<\/p>\n
\uc774\uac83\uc740 \uc77c\ubc18\uc801\uc73c\ub85c \uc2a4\uce90\ub2dd\uc774\ub77c\uace0 \ud558\ub294 \uac83\uc73c\ub85c, \uc2a4\uce90\ub2dd\uc744 \ud1b5\ud558\uc5ec \ub124\ud2b8\uc6cc\ud06c\uc0c1\uc5d0 \uc788\ub294 \uba38\uc2e0\uc744 \ucc3e\uace0, \ubb34\uc2a8 port\uac00 \uc5f4\ub824\uc788\ub294\uac00\ub97c \ubcf4\uae30 \uc704\ud574 \uadf8 \uba38\uc2e0\ub4e4\uc744 \ud14c\uc2a4\ud2b8\ud558\ub294 \uc791\uc5c5(art)\uc744 \ud558\uac8c \ub41c\ub2e4. \ud06c\ub798\ucee4\uac00 \uacf5\uaca9\uc744 \uc2dc\uc791\ud558\uae30 \uc804 \uccab\ubc88\uc9f8 \uc804\ub7b5\uc740 \ubc14\ub85c \ub124\ud2b8\uc6cc\ud06c\uc640 \ud638\uc2a4\ud2b8\ub4e4\uc744 \uc2a4\uce90\ub2dd\ud558\ub294 \uac83\uc774\ub2e4. Nmap\uacfc \uac19\uc740 \ud234\uc744 \uc774\uc6a9\ud55c \uc2a4\uce90\ub108\ub4e4 \uc989, “\ub098\uc05c \ub188\ub4e4(bad guys)”\uc740 \ub124\ud2b8\uc6cc\ud06c\ub97c \ub458\ub7ec\ubcf4\uace0 \ucde8\uc57d\ud55c \ubaa9\ud45c\ub97c \ucc3e\ub294\ub2e4. \ud55c\ubc88 \uc774\ub7f0 \ubaa9\ud45c\ub4e4\uc774 \ud655\uc778\ub418\uba74, \uce68\uc785\uc790\ub294 \uc5f4\ub9b0 port\ub97c \uc2a4\uce94\ud560 \uc218 \uc788\ub2e4. Nmap\uc740 \ub610\ud55c TCP stack fingerprinting\uc744 \uc774\uc6a9\ud558\uc5ec \uc815\ud655\ud558\uac8c \uc2a4\uce94\ub2f9\ud55c \uba38\uc2e0\uc758 \ud0c0\uc785\uc744 \uacb0\uc815\ud560 \uc218 \uc788\ub2e4.<\/p>\n
\uc774 \ubb38\uc11c\ub294 \uac01\uac01\uc758 \ub124\ud2b8\uc6cc\ud06c\uc5d0 \ub300\ud55c \ud06c\ub798\ucee4\uc758 \uc2dc\uc57c\ub97c \ud30c\uc545\ud558\uace0, \ubcf4\uc548 \uad00\ub9ac\uc790\uac00 \uc790\uc2e0\uc758 \uc0ac\uc774\ud2b8\ub97c \uc870\uc0ac\ud560 \uc218 \uc788\ub3c4\ub85d, Nmap\uc758 \uc0ac\uc6a9\ubc95\uc5d0 \ub300\ud574 \ub2e4\ub8e8\uace0 \uc788\ub2e4. \uce68\uc785\uc790 \ub610\ud55c \uac19\uc740 \ud234\uc744 \uc774\uc6a9\ud558\uace0 \uc788\uc73c\ubbc0\ub85c, \uad00\ub9ac\uc790\ub294 \uadf8\ub4e4\ucc98\ub7fc \uc790\uc2e0\uc758 \uc0ac\uc774\ud2b8\uac00 \uc5b4\ub5bb\uac8c \ubcf4\uc774\ub294\uc9c0 \uc54c \uc218 \uc788\uc744 \uac83\uc774\ub2e4. \ud558\ub098\ud558\ub098 \uc124\uba85\ud574 \ub098\uac00\uba74\uc11c \uc5ec\ub7ec\ubd84\uc758 \uc2dc\uc2a4\ud15c \ubcf4\uc548\uc5d0 \uc774 \ubb38\uc11c\uac00 \ub3c4\uc6c0\uc774 \ub420 \uc218 \uc788\uae38 \ubc14\ub780\ub2e4.<\/p>\n
