NMAP
 
°í¿µ³² 2001/11/20


NMAPÀº port Scanning Åø·Î¼­ È£½ºÆ®³ª ³×Æ®¿öÅ©¸¦ ½ºÄ³´× ÇÒ ¶§, ¾ÆÁÖ À¯¿ëÇÑ ½Ã½ºÅÛ º¸¾ÈÅøÀÎ µ¿½Ã¿¡, ÇØÄ¿¿¡°Ô´Â °­·ÂÇÑ ÇØÅ·Åø·Î »ç¿ëµÉ ¼ö ÀÖ½À´Ï´Ù.

¼­¹ö¸¦ ¿î¿µÇÏ´Ù º¸¸é °ü¸®ÀÚ ½º½º·Îµµ ¾î¶² Æ÷Æ®°¡ ¿­·ÁÀÖ°í, ¶Ç ¾î¶² ¼­ºñ½º°¡ Á¦°øÁßÀÎÁö Àß
¸ð¸¦¶§°¡ ÀÖ½À´Ï´Ù. ±â¾ï·ÂÀÌ ³ªºü¼­³ª, °ÔÀ»·¯¼­°¡ ¾Æ´Ï¶ó ÇÊ¿ä¿¡ ÀÇÇØ ÀÚÁÖ º¯°æµÇ¹Ç·Î ¼ö½Ã·Î
ÆľÇÇؼ­ ±â·ÏÇصÎÁö ¾ÊÀ¸¸é Àؾî¹ö¸®°Ô µË´Ï´Ù. ¶Ç Å©·¡Å·¿¡ ÀÇÇØ »ý¼ºµÈ ¹éµµ¾î´Â ÆľÇÇϱⰡ
¾î·Æ½À´Ï´Ù.

¼ö ¸¹Àº Æ÷Æ®¿Í ¼­ºñ½º¸¦ È¿°úÀûÀ¸·Î üũÇؼ­ °ü¸®Çϱâ À§Çؼ­ NMAP°ú °°Àº Æ÷Æ® ½ºÄµ ÅøÀÌ
ÇÊ¿äÇÕ´Ï´Ù.
NMAPÀº ±âÁ¸ÀÇ Æ÷Æ®½ºÄµÅø¿¡ ºñÇØ ´Ù¾çÇÑ ¿É¼Ç°ú ¹æÈ­º® ¾ÈÂÊÀÇ ³×Æ®¿÷µµ ½ºÄµÇÒ ¼ö ÀÖ´Â °­·ÂÇÑ
±â´ÉÀÌ ÀÖ½À´Ï´Ù.

1. ¼³Ä¡

http://www.insecure.org/nmap

nmap ÀÇ È¨ÆäÀÌÁö¿¡¼­ ¼Ò½ºÆÄÀÏÀ» ³»·Á ¹Þ½À´Ï´Ù. ±× ÈÄ¿¡ ¼³Ä¡ÇÒ µð·ºÅ丮·Î ¿Å±äÈÄ¿¡ ¾ÐÃàÀ»
DZ´Ï´Ù. ±× ÈÄ¿¡ ÇØ´ç µð·ºÅ丮¿¡¼­ ./configure ¸¦ ½ÇÇàÇÑ ÈÄ¿¡make, make install À» ½ÇÇàÇÕ´Ï´Ù.


[root@gyn nmap-2.54BETA30]# ./configure
[root@gyn nmap-2.54BETA30]# make; make install

¼³Ä¡°¡ ³¡³µÀ¸¸é ¸î °¡Áö ½ºÄµ ŸÀÔÀ» ¾Ë¾Æº¾½Ã´ç.

