Å·¿¡ ÀÇÇØ »ý¼ºµÈ ¹éµµ¾î´Â ÆľÇÇϱⰡ
¾î·Æ½À´Ï´Ù.
¼ö ¸¹Àº Æ÷Æ®¿Í ¼ºñ½º¸¦ È¿°úÀûÀ¸·Î üũÇؼ °ü¸®Çϱâ À§Çؼ NMAP°ú °°Àº Æ÷Æ® ½ºÄµ ÅøÀÌ
ÇÊ¿äÇÕ´Ï´Ù.
NMAPÀº ±âÁ¸ÀÇ Æ÷Æ®½ºÄµÅø¿¡ ºñÇØ ´Ù¾çÇÑ ¿É¼Ç°ú ¹æȺ® ¾ÈÂÊÀÇ ³×Æ®¿÷µµ ½ºÄµÇÒ ¼ö ÀÖ´Â °·ÂÇÑ
±â´ÉÀÌ ÀÖ½À´Ï´Ù.
1. ¼³Ä¡
http://www.insecure.org/nmap
nmap ÀÇ È¨ÆäÀÌÁö¿¡¼ ¼Ò½ºÆÄÀÏÀ» ³»·Á ¹Þ½À´Ï´Ù. ±× ÈÄ¿¡ ¼³Ä¡ÇÒ µð·ºÅ丮·Î ¿Å±äÈÄ¿¡ ¾ÐÃàÀ»
DZ´Ï´Ù. ±× ÈÄ¿¡ ÇØ´ç µð·ºÅ丮¿¡¼ ./configure ¸¦ ½ÇÇàÇÑ ÈÄ¿¡make, make install
À» ½ÇÇàÇÕ´Ï´Ù.
|
[root@gyn nmap-2.54BETA30]# ./configure
[root@gyn nmap-2.54BETA30]# make; make install
|
¼³Ä¡°¡ ³¡³µÀ¸¸é ¸î °¡Áö ½ºÄµ ŸÀÔÀ» ¾Ë¾Æº¾½Ã´ç.
|
|
| -sT |
ÀϹÝÀûÀÎ TCP
Æ÷Æ®½ºÄ³´×. |
| -sS |
À̸¥¹Ù 'half-open'
½ºÄµÀ¸·Î ÃßÀûÀÌ ¾î·Æ´Ù. |
| -sP |
ping À»
ÀÌ¿ëÇÑ ÀϹÝÀûÀÎ ½ºÄµ. |
| -sU |
UDP Æ÷Æ®
½ºÄ³´×. |
| -PO |
´ë»ó È£½ºÆ®¿¡
´ëÇÑ ping ÀÀ´äÀ» ¿äûÇÏÁö ¾ÊÀ½ .
log ±â·Ï°ú filtering À» ÇÇÇÒ ¼ö ÀÖ´Ù. |
| -PT |
ÀϹÝÀûÀÌ ICMP
pingÀÌ ¾Æ´Ñ ACK ÆÐŶÀ¸·Î ping À» º¸³»°í
RST ÆÐŶÀ¸·Î ÀÀ´äÀ» ¹Þ´Â´Ù. |
| -PI |
ÀϹÝÀûÀÎ ICMP
ping À¸·Î ¹æȺ®À̳ª ÇÊÅ͸µ¿¡ ÀÇÇØ °É·¯Áø´Ù. |
| -PB |
ping À»
ÇÒ ¶§ ICMP ping °ú TCP pingÀ» µ¿½Ã¿¡ ÀÌ¿ëÇÑ´Ù. |
| -PS |
ping À»
ÇÒ ¶§ ACK ÆÐŶ´ë½Å SYN ÆÐŶÀ» º¸³» ½ºÄµ. |
| -O |
´ë»ó È£½ºÆ®ÀÇ
OS ÆǺ°. |
| -p |
´ë»ó È£½ºÆ®ÀÇ
ƯÁ¤ Æ÷Æ®¸¦ ½ºÄµÇϰųª, ½ºÄµÇÒ Æ÷Æ®ÀÇ ¹üÀ§¸¦ ÁöÁ¤.
