2-11Àå - PDF Free Download

Chapter 11 script kiddies.... 24.., script kiddies..,... 215

1 TCP/IP., TCP/IP. IP IP..,. IP. TCP/IP TCP( UDP).. 0 65535.., IP, IP,,. (, ). 216

Chapter 11 IP. IP.... 1024 (0 1023 ).... A B. B IP, A. IP, ( ).. (well known services),., 80 HTTP. netstat netstat, netstat. TCP/IP. Tere Parnell Christopher Null Network Administrators Reference(Osborne /McGraw-Hill, 1998).. TCP/IP. TCP/IP ( ) W. Richard Stevens TCP/IP Illustrated (Addison-Wesley, 1994~96). TCP/IP. Volume1 : The Protocols, IP. TCP/IP, Stevens BSD 217

Volume 2 : The Implementation ( Volume2, )., Craig Hunt TCP/IP Network Administration (O Reilly &Associates, 1998). Stevens Volume1 ( ). O Reilly & Associates, D.Brent Chapman Building Internet Firewalls(2000x). Cheswick Bellovin(AT&T ) Firewalls and Internet Security(Addison-Wesley, 1994). 2.., 80.. netstat.. 218

Chapter 11 netstat.. [root@ford /root]# netstat -natu Active Internet connections (servers and established) ProtoRecv-QSend-Q Local Address Foreign Address State tcp 1 0 209.179.251.53:1297 199.184.252.5:80 CLOSE_WAIT tcp 1 0 209.179.251.53:1296 199.184.252.5:80 CLOSE_WAIT tcp 57 0 209.179.158.93:1167 199.97.226.1:21 CLOSE_WAIT tcp 0 0 192.168.1.1:6000 192.168.1.1:1052 ESTABLISHED tcp 0 0 192.168.1.1:1052 192.168.1.1:6000 ESTABLISHED [root@ford /root]# netstat.. TCP(-t) UDP(-u) (-a). (-n) IP (DNS). netstat TCP UDP. Recv Q(receive queue). Send Q., 5, 6. (Local Address) IP. IP 127.0.0.1 0.0.0.0. IP. IP. netstat 192.168.1.1 IP, PPP 209.179.251.53 (IP ). 219

5, Foreign Address. 0.0.0.0:*. IP. 6. netstat man, LISTEN ESTABLISHED. LISTEN. ESTABLISHED.... /etc/services. (, portmapper ). portmapper. netstat -p.., BASH.,.., netstat... 1024. X ( 6000) 1024. netstat 220

Chapter 11.... xinetd /etc/xinetd disable Yes. inetd /etc/inetd.conf. #. xinetd inetd 9. /etc/inetd.conf inetd HUP xinetd SIGUSR2.. [root@ford /root]# /etc/rc.d/init.d/xinetd reload inetd.. /etc/rc.d rc*.d 221

( 7 ). S X.. ps PID kill., portmap. [root@ford /root]# ps auxw grep portmap bin 255 0.0 0.1 1084 364? S Jul08 0:00 portmap root 6634 0.0 0.1 1152 440 pts/0 S 01:55 0:00 grep portmap [root@ford /root]# kill 255 netstat syslogd..., syslogd -r. syslogd -r. 222

Chapter 11.. Telnet. disable = yes [root@ford /] # /etc/init.d/xinetd restart. telnetd. telnet SSH. HTTPS SPOP SSL.,.. 3. 223

.., Telnet Telnet. Network World PC Week.... 9 syslog. syslog. syslog...., crackerboy.nothing better to do.net,... Perl... script kiddies.... 224

Chapter 11 /etc/syslog.conf syslog (514).. DOS PC Telix DOS ( DOS minicom., ). COM1 /dev/ttys0 COM2 /dev/ttys1 /etc/syslog.conf. DOS.. DOS. DOS. DOS (. ). swatch...... MRTG(Multi Router Traffic Grapher http://www.mrtg.org )... 225

COPS(Computer Oracle and Password System). SetUID,,. COPS COPS cron (cron 9 ).. ftp://ftp.cert.org/pub/tools COPS. TripWire.. (backdoor) (time bomb). TripWire MD5 (checksum). MD5. TripWire. MD5. TripWire. RPM. RPM.,. telnetd, login, /bin/ls, bash, last, syslog. script kiddy. 226

Chapter 11 SATAN(System Administrators Tool for Analyzing Networks) 1990. SATAN Dan Farmer. SATAN... SATAN. SATAN SATAN. COPS SATAN ftp://ftp.cert.org/pub/tools. 227

228