Å×Å©³ëÄÄÇ»ÅÍ
.
IP TableÀ» ÀÌ¿ëÇÑ FireWall ScriptÀÔ´Ï´Ù. ¿øÃâó´Â [MonMotha's IPTables Firewall]ÀÌ¸ç »ó´ÜºÎÀÇ ¼³Á¤ºÎ¹®À» ¼öÁ¤ÇØ Áֽøé Àßµ¹¾Æ°¡°í ÀÖ½À´Ï´Ù. http://t245.dyndns.org/~monmotha/firewall/index.php ...
¾È³çÇϼ¼¿ä..¹æ±Ý ¸Å½ºÄ¿ ·¹À̵ùÀ» ¼º°øÇÏ°í ¹Ù·Î ±ÛÀ» ¿Ã¸³´Ï´Ù.. ½Ã½ºÅÛ ±¸¼ºÀº linux box : Ä¿³Î 2.4-test10 eth0 -> 203.xxx.xxx.xxx eth1 -> 192.168.1.1 window box : window 2000 eth0(?) -> 19...
¾È³çÇϼ¼¿ä ¿À´Ãµµ 1ÀüÂ¥¸® ÆÁÀÔ´Ï´Ù. ³Ê¹«³ªµµ °£´ÜÇؼ 1ÀüÂ¥¸®µµ ¾ÈµË´Ï´Ù. ÀÏ´Ü ¸¶½ºÄõ·¹À̵ùÀº ¼º°øÇß´Ù°í °¡Á¤ÇÏ°Ú½À´Ï´Ù. iptables ¿¡¼ ´Ü¼øÈ÷ ¸¶½ºÄõ·¹À̵ù À̸é echo "1" > /proc/sys/net/ipv4/i...
¾È³çÇϼ¼¿ä ¿À´Ãµµ 1ÀüÂ¥¸® ÆÁÀÔ´Ï´Ù. ³Ê¹«³ªµµ °£´ÜÇؼ 1ÀüÂ¥¸®µµ ¾ÈµË´Ï´Ù. ÀÏ´Ü ¸¶½ºÄõ·¹À̵ùÀº ¼º°øÇß´Ù°í °¡Á¤ÇÏ°Ú½À´Ï´Ù. iptables ¿¡¼ ´Ü¼øÈ÷ ¸¶½ºÄõ·¹À̵ù À̸é echo "1" > /proc/sys/net/ipv4/i...
Ä¿³Î 2.4xx ¹öÁ¯ #iptables -A PREROUTING -t nat -p tcp -d 211.111.111.111 --dport 80 \ -j DNAT --to 192.168.1.3:80
insmod ip_conn???_ftp insmod ip_nat_ftp insmod ip_nat_irc
¸Å½ºÄ¿·¹À̵ù ÅøÀÌ Ä¿³Î2.2´ëÀÇ ipchains¿¡¼ 2.4´ë¿¡¼ iptables·Î ¹Ù²î¸é¼ °³³ä ¹× ¼³Á¤ÀÌ ºñ±³Àû ´Ü¼ø¸íÈ®(?)ÇØÁ³½À´Ï´Ù. ipchains¸¦ ÀÌ¿ëÇÏ¿© ¹æȺ®À̳ª ¸Å½ºÄ¿·¹À̵ùÀ» ±¸ÃàÇϽŠºÐµé²² iptables¸¦ Çѹø...
.
.
ÇØÅ·¹æÁö portsentry 1.1 -> for linux 7.2
compile µÈ°Í > ÇãÁ¤±Õ ´ÔÀÌ ¾²½Å ±ÛÀÔ´Ï´Ù. > ÇØÅ·¹æÁö portsentry 1.1 -> for linux 7.2
»ç¿ëÇÏ´Â config > ÇãÁ¤±Õ ´ÔÀÌ ¾²½Å ±ÛÀÔ´Ï´Ù. > ÇØÅ·¹æÁö portsentry 1.1 -> for linux 7.2
µ¥¸ó½ÇÇà¿ë > ÇãÁ¤±Õ ´ÔÀÌ ¾²½Å ±ÛÀÔ´Ï´Ù. > ÇØÅ·¹æÁö portsentry 1.1 -> for linux 7.2
.
ÀÏ´Ü Á¢¼Ó À¯Áö ÇÏ´Â ¹æ¹ýÁß¿¡´Â cronÀ» ¾²´Â °Ì´Ï´Ù. 5ºÐ ¸¶´Ù ping -c 2 home.hitel.net °ú °°ÀÌ Çϸé Á¢¼Ó À¯Áö°¡ µË´Ï´Ù. crontab -u root -e ÇϽøé crontab ÆÄÀÏÀÌ ¿¸®°í ¸¶Áö¸· ¶óÀο¡.. 0,05,10,15,20,...
