Similar documents
ÀÎÅÍ³Ý ÁøÈï¿ø 5¿ù

*****

*

ÀÎÅÍ³Ý ÁøÈï¿ø 3¿ù ÀúÇØ»ó

*2월완결

UDP Flooding Attack 공격과 방어

*2월완결

*2월완결

Contents 월간동향요약 2. 침해사고통계분석 3 -. 증감추이 ( 전월대비 ) 3-2. 침해사고통계요약 3-3. 침해사고통계현황 4 웜 바이러스신고건수추이 주요웜 바이러스별현황 -4. 해킹 6 해킹사고접수처리건수추이 피해기관별분류 피해운영체제별분류 피싱경유지신고처

<4D F736F F D2033BFF920BECBBEE0BFF9B0A3BAB8B0EDBCAD2E646F6378>

제20회_해킹방지워크샵_(이재석)

<C0CCBCBCBFB52DC1A4B4EBBFF82DBCAEBBE7B3EDB9AE2D D382E687770>

Network seminar.key

SMB_ICMP_UDP(huichang).PDF

ESET Endpoint Security

네트워크 안정성을 지켜줄 최고의 기술과 성능 TrusGuard는 국내 최초의 통합보안솔루션으로서 지난 5년간 약 4천여 고객 사이트에 구축 운영되면서 기술의 안정성과 성능면에서 철저한 시장 검증을 거쳤습니다. 또한 TrusGuard는 단독 기능 또는 복합 기능 구동 시

StruxureWare Data Center Expert 7.2.x 의 새 기능 StruxureWare Data Center Expert 7.2.x 릴리스에서 사용할 수 있는 새 기능에 대해 자세히 알아보십시오. 웹 클라이언트 시작 화면: StruxureWare Cen

User Guide

Assign an IP Address and Access the Video Stream - Installation Guide

2006 정보통신문화신서 01 디지털사회, 위험을 커뮤니케이션하다 2006 정보통신문화신서 01 디지털사회, 위험을 커뮤니케이션하다 초판1쇄 인쇄 : 2006년 6월 26일 초판1쇄 발행 : 2006년 6월 29일 지은이 : 서보윤 펴낸이 : 이정훈 펴낸곳 : KT문화

Analyst Briefing


1217 WebTrafMon II

PowerPoint 프레젠테이션

TCP.IP.ppt

ESET Cyber Security Pro


USB USB DV25 DV25 REC SRN-475S REC SRN-475S LAN POWER LAN POWER Quick Network Setup Guide xdsl/cable Modem PC DVR 1~3 1.. DVR DVR IP xdsl Cable xdsl C

Backup Exec

침입방지솔루션도입검토보고서

ìœ€íŁ´IP( _0219).xlsx

ARMBOOT 1

초보자를 위한 ADO 21일 완성

*2월완결

Subnet Address Internet Network G Network Network class B networ

최종_백서 표지

PWR PWR HDD HDD USB USB Quick Network Setup Guide xdsl/cable Modem PC DVR 1~3 1.. DVR DVR IP xdsl Cable xdsl Cable PC PC DDNS (

PCServerMgmt7

Cisco SDN 3.0 DDoS DDoS Cisco DDoS Real Demo 2008 Cisco Systems, Inc. All rights reserved. 2

< F36BFF920C0CEC5CDB3DD20C4A7C7D8BBE7B0ED20B5BFC7E220B9D720BAD0BCAEBFF9BAB828C3D6C1BE292E687770>

Mstage.PDF

PowerPoint 프레젠테이션

TTA Verified : HomeGateway :, : (NEtwork Testing Team)

Intro to Servlet, EJB, JSP, WS

월간 CONTENTS 3 EXPERT COLUMN 영화 점퍼 와 트로이목마 4 SPECIAL REPORT 패치 관리의 한계와 AhnLab Patch Management 핵심은 패치 관리, 왜? 8 HOT ISSUE 2016년에 챙겨봐야 할 개인정보보호

: Symantec Backup Exec System Recovery 8:

