WINDOWS¡ ½Ã½ºÅÛ¿¡ ´ëÇÑ Ãë¾àÁ¡
I. Introduction
-
°ú°ÅÀÇ PC µéÀº Network¿¡ Á¢¼ÓÀÌ °ÅÀÇ ¾ÈµÇÀÖ¾ú°í, ¸» ±×´ë·Î °³Àοë ÄÄÇ»ÅÍ ¿´´Ù.
±×·±µ¥ ¾öû³ PCÀÇ º¸±ÞÀ¸·Î ÀÎÇØ ÇöÀç Network¿¡ ¹°·Á ÀÖ´Â ÄÄÇ»ÅÍÀÇ ¾ÐµµÀûÀÎ
¼ö°¡ Windows basedÀÇ PCµéÀ̵Ǿú´Ù. °Å±â´Ù°¡ ¿¹ÀüÀÇ Windows based system ¿¡¼´Â
UNIX °è¿ÀÇ ¿÷½ºÅ×ÀÌ¼Ç Ã³·³ mail server, file server, ftp server, cache server
µîµîÀÇ ¼¹ö±â´ÉÀ» ÇÒ ¼ö ¾ø¾ú´ø ±×¾ß¸»·Î stand alone ÇüÅ¿´Áö¸¸ NTÀÇ µîÀåÀ¸·Î
´ÙÁß »ç¿ëÀÚ(multiuser)ÀÇ µî·Ï °ú °ü¸®°¡ °¡´ÉÇØ Á³°í, ¿÷½ºÅ×À̼ǿ¡ ºñÇØ H/W
ºñ¿ëÀ» Àý°¨ÇÏ¸é¼ IIS(Internet Information Server)Í °°ÀÌ °ü¸®Çϱ⠼ս¬¿î
ÀÎÅÍ³Ý ¼ºñ½ºµéÀ» ¿î¿µÇÒ ¼ö ÀÖ°Ô µÇ¾î º¸±ÞÀ²°ú ¿µÇâ·ÂÀÌ Ä¿Áö°í ÀÖ´Ù.
ÀÌ·¸°Ô Windows based system ÀÌ ¸¹ÀÌ »ç¿ëµÇ°í Àֱ⠶§¹®¿¡ ÀÌ·± ½Ã½ºÅÛÀÇ
º¸¾È»óÀÇ ¹®Á¦Á¡ÀÌ ÀÖÀ» °æ¿ì ¾ß±âµÉ ¼ö ÀÖ´Â ÇÇÇØ°¡ »ó´çÇÒ °ÍÀÌ´Ù.
±×·¸±â ¶§¹®¿¡ windows based system¿¡ ´ëÇÑ º¸¾È»óÀÇ ¹®Á¦Á¡°ú, Ãë¾àÁ¡À» Àß
¾Ë¾Æ¾ß ÇÏ°í, ±×°Í¿¡ ´ëÇÑ ´ëÃ¥À» ¾Ë¾Æ¾ß ÇÑ´Ù. ±×·³ ¾î¶² º¸¾È»óÀÇ Ãë¾àÁ¡ÀÌ
Á¸ÀçÇÏ´Â ¾Ë¾Æ º¸ÀÚ.
II. Ãë¾àÁ¡
II-I.MS IIS Ãë¾àÁ¡°ú ´ëÃ¥
-
Ãâó: http://www.eden.com/~tfast/iisbug.html
-
M$»çÀÇ Windows NT IIS (Internet Information Server)¿¡ Ãë¾àÁ¡À¸·Î, ¿ø°Ý
»ç¿ëÀÚ´Â À̸¦ ÀÌ¿ëÇÏ¿© À¥¼¹ö¸¦ Á¤Áö½Ãų ¼ö ÀÖ´Ù.
M$ÀÇ À©µµ¿ìÁî NT 4.0¿¡ IIS 3.0ÀÌ ¼³Ä¡µÇ¾î ÀÖ´Â °æ¿ì ¿ø°Ý »ç¿ëÀÚ°¡ ÀÓÀÇÀÇ
CGI À̸§/Àμö¸¦ Æ÷ÇÔÇÑ Æ¯Á¤ÇÑ ±æÀÌÀÇ URLÀ» »ç¿ëÇÏ¿© À¥¼¹ö¿¡ Á¤º¸¸¦ ¿äûÇϸé,
À¥¼¹ö ÇÁ·Î±×·¥ÀÇ ÀϺÎÀÎ inetinfo.exeÀÇ ¼öÇà½ÃÀÇ ¿¡·¯·Î ÀÎÇÏ¿© À¥¼¹ö°¡
Á¤ÁöµÈ´Ù.
ÀÌ Ãë¾àÁ¡Àº Ŭ¶óÀ̾ðÆ®·Î¼ URLÀÇ ±æÀ̸¦ °Ë»çÇÏÁö ¾Ê´Â ³Ý½ºÄÉÀÌÇÁ¸¦ ÀÌ¿ëÇÒ
¶§ ³ªÅ¸³ª¸ç, ÀÎÅÍ³Ý ÀͽºÇ÷η¯´Â URLÀÇ ±æÀ̸¦ °Ë»çÇϹǷΠÀÌ Ãë¾àÁ¡À» ÀÌ¿ë
ÇÒ ¼ö ¾ø´Ù.
-
ÇØ°áÃ¥
M$»çÀÇ Windows NT ¼ºñ½ºÆÑ3 À» ¼³Ä¡ÇÑ´Ù.
II-II.MS IIS File Access ÀÇ Ãë¾àÁ¡
-
Ãâó: http://ciac.llnl.gov/ciac/bulletins/i-068.shtml
-
¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ IIS À¥¼¹ö¿¡ ¿¬°áÇÑ À¥Å¬¶óÀ̾ðÆ®´Â IIS À¥¼¹öÀÇ °¡»ó ·çÆ®
µð·ºÅ丮 ¿¡ ÀÖ´Â ¸ðµç NTFS ÆÄÀÏÀÇ ³»¿ëÀ» ÀÐÀ» ¼ö ÀÖ´Ù.
NTFS´Â ÆÄÀϳ»¿¡¼ º¹ÇÕÀûÀÎ µ¥ÀÌÅÍ ½ºÆ®¸²À» Áö¿øÇÑ´Ù. ÁÖ¿ä ³»¿ëÀ» ÀúÀåÇÏ°í
ÀÖ´Â ¸ÞÀÎ µ¥ÀÌÅÍ ½ºÆ®¸²Àº $DATA¶ó´Â ¼Ó¼ºÀ» °¡Áö°í Àִµ¥, IIS À¥¼¹ö¸¦ ÅëÇØ
ÀÌ·¯ÇÑ NTFS ½ºÆ®¸²¿¡ Á¢±ÙÇϸé ÀϹÝÀûÀÎ µ¥ÀÌÅÍ ÆÄÀÏ »Ó¸¸ ¾Æ´Ï¶ó ÇÁ·Î±×·¥ÀÇ
¼öÇà °á°ú¸¦ Á¦°øÇϵµ·Ï ¼³Á¤µÇ¾î ÀÖ´Â ÆÄÀÏÀÇ ³»¿ë±îÁöµµ À¥ºê¶ó¿ìÀú¸¦ ÀÌ¿ëÇÏ¿©
º¼ ¼ö ÀÖ´Ù.