(ÀÌ ±ÛÀÇ ÃֽŠ¹öÀüÀº http://soback.kornet.net/~eezen/adsl¿¡¼ º¸½Ç ¼ö ÀÖ½À´Ï´Ù) ºÎÆðú ÇÔ²² ÀÎÅÍ³Ý Á¢¼ÓÀÌ µÇ°í, ²÷¾îÁö¸é ÀÚµ¿À¸·Î ÀçÁ¢¼ÓÇÏ°Ô ÇÏ´Â ¹æ¹ýÀ» °£·«È÷ Á¤¸®ÇÕ´Ï´Ù. ÀÌ ±ÛÀº Çѱ¹Åë½Å ADSL...
´ë»ó: ½ÇÁ¦ ÀÎÅÍ³Ý IP°¡ ºÎ¿©µÈ ³×Æ®¿öÅ© »ó¿¡¼ Æ÷¿öµù°ú ¹æȺ® ±¸¼º¿¡ °ü½ÉÀÖ´Â ºÐµé. 1. µé¾î°¡±â ¾Õ¼ Linux°¡ Áß¼ÒÇü ³×Æ®¿öũȯ°æ¿¡¼ ÈǸ¢ÇÏ°Ô ÀÛµ¿ÇÏ´Â °ÍÀº ¸®´ª½º¸¦ »ç¿ëÇÏ°í ÀÖÁö ¾ÊÀº »ç¶÷µµ ÀÍ...
¸®´ª½º¸¦ ¶ó¿ìÆà ¼¹ö·Î »ç¿ëÇÏ°í Â÷´ÜÇÒ ¾ÆÀÌÇÇ°¡ 211.10.1.1À̶ó°í ÇÑ´Ù¸é ipchains»ç¿ë½Ã (Á¢±ÙºÒ°¡:ipchaines -A input -s 211.10.1.1 -j deny) (´Ù½ÃÇã¿ë:ipchaines -D input -s 211.10.1.1 -j deny) route...
#/sbin/ipchains -A forward -j MASQ -s $LOCAL_NETWORK/$LOCAL_NETMASK -d 0.0.0.0/0 /sbin/ipchains -A forward -j MASQ -s 192.168.1.1/255.255.255.194 -d 0.0.0.0/0 /sbin/ipchains -A input -s 1...
°¡Àå ÀϹÝÀûÀÎ ¼³Á¤. ¾ÈµÇ´Â°ÍÀº ¸·°í Ç°À¸¼¼¿ä. #!/bin/sh # For Masquerading of Kernel 2.2.x #ipchains -F ipchains -A forward -s 192.168.0.0/24 -d ! 192.168.0.0/24 -j MASQ ipchains -A forward -...
rpm -Uvh ipmasqadm.rpm ´ÙÀ½Àº ´ÙÀÌ¾Ë ÆÐµå »ç¿ë½Ã »ç¿ë /usr/sbin/ipmasqadm autofw -A -v -u -r udp 51200 51201 -c tcp 7175 /usr/sbin/ipmasqadm autofw -A -v -u -r tcp 51210 51210 -c tcp 7175 /u...
http://www.tsmservices.com/masq/ rpm -Uvh ipmasqadm*.rpm ¿¹Á¦) starcraft =>ipmasqadm autofw -A -r udp 6112 6112 -c tcp 6112 diablo =>ipmasqadm autofw -A -r udp 6112 6112 -c tcp 116 ...
fileÀÔ´Ï´Ù.
´ÙÀ̾ËÆÐµå ¼Ò¸®¹Ù´Ù ½ºÅ¸Å©·¹ÇÁÆ® Æ÷Æ®Æ÷¿öµù ÀÔ´Ï´Ù.
µð½ºÄÏ ÇÑÀåÀ¸·Î ³¡³ª´Â ÀÎÅͳݰøÀ¯. ÀÎÅÍ³Ý °øÀ¯¿¡ ÀûÇÕÇÑ ÃÖ¼Ò »ç¾ç 1.¹Ýµå½ÃÇÊ¿ä power(ÄÉÀ̽ºµµ ÀÖÀ½ ÁÁ°í)/486 CPU /486 MAINBOARD / 8mb RAM/fdd 3.5"/Lancard 2°³/µð½ºÄÏ ÇÑÀå 2.Àá½Ã ºô...