ex) -p 1-1024 |
| -D |
Decoy ±â´ÉÀ¸·Î
´ë»ó È£½ºÆ®¿¡°Ô ½ºÄµÀ» ½ÇÇàÇÑ È£½ºÆ®ÀÇ ÁÖ¼Ò¸¦ ¼ÓÀδÙ. |
| -F |
/etc/services
ÆÄÀÏ ³»¿¡ ±â¼úµÈ Æ÷Æ®¸¸ ½ºÄµ. |
| -I |
TCP ÇÁ·Î¼¼¼ÀÇ
identd Á¤º¸¸¦ °¡Á®¿Â´Ù. |
| -n |
IP ÁÖ¼Ò¸¦
DNS È£½ºÆ®¸íÀ¸·Î ¹Ù²ÙÁö ¾Ê´Â´Ù. ¼Óµµ°¡ ºü¸£´Ù. |
| -R |
IP ÁÖ¼Ò¸¦
DNS È£½ºÆ®¸íÀ¸·Î ¹Ù²ã¼ ½ºÄµ. ¼Óµµ°¡ ´À¸®´Ù. |
| -o |
½ºÄµ °á°ú¸¦
ÅýºÆ® ÆÄÀÏ·Î ÀúÀå. |
| -i |
½ºÄµ ´ë»ó È£½ºÆ®ÀÇ
Á¤º¸¸¦ ÁöÁ¤ÇÑ ÆÄÀÏ¿¡¼ ÀÐ¾î¼ ½ºÄµ. |
| -h |
µµ¿ò¸» º¸±â |
|
À§ÀÇ ½ºÄµÅ¸ÀÔÀº ÀÚÁÖ ¾²ÀÌ´Â ³»¿ëÀÌ°í -h ¿É¼ÇÀ» ¾²°Å³ª man page¸¦
ÀÌ¿ëÇÏ¸é ¾ÆÁÖ »ó¼¼ÇÑ
»ç¿ë¹æ¹ýÀ» º¸½Ç ¼ö ÀÖ½À´Ï´Ù.
[gyn@gyn gyn]$ man nmap
NMAP(1) NMAP(1)
NAME
nmap - Network exploration tool and security scanner
SYNOPSIS
nmap [Scan Type(s)] [Options] <host or net #1 ...
[#N]>
..Áß·«..
[gyn@gyn gyn]$ nmap -h
Nmap V. 2.54BETA30 Usage: nmap [Scan Type(s)] [Options]
<host or net list>
Some Common Scan Types ('*' options require root privileges)
-sT TCP connect() port scan (default)
* -sS TCP SYN stealth port scan (best all-around TCP
scan)
* -sU UDP port scan
..Áß·«..
|
2. »ç¿ë.
¸î°¡Áö »ç¿ë ¿¹¸¦ ÅëÇØ nmapÀ» È°¿ëÇØ º¸½ÃÁÒ.
[root@gyn root]# nmap -sP xxx.xxx.xxx.xxx
Starting nmap V. 2.54BETA30 ( www.insecure.org/nmap/
)
Host gyn (xxx.xxx.xxx.xxx) appears
to be up.
Nmap run completed -- 1
IP address (1 host up) scanned in 0 seconds
|
-sP ¿É¼ÇÀ¸·Î ´ë»óÈ£½ºÆ®°¡ »ì¾Æ ÀÖÀ½À» ¾Ë¾Æ³Â½À´Ï´Ù. ÀÌÁ¨ ƯÁ¤ Æ÷Æ®(80)¸¦
°Ë»öÇØ º¸°Ú½À´Ï´Ù.
[root@ home]# nmap -sP -PT80
xxx.xxx.xxx.xxx
TCP probe port is 80
Starting nmap V. 2.54BETA7 ( www.insecure.org/nmap/
)
Host (xxx.xxx.xxx.xxx) appears
to be up.
Nmap run completed -- 1 IP address (1 host up) scanned
in 1 second
|
ÁöÁ¤µÈ Æ÷Æ®°¡ ¾Æ´Ï¶ó ´ë»óÈ£½ºÆ®ÀÇ ¿¸° Æ÷Æ®¸¦ ¸ðµÎ °Ë»öÇØ º¾´Ï´Ù.