Ãë¾àÁ¡ÀÌ ÀÖ´Â ¼ÒÇÁÆ®¿þ¾î ¹× ¹öÀü
¸¶ÀÌÅ©·Î¼ÒÇÁÆ® IIS ¼¹ö : 1.0, 2.0, 3.0, 4.0
¸¶ÀÌÅ©·Î¼ÒÇÁÆ® Peer À¥¼¹ö : 2.0, 3.0
Windows NT 4.0 ¿÷½ºÅ×À̼ǿ¡¼ÀÇ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ® Personal À¥¼¹ö 4.0
- ÇØ°áÃ¥
IIS 3.0, 4.0 ÀÌÀü ¹öÀüÀÇ »ç¿ëÀÚµéÀº ¾÷±×·¹À̵带 ÇÏ°í, hotfix¸¦ Àû¿ëÇÑ´Ù.
ftp://ftp.microsoft.com/bussys/IIS/iis-public/fixes/usa/security/
IIS 3.0 (Intel x86) hotfix /iis3-datafix/iis3fixi.exe
IIS 3.0 (Alpha) hotfix /iis3-datafix/iis3fixa.exe
IIS 4.0 (Intel x86) hotfix /iis4-datafix/iis4fixi.exe
IIS 4.0 (Alpha) hotfix /iis4-datafix/iis4fixa.exe
ÀÚ±¹ ¾ð¾î¿ë À¥¼¹ö »ç¿ëÀÚµéÀº ¾Æ·¡¿¡¼ °¡Á®´Ù°¡ Àû¿ëÇÑ´Ù.
ftp://ftp.microsoft.com/bussys/IIS/iis-public/fixes/(lang)/security
II-III. Exchange¼¹ö¿¡¼ SMTP¿Í NNTP ¼ºñ½º °ÅºÎ Ãë¾àÁ¡°ú ´ëÃ¥
-
Ãâó:http://www.microsoft.com/security/bulletins/ms98-007.asp
-
1) SMTP ÇÁ·ÎÅäÄÝ
¾ÇÀǸ¦ °¡Áø °ø°ÝÀÚ°¡ Internet Mail ¼ºñ½º (TCP/IP 25¹ø Æ÷Æ®)¸¦ Á¦°øÇÏ´Â
MS »çÀÇ Exchange ¼¹ö¿¡ Á¢¼ÓÇÑ µÚ ¿¬¼ÓÀûÀ¸·Î ºÎÁ¤È®ÇÑ µ¥ÀÌÅ͸¦ º¸³½´Ù¸é
Internet Mail ¼ºñ½º °¡ ÀÀ´äÀ» ¸ØÃß´Â ÀÀ¿ëÇÁ·Î±×·¥ ¿À·ù°¡ ¹ß»ýÇÑ´Ù. ÀÌ°ÍÀº
Á÷Á¢ÀûÀ¸·Î ´Ù¸¥ Exchange °ü·Ã ¼ºñ½º¿¡ ¿µÇâÀ» ÁÖÁö´Â ¾Ê´Â´Ù.
SMTP ÇÁ·ÎÅäÄÝÀ» »ç¿ëÇÏ´Â ÀÌ °ø°ÝÀ¸·Î ÀÎÇÏ¿© Internet Mail ¼ºñ½º°¡
Á¤»óÀûÀ¸·Î µ¿ÀÛ ÇÏÁö ¾Ê´Â´Ù¸é ´ÜÁö ÇÁ·Î±×·¥À» ´Ù½Ã ½ÃÀÛÇϱ⸸ ÇÏ¸é µÈ´Ù.
¿î¿µ ½Ã½ºÅÛÀ» ´Ù½Ã ½ÃÀÛÇÒ ÇÊ¿ä´Â ¾ø´Ù.
-
2)NNTP ÇÁ·ÎÅäÄÝ
¾ÇÀǸ¦ °¡Áø °ø°ÝÀÚ°¡ NNTP ¼ºñ½º (TCP/IP 119¹ø Æ÷Æ®)¸¦ Á¦°øÇÏ´Â MS»çÀÇ
Exchange ¼¹ö¿¡ Á¢¼ÓÇÏ°í ¿¬¼ÓÀûÀ¸·Î ºÎÁ¤È®ÇÑ µ¥ÀÌÅ͸¦ º¸³½´Ù¸é Server
Information Store°¡ ÀÀ´äÀ» ¸ØÃß´Â ÀÀ¿ëÇÁ·Î±×·¥ ¿À·ù°¡ ¹ß»ýÇÑ´Ù.
Exchange Inforamtion Store°¡ ÀÀ´äÀ» ÁÖ¸é ´Ù¸¥ Exchange ¼ºñ½º±îÁö µ¿ÀÛÀ»
¸ØÃß°Ô ÇÒ ¼ö ÀÖ´Ù. NNTP ÇÁ·ÎÅäÄÝÀ» »ç¿ëÇÏ´Â ÀÌ °ø°ÝÀ¸·Î ÀÎÇÏ¿© Exchange
Information Store°¡ Á¤»óÀûÀ¸·Î µ¿ÀÛÇÏÁö ¾Ê´Â´Ù¸é ´ÜÁö ÇÁ·Î±×·¥À» ´Ù½Ã
½ÃÀÛÇϱ⸸ ÇÏ¸é µÈ´Ù. ¿î¿µ ½Ã½ºÅÛÀ» ´Ù½Ã ½ÃÀÛÇÒ ÇÊ¿ä´Â ¾ø´Ù.
-
3) Ãë¾àÇÑ ¼ÒÇÁÆ®¿þ¾î ¹öÀü
Microsoft Exchange Server, version 5.5
Microsoft Exchange Server, version 5.0 (5.0 Service Pack 1, 2 Æ÷ÇÔ)
-
ÇØ°áÃ¥
Exchange Server versions 5.5, 5.0. ÀÇ »ç¿ëÀÚ´Â ´ÙÀ½¿¡¼ ±ä±Þ ÆÐÄ¡¸¦ Àû¿ëÇÑ´Ù.
Exchange Server 5.0 ALL LANGUAGES:
ftp://ftp.microsoft.com/bussys/exchange/exchange-public/fixes/Eng/Exchg5.0/Post-SP2-STORE/
ftp://ftp.microsoft.com/bussys/exchange/exchange-public/fixes/Eng/Exchg5.0/Post-SP2-IMS/
II-IV Windows 95/98 Network File Sharing Ãë¾àÁ¡°ú ´ëÃ¥
-
Ãâó: http://www.l0pht.com/
-
Windows 95/98 Network File SharingÀº SMB challenge/response ÀÎÁõ¿¡ »ç¿ëµÇ´Â
¾ÏÈ£ÈµÈ challenge°ªÀ» Àç»ç¿ë ÇÑ´Ù. ÀÌ·¯ÇÑ Àç»ç¿ëÀº °ø°ÝÀÚ°¡ Àû¹ýÇÑ ³×Æ®¿öÅ©
ÀÎÁõ ÆÐŶÀ» °¡·Îä¾î Àç»ç¿ë(replay)ÇÔÀ¸·Î¼, Àû¹ýÇÑ »ç¿ëÀÚ·Î ¿¬°áÀ» ½ÃµµÇÒ ¼ö
ÀÖµµ·Ï ÇÑ´Ù.