-sT ÀϹÝÀûÀÎ TCP Æ÷Æ®½ºÄ³´×.
-sS À̸¥¹Ù 'half-open' ½ºÄµÀ¸·Î ÃßÀûÀÌ ¾î·Æ´Ù.
-sP ping À» ÀÌ¿ëÇÑ ÀϹÝÀûÀÎ ½ºÄµ.
-sU UDP Æ÷Æ® ½ºÄ³´×.
-PO ´ë»ó È£½ºÆ®¿¡ ´ëÇÑ ping ÀÀ´äÀ» ¿äûÇÏÁö ¾ÊÀ½ .
log ±â·Ï°ú filtering À» ÇÇÇÒ ¼ö ÀÖ´Ù.
-PT ÀϹÝÀûÀÌ ICMP pingÀÌ ¾Æ´Ñ ACK ÆÐŶÀ¸·Î ping À» º¸³»°í
RST ÆÐŶÀ¸·Î ÀÀ´äÀ» ¹Þ´Â´Ù.
-PI ÀϹÝÀûÀÎ ICMP ping À¸·Î ¹æÈ­º®À̳ª ÇÊÅ͸µ¿¡ ÀÇÇØ °É·¯Áø´Ù.
-PB ping À» ÇÒ ¶§ ICMP ping °ú TCP pingÀ» µ¿½Ã¿¡ ÀÌ¿ëÇÑ´Ù.
-PS ping À» ÇÒ ¶§ ACK ÆÐŶ´ë½Å SYN ÆÐŶÀ» º¸³» ½ºÄµ.
-O ´ë»ó È£½ºÆ®ÀÇ OS ÆǺ°.
-p ´ë»ó È£½ºÆ®ÀÇ Æ¯Á¤ Æ÷Æ®¸¦ ½ºÄµÇϰųª, ½ºÄµÇÒ Æ÷Æ®ÀÇ ¹üÀ§¸¦ ÁöÁ¤.
ex) -p 1-1024
-D Decoy ±â´ÉÀ¸·Î ´ë»ó È£½ºÆ®¿¡°Ô ½ºÄµÀ» ½ÇÇàÇÑ È£½ºÆ®ÀÇ ÁÖ¼Ò¸¦ ¼ÓÀδÙ.
-F /etc/services ÆÄÀÏ ³»¿¡ ±â¼úµÈ Æ÷Æ®¸¸ ½ºÄµ.
-I TCP ÇÁ·Î¼¼¼­ÀÇ identd Á¤º¸¸¦ °¡Á®¿Â´Ù.
-n IP ÁÖ¼Ò¸¦ DNS È£½ºÆ®¸íÀ¸·Î ¹Ù²ÙÁö ¾Ê´Â´Ù. ¼Óµµ°¡ ºü¸£´Ù.
-R IP ÁÖ¼Ò¸¦ DNS È£½ºÆ®¸íÀ¸·Î ¹Ù²ã¼­ ½ºÄµ. ¼Óµµ°¡ ´À¸®´Ù.
-o ½ºÄµ °á°ú¸¦ ÅýºÆ® ÆÄÀÏ·Î ÀúÀå.
-i ½ºÄµ ´ë»ó È£½ºÆ®ÀÇ Á¤º¸¸¦ ÁöÁ¤ÇÑ ÆÄÀÏ¿¡¼­ Àо ½ºÄµ.
-h µµ¿ò¸» º¸±â

À§ÀÇ ½ºÄµÅ¸ÀÔÀº ÀÚÁÖ ¾²ÀÌ´Â ³»¿ëÀÌ°í -h ¿É¼ÇÀ» ¾²°Å³ª man page¸¦ ÀÌ¿ëÇÏ¸é ¾ÆÁÖ »ó¼¼ÇÑ
»ç¿ë¹æ¹ýÀ» º¸½Ç ¼ö ÀÖ½À´Ï´Ù.


[gyn@gyn gyn]$ man nmap
NMAP(1) NMAP(1)

NAME
nmap - Network exploration tool and security scanner

SYNOPSIS
nmap [Scan Type(s)] [Options] <host or net #1 ... [#N]>

..Áß·«..

[gyn@gyn gyn]$ nmap -h
Nmap V. 2.54BETA30 Usage: nmap [Scan Type(s)] [Options] <host or net list>
Some Common Scan Types ('*' options require root privileges)
-sT TCP connect() port scan (default)
* -sS TCP SYN stealth port scan (best all-around TCP scan)
* -sU UDP port scan

..Áß·«..


2. »ç¿ë.

¸î°¡Áö »ç¿ë ¿¹¸¦ ÅëÇØ nmapÀ» È°¿ëÇØ º¸½ÃÁÒ.


[root@gyn root]# nmap -sP xxx.xxx.xxx.xxx

Starting nmap V. 2.54BETA30 ( www.insecure.org/nmap/ )
Host gyn (xxx.xxx.xxx.xxx) appears to be up.

Nmap run completed -- 1 IP address (1 host up) scanned in 0 seconds

-sP ¿É¼ÇÀ¸·Î ´ë»óÈ£½ºÆ®°¡ »ì¾Æ ÀÖÀ½À» ¾Ë¾Æ³Â½À´Ï´Ù. ÀÌÁ¨ ƯÁ¤ Æ÷Æ®(80)¸¦ °Ë»öÇØ º¸°Ú½À´Ï´Ù.