[root@ home]# nmap -sT xxx.xxx.xxx.xxx
Starting nmap V. 2.54BETA7 ( www.insecure.org/nmap/
)
Interesting ports on (xxx.xxx.xxx.xxx):
(The 1526 ports scanned but not shown below are in state:
closed)
Port State Service
22/tcp open ssh
53/tcp open domain
80/tcp open http
Nmap run completed -- 1
IP address (1 host up) scanned in 5 seconds
|
´ë»ó È£½ºÆ®ÀÇ ¿¸° Æ÷Æ®¸¦ ¾Ë¼ö´Â ÀÖÁö¸¸ ·Î±×°¡ ³²À¸¹Ç·Î À§ÇèÇÕ´Ï´Ù.
½ºÅÚ½º ½ºÄµÀ¸·Î °¨½Ã¸¦ ÇÇÇØ¾ß °ÚÁö¿ä.
| [root@webserver log]# nmap -sS xxx.xxx.xxx.xxx
Starting nmap V. 2.54BETA7 ( www.insecure.org/nmap/
)
Interesting ports on (xxx.xxx.xxx.xxx):
(The 1526 ports scanned but not shown below are in state:
closed)
Port State Service
22/tcp open ssh
53/tcp open domain
80/tcp open http
Nmap run completed -- 1 IP address (1 host up) scanned
in 5 seconds
|
UDP port ½ºÄµÀÔ´Ï´Ù. ½Ã°£ÀÌ ¸¹ÀÌ °É¸± ¼öµµ ÀÖ½À´Ï´Ù.
[root@gyn root]# nmap -sU localhost
Starting nmap V. 2.54BETA30 ( www.insecure.org/nmap/
)
Interesting ports on gyn (127.0.0.1):
(The 1450 ports scanned but not shown below are in state:
closed)
Port State Service
53/udp open domain
699/udp open unknown
Nmap run completed -- 1 IP address (1 host up) scanned
in 3 seconds
|
À̹ø¿¡´Â -O ¿É¼ÇÀ¸·Î ¿î¿µÃ¼Á¦¸¦ ¾Ë¾Æº¸°Ú½À´Ï´Ù.
[root@webserver /root]# nmap -sS -O xxx.xxx.xxx.xxx
Starting nmap V. 2.54BETA7 ( www.insecure.org/nmap/
)
Interesting ports on db (xxx.xxx.xxx.xxx):
(The 1530 ports scanned but not shown below are in state:
closed)
Port State Service
22/tcp open ssh
113/tcp open auth
3306/tcp open mysql
TCP Sequence Prediction: Class=random
positive increments
Difficulty=2158992 (Good luck!)
Remote operating system guess:
Linux 2.1.122 - 2.2.16
Nmap run completed -- 1 IP address (1
host up) scanned in 2 seconds
|
¸î°¡Áö ¿¹¸¦ ÅëÇØ »ç¿ë¹ýÀ» ¾Ë¾Æ º¸¾Ò½À´Ï´Ù.
¸¶Áö¸·À» ºÎŹµå¸± ¸»¾¸Àº ÀÚ½ÅÀÌ Á÷Á¢ °ü¸®ÇÏÁö ¾Ê´Â, È£½ºÆ®³ª ³×Æ®¿÷¿¡¼ Å×½ºÆ®¸¦ ÇÏ´Â °ÍÀº
¾ÆÁÖ ¹«·ÊÇÑ ÇൿÀ̸ç, °ü¸®°¡ ¾ö°ÝÇÑ »çÀÌÆ®ÀÇ °æ¿ì Á¢¼Ó Á¦ÇÑÀº ´çÇÏ´Â °æ¿ìµµ ÀÖÀ¸¹Ç·Î
¹Ù¶÷Á÷ÇÏÁö ¾ÊÀº ¹æ¹ýÀ¸·Î »ç¿ëÇÏ´Â ÀÏÀÌ ¾ø±æ ¹Ù¶ø´Ï´Ù.
|