-
ÇØ°áÃ¥
Windows 95/98 Network File SharingÀ» »ç¿ëÇÏÁö ¾Ê´Â´Ù.
II-V NT Password Apprasiser Ãë¾àÁ¡ ¹× ´ëÃ¥
-
Ãâó: http://www.l0pht.com/advisories/pwapprais.txt
-
Quakenbush»çÀÇ Password Appraiser´Â °ü¸®ÀÚ°¡ NT ½Ã½ºÅÛÀÇ Ãë¾àÇÑ Æнº¿öµå¸¦
°¡Áø °èÁ¤À» ã±â À§Çؼ »ç¿ëÇÏ´Â µµ±¸ÀÌ´Ù.
ÇÏÁö¸¸ ÀÌ µµ±¸¸¦ ÀÌ¿ëÇÏ¿© NT ½Ã½ºÅÛÀÇ Æнº¿öµå¸¦ ºÐ¼®ÇÏ´Â µ¿¾È¿¡ ÀÎÅͳÝÀ»
ÅëÇØ ¿ø°ÝÁö ½Ã½ºÅÛÀ¸·Î »ç¿ëÀÚµéÀÇ Æнº¿öµå°¡ À¯ÃâµÉ ¼ö ÀÖ´Ù. ¾Æ¹«·± ÀǽɾøÀÌ
½Ã½ºÅÛ °ü¸®ÀÚ´Â »ç¿ëÀÚµéÀÇ Æнº¿öµå Ãë¾àÁ¡À» Á¡°ËÇÏ·Á°í ÇÏÁö¸¸, À̶§ ¸ðµç
NT »ç¿ëÀÚµéÀÇ Æнº¿öµå ¸ñ·ÏÀÌ ¾ÏȣȵÇÁö ¾ÊÀº ä ÀÎÅͳÝÀ» ÅëÇØ Àü¼ÛµÈ´Ù.
-
ÇØ°áÃ¥
NT Æнº¿öµå°¡ À¯ÃâµÇ´Â ÀÌ Ãë¾àÁ¡Àº ¿ÜºÎ¿¡¼ Æнº¿öµå Ãë¾àÁ¡À» Áø´ÜÇÒ ¼ö
ÀÖµµ·Ï ÇÏ´Â "Internet Query ¿É¼Ê"ÀÌ ¼³Á¤µÈ »óÅ¿¡¼ ±âÀÎÇÏ´Â °ÍÀ¸·Î, ¿ÜºÎ·Î
ºÎÅÍ ³»ºÎ ½Ã½ºÅÛÀÇ Æнº¿öµå Ãë¾àÁ¡À» Á¡°ËÇÏÁö ¾Êµµ·Ï ÇÑ´Ù.
II-VI Windows NT Screensaver Ãë¾àÁ¡ ¹× ´ëÃ¥
-
Ãâó : www.ntsecurity.net
-
Windows NT ½Ã½ºÅÛ¿¡¼ Screen saver´Â Winlogon.exe¿¡ ÀÇÇؼ ½ÇÇàµÇ¸ç,
Winlogon.exe´Â screen saverÀÇ primary security tokenÀ» ·Î±×ÀÎÇÑ »ç¿ëÀÇ
security tokenÀ¸·Î º¯È¯ÇÏ°í screen saver ÇÁ·Î¼¼½º¸¦ ½ÇÇàÇÏ°Ô µÈ´Ù.
ÇÏÁö¸¸ Winlogon.exe°¡ ÀÌ·¯ÇÑ security tokenÀÇ º¯È¯ÀÌ ¼º°øÇß´Â Áö¸¦ °Ë»çÇÏÁö
¾Ê¾Æ, ¸¸¾à ½ÇÆÐÇÒ °æ¿ì screen saver´Â Winlogon.exeÀÇ º¸¾È ¹®¸ÆÀÎ system
¹®¸ÆÀ¸·Î ½ÇÇàµÇ°í ¿©·¯ °¡Áö ÀÏÀ» ¼öÇàÇÒ ¼ö ÀÖ°Ô µÈ´Ù.
-
ÇØ°áÃ¥
http://www.microsoft.com/security/bulletins/ms99-008.asp
II-VII IIS .bat/.cmd ¹ö±×
-
M$»çÀÇ IISÀ¥¼¹öÀÇ Àß ¾Ë·ÁÁø ¹ö±×ÀÎ .cmd .bat ¹ö±×¸¦ ÅëÇؼ ħÀÔÀÚ´Â À¥
½Ã½ºÅÛÀÇ ¸í·É¾î¸¦ ½ÇÇà½Ãų ¼ö ÀÖ´Â ¹ö±×°¡ Á¸ÀçÇÑ´Ù.
-
ÇØ°áÃ¥
.BAT, .CMD È®ÀåÀÚ¸¦ IIS À¥ ¼¹öÀÇ CGI½ºÅ©¸³Æ®·Î¼ µî·ÏÇÏÁö ¾Ê´Â´Ù.
IIS¸¦ ¾÷µ¥ÀÌÆ® ÇÑ´Ù.
http://www.microsoft.com/iis/default.asp
II-VIII rsh ¸í·É
-
Windows NT Resource Kit¿¡ Æ÷ÇԵǾî ÀÖ´Â rshÀº À¯Àú¿¡ »ó°ü¾øÀÌ System °èÁ¤À¸·Î
¸ðµç ¸í·ÉÀ» ½ÇÇà½Ãų ¼ö ÀÖ´Ù. System°èÁ¤Àº Windows NT ¸Ó½ÅÀÇ °¡Àå °·ÂÇÑ
°èÁ¤ÀÌ°í µû¶ó¼ ÀÌ ¼ºñ½º´Â °¡´ÉÇÏ¸é ½ÇÇàÇÏÁö ¾Ê´Â °ÍÀÌ ÁÁ´Ù. Rsh ¼ºñ½º¸¦
»èÁ¦Çϱâ À§Çؼ´Â ¿ª½Ã Resource Kit¿¡ ÀÖ´Â instsrv ÅøÀ» ÀÌ¿ëÇÒ ¼ö ÀÖ´Ù.