Nmap\uc740 GNU General Public License(GPL)\uc5d0 \uc18d\ud558\uba70, http:\/\/www.insecure.org\/nmap \uc5d0\uc11c \ubb34\ub8cc\ub85c \ub2e4\uc6b4\ub85c\ub4dc \ubc1b\uc744 \uc218 \uc788\ub2e4. tar\ub85c \ubb36\uc778 \uc18c\uc2a4\ud654\uc77c, \ud639\uc740 rpm\uc73c\ub85c \ub41c \uac83\ub3c4 \uc788\ub2e4. \ud544\uc790\uac00 \uc774 \ubb38\uc11c\ub97c \uc4f0\ub294 \uc2dc\uc810\uc5d0\uc11c \uc548\uc815\ubc84\uc804\uc740 2.12\uc774\ub2e4. \uc57d\uac04\uc758 \uadf8\ub798\ud53d\uc774 \ucca8\uac00\ub41c \ud504\ub85c\uadf8\ub7a8\ub3c4 \uc788\uc9c0\ub9cc, \uc774 \ubb38\uc11c\uc5d0\uc11c\ub294 command-line\uc5d0\uc11c\uc758 Nmap \uc0ac\uc6a9\ubc95\uc5d0 \ub300\ud574\uc11c\ub9cc \uc911\uc810\uc744 \ub450\uaca0\ub2e4.<\/p>\n
Nmap\uc758 \uc0ac\uc6a9\ubc95\uc740 \uaf64 \ub2e8\uc21c\ud558\ub2e4. command-line\uc5d0\uc11c\uc758 Nmap\uc758 \uc635\uc158(flag)\uc740 -s \ub97c \ubd99\uc774\ub294\ub370 \uc2a4\uce94\uc758 \ud0c0\uc785\uc5d0 \ub530\ub77c \ub2e4\ub974\ub2e4. \uc608\ub97c \ub4e4\uc5b4 ping scan\uc5d0\uc11c\ub294 “-sP”\uc774\ub2e4. \uc635\uc158 \ub2e4\uc74c\uc5d0\ub294 \ubaa9\ud45c \ud638\uc2a4\ud2b8 \ub610\ub294 \ub124\ud2b8\uc6cc\ud06c\ub97c \uba85\uc2dc\ud574 \uc900\ub2e4. Nmap\uc758 \uc131\ub2a5\uc740 \ub8e8\ud2b8\ub85c \uc2e4\ud589\ud588\uc744 \ub54c \uac00\uc7a5 \ucd5c\uace0\uac00 \ub41c\ub2e4. \uc65c\ub0d0\ud558\uba74 \uc77c\ubc18\uc720\uc800\ub294 Nmap\uc774 \ud65c\uc6a9\ud558\ub294 custom packet\uc744 \ub9cc\ub4e4 \uc218 \uc788\ub294 \ub2a5\ub825\uc774 \uc5c6\uae30 \ub54c\ubb38\uc774\ub2e4.<\/p>\n
Nmap\uc740 \ud0c0\uac9f\uc744 \uc124\uc815\ud568\uc5d0 \uc788\uc5b4 \ub9e4\uc6b0 \uc720\uc5f0\ud55c \ub3d9\uc791\uc744 \ubcf4\uc778\ub2e4. \ub124\ud2b8\uc6cc\ud06c \uc8fc\uc18c \uac12\uc744 \uc9c0\uc815\ud560 \ub54c \/mask\ub97c \ub367\ubd99\uc5ec\uc11c \uc368\uc8fc\uba74 \uac04\ub2e8\ud558\uac8c\ub294 \ud558\ub098\uc758 \ud638\uc2a4\ud2b8, \ud639\uc740 \uc804\uccb4 \ub124\ud2b8\uc6cc\ud06c\ub97c \uc2a4\uce94\ud560 \uc218 \uc788\ub2e4. \ub9cc\uc57d “victim\/24″\ub77c\uace0 \ubaa9\ud45c\ub97c \uc9c0\uc815\ud55c\ub2e4\uba74 \ub124\ud2b8\uc6cc\ud06c C class\ub97c \uac80\uc0c9\ud558\uace0, \ub610\ud55c “victim\/16″\uc774\ub77c\uace0 \ud55c\ub2e4\uba74 B class\ub97c \uac80\uc0c9\ud558\uac8c \ub41c\ub2e4.<\/p>\n
\ub367\ubd99\uc5ec\uc11c Nmap\uc740 wild cards(*)\ub97c \uc774\uc6a9\ud558\uc5ec \ub124\ud2b8\uc6cc\ud06c \uac80\uc0c9\uc774 \uac00\ub2a5\ud558\ub2e4. \uc608\ub97c \ub4e4\uc5b4 192.168.7.* \ub294 192.168.7.0\/24 \uc774\ub77c\uace0 \ud588\uc744 \ub54c\uc640 \uac19\uc740 \uacb0\uacfc \uac12\uc744 \uc5bb\uc744 \uc218 \uc788\uac8c \ub41c\ub2e4. \ud639\uc740 192.168.7,1,4,8-12 \uc640 \uac19\uc774 subnet\uc5d0 \uc788\ub294 \ud638\uc2a4\ud2b8\ub97c \uc120\ud0dd\uc801\uc73c\ub85c \uc2a4\uce94\ud558\ub294 \uac83\ub3c4 \uac00\ub2a5\ud558\ub2e4.<\/p>\n
* Ping Sweeping<\/p>\n