Sena Device Server Serial/IP TM Version

Web Application Hosting in the AWS Cloud Contents 개요 가용성과 확장성이 높은 웹 호스팅은 복잡하고 비용이 많이 드는 사업이 될 수 있습니다. 전통적인 웹 확장 아키텍처는 높은 수준의 안정성을 보장하기 위해 복잡한 솔루션으로 구현

untitled

PowerPoint 프레젠테이션

Microsoft PowerPoint - ch02_인터넷 이해와 활용.ppt

6강.hwp

bn2019_2

양식 1

Chap7.PDF

< FC8A8C6E4C0CCC1F620B0B3B9DF20BAB8BEC8B0A1C0CCB5E5C3D6C1BE28C0FAC0DBB1C7BBE8C1A6292E687770>

rv 브로슈어 국문

1?4?옥?-32

ORANGE FOR ORACLE V4.0 INSTALLATION GUIDE (Online Upgrade) ORANGE CONFIGURATION ADMIN O

Portal_9iAS.ppt [읽기 전용]

본보고서내용의전부나일부를인용하는경우에는반드시출처 [ 자료 : 한국인터넷진흥원인터넷침해대응센터 ] 를명시하여주시기바랍니다.

<4D F736F F F696E74202D E20C0CEC5CDB3DD20C0C0BFEB20B9D720BCADBAF1BDBA20B1E2BCFA E >

IPAK 윤리강령 나는 _ 한국IT전문가협회 회원으로서 긍지와 보람을 느끼며 정보시스템 활용하 자. 나는 _동료, 단체 및 국가 나아가 인류사회에 대하여 철저한 책임 의식을 가진 다. 나는 _ 활용자에 대하여 그 편익을 증진시키는데 최선을 다한다. 나는 _ 동료에 대해

SOLUTION BRIEF 차세대 빅데이터 기반 통합로그관리시스템으자, SIEM 솔루션으로 데이터를 수집/분석/검색 및 추가하고, 효율적인 보안 운영을 실시합니다. 대용량 데이터를 수집하고 처리하는 능력은 사이버 보안에 있어서 통찰력을 제공하는 가장 중요하고, 기초적인

PowerPoint 프레젠테이션

歯홍원기.PDF


Intra_DW_Ch4.PDF

ESET Mail Security for Microsoft Exchange Server

10X56_NWG_KOR.indd

기술 이력서 2.0

Microsoft PowerPoint - G3-2-박재우.pptx

초보자를 위한 ASP.NET 21일 완성

<C0FCC0DAC1A4BACEBCADBAF1BDBA20BAB8BEC8BCF6C1D820B0B3BCB1B4EBC3A52E687770>

<%DOC NAME%> (User Manual)

2-11Àå


월간 CONTENTS 3 EXPERT COLUMN 영화 오블리비언과 C&C 서버 4 PRODUCT ISSUE 안랩, 새로워진 'V3 모바일 시큐리티' 출시 고도화되는 모바일 위협, 해답은? 6 SPECIAL REPORT 유포 방법에서 예방까지 모바일 랜

*2월완결

자바-11장N'1-502

초보자를 위한 ASP.NET 2.0

<%DOC NAME%> (User Manual)

1


PowerPoint Presentation

vm-웨어-01장

VZ94-한글매뉴얼

ESET NOD32 Antivirus

PowerPoint 프레젠테이션

PowerPoint 프레젠테이션

untitled

Microsoft PowerPoint - L4-7Switch기본교육자료.ppt

untitled

인도 웹해킹 TCP/80 apache_struts2_remote_exec-4(cve ) 인도 웹해킹 TCP/80 apache_struts2_remote_exec-4(cve ) 183.8

untitled

Microsoft Word - UG-BetaDraft_KO_TT-OK.doc

목차 개요 3 섹션 1: 해결 과제 4 APT(지능형 지속 위협): 이전과 다른 위협 섹션 2: 기회 7 심층 방어 섹션 3: 이점 14 위험 감소 섹션 4: 결론 14 섹션 5: 참조 자료 15 섹션 6: 저자 소개 16 2


SLA QoS

chapter4

Transcription:

21 8 Korea Internet & Security Agency

CONTENTS 2 3 3 3 4 4 5 6 6 7 7 8 11 12 14 14 15 15 16 18 2 22 23 24 24 33 36 37

2 218

Bot 1,45 1,69 12.7% 1,644 1,3 26.5% 666 556 19.8% 25 66 24.2% 423 44 4.7% 323 155 18.4% 182 119 52.9% Bot PC.4%.5%.1% 29 21 1 2 3 4 5 6 7 8 9 1 11 12 21 1,395 932 1,32 1,85 1,315 1,751 1,674 1,69 1,45 11,73 21,23 898 1,76 1,53 1,468 1,62 1,16 1,3 1,644 9,661 1,148 154 317 222 431 285 169 556 666 2,8 988 78 16 116 12 95 77 66 5 69 2,743 232 23 345 396 44 411 44 423 2,845 3,31 223 233 267 227 132 136 155 323 1,696 4,32 211 19 13 312 146 367 119 182 1,63 Bot 1.%.6%.6%.7%.9%.8%.6%.5%.4%.6% 29 1,4 29 1,8 1,6 1,751 1,674 1,69 21 1,2 21 1,4 1,32 1,315 1,45 1, 1,2 1,85 1, 932 8 666 8 6 556 431 6 4 317 285 4 222 154 2 2 169 1 2 3 4 5 6 7 8 9 1 11 12 1 2 3 4 5 6 7 8 9 1 11 12 3 25 2 15 16 116 12 95 77 1 78 66 5 5 29 21 1 2 3 4 5 6 7 8 9 1 11 12 Bot 8 612 623 547 559 6 536 455 463 4 2 746 29 21 1 2 3 4 5 6 7 8 9 1 11 12 1,2 1, 8 6 4 2 19 211 13 367 312 146 119 182 29 21 1 2 3 4 5 6 7 8 9 1 11 12 5% 4% 3% 29 21 2%.9%.8% 1%.6%.6%.7%.6%.5%.4% 1 2 3 4 5 6 7 8 9 1 11 12 3 218

29 21 1 2 3 4 5 6 7 8 9 1 11 12 21 1,395 932 1,32 1,85 1,315 1,751 1,674 1,69 1,45 11,73 18 16 14 1,32 1,315 1,751 1,674 1,69 1,45 29 21 12 1 932 1,85 8 6 4 2 1 2 3 4 5 6 7 8 9 1 11 12 4 218

1 2 3 4 5 6 7 8 9 1 1 2 3 4 5 6 7 8 9 1 21 1 2 3 4 5 6 ONLINE GAMEHACK AGENT MALWARE XEMA DOWNLOADER AUTORUN FAKE AV BAGLE BREDOLAB INDUC 122 17 75 52 44 39 24 23 22 16 48 932 AGENT BREDOLAB AUTORUN PALEVO MALWARE ONLINE GAMEHACK DOWNLOADER FAKESYS XEMA BIFROSE 135 126 114 75 61 56 44 43 39 36 573 1,32 ONLINE GAMEHACK AGENT PALEVO AUTORUN FAKE AV DOWNLOADER XEMA LMIRHACK MALWARE DAONOL 149 18 65 6 48 43 41 28 27 26 49 1,85 ONLINE GAMEHACK AGENT AUTORUN MALWARE DOWNLOADER KILLAV FAKEAV XEMA PALEVO DAONOL 233 148 68 64 63 58 56 39 34 24 528 1,315 ONLINE GAMEHACK MALWARE AGENT FAKEAV AUTORUN DOWNLOADER SECURISK VIRUT PATCHED XEMA 294 249 161 118 68 58 38 35 35 25 67 1,751 ONLINE GAMEHACK AGENT AUTORUN DOWNLOADER FAKEAV MALWARE XEMA REDIRECT INFOSTEALER PATCHED 21 7 8 9 1 11 12 ONLINE GAMEHACK AGENT DOWNLOADER AUTORUN MALWARE PATCHED INFOSTEALER FAKEAV PCCLIENT BREDOLAB 265 217 127 86 83 66 5 43 38 25 69 AGENT ONLINE GAMEHACK MALWARE FAKEAV INJECTOR DOWNLOADER ZBOT PATCHED XEMA SEINT 133 13 12 8 64 55 53 49 43 43 635 1,69 1,45 245 28 9 75 72 7 62 43 33 3 746 1,674 5 218