[root@ home]# nmap -sP -PT80 xxx.xxx.xxx.xxx
TCP probe port is 80

Starting nmap V. 2.54BETA7 ( www.insecure.org/nmap/ )
Host (xxx.xxx.xxx.xxx) appears to be up.
Nmap run completed -- 1 IP address (1 host up) scanned in 1 second

ÁöÁ¤µÈ Æ÷Æ®°¡ ¾Æ´Ï¶ó ´ë»óÈ£½ºÆ®ÀÇ ¿­¸° Æ÷Æ®¸¦ ¸ðµÎ °Ë»öÇØ º¾´Ï´Ù.


[root@ home]# nmap -sT xxx.xxx.xxx.xxx

Starting nmap V. 2.54BETA7 ( www.insecure.org/nmap/ )
Interesting ports on (xxx.xxx.xxx.xxx):
(The 1526 ports scanned but not shown below are in state: closed)
Port State Service
22/tcp open ssh
53/tcp open domain
80/tcp open http
Nmap run completed -- 1 IP address (1 host up) scanned in 5 seconds

´ë»ó È£½ºÆ®ÀÇ ¿­¸° Æ÷Æ®¸¦ ¾Ë¼ö´Â ÀÖÁö¸¸ ·Î±×°¡ ³²À¸¹Ç·Î À§ÇèÇÕ´Ï´Ù.
½ºÅÚ½º ½ºÄµÀ¸·Î °¨½Ã¸¦ ÇÇÇØ¾ß °ÚÁö¿ä.

[root@webserver log]# nmap -sS xxx.xxx.xxx.xxx

Starting nmap V. 2.54BETA7 ( www.insecure.org/nmap/ )
Interesting ports on (xxx.xxx.xxx.xxx):
(The 1526 ports scanned but not shown below are in state: closed)
Port State Service
22/tcp open ssh
53/tcp open domain
80/tcp open http

Nmap run completed -- 1 IP address (1 host up) scanned in 5 seconds

UDP port ½ºÄµÀÔ´Ï´Ù. ½Ã°£ÀÌ ¸¹ÀÌ °É¸± ¼öµµ ÀÖ½À´Ï´Ù.


[root@gyn root]# nmap -sU localhost

Starting nmap V. 2.54BETA30 ( www.insecure.org/nmap/ )
Interesting ports on gyn (127.0.0.1):
(The 1450 ports scanned but not shown below are in state: closed)
Port State Service
53/udp open domain
699/udp open unknown

Nmap run completed -- 1 IP address (1 host up) scanned in 3 seconds

À̹ø¿¡´Â -O ¿É¼ÇÀ¸·Î ¿î¿µÃ¼Á¦¸¦ ¾Ë¾Æº¸°Ú½À´Ï´Ù.


[root@webserver /root]# nmap -sS -O xxx.xxx.xxx.xxx

Starting nmap V. 2.54BETA7 ( www.insecure.org/nmap/ )
Interesting ports on db (xxx.xxx.xxx.xxx):
(The 1530 ports scanned but not shown below are in state: closed)
Port State Service
22/tcp open ssh
113/tcp open auth
3306/tcp open mysql

TCP Sequence Prediction: Class=random positive increments
Difficulty=2158992 (Good luck!)
Remote operating system guess: Linux 2.1.122 - 2.2.16

Nmap run completed -- 1 IP address (1 host up) scanned in 2 seconds

¸î°¡Áö ¿¹¸¦ ÅëÇØ »ç¿ë¹ýÀ» ¾Ë¾Æ º¸¾Ò½À´Ï´Ù.

¸¶Áö¸·À» ºÎŹµå¸± ¸»¾¸Àº ÀÚ½ÅÀÌ Á÷Á¢ °ü¸®ÇÏÁö ¾Ê´Â, È£½ºÆ®³ª ³×Æ®¿÷¿¡¼­ Å×½ºÆ®¸¦ ÇÏ´Â °ÍÀº
¾ÆÁÖ ¹«·ÊÇÑ ÇൿÀ̸ç, °ü¸®°¡ ¾ö°ÝÇÑ »çÀÌÆ®ÀÇ °æ¿ì Á¢¼Ó Á¦ÇÑÀº ´çÇÏ´Â °æ¿ìµµ ÀÖÀ¸¹Ç·Î
¹Ù¶÷Á÷ÇÏÁö ¾ÊÀº ¹æ¹ýÀ¸·Î »ç¿ëÇÏ´Â ÀÏÀÌ ¾ø±æ ¹Ù¶ø´Ï´Ù.