\uce68\uc785\uc790\ub4e4\uc740 Nmap\uc744 \uac00\uc9c0\uace0 \uc804\uccb4 \ub124\ud2b8\uc6cc\ud06c\uc758 \ud0c0\uac9f \ub4e4\uc744 \ud6d1\uc5b4\ubcfc \uc218\uac00 \uc788\ub2e4. \uc774\ub294 \ubcf4\ud1b5 “-sP”\ub77c\uace0 \uc368\uc90c\uc73c\ub85c\uc368 ping scan\uc744 \ud558\ub294 \uac83\uc774\ub2e4. \uc77c\ubc18\uc801\uc73c\ub85c Nmap\uc740 ICMP echo\uc640 TCP ACK\ub97c \uac01 \ud638\uc2a4\ud2b8\uc5d0 \ubcf4\ub0b4\uc5b4 \uac80\uc0c9\uc744 \ud55c\ub2e4. \uadf8\ub7ec\uba74 Nmap\uc774 \ubcf4\ub0b8 \ud328\ud0b7\uc5d0 \ubc18\uc751\uc744 \ud55c \ud638\uc2a4\ud2b8\ub4e4\uc774 \ub098\ud0c0\ub098\uac8c \ub41c\ub2e4.<\/p>\n
pchero@MyNote:~$ nmap -sP 192.168.3.0\/24<\/p>\n
Starting Nmap 4.53 ( http:\/\/insecure.org ) at 2008-08-06 00:38 KST
Host 192.168.3.1 appears to be up.
Host 192.168.3.215 appears to be up.
Nmap done: 256 IP addresses (2 hosts up) scanned in 2.378 seconds<\/p><\/blockquote>\n\uc544\ub9c8\ub3c4 \ub54c\ub54c\ub85c \uc5ec\ub7ec\ubd84\uc740 \ub2e8\uc9c0 ICMP echo request\ub97c \ubcf4\ub0bc \ud544\uc694\uc5c6\uc774 \uc2dc\uc2a4\ud15c\uc774 \ub3d9\uc791\ud558\ub294\uc9c0 \ub9cc\uc744 \ud30c\uc545\ud558\uae38 \uc6d0\ud560 \uac83\uc774\ub2e4. \uc774\ub7f0 \uacbd\uc6b0 \ubaa9\ud45c \ub124\ud2b8\uc6cc\ud06c\ub97c \uc2a4\uce94\ud558\uae30 \uc704\ud574\uc11c TCP “ping”\uc744 \uc0ac\uc6a9\ud55c\ub2e4.<\/p>\n
TCP “ping”\uc740 \ubaa9\ud45c \ub124\ud2b8\uc6cc\ud06c\uc758 \uac01\uac01\uc758 \uba38\uc2e0\uc5d0\uac8c ACK\ub97c \ubcf4\ub0b8\ub2e4. \uac01 \uba38\uc2e0\ub4e4\uc740 TCP RST\ub97c \uc774\uc6a9\ud558\uc5ec \uc751\ub2f5\ud558\uac8c \ub41c\ub2e4. TCP “ping”\uc744 \uc774\uc6a9\ud55c \uc2a4\uce94\uc744 \uc704\ud574\uc11c\ub294 “-PT”\ub77c\ub294 \uc635\uc158\uc744 \ucca8\uac00\ud574\uc8fc\uba74 \ub41c\ub2e4. \uc774\ubc88\uc758 \uc608\uc81c\uc5d0\uc11c 80\ubc88 tcp port(http)\ub97c target port\ub85c \uc774\uc6a9\ud574 \ubcf4\ub3c4\ub85d \ud558\uaca0\ub2e4. \uc774\uac83\uc740 \ubaa9\ud45c\uc758 \ub77c\uc6b0\ud130\ub4e4 \uc2ec\uc9c0\uc5b4 firewall \uc870\ucc28\ub3c4 \uc544\ub9c8 \ud1b5\uacfc\ud560 \uc218 \uc788\uc744 \uac83\uc774\ub2e4. \uc8fc\uc758\ud560 \uac83\uc740 \uba38\uc2e0\uc774 \uc0b4\uc544\uc788\ub294\uc9c0 \uc8fd\uc5b4\uc788\ub294\uc9c0\ub97c \uacb0\uc815\ud558\ub294\ub370 \ud638\uc2a4\ud2b8\uc758 target port\uac00 \uc5f4\ub824\uc788\uc744 \ud544\uc694\uac00 \uc5c6\ub2e4\ub294 \uac83\uc774\ub2e4. \ub2e4\uc74c\uc5d0 \ubcf4\uc774\ub294 \uac83\uc774 \uc2e4\ud589\uc758 \uc608\uc774\ub2e4.<\/p>\n
pchero@MyNote:~$ sudo nmap -sP -PT80 192.168.3.0\/24<\/p>\n
Starting Nmap 4.53 ( http:\/\/insecure.org ) at 2008-08-06 00:44 KST
Host 192.168.3.1 appears to be up.