29 1 2 3 4 5 6 7 8 9 1 11 12 1,148 154 317 222 431 285 988 2,743 3,31 4,32 78 232 223 211 16 23 233 19 116 345 267 13 12 396 227 312 95 44 132 146 21,23 898 1,76 1,53 1,468 1,62 21 169 77 411 136 367 1,16 556 66 44 155 119 1,3 666 5 423 323 182 1,644 21 2,8 69 2,845 1,696 1,63 9,661 9.1% 19.6% 25.7% 3% 4.5% 6 218

29 21 1 2 3 4 5 6 7 8 9 1 11 12 21 4,185 277 362 451 475 381 349 526 614 3,435 598 36 3 23 2 21 16 14 12 172 239 7 18 38 3 2 2 16 1 169 1 1 16,26 578 666 541 943 63 775 744 18 5,885 21,23 898 1,76 1,53 1,468 1,62 1,16 1,3 1,644 9,661 61.3% 37.3%.7%.6% 29 21 1 2 3 4 5 6 7 8 9 1 11 12 21 Windows 14,174 492 633 667 911 78 614 987 1,227 6,311 Linux 4,4 238 257 188 41 169 33 16 187 1,93 Solaris 49 17 1 2 6 1 1 4 7 48 2,166 151 176 196 15 112 215 149 223 1,372 21,23 898 1,76 1,53 1,468 1,62 1,16 1,3 1,644 9,661 7 218

29 21 1 2 3 4 5 6 7 8 9 1 11 12 988 78 16 116 12 95 77 66 5 21 69 18 16 29 21 14 12 1 8 6 4 78 16 116 12 95 77 66 5 2 1 2 3 4 5 6 7 8 9 1 11 12 8% 46 4 5 92% 8 218

6 13 2 2 1 4 2 1 2 13 6 3 2 2 2 1 2 1 1 1 1 1 1 1 1 1 1 1 1 1 27 5 15 9 218

28 4 8 16% 12% 8% 56% 6 4 8% 5 2% TCP/8 TCP/88 49 1 98% 5 1 218

29 21 1 2 3 4 5 6 7 8 9 1 11 12 21 4,32 211 19 13 312 146 367 119 182 1,63 1,11 44 48 49 41 54 73 44 117 1,47 6 5 4 3 2 1 211 44 19 48 13 49 312 41 146 54 367 73 1 2 3 4 5 6 7 8 9 1 11 12 119 44 182 117 11 218

29 21 1 2 3 4 5 6 7 8 9 1 11 12 21 1.%.6%.6%.7%.9%.8%.6%.5%.4%.6% 3% 2.5% 21 29 2% 1.5%.9% 1%.5%.6%.6%.7%.8%.6%.5%.4% % 1 2 3 4 5 6 7 8 9 1 11 12 9, 8, 7, 6, 5, 4, 1, 5, IP IP 1 4 7 1 13 16 19 22 25 28 31 12 218

18.6%.5%.1%.6% 15.7% 64.4% 445 139 8 1433 135.1%.2% 3.7% 6.1% 1.9% 445 8 139 23 88.1% 135 Bot Bot Bot 23 Telnet 2967 Symantec Exploit 8 WebDAV, ASN.1-HTTP, Cisco HTTP 2745 Bagle, Bagle2 135 DCOM, DCOM2 3127 MyDoom 139 NetBIOS, ASN.1-NT 314 Optix 143 IMail 5 UPNP 445 NetBIOS, LSASS, WksSvc, ASN.1-SMB, DCOM, RPC 611 Veritas Backup Exec 93 NetDevil 6129 Dameware 125 DCOM 173 Kuang2 1433 MS-SQL 27347 Sub7 1) Http://www.microsoft.com/technet/security/current.aspx 2) Http://www.boho.or.kr/pccheck/pcch_5.jsp?page_id=5 13 218

1, 1, 3, 25, 1, 1 1 2, 15, 1, 5, 1 1 2 3 4 5 6 7 8 9 1 11 12 45 4 35 3 25 2 15 1 5 1 2 3 4 5 6 7 8 9 1 11 12 13 14 15 16 17 18 19 2 21 22 23 24 25 26 27 28 29 3 31 14 218