-
ÇØ°áÃ¥
´ÙÀ½°ú °°ÀÌ ¼ºñ½º¸¦ »èÁ¦ÇÑ´Ù. : LOCAL ±â°è(CLI):
Ä¿¸Çµå ÇÁ·ÒÇÁÆ®¿¡¼ ´ÙÀ½°ú °°ÀÌ ÀÔ·ÂÇÑ´Ù. 'instsrv rshsvc remove'
II-IX NT Security LOG Á¢±Ù °¡´É
-
NT Security LOG °¡ Á¢±Ù °¡´ÉÇÏ´Ù. ÀÌ ¹ö±×´Â ħÀÔÀÚ°¡ À©µµ¿ì NTÀÇ º¸¾È ·Î±×
ÆÄÀÏÀ» Á¢±ÙÇÒ ¼ö ÀÖ°Ô ÇÑ´Ù. ÀÌ°ÍÀº ±× À¯Àú°¡ administrative ±ÇÇÑÀ» °¡Áö°í
ÀÖÀ¸¸ç ¾Æ¸¶µµ Guest°èÁ¤ÀÌ Network Á¢±Ù ±ÇÇÑÀ» °¡Áö°í ¿·Á ÀÖ´Ù´Â °ÍÀ»
ÀǹÌÇÑ´Ù. ¸¸ÀÏ ½ºÄ³³Ê¸¦ ½ÇÇàÇÏ´Â À¯Àú°¡ Administrative±ÇÇÑÀ» °¡Áö°í ÀÖ´Ù¸é
ÀÌ°ÍÀº Ãë¾àÁ¡ÀÌ ¾Æ´Ï´Ù.
-
ÇØ°áÃ¥
LOCAL ¸Ó½Å (GUI): Start Menu/Programs/Administrative Tools (Common)/User
Manager¸¦ ½ÇÇàÇÑ´Ù. Policies ¸Þ´ºÀÇ 'User Rights' ¸¦ ¼±ÅÃÇÑ´Ù. ±â°è¿¡´Â
administrative ±ÇÇÑÀ» guest °èÁ¤¿¡´Â network Á¢±Ù ±ÇÇÑÀ» ÇÒ´çÇÑ´Ù.
II-X NT¿ë Website 1.1¿¡ sample cgi ÇÁ·Î±×·¥ÀÇ Ãë¾àÁ¡
-
c-win-sample.exe ÇÁ·Î±×·¥Àº WebSite À¥¼¹ö¿¡ Æ÷ÇԵǾî Àִµ¥, ¿ø°ÝÀÇ Ä§ÀÔÀÚ°¡
¹öÆÛ¿À¹öÇ÷ο츦 ÀÏÀ¸ÄÑ À¥¼¹ö ±â°è ³»ÀÇ ÀÓÀÇÀÇ Ä¿¸Çµå¸¦ ½ÇÇà½Ãų ¼ö ÀְԵǴÂ
¹®Á¦Á¡ÀÌ Á¸ÀçÇÑ´Ù.
c-win-sample.exe ÇÁ·Î±×·¥Àº O'Reilly WebSite À¥¼¹öÀÇ cgi-shl µð·ºÅ丮¿¡
µðÆúƮΠ¼³Ä¡µÇ¾î ÀÖ´Ù. win-c-sample.exe ÇÁ·Î±×·¥Àº ¸ðµç À¥¼¹öÁ¦Ç° ³»¿¡¼
»èÁ¦µÇ¾î¾ß ÇÑ´Ù. WebSite ¼¹öÀÇ v2.0 »óÀ§ ¹öÀü¿¡´Â sample ÇÁ·Î±×·¥ÀÌ Æ÷ÇԵǾî
ÀÖÁö ¾Ê´Ù. ÀÌ Ãë¾àÁ¡ Á¡°ËÀ¸·Î ÀÎÇØ WebSite ¼¹ö ±â°èÀÇ Äֿܼ¡ application
error °¡ ¹ß»ýÇÒ ¼ö ÀÖ´Ù.ÀÌ ¿¡·¯´Â WebSite ¿Í À¥¼¹öÀÇ µ¿ÀÛ¿¡ ¿µÇâÀ» ¹ÌÄ¡Áö´Â
¾Ê´Â´Ù.Äֿܼ¡ ÀÌ ¿¡·¯°¡ ¶ß¸é OK ¹öÆ°À» ´·¯¼ dismiss ½ÃÅ°µµ·Ï ÇÑ´Ù.
-
ÇØ°áÃ¥
Ãë¾àÁ¡ÀÌ ÀÖ´Â °æ¿ì, °ü¸®ÀÚ°¡ µÈ »óÅ¿¡¼ ´ÙÀ½ÀÇ Ä¿¸Çµå¸¦ ½ÇÇà½ÃŲ´Ù.
C:\WEBSITE\CGI-SHL> del win-c-sample.exe
(WebSite °¡ µðÆúÆ® À§Ä¡ÀÎ C:\WEBSITE ¿¡ ¼³Ä¡µÇ¾ú´Ù°í °¡Á¤ÇÑ °æ¿ì)
ÆÐÄ¡: v2.0 ÀÌ»ó ¹öÀüÀÇ WebSite ¿¡´Â ÀÌ sample ÇÁ·Î±×·¥ÀÌ Æ÷ÇԵǾî ÀÖÁö ¾Ê´Ù.
WebSite ÀÇ »õ ¹öÀüÀº O'Reilly ÀÇ »çÀÌÆ®¿¡¼ ±¸ÇÒ ¼ö ÀÖ´Ù.
http://software.ora.com/techsupport/software/updates.html
II-XI getadmin ÀÌ ÇöÀç HOST¿¡ ¼³ÃëµÈ °æ¿ì
-
Windows NT Ä¿³Î ÇÔ¼öµé ³»¿¡ ¸ðµç
»ç¿ëÀÚ°¡ °ü¸®ÀÚ ±ÇÇÑÀ» °¡Áú ¼ö ÀÖµµ·Ï OS ³»¿¡ flag ¸¦ ¼¼ÆÃÇÒ ¼ö ÀÖ´Â ¹®Á¦Á¡ÀÌ
Á¸ÀçÇÑ´Ù. Getadmin Àº ·¹Áö½ºÆ®¸® ¾È¿¡ Software\AntiShut key¸¦ ³²±ä °ÍÀÌ
¹ß°ßµÇ´Âµ¥, ¿¹Àü¿¡ ISS ¿¡ ÀÇÇØ °³¹ßµÈ getadmin ¿¡¼´Â key¸¦ »ý¼º½ÃÅ°°í
°ü¸®ÀÚ°¡ ¾Æ´Ñ »ç¿ëÀÚÀÇ ¿¢¼¼½º¸¦ deny ÇÒ ¼ö ÀÖ´Ù. ±×·¯¹Ç·Î ÀÌ key°¡ Á¸ÀçÇÏ°í
°ü¸®ÀÚ°¡ ¾Æ´Ñ »ç¿ëÀÚ°¡ ÀÌ key ¿¡ write ±ÇÇÑÀÌ ¾ø´Ù¸é Ãë¾àÁ¡ÀÌ ¾ø´Â °ÍÀÌ´Ù.
