½Ã½ºÅÛ ÇØÅ·

 1574, 74/79 ȸ¿ø°¡ÀÔ  ·Î±×ÀΠ 
   balleye
   ÇØÅ· ´çÇÑ°Í °°Àºµ¥....

http://www.hackerschool.org/HS_Boards/zboard.php?id=QNA_system&no=532 [º¹»ç]


[root@www bin]# nmap localhost

Starting Nmap 3.95 ( http://www.insecure.org/nmap/ ) at 2006-01-19 21:35 KST
Interesting ports on localhost.localdomain (127.0.0.1):
(The 1640 ports scanned but not shown below are in state: closed)
PORT      STATE SERVICE
1/tcp     open  tcpmux
11/tcp    open  systat
15/tcp    open  netstat
21/tcp    open  ftp
22/tcp    open  ssh
25/tcp    open  smtp
79/tcp    open  finger
80/tcp    open  http
110/tcp   open  pop3
111/tcp   open  rpcbind
119/tcp   open  nntp
143/tcp   open  imap
540/tcp   open  uucp
635/tcp   open  unknown
783/tcp   open  spamassassin
1080/tcp  open  socks
1524/tcp  open  ingreslock
2000/tcp  open  callbook
3306/tcp  open  mysql
6667/tcp  open  irc
8009/tcp  open  ajp13
8080/tcp  open  http-proxy
12345/tcp open  NetBus
12346/tcp open  NetBus
31337/tcp open  Elite
32771/tcp open  sometimes-rpc5
32772/tcp open  sometimes-rpc7
32773/tcp open  sometimes-rpc9
32774/tcp open  sometimes-rpc11
54320/tcp open  bo2k

Nmap finished: 1 IP address (1 host up) scanned in 0.116 seconds
===netbus,bo2k ÀÌ°Å ÇØÅ· °°Àºµ¥

[root@www rootcheck]# ./ossec-rootcheck -c rootcheck.conf

Starting rootcheck (http://www.ossec.net/rootcheck)
Be patient, it may take a few minutes to complete...

[OK]: No presence of public rootkits detected. Analized 206 files.
[FAILED]: Trojaned version of file '/usr/sbin/tcpd' detected. Signature used: 'bash|^/bin/sh|proc\.h|p1r0c4|hack|/dev/'
[OK]: No problem detected on the /dev directory. Analized 18497 files
[OK]: No problem found on the system. Analized 66477 files.
[OK]: No hidden process by Kernel-level rootkits.
      /bin/ps is not trojaned. Analized 32768 processes.
[OK]: No kernel-level rootkit hiding any port.
      Netstat is acting correctly. Analized 131072 ports.
[OK]: No problem detected on ifconfig/ifs. Analized 3 interfaces.

rootchechk ½ÇÇà °á°úÀε¥

ÀÌÇØ°¡ ¾È°¡³×¿ä
iptables ¿¡¼­ INPUT ±âº»Á¤Ã¥À» DROP À¸·Î Çسù°í,
portsentry °¡µ¿Áß ÀÔ´Ï´Ù.

portsentry.conf ¿¡¼­ 12345,6, 54320 Æ÷Æ®¸¦ Áö¿ì¸é netbus,bo2k °¡ ¾ø¾îÁö°í
/usr/sbin/tcpd ÆÄÀÏÀ» »èÁ¦ÇÏ°í ´Ù¸¥ »õ ÆÄÀÏ·Î ´ëüÇصµ rootcheck °á°ú´Â
º¯ÇÔÀÌ ¾ø½À´Ï´Ù.root ºñ¹øµµ º¯°æ Çß½À´Ï´Ù.

ÀÌ°Å ¾î¶»°Ô ÇØ°á ÇØ¾ß ÇÏ´ÂÁö Áöµµ ¹Ù¶ø´Ï´Ù.
  Hit : 4228     Date : 2006/01/20 02:57


    
tsboom /bin È®ÀÎ.. 2006/02/05  
114   Æ®·¡ÇÈÀÇ ¿øÀÎÀÌ ³»ÄÄ¿¡ »êÀûµÇ¾î ÀÖ³ª¿ä?     bhk001
 01/04 3251
113   ¼­¹ö¿¡ ·Î¸øÀ¸·Î ¾Ç¼º ´ñ±ÛÀ» ´Ù´Â ¾ÇÁúÀÌ ÀÖ½À´Ï´Ù.[2]     bhk001
 08/24 3584
112   Àú.. Áú¹®Á»¿ä ¤Ð¤Ð .level1[2]     bgy6984
 03/13 3483
111   ¸®´ª½º¶û À¯´Ð½º¶û Â÷ÀÌÁ¡ÀÌ?(³ÃÙí)[2]     besty019
 01/18 4411
110   ¹öÆÛ¿À¹öÇÃ·Î¿ì ½©Äڵ忡¼­ gcc¹öÀü¿¡ ´ëÇÑ Áú¹®[4]     bestheroz
 07/20 4682
109   °³ÀÎÄÄÇ»ÅÍ´Â ¸ÞÀϷιڿ¡ÇØÅ·À»¸øÇϳª¿ä?[1]     beretta77
 01/03 4071
108   Çб³ °øºÎ[3]     benkim
 06/18 3163
107   telnet¿¡¼­...[2]     belast
 04/29 3318
106   ³×À̹ö¿¡ ´ëÇÑ Áú¹®[2]     belast
 04/30 3271
105   Áú¹®ÀÖ½À´Ï´Ù[2]     behacker
 11/06 3328
104   ÅÚ³Ý[2]     behacker
 11/28 3205
103   ÇØÅ·ÀÎÁö ¾Æ´ÑÁö ÆÇ´ÜÇØ ÁֽǷ¡¿ä?,ÇØÅ·ÀÌ¸é ¾î¶±°Ô Ç¥ÇöµÇ³ª¿ä ¿¹¸¦ µé¾î ÁÖ¼¼¿ä[5]     beautymail
 10/18 3661
102   ÀÌ·±°Ô ¶å´Ï´Ù..¤Ð¤Ð ¾î¶»°Ô ÇؾߵÇÁ®?[1]     bananaboy
 03/09 3876
  ÇØÅ· ´çÇÑ°Í °°Àºµ¥....[1]     balleye
 01/20 4227
100   level1 Áú¹®[1]     baleen37
 05/15 2995
99   ÀÚ°Ô¿¡ ¿Ã·È´Âµ¥ ´äº¯ÀÌ ¾øÀ¸¼Å¼­.. ´Ù½Ã¿Ã¸³´Ï´Ù[1]     ÀººØ¾î
 02/02 3321
98   ÇØÅ· °øºÎ ¾î¶»°Ô ÇؾßÇÏÁ¶ ?[3]     a¹ö¼­Å©a
 07/18 3460
97   ´Ù¸¥»ç¶÷ ÄÄÅÍ IP ¾î¶»°Ô ¾Ë¾Æ³»ÁÒ??[5]     Á¶ÀÌÄÚ
 01/07 4665
96   µµ½º ¸í·É¾îÁ» ¾Ë·ÁÁÖ¼¼¿ä.[7]     õÀçÇØÄ¿7
 10/26 3984
95   ¼Ò½ºÆÄÀÏ¿¡¼­ ½ÇÇàÆÄÀϱîÁö Áú¹®ÀÌ¿ä!!![1]     õÀçÇØÄ¿7
 11/08 3639
[1]..[71][72][73] 74 [75][76][77][78][79]

Copyright 1999-2024 Zeroboard / skin by Hackerschool.org / Secure Patch by Hackerschool.org