2,5 IP IP 2, 1,5 1, 5 1 2 3 4 5 6 7 8 9 1 11 12 3)KISC - Korea Internet Security Center, KISA 15 218

China Taiwan U.S.A 4% 7% 11% 3% 12% 41% 7% 3% 1% 48% 43% 6% 9% 22% 2% China TCP/1433- TCP/9415- TCP/2967- TCP/3389- TCP/135-netbios dcerpc invalid bind TCP/135-rpc dcom interface overflow exploit TCP/445-netbios lsass buffer overflow 2 TCP/22- Taiwan TCP/135-rpc dcom interface overflow exploit TCP/135-netbios dcerpc invalid bind TCP/22- TCP/1433- U.S.A 16 218

1 2 3 4 5 6 7 8 9 1 1 2 3 4 5 6 63.6% 43.7% 59.4% 8.9% 16.4% 12.2% 7.1% 1.8% 8.4% 5.5% 6.1% 3.3% 2.2% 3.4% 2.3% 1.4% 2.3% 1.6% 1.2% 1.9% 1.6% 1.% 1.9% 1.1%.9% 1.7%.9%.9% 1.4%.8% 7.4% 1.4% 8.4% 52.6% 11.4% 9.8% 6.2% 3.1% 1.8% 1.8% 1.3%.6%.5% 1.9% 83.9% 3.3% 2.8% 2.3% 1.3%.8%.6%.5%.5%.5% 3.7% 88.1% 3.% 1.6% 1.5%.7%.6%.6%.4%.3%.3% 2.9% 1 2 3 4 5 6 7 8 9 1 7 8 9 1 11 12 64.% 69.3% 12.8% 9.9% 7.8% 7.1% 6.% 4.% 2.9% 1.7%.8% 1.5%.7% 1.%.5%.6%.5%.6%.4%.6% 3.6% 3.7% 17 218

1 2 3 1 TCP/1433 25.3% TCP/1433 22.7% TCP/445 netbios smb client to lsasrv request 2 TCP/2967 16.7% TCP/445 netbios lsass buffer overflow 2 1.4% TCP/1433 netbios smb client to 3 TCP/22 1.4% TCP/445 lsasrv request 9.4% TCP/2967 4 TCP/445 netbios smb client to lsasrv request 8.4% TCP/22 8.8% UDP/53 udp service scan icmp ping Advanced 5 TCP/18 8.1% ICMP IP Scanner v1.4 4.7% TCP/22 6 TCP/1521 2.8% ICMP icmp ping X-scan scan 4.5% TCP/88 7 TCP/336 2.5% TCP/18 4% TCP/888 8 TCP/8 2.3% TCP/1 3.3% TCP/89 9 TCP/139 worm esbot.a 2.2% TCP/336 3.2% TCP/889 1 TCP/88 2.1% TCP/88 3% TCP/8 19.2% 26.2% 18.8% 18% 13.3% 7.4% 7.1% 3.5% 3.2% 3.2% 2.9% 2.8% 19.7% 4 5 6 1 TCP/1433 2.6% TCP/1433 42.5% TCP/1433 35.% 2 3 TCP/22 TCP/445 netbios smb client to lsasrv request 16.2% 11.% TCP/1521 TCP/22 8.8% 8.2% TCP/2967 TCP/336 14.7% 1.6% 4 TCP/2967 8.9% TCP/2967 7.3% TCP/3389 8.8% 5 TCP/53 udp service scan 7.2% TCP/9415 5.8% TCP/22 7.5% 6 TCP/88 4.1% TCP/3389 5.4% TCP/9415 5.1% 7 TCP/8 3.5% ICMP icmp ping X-scan scan 2.9% TCP/1521 2.5% 8 TCP/888 3.2% TCP/336 2.1% TCP/139 1.8% 9 TCP/336 2.3% TCP/445 2.1% ICMPÄ icmp ping X-scan scan 1.4% 1 TCP/18 2.1% TCP/88 2.% TCP/88 1.2% 2.9% 12.9% 11.4% 18 218