-
ÇØ°áÃ¥
LOCAL MACHINE (GUI): Start ¸Þ´º¿¡¼ Programs/Administrative Tools/User Manager
¦ ¼±ÅÃÇÑ´Ù. Policies/User Rights ¿¡¼, È£½ºÆ® ³»ºÎ¿¡ °ü¸®ÀÚ ±ÇÇÑÀ» °¡Áö°í
ÀÖ´Â »ç¿ëÀÚ¸¦ üũÇÑ´Ù. OS ¸¦ ´Ù½Ã ¼³Ä¡ÇÏ´Â °Í °°Àº °·ÂÇÑ ´ëÀÀÀÌ ÇÊ¿äÇÏ´Ù.
Consider this host compromised, as well as any passwords from any other users on this host.
±×¿Ü¿¡ getadmin ¼öÁ¤º»À» Microsoft ¿¡¼ ±¸ÇØ ¼³Ä¡Çϵµ·Ï ÇÑ´Ù.
getadmin ¼öÁ¤º»º ´ÙÀ½ÀÇ »çÀÌÆ®¿¡¼ ±¸ÇÒ ¼ö ÀÖ´Ù.
ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/nt40/hotfixes-postSP3/getadmin-fix/.
Microsoft Knowledge Base Article Q146965.txt À» ÂüÁ¶Çϵµ·Ï ÇÑ´Ù.
II-XII Teardrop IP Fragmentation Overlap
-
ħÀÔÀڴ Ÿ°Ù¿¡ fragmented IP datagram pairs
µé» º¸³½´Ù. (°³¼ö´Â OS ¸¶´Ù ´Ù¸£´Ù. - Linux°¡ 1 pair ¸¦ ¹ÞÀ» °æ¿ì crash
µÇÁö¸¸, Windows NT ´Â 50°³±îÁö ¹ÞÀ» ¼ö ÀÖ´Ù). ù fragment´Â 0 ¹ø ¿ÀÇÁ¼Â
(¸®½ºÆ®¿¡¼ ù fragment ÀÎ IP ÀÓÀ» ¸»ÇÔ)°ú size N ÀÇ payload °ªÀ» °®°í
º¸³»Áø´Ù. µÎ¹ø° (¸¶Áö¸· fragment) fragment ´Â ÀÌÀü fragment ³»ºÎ¿¡ overlap
µÇ¾î¾ß ÇÏ°í , payload ´Â Á¸ÀçÇÏÁö ¾Ê°Å³ª 1, 2 ¹ÙÀÌÆ® Á¤µµ·Î ÀÛÀº IP ÀÇ Àǹ̸¦
°®´Â offset À» Àü¼ÛÇÏ°Ô µÈ´Ù. °ø°Ý´çÇÑ ¸Ó½ÅÀº crash µÇ°Å³ª ¸®ºÎÆà µÈ´Ù.
-
ÇØ°áÃ¥
New Teardrop ÆÐÄ¡¸¦ Àû¿ëÇÑ´Ù.
II-XIII º¯ÇüµÈ teardrop °ø°Ý
-
º¯ÇüµÈ teardrop °ø°Ý (blue screens À» Windows system ¿¡ ¶ß°Ô ÇÔ)
ÀÌ issue ´Â ¸î °³¿ù Àü Internet¿¡ ³ªÅ¸³ "teardrop"À̶ó°í ºÒ¸®´Â
ħÀÔÇÁ·Î±×·¥ÀÇ º¯ÇüµÈ ¹öÀüÀÌ´Ù. ÀÌ »õ·Î¿î issue´Â Microsoft TCP/IP stackÀÌ
À߸øµÈ UDP Çì´õ Á¤¸¿¡ ÀÇÇØ ¹ß»ýÇÑ ¾î¶² exception µéÀ» ó¸®ÇÏ´Â ¹æ¹ý ¶§¹®¿¡
¹ß»ýµÈ´Ù. ÀÌ »óȲÀº Á¦´ë·Î ¸¸µé¾îÁø TCP/IP ÆÐŶ¿¡¼´Â ¹ß»ýÇÏÁö ¾Ê°í °íÀÇÀûÀÎ
¸ñÀûÀ¸·Î ¸¸µé¾îÁø ÇÁ·Î±×·¥¿¡ ÀÇÇØ ¹ß»ýÇÑ´Ù.
-
ÇØ°áÃ¥
¾Æ·¡ÀÇ »çÀÌÆ®¿¡¼ ÆÐÄ¡¸¦ ±¸ÇÑ´Ù.
Windows NT 4.0 ÀÇ °æ¿ì
ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/NT40/hotfixes-postSP3/teardrop2-fix/
Windows NT 3.5.1 ÀÇ °æ¿ì
ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/NT351/hotfixes-ostSP5/teardrop2-fix/
II-XIV Windows NT Denial of Service Attack
-
Windows NT ¼¹ö (ÃÖ½ÅÀÇ ¸ðµç ¹®Á¦Á¡À» ÇØ°áÇÑ ¼ºñ½ºÆÑ 3 Æ÷ÇÔ)´Â denial of
service °ø°Ý¿¡ Ãë¾àÇÏ´Ù.
logon ¿äûÀÌ SMB/CIFS ¼ºñ½º¿¡ ¿¢¼¼½ºµÇ°í SMB logon ÀÌ À߸ø 󸮵Ǹé, NT
kernel ¿¡¼ memory corruption ÀÌ ÀϾÙ. ÀÌ°ÍÀÌ ÀϾ¸é, blue screen ¿¡·¯
¸Þ½ÃÁö°¡ ³ªÅ¸³ª°í ¸Ó½ÅÀº ¸®ºÎÆ®µÈ´Ù.
-
ÇØ°áÃ¥
¾Æ·¡ÀÇ »çÀÌÆ®¿¡¼ microsoft ÀÇ ÆÐÄ¡¸¦ Àû¿ëÇϵµ·Ï ÇÑ´Ù.
ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/NT40/hotfixes-postSP3/srv-fix
II-XIV NetBIOS°øÀ¯
-
Á¢±ÙÁ¦¾î¸¦ ÀüÇô ÇÏÁö ¾Ê´Â NETBIOS °øÀ¯°¡ ¹ß°ßµÇ¾ú´Ù. ÀÌ ¹®Á¦Á¡À¸·Î ÀÎÇØ
Á¦°øµÇ´Â ¸ðµç ÀÚ¿ø¿¡ ´ëÇØ ¸ðµç »ç¿ëÀÚÀÌ ¸ðµç ¿¢¼¼½º¸¦ ÇÒ ¼ö ÀÖ°Ô µÇ°í, ÆÐÄ¡°¡
µÇÁö ¾ÊÀº Windows 95 ÀÇ ¸ðµç Çϵåµð½ºÅ© µå¶óÀ̺긦 ¿¢¼¼½º ÇÒ ¼ö ÀÖ°Ô µÈ´Ù.
-
ÇØ°áÃ¥
WINDOWS NT: ´ÙÀ½°ú °°ÀÌ Æ۹̼ÇÀ» È®½ÇÇÏ°Ô Á¶Á¤ÇØ ÁØ´Ù.