. ÷ºÎÈÀÏÀ» Ŭ¸¯Çϼ¼¿ä.
ip.conf ³»¿ë¿¡ IP=À̶ó°í³Ö´Â´Ù cp ipconf ipconf.conf getifaddr eth0 ppp0 eth1>>ipconf.conf . ./ipconf.conf ±×·³ º¯¼ö´Â $IP¸¦ »ç¿ëÇÏ¿© ½ºÅ©¸³Æ®¸¸µé¸éµÊ.
Çϳª·Î pii333/64mb /3com90x ,realtec8029 ÇÑÅëadsl pii733/128mb/realtec 8029 Àü¿ëȸ¼± mmx166/32mb /3com50x,intel pro 100+ ¸ðµÎ º° ¾î·Á¿ò¾øÀÌ ¼º°øÇÏ¿´½À´Ï´Ù. Áß¿äÇÑ°ÍÀº ·£Ä«µå ================...
¸®¶ó¿¡¼ ²À ÇÊ¿äÇѰ͸¸.
±âÁ¸ µð·ºÅ丮¿¡ ´þÇô ¾º¿ì¼¼¿ä. ±âŸ ÀÚÀßÇÑ °Í ¸î°³ ´õ ³Ö¾ú½À´Ï´Ù.
echo "1" > /proc/sys/net/ipv4/ip_masq_udp_dloose starcraft speed up
[ ÀÚ·á½Ç ]
±¤°í¼º ±ÛÀ̳ª ºÒ¹ýÀÚ·á ¾÷·Îµå¸¦ ±ÝÇÕ´Ï´Ù.
|
sendmail¿¡¼ sircam virus Â÷´ÜÇϱâ
|
À̸§ : ÇãÁ¤±Õ ¹øÈ£ : 42 Á¶È¸ : 75744
¾÷·Îµå : 2001-08-29 17:30:13 ¼öÁ¤ÀÏ : 2002-03-18 14:51:44
|
|
ÀÌ ¹ÙÀÌ·¯½º´Â º¸Åë, 'Hi! How are you?' ¶ó´Â ¹®±¸¸¦ Æ÷ÇÔÇÏ°í ÀÖÀ¸¸ç,
ÀϹÝÀûÀÎ ÆÄÀÏÀ» ÷ºÎÇÏ°í ÀÖ´Â Á¤»óÀûÀÎ ¸ÞÀÏó·³ º¸¿©, ¼Ó¾Æ³Ñ¾î°¡±â ½¬¿î ÇüÅÂÀ̸é¼,
½Ã½ºÅÛ¿¡ ÇÇÇظ¦ ÀÔÈ÷¹Ç·Î, ÁÖÀǸ¦ ¿äÇÏ°í ÀÖ½À´Ï´Ù.
¾Æ·¡ ³»¿ëÀº ±è°æ¿í´Ô²²¼ ÀÛ¼ºÇÑ sendmail 8.9 ÀÌ»ó ¹öÀü¿¡¼ ÀÌ ¹ÙÀÌ·¯½º¸¦
Â÷´ÜÇÏ´Â ¹æ¹ý¿¡ ´ëÇÑ ÆÁÀÔ´Ï´Ù.
--------------------------------------------------------------------------------
ÀÌ ·ê¼ÂÀº quanta-spam_killer¿¡¼ Sircam worm Â÷´Ü ·ê¼Â¸¸À» ºÐ¸®ÇÑ
°ÍÀÔ´Ï´Ù.
Sircam worm¿¡ ´ëÇÑ Á¤º¸´Â ¾Æ·¡ URL¿¡¼ È®ÀÎÇÒ ¼ö ÀÖ½À´Ï´Ù.
http://home.ahnlab.com/search/virus_detail.jsp?SEQ_NO=843
w32.sircam.worm@mm.html"
target="_blank">w32.sircam.worm@mm.html" TARGET=_blank>w32.sircam.worm@mm.html" TARGET=_blank>http://www.symantec.com/avcenter/venc/data/pf/w32.sircam.worm@mm.html
target="_blank">½Ã¸¸ÅØ, ¼Ä· ¿ú ¹ÙÀÌ·¯½º À§Çèµµ »óÇâ Á¶Á¤ (µðÁöÅ» ŸÀÓ½º,
2001/07/23)
target="_blank">[ÄÄÇ»ÅÍ]"How are you" ¹ÙÀÌ·¯½º ±â½Â (µ¿¾ÆÀϺ¸,
2001/07/20)
º» Â÷´Ü¹ýÀº Sircam worm Á¦ÀÛÀÚÀÇ À߸øµÈ Content-Disposition: »ç¿ë¿¡
¹ÙÅÁÀ» µÐ °ÍÀ¸·Î, Content-Disposition: ÀÇ ¿Ã¹Ù¸¥ »ç¿ë¿¹´Â RFC 2183À» ÂüÁ¶ÇϽñâ
¹Ù¶ø´Ï´Ù.