7 8 9 1 TCP/1433 26.4% TCP/1433 21.9% 2 3 4 5 6 7 8 9 1 TCP/135 netbios dcerpc invalid bind 16.2% TCP/135 rpc dcom interface overflow exploit 9.6% TCP/2967 9.5% TCP/3389 5.3% TCP/22 5.3% TCP/336 5.1% TCP/9415 4.% icmp ping Advanced IP ICMP Scanner v1.4 3.1% TCP/18 2.2% 13.2% TCP/135 netbios dcerpc invalid bind 9.9% TCP/9415 8.4% TCP/135 rpc dcom interface overflow exploit 7.9% TCP/2967 7.8% TCP/22 6.4% TCP/3389 5.3% TCP/1521 4.6% TCP/336 4.5% TCP/18 2.7% 2.5% 51.9% 21.9% 9.9% 8.4% 7.9% TCP/1433- TCP/135-netbios dcerpc invalid bind TCP/9415- TCP/135-rpc dcom interface overflow exploit 19 218

1 2 3 1 TCP/135 2 3 4 5 6 7 8 TCP/135 TCP/4899 TCP/1433 TCP/135 TCP/22 UDP/1434 UDP/53 netbios dcerpc invalid bind rpc dcom interface overflow exploit worm slammer backdoor famous botnet ddns dns query 19.1% 12.% 1.3% 9.% 7.7% 7.% 6.9% 4.8% TCP/135 TCP/135 UDP/53 TCP/135 TCP/4899 TCP/3389 TCP/1433 UDP/1434 netbios dcerpc invalid bind rpc dcom interface overflow exploit backdoor famous botnet ddns dns query worm slammer 47.9% 37.4% 8.% 2.9%.9%.5%.4%.4% TCP/4899 TCP/135 UDP/1434 TCP/189 TCP/1433 TCP/135 TCP/135 UDP/53 netbios dcerpc invalid bind worm slammer rpc dcom interface overflow exploit backdoor famous botnet ddns dns query 21.3% 17.5% 15.3% 1.5% 9.5% 5.4% 4.7% 4.% 9 1 TCP/2967 TCP/59 2.8% 2.7% 17.7% TCP/1521 TCP/139 microsoft windows pnp overflow exploit - suspicious zotob.3%.2% 1.2% TCP/22 TCP/3389 2.5% 1.6% 7.9% 4 5 6 1 TCP/135 2 UDP/53 3 TCP/4899 4 TCP/135 5 UDP/1434 6 TCP/1433 7 TCP/1521 netbios dcerpc invalid bind backdoor famous botnet ddns dns query rpc dcom interface overflow exploit worm slammer 19.5% 14.8% 11.1% 9.8% 8.3% 6.4% 6.2% TCP/135 TCP/4899 UDP/53 TCP/1433 TCP/135 TCP/22 TCP/135 backdoor famous botnet ddns dns query netbios dcerpc invalid bind rpc dcom interface overflow exploit 33.3% 13.9% 12.7% 11.7% 8.1% 3.1% 2.7% TCP/1433 TCP/135 TCP/4899 UDP/53 TCP/22 TCP/135 TCP/139 backdoor famous botnet ddns dns query netbios dcerpc invalid bind 26.9% 2.1% 17.7% 1.3% 4.6% 4.3% 3.5% 8 9 1 TCP/22 TCP/445 TCP/135 netbios lsass buffer overflow2 4.5% 2.7% 1.1% TCP/139 TCP/1338 TCP/1433 mssql xp_cmdshell 2.5% 1.9% 1.8% TCP/88 TCP/59 TCP/3389 2.% 1.2% 1.1% 15.6% 8.4% 8.3% 2 218