LOCAL MACHINE (GUI): NetBIOS °øÀ¯·Î °£ µÚ, °øÀ¯µÈ µð·ºÅ丮¿¡¼ right-click À»
ÇÏ°í, 'Properties' ¸¦ ¼±ÅÃÇÑ´Ù. 'Sharing' Ç׸ñ¿¡¼ Çã°¡µÈ »ç¿ëÀÚ¸¸ ¿¢¼¼½º ÇÒ
¼ö ÀÖµµ·Ï Æ۹̼ÇÀ» ÀçÁ¶Á¤ÇÑ´Ù.
¶Ç´Â °øÀ¯¸¦ ´ÙÀ½°ú °°ÀÌ Á¦°ÅÇÑ´Ù.
LOCAL MACHINE (CLI): 'net share sharename /delete' ¶ó°í ŸÀÌÇÎÇÑ´Ù.
REMOTE HOST (GUI): Start ¸Þ´º¿¡¼ , Programs/Administrative Tools
(Common)/Server Manager ¸¦ ¼±ÅÃÇÑ´Ù. Host ¸¦ ¼±ÅÃÇÏ°í, Computer ¸Þ´º¿¡¼
'Shared Directories' ¸¦ ¼±ÅÃÇÑ´Ù. NetBIOS share ¸¦ ¼±ÅÃÇÑ µÚ 'Stop Sharing' À»
Ŭ¸¯ÇÑ´Ù.
UNIX: Samba ¹®¼¸¦ ÂüÁ¶Çϵµ·Ï ÇÑ´Ù. Samba ÀÎÁõÀýÂ÷¸¦ ¹Ù²ã¾ß ÇÒ °ÍÀÌ´Ù.
II-XVI ASPÀÇ ¹®Á¦
-
ASP °¡ À¥ Ŭ¶óÀ̾ðÆ®¿¡°Ô ASP ÆÄÀÏÀ» ´Ù¿î·Îµå ÇÒ ¼ö ÀÖµµ·Ï ÇØÁÖ´Â ¹®Á¦Á¡
ÀÌ ¹öÀüÀÇ IIS (Internet Information Server) ¿¡´Â Ŭ¶óÀ̾ðÆ®°¡ URL µÚ¿¡ period
¸¦ ºÙ¿© request ¸¦ º¸³¾ °æ¿ì, Active Server Page (.asp ÀÇ È®ÀåÀÚ¸¦ °®´Â
ÆÄÀϵé) ÀÇ ¼Ò½ºÄڵ带 º¸¿©ÁÖ°Ô µÇ´Â ¹®Á¦Á¡ÀÌ Á¸ÀçÇÑ´Ù.
½ºÅ©¸³Æ® Á¤º¸ »Ó ¾Æ´Ï¶ó ÆÄÀϳ»ÀÇ ´Ù¸¥ µ¥ÀÌŸ ¿ª½Ã º¼ ¼ö ÀÖ°Ô µÈ´Ù.
-
ÇØ°áÃ¥
Windows NT 4.0 ¿ë ¼ºñ½º ÆÑ 3 À» ¼³Ä¡Çϰųª IIS ¼¹ö¸¦ ¾÷µ¥ÀÌÆ® ½ÃŲ´Ù.
¼ºñ½ºÆÑ 3 À» ¼³Ä¡ÇÏ·Á¸é
ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/
¿¡ Á¢¼ÓÇؼ
"desired contry abbreviation" À» ¼±ÅÃÇÑ ÈÄ "nt30" À» ¼±ÅÃÇÏ°í "ussp3"
¸¦ ±³Ã¼ÇÑ´Ù. Intel À̳ª ALPHA CPU ¸¦ »ç¿ëÇÏ°í ÀÖ´Ù¸é i386/nt4sp3_1.exe ³ª choose
alpha/nt4sp3_a.exe ¸¦ ¼±ÅÃÇϵµ·Ï ÇÑ´Ù.
IIS ¼¹öÀÇ ÃֽŠ¹öÀüÀº
http://www.microsoft.com/iis/default.asp ¿¡¼ ±¸Çϵµ·Ï ÇÑ´Ù. ´õ ÀÚ¼¼ÇÑ ³»¿ëÀº
Microsoft Knowledge Base Article Q163485.txt À» ÂüÁ¶Çϵµ·Ï ÇÑ´Ù.
II-XVII Windows 95 Æнº¿öµå ij½¬ ÆÄÀÏ
-
Windows 95 ´Â Æнº¿öµå¸¦ Çϵåµð½ºÅ© ³»¿¡ .PWL È®ÀåÀÚ¸¦ °®´Â ÆÄÀϷΠij½¬¸¦
ÇÏ´Â¥, ÀÌ Æнº¿öµå ij½¬ ÆÄÀÏÀÇ ¾ÏÈ£È ¾Ë°í¸®ÁòÀÌ ´Ü¼øÇϱ⠶§¹®¿¡ ½±°Ô ¾ÏÈ£¸¦
±ý ¼ö ÀÖ´Ù. ±×·¯¹Ç·Î ÀÌ ÆÄÀϵéÀ» °øÀ¯µÈ ÆÄÀϽýºÅÛ ³»¿¡ µÎÁö ¸»¾Æ¾ß ÇÑ´Ù.
È£½ºÆ® »ó¿¡ ÆÄÀÏ °øÀ¯°¡ ÇÊ¿äÄ¡ ¾Ê´Ù¸é °øÀ¯¸¦ ÇØÁ¦Çϰųª, °øÀ¯µÉ ÇÊ¿ä°¡ ÀÖ´Â
µå¶óÀ̺길 °øÀ¯Çϵµ·Ï Á¦ÇÑÇÑ´Ù.
-
ÇØ°áÃ¥
ÆÄÀÏ Æ۹̼ÇÀ» ¹Ù²Ù·Á¸é:
LOCAL HOST (GUI): °øÀ¯µÈ °÷À¸·Î °¡¼, right-clickÀ» ÇÏ°í 'Properties'¸¦
¼±ÅÃÇÑÙ. ¿¢¼¼½º°¡ Çã¶ôµÈ »ç¿ëÀڵ鿡 ÀÇÇؼ¸¸ °¡´ÉÇϵµ·Ï Æ۹̼ÇÀ»
¼³Á¤ÇÑ´Ù.
REMOTE HOST (GUI): 'Start' ¸Þ´º¿¡¼, Programs/Administrative Tools
(Common)/Server Manager¸¦ ¼±ÅÃÇÑ´Ù. Server ¸¦ ¼±ÅÃÇÑ´Ù. 'Computer' ¸Þ´º¿¡¼,
'Shared Directories'¸¦ ¼±ÅÃÇÏ°í ¿¢¼¼½º°¡ Çã¶ôµÈ »ç¿ëÀڵ鿡 ÀÇÇؼ¸¸ °¡´ÉÇϵµ·Ï
Æ۹̼ÇÀ» ¼³Á¤ÇÑ´Ù.