Áï, º» ·ê¼ÂÀº ¸ÞÀÏ Çì´õ¿¡ ¾Æ·¡¿Í °°Àº header field°¡ ¹ß°ßµÉ °æ¿ì sircam
worm À¸·Î °£ÁÖÇÏ¿© reject ÇÕ´Ï´Ù. RHSÀÇ ¿Ã¹Ù¸¥ »ç¿ë¿¹´Â, 'inline' ¶Ç´Â 'attachment'
ÀÔ´Ï´Ù.
Content-Disposition: Multipart message
sendmail.cf¿¡ ´ÙÀ½ ·ê¼Â¸¸À» Ãß°¡ÇÏ¿© Sircam wormÀ» Â÷´ÜÇÒ ¼ö ÀÖ½À´Ï´Ù.
¶ÇÇÑ, ³»ºÎ ³×Æ®¿öÅ©¿¡ ÀÌ¹Ì °¨¿°µÈ PC°¡ ÀÖÀ» °æ¿ì wormÀÇ È®»êÀ» Â÷´ÜÇÔ°ú
µ¿½Ã¿¡, maillog(¶Ç´Â syslog)¸¦ °Ë»öÇÏ¿© °¨¿°µÈ PC¸¦ ¹ß°ßÇÒ ¼ö ÀÖÀ» °ÍÀÔ´Ï´Ù.
ÀÌ ·ê¼ÂÀÇ »ç¿ëÀº sendmail 8.9 À̻󿡼¸¸ »ç¿ëÇÒ ¼ö ÀÖ½À´Ï´Ù.
ÆĶõ»öÀ¸·Î µÈ ºÎºÐÀÌ Ãß°¡µÉ ºÎºÐÀÔ´Ï´Ù.
# check IP address
R$* $: $&{client_addr}
R$@ $@ OK originated locally
R0 $@ OK originated locally
R$=R $* $@ OK relayable IP address
R$* $: $>LookUpAddress <$1> <$1>
R$* $@ RELAY relayable IP address
R<$*> <$*> $: $2
R$* $: [ $1 ] put brackets around it...
R$=w $@ OK ... and see if it is local
# anything else is bogus
R$* $#error $@ 5.7.1 $: "550 Relaying denied"
### Sircam worm filter
HContent-Disposition: $>check_sircam
D{SIRCAM}"Your message may contain the Sircam.worm !!! (¾Æ·¡ÁÙ°ú ¿¬°áÇؼ ¾²¼¼¿ä.)
See w32.sircam.worm@mm.html" TARGET=_blank>w32.sircam.worm@mm.html" TARGET=_blank>http://www.symantec.com/avcenter/venc/data/pf/w32.sircam.worm@mm.html"
Scheck_sircam
RMultipart message $#error $: 550 ${SIRCAM}
#### ÁÖÀÇ: Multimapt message¿Í $#error »çÀÌ´Â [TAB]ÀÔ´Ï´Ù.
######################################################################
######################################################################
#####
##### MAILER DEFINITIONS
#####
######################################################################
######################################################################
Sendmail.cfÀÇ ¼öÁ¤ÀÌ ´Ù ³¡³µÀ¸¸é, sendmailÀ»
restart Çϱâ Àü¿¡ ruleset ¸ðµå¿¡¼ Å×½ºÆ®¸¦ ÇØ º¾´Ï´Ù.
$ /usr/lib/sendmail -bt
ADDRESS TEST MODE (ruleset 3 NOT automatically invoked)
Enter
> check_sircam Multipart message check_sircam input:
Multipart message check_sircam returns: $# error $: 550 553
Your message may contain the Sircam . worm ! ! ! See http :
/ / www . symantec . com / avcenter / venc / data / pf / w32
. sircam . worm @ mm . html > ctrl-D (ºüÁ®³ª¿À±â)
À§¿Í °°ÀÌ Àß µÇ¾ú´Ù¸é, sendmailÀ» restart
ÇÕ´Ï´Ù.
|
|
|
Absolute number:72
|
|
|
|
|
|
|
|
|