7 8 9 1 TCP/135 25.8% TCP/1433 23.5% 2 3 4 TCP/1433 UDP/53 TCP/2967 backdoor famous botnet ddns dns query 23.7% 13.4% 6.2% TCP/135 UDP/53 TCP/2967 backdoor famous botnet ddns dns query 23.2% 11.% 9.5% 5 TCP/22 4.2% TCP/3389 5.8% 6 TCP/88 3.6% TCP/22 4.6% 7 TCP/3389 2.8% TCP/88 3.9% 8 TCP/139 2.6% TCP/4899 3.% 9 TCP/8 2.3% TCP/1433 mssql_xp_cmdshell 2.3% 1 TCP/135 netbios dcerpc invalid bind 1.7% 13.7% TCP/139 2.2% 11.% 32.8% 23.5% TCP/1433- TCP/135-9.5% 11% 23.2% UDP/53-backdoor famous botnet ddns dns query TCP/2967-21 218

12,, 11,, 1,, 9,, 8,, 7,, 6,, 5,, 4,, 3,, 2,, 1,, 8/1 2 3 4 5 6 7 8 9 1 11 12 13 14 15 16 17 18 19 2 21 22 23 24 25 26 27 28 29 3 31 TCP/8 UDP/9155 TCP/88 UDP/53 TCP/25 TCP/9153 TCP/443 TCP/51 TCP/54 UDP/8 1,4, 1,2, 1,, 8, 6, 4, 2, 8/1 2 3 4 5 6 7 8 9 1 11 12 13 14 15 16 17 18 19 2 21 22 23 24 25 26 27 28 29 3 31 TCP SYN Flooding(DDos) UDP Flooding Host Sweep UDP Tear Drop TCP ACK Flooding TCP Connect DOS Ping Sweep HTTP Login Brute Force FIN Port Scan SMB Service sweep(tcp445) 22 218

21 1 2 3 4 5 6 1 PWS 14.5% PWS 16.3% PWS 16.7% PWS 21% PWS 25.4% PWS 21.4% 2 HLLW 13.2% HLLW 12.7% HLLW 16% HLLW 16.9% HLLW 12.8% HLLW 16.7% 3 GENERIC 9.8% GENERIC 8.8% GENERIC 1.9% GENERIC 1.4% ACADAP 11.1% GENERIC 9.3% 4 VIRUT 7.4% BREDLAB 8.4% HLLM 7.1% HLLM 5.9% VIRUT 1.8% HLLM 8% 5 HLLM 6.9% HLLM 6.5% VIRUT 6.2% VIRUT 5.5% GENERIC 5.2% VIRUT 7.8% 6 DOWNLOADER 5.8% PARITE 6.2% PARITE 4.2% UPX 4.4% BURSTED 2.9% PSYME 5.7% 7 PARITE 5.8% VIRUT 5.6% NSANTI 2.9% ACADAP 3.4% HLLM 2.8% DOWNLOADER 2.8% 8 NSANTI 2.5% DOWNLOADER 4% ACADAP 2.8% PERITE 3.3% UPX 2.4% NSANTI 2.2% 9 PESTUB 1.9% POLIPOS 3.2% DOWNLOADER 2.6% PESTUB 2.2% PSYME 2.1% ACADAP 2% 1 MULDROP 1.8% ACADAP 2.2% PESTUB 2.3% NSANTI 2% NSANTI 2% UPX 2% 3.4% 26.1% 28.3% 25% 22.5% 22.1% 1% 1% 1% 1% 1% 1% 21 7 8 9 1 11 12 1 PWS 22.% PWS 21.% 2 3 HLLW 16.1% GENERIC 11.6% HLLW 16.9% GENERIC 14.2% 4 5 6 7 8 9 1 DOWNLOADER 5.9% DOWNLOADER 5.5% UPX 3.9% VIRUT 4.% HLLM 3.9% PSYME 3.% PESTUB 3.5% PARITE 2.5% VIRUT 3.3% HLLM 2.3% PARITE 3.3% NSANTI 1.7% PSYME 3.% UPX 1.6% 23.5% 1% 27.3% 1% 23 218

2,524 1,5 886.8 4,91.8 171 (6.8%) 12 (8%) 24.7 (2.8%) 315.7 (6.4%) 1) (Vanilla)(Feature) (Smart) 24 218

+88******* +1767******* Global Networks +8821******* +239******* +88184******* Global Mobile Satellite System(GMSS) +2524******* 2) premium-rate numbers Quiz Show 25 218