±×¸®°í, Microsoft·Î ºÎÅÍ ÃֽŠ¼ºñ½º ÆÑ fix¸¦ ±¸ÇØ
ÀνºÅçÇϰųª ¼ºñ½ºÆÑ 3¡ ¼³Ä¡µÈ Windows NT 4.0·Î ¾÷±×·¹À̵åÇÑ´Ù. ¼ºñ½ºÆÑ 3 À»
±¸ÇÏ·Á¸é, ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/ ·Î
Á¢¼ÓÇÏ¿©, desired country abbreviation¸¦ ¼±ÅÃÇÏ°í, nt40/¸¦ ¼±ÅÃÇÏ°í, ussp3/¸¦
¼±ÅÃÇÑ´Ù. Intel À̳ª ALPHA CPU ¸¦ »ç¿ëÇÏ°í ÀÖ´Ù¸é i386/nt4sp3_1.exe ³ª
alpha/nt4sp3_a.exe ¸¦ ¼±ÅÃÇϵµ·Ï ÇÑ´Ù.
II-XVIII NT Network Monitor
-
NT Network Monitor,
ÀÌ ¼ºñ½º´Â Windows NT computer °¡ network sniffer ó·³ ÀÛµ¿ÇÒ ¼ö ÀÖ°Ô ÇÑ´Ù.
¸ð´ÏÅÍ¿¡ ¿¬°áÇϱâ À§ÇØ °ü¸®ÀÚ ±ÇÇÑÀÌ ÇÊ¿äÇÏ´Ù. ¶ÇÇÑ, agent ¸¦ ÀÛµ¿½ÃÅ°±â À§ÇØ
Ãß°¡ Æнº¿öµå°¡ ÇÊ¿äÇѵ¥, ÀÌ Æнº¿öµå´Â Ãë¾àÇÑ ¾Ë°í¸®ÁòÀ¸·Î ¸¸µé¾îÁø DLL ·Î
¾ÏȣȵȴÙ. BHSUPP.DLL À» ÀÐÀ» ¼ö ÀÖ´Â »ç¿ëÀÚ¸é ´©±¸¶óµµ ÀÌ Æнº¿öµå¸¦ ÃßÃâÇØ
³¾ ¼ö ÀÖ´Ù.
-
ÇØ°áÃ¥
¸¸¾à Network Monitor agent°¡ ÇÊ¿äÇÏ´Ù¸é, Ãß°¡ Æнº¿öµå¸¦ »ç¿ëÇÏÁö
¾Ê°Å³ª ±× Æнº¿öµå°¡ ´Ù¸¥ °èÁ¤¿¡ »ç¿ëµÇÁö ¾Ê°Ô ÇÑ´Ù.
Network Monitor agent¸¦ ´ÙÀ½°ú °°Àº ¹æ¹ýÀ¸·Î disable ½Ãų ¼ö ÀÖ´Ù:
LOCAL MACHINE (GUI): Start ¸Þ´º¿¡¼ Settings/Control Panel/Services¸¦
¼±ÅÃÇÑ´Ù. Network Monitor service¸¦ ¼±ÅÃÇÏ°í 'Stop'À» Ŭ¸¯ÇÑ´Ù. ¶ÇÇÑ
%systemroot%\system32 ¿¡¼ BHSUPP.DLL¸¦ »èÁ¦ÇÑ´Ù. ¸¸¾à Network Monitor°¡
%ÇÊ¿äÇÏ´Ù¸é °íÀ¯ÇÑ Æнº¿öµå (¶Ç´Â Æнº¿öµå¸¦ ¾ø¾Ú)¸¦ »ç¿ëÇÑ´Ù.
II-XIX SYN flood DoS Attack
-
SYN flood DoS °ø°ÝÀ¸·Î ³×Æ®¿÷ ÀÚ¿øÀ» ¸¶ºñ½ÃŲ´Ù.
ÀÌ ½Ã½ºÅÛÀº Sync Storm¿¡ Ãë¾àÇÑ °ÍÀ¸·Î µå·¯³µ´Ù. Source ¿¡¼ destination À¸·Î
¿¬°áÀ» ½ÃÀÛÇÏ°í ½Í´Ù´Â sync ÆÐŶÀ» Ÿ°Ù È£½ºÆ®·Î º¸³½´Ù.
sync ÆÐŶÀ» ¹ÞÀº ÈÄ, Ä¿³Î¿¡¼´Â °¢ Sync ÆÐŶÀÇ connection establishment¸¦ ÇÒ
¼ö ÀÖµµ·Ï °¢°¢ÀÇ sync ÆÐŶÀÇ ¿äû¸¶´Ù ¹öÆÛ°ø°£À» ÇÒ´çÇÏ°Ô µÈ´Ù.
connection Àº ¸ÎÁö ¾Ê°í, ¸¹Àº ¾çÀÇ sync ÆÐŶ¸¸À» º¸³»°Ô µÇ¸é Ä¿³ÎÀÇ ¹öÆÛ
°ø°£ÀÌ ´Ù »ç¿ëÁßÀÎ »óÅ°¡ µÈ´Ù. ÀÌ·¸°Ô µÇ¸é º¸³½ sync ÆÐŶÀÌ time out µÇ±â
Àü±îÁö´Â ´õÀÌ»ó ÀÌ È£½ºÆ®·Î ¿¬°áÀ» ÇÒ ¼ö ¾ø°Ô µÈ´Ù.
Sync Storm (¶Ç´Â TCP SYN Flooding) À̶õ?
TCP/IP ¿¡¼´Â Ä¿³Ø¼ÇÀ» ¸Î±â À§ÇØ source ¿¡¼ destination À¸·Î SYN ÆÐŶÀ»
º¸³»¾î Ä¿³Ø¼ÇÀ» ¸Î°Ú´Ù´Â ¿äûÀ» ÇÑµÚ destination ¿¡¼ source ·Î ACK ÆÐŶÀ»
´Ù½Ã Àü¼ÛÇÏí, ACK ÆÐŶÀÌ source ·Î Àü¼ÛµÈ ÈÄ¿¡ ´Ù½Ã destination À¸·Î SYN
ÆÐŶÀ» Àü¼ÛÇÏ´Â 3 ´Ü°èÀÇ ÀýÂ÷ (3 way handshaking) ¸¦ °ÅÃÄ¾ß ÇÑ´Ù.
ÇÏÁö¸¸ SYN ÆÐŶ¸¸À» º¸³»°í ±× ÀÌ»ó ÀÀ´äÀ» ÇÏÁö ¾ÊÀ¸¸é destination ¿¡¼´Â
ÀÏÁ¤½Ã£ µ¿¾È ´ë±â»óÅ¿¡ µé¾î°¡°Ô µÈ´Ù. À̸¦ ¾Ç¿ëÇÏ¿© SYN ÆÐŶ¸¸À» ´ë·®À¸·Î
º¸³»¾î ½Ã½ºÅÛÀÌ ´Ù¸¥ request ¿¡ ÀÀ´äÇÏÁö ¸øÇÏ´Â »óÅ·Π¸¸µå´Â °ÍÀÌ SYNC storm
ÀÌ´Ù.