26 218

27 218

28 218

29 218

3 218

31 218

32 218

~ 1 6 1 7 1 8 29 1,731 36 5,621 7,352 52 88 62 13 169 22 192 371 119 172 291 123 21 324 21 1 2 3 4 5 6 7 8 9 1 11 12 15 119 224 35 842 1,147 14 435 575 21 1,59 2,153 3,212 33 218

14 29 21 12 1 8 6 4 2 1,147 1,64 1,95 797 86 684 582 575 526 385 47 416 371 291 273 324 192 224 317 88 1 2 3 4 5 6 7 8 9 1 11 12 29 4,561 4 68 542 12 329 1,84 1 2 3 4 5 6 7 8 9 1 11 12 6 5 37 111 1 7 8 65 156 1 27 15 172 144 12 12 123 165 1 24 9 125 21 12 6 1 8 17 733 1 72 15 326 354 2 47 16 156 21 7,352 88 192 371 291 324 224 1,147 575 3,212 1,85 6 21 1 88 1,111 28.4% 2.8% 8.2%.3% 61.6% 34 218

29 21 1 2 3 4 5 6 7 8 9 1 11 12 21 MS IIS 2,519 28 39 97 113 95 62 354 199 987 Apache 1,8 3,33 17 43 7 83 73 21 37 141 69 16 7,352 88 192 371 291 324 224 1,147 575 3,212 32 13 312 481 18 196 79 1,435 35 218

22 TCP SSH Remote Login Protocol [trojan] Adore sshd, [trojan] Shaft 8 TCP World Wide Web, HTTP Mydoom, Welchia, Doomjuice, Agobot, Polybot, Bagle, Yaha, Spybot, Back Orifice 2k Plug-Ins, CGI Backdoor, Executor, Hooker, RingZero, Seeker, WAN Remote, Web Server CT, WebDownloader, Zombam 135 TCP/UDP DCE endpoint resolution, Blaster, Agobot, Yaha, Welchia, Polybot, Kibuv, Lovgate, MS-RPC Spybot 139 TCP Netbios-ssn God Message worm, Netlog, Qaz, Deborms, Moega, Yaha 445 TCP netbios-ds Agobot, Deloder, Yaha, Randex, Welchia, Polybot, Sasser, Bobax, Kibuv, Korgo, Spybot, Janx, Netdepix, Zotob, IRCBot, SDBot 125 TCP/UDP network blackjack Dasher, Remote Storm, ABCHlp, Lala, Keco 18 TCP/UDP SOCKS Protocol MyDoom, Proxmeg, Bugbear, Hagbard, Daemoni, Lixy 1433 TCP/UDP Microsoft-SQL-Server Spida, SQL Snake 1434 TCP Microsoft-SQL-Server SQL Slammer 2745 TCP urbisnet Bagle 341 TCP/UDP NetworkLens SSL Event OptixPro, Mockbot 4899 TCP radmin-port RAdmin Port 5 TCP/UDP commplex-main Back Door Setup, Blazer5, Bubbel, ICKiller, Ra1d, Bobax, Trojan.Webus 6129 TCP/UDP DameWare Mockbot 88 TCP/UDP HTTP Alternate RingZero, Brown Orifice, Backdoor.Haxdoor.E, Backdoor, W32.Spybot.OBB 36 218

Virus Virus Wall Buffer Overflow Bot DDoS:Distributed DoS DoS:Denial of Service Spyware Spam Relay Adware Worm In-line LAN DDoS DoS DoS victim CPU KISA 37 218

Trojan Phishing Hacking ASP.NET Botnet DHTML Editing Component ActiveX E-mail Hyperlink KrCERT/CC LLS NetBIOS OLE/COM PNG SMB KISA Bank Fraud, Scam XML HTML HTML Bot IRC HTML ActiveX E-mail HTML Hyperlink Korea Computer Emergency Response Team Coordination Center CERT/CSIRT KISA License Logging Service MS Object Linking And Embedding, Component Object Model MS Portable Network GraphicsGIF JPEG UNIX/LINUX Server Message Block TCP Syn Flooding TCP DoS Unreachable IP Syn Windows SharePoint Services Windows Shell explorer.exe 38 218

2024 © docsplayer.org 개인정보보호 | 약관 | 지원