-
ÇØ°áÃ¥
¹öÆÛ °ø°£À» ´Ã¸®°Å³ª, time out ½Ã°£À» ª°Ô ÇÔÀ¸·Î½á sync flood °ø°Ý¿¡ ´ëÇÑ
ÇÇÇئ ÁÙÀÏ ¼ö´Â ÀÖÁö¸¸, Ä¿³ÎÀ» ¹Ù²ã¾ß ÇÏ°í ½±°Ô ¹Ù²Ù±â ¾î·Æ´Ù´Â ´ÜÁ¡ÀÌ
ÀÖ´Ù.
UNIX: ´õ ÀÚ¼¼ÇÑ ³»¿ëÀº º¥´õ·Î ¹®ÀÇÇϱ⠹ٶõ´Ù.
ftp://info.cert.org/pub/cert_advisories
Windows NT 4.0 ÆÐÄ¡
ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/nt40/hotfixes-postSP1/syn-attack
´õ ÀÚ¼¼ÇÑ ³»¿ëÀº Microsoft Knowledge Base article Q142641 À» ÂüÁ¶Çϵµ·Ï
ÇÑ´Ù.
II-XX SNMP¸¦ ÅëÇØ NetBIOSÁ¤º¸¸¦ º½
-
±âº»ÀûÀ¸·Î, Windows NT ¿¡¼´Â º¸Åë °ü¸®ÀÚ¿¡°Ô¸¸ SNMP ¸¦ ÅëÇØ º¼ ¼ö ÀÖ´Â
Á¤º¸¸¦ Á¦°øÇÑ´Ù.
ÇöÀçÀÇ º¸¾ÈÁ¤Ã¥ÀÌ Windows NT ¸Ó½ÅÀÇ ¼ºñ½º¿Í »ç¿ëÀÚ¿Í °øÀ¯µé¿¡ ´ëÇØ
SNMP ¿Í °°Àº ÃÖ¼ÒÇÑÀÇ º¸¾È ¼öÁØÀ» °¡Áö°í ÀÖ´Â ÇÁ·ÎÅäÄÝÀ» ÅëÇØ Á¤º¸¸¦ º¸¿©ÁÖ´Â
°ÍÀ» Çã°¡ÇÏ°í ÀÖÁö ¾Ê´Ù¸é SNMP ¸¦ »èÁ¦ÇÑ´Ù.
-
ÇØ°áÃ¥
LOCAL MACHINE (GUI): Start ¸Þ´º¿¡¼ 'Run'À» ¼±ÅÃÇÑ´Ù. 'regedt32'¸¦ ŸÀÌÇÎÇÏ°í
'OK'¸¦ Ŭ¸¯ÇÏ¿© ·¹Áö½ºÆ®¸® ÆíÁý±â¸¦ ¶ç¿î´Ù.
HKLM\System\CurrentControlSet\Services\SNMP\Parameters\ExtensionAgents key ¸¦
¿°í, 'SOFTWARE\Microsoft\LANManagerMIB2Agent\CurrentVersion' °ªÀ» °®°í ÀÖ´Â
°÷À¸Î °£ ´ÙÀ½ ±× ºÎºÐÀ» »èÁ¦ÇÑ´Ù.
II-XXI Land attack
-
½ºÄ³³Ê°¡ ´õ ÀÌ»ó »ç¿ëµÇÁö ¾Ê´Â ¿À·¡µÈ ¹öÀüÀÇ tcpip.sys¸¦ ¹ß°ßÇÏ¿´´Ù. ÀÌ°ÍÀº
°ø°ÝÀÚ°¡ ƯÁ¤ Æ÷Æ®¿¡ Á¶ÀÛµÈ ÆÐŶÀ» º¸³» Å»ó ½Ã½ºÅÛ¿¡ CPU ·Îµå¸¦ ³ô°Ô ÇÒ ¼ö
ÀÖ´Ù. ÀÌ·¯ÇÑ °ø°ÝÀÇ º¯ÇüÀº Windows NT ±â°è¸¦ lock up »óÅ·ΠÇÏ´Â °ÍÀÌ´Ù.
-
ÇØ°áÃ¥
Teardrop2 ÆÐÄ¡¸¦ Àû¿ëÇÑ´Ù. ÆÐÄ¡´Â
ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/nt40/hotfixes-postSP3/teardrop2-fix/
¿¡¼ ±¸ÇÒ ¼ö ÀÖÀ¸¸ç(ÀÌ ÆÐÄ¡´Â ÀÌÀüÀÇ icmp ÆÐÄ¡¸¦ ´ëüÇÑ´Ù.) ¼ºñ½º ÆÑ 3À»
Àû¿ëÇÑ ÀÌÈÄ¿¡ ÀÌ°ÍÀ» Àû¿ëÇÑ´Ù. Teardrop2 ÆÐÄ¡¿¡ ´ëÇÑ ÀÚ¼¼ÇÑ Á¤º¸´Â Microsoft
Knowledge Base ÀÇ ±Û Q179129¸¦ ÂüÁ¶ÇÑ´Ù.
II-XXII Samba ¹ö±×¿¡ Ãë¾àÁ¡
-
¿À·¡µÈ ¹öÀüÀÇ Windows NT ½Ã½ºÅÛÀÌ ¹ß°ßµÇ¾ú´Ù. ÀÌ ¹öÀüÀÇ NT ½Ã½ºÅÛÀº 'Samba cd
..' ¹ö±×¸¦ ºñ·ÔÇÑ ´Ù¾çÇÑ ¹æ¹ýÀÇ °ø°Ý¿¡ Ãë¾àÇÏ´Ù.
-
ÇØ°áÃ¥
Windows NT 4.0 À¸·Î ¾÷±×·¹À̵å ÇÏ°í ¼ºñ½ºÆÑ 3¸¦ ¼³Ä¡ÇÑ´Ù. ¼ºñ½º ÆÑ 3¸¦
¼³Ä¡ÇÑ´Ù.
ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/
¿¡Á¢¼ÓÇؼ, desired country abbreviationÀ» ¼±ÅÃÇÑ µÚ, nt40/¸¦ ¼±ÅÃÇÏ°í, ussp3/¸¦
¼±ÅÃÇÑ´Ù. Intel À̳ª ALPHA CPU ¸¦ »ç¿ëÇÏ°í ÀÖ´Ù¸é i386/nt4sp3_1.exe ³ª
alpha/nt4sp3_a.exe ¸¦ ¼±ÅÃÇÑ´Ù.
III. link
http://www.l0pht.com/
http://www.ntsecurity.net/
http://www.microsoft.com/security/
IV. Referance
http://www.eden.com/~tfast/iisbug.html
http://ciac.llnl.gov/ciac/bulletins/i-068.shtml
http://www.microsoft.com/security/bulletins/ms98-007.asp
http://www.l0pht.com/advisories/pwapprais.txt
Copyright
1998 anticj SPARCS all right reserved
LastUpDated at 1999.01.31