MAC Address: 00:11:88:4D:3D:82 (Enterasys)
Host 192.168.3.215 appears to be up.
Nmap done: 256 IP addresses (2 hosts up) scanned in 3.462 seconds<\/p><\/blockquote>\n\uce68\uc785\uc790\ub4e4\uc740 \ubaa9\ud45c \ub124\ud2b8\uc6cc\ud06c\uc758 \uba38\uc2e0\uc774 \uc0b4\uc544\uc788\ub294\uc9c0 \uc54c \ub54c, \uc73c\ub808 \ub2e4\uc74c \ub2e8\uacc4\ub85c port scanning\uc744 \ud55c\ub2e4.<\/p>\n
port scanning\uc758 \uc5ec\ub7ec\uac00\uc9c0 \ud0c0\uc785\ub4e4\uc774 Nmap\uc744 \ud1b5\ud574 \uc81c\uacf5\ub41c\ub2e4. (TCP connect, TCP SYN, Stealth FIN, Xmas Tree, Null, UDP scan \ub4f1)<\/p>\n
* Port Scanning<\/p>\n
Nmap\uc740 connect() system call\uc744 \uc774\uc6a9\ud574 \ubaa9\ud45c \ud638\uc2a4\ud2b8\uc758 \uc9c0\uc815\ud55c port\uc5d0 \uc811\uc18d\uc744 \ud558\uace0, TCP\uc758 3-way handshake\ub97c \uc644\uacb0 \uc9d3\uae30 \ub54c\ubb38\uc5d0 TCP \uc811\uc18d\uc744 \uc774\uc6a9\ud55c \uce68\uc785\uc790\ub294 \uc27d\uac8c \ud0d0\uc9c0\ub41c\ub2e4. \ud638\uc2a4\ud2b8 \uba38\uc2e0\uc758 Log \uae30\ub85d\ub4e4\uc5d0 \uce68\uc785\uc790\uc5d0 \uc758\ud574 \uc5f4\ub824\uc9c4 port\ub4e4\uc774 \ub098\ud0c0\ub0a0 \uac83\uc774\ub2e4. TCP connect scan\uc740 -“sT” flag\ub97c \uc774\uc6a9\ud558\uc5ec \uc0ac\uc6a9\ud55c\ub2e4.<\/p>\n
pchero@MyNote:~$ sudo nmap -sT 192.168.3.0\/24<\/p>\n
Starting Nmap 4.53 ( http:\/\/insecure.org ) at 2008-08-06 00:49 KST
Interesting ports on 192.168.3.1:
Not shown: 1524 filtered ports, 189 closed ports
PORT STATE SERVICE
23\/tcp open telnet
MAC Address: 00:11:88:4D:3D:82 (Enterasys)<\/p>\nAll 1714 scanned ports on 192.168.3.215 are closed<\/p>\n
Nmap done: 256 IP addresses (2 hosts up) scanned in 8.599 seconds<\/p><\/blockquote>\n
<\/p>\n
* Stealth Scanning
\ub9cc\uc57d \uacf5\uaca9\uc790\uac00 \ubaa9\ud45c \uba38\uc2e0\uc758 \uc2dc\uc2a4\ud15c \ub85c\uadf8 \uae30\ub85d\uc5d0 \uadf8\uac00 \uc694\uccad\ud55c \uac83\ub4e4\uc744 \ub0a8\uae30\uc9c0 \uc54a\uace0 \uc2a4\uce94\ud558\uae38 \uc6d0\ud55c\ub2e4\uba74 \ubb34\uc5c7\uc744 \ud574\uc57c \ud560\uae4c? TCP SYN scans\ub294 \ubaa9\ud45c \uba38\uc2e0\uc5d0 log\uae30\ub85d\uc744 \uac70\uc758 \ub0a8\uae30\uc9c0 \uc54a\ub294\ub2e4. SYN scan\uc740 TCP \uc5f0\uacb0\uacbd\ub85c\uc758 \uccab\ubc88\uc9f8 \ud328\ud0b7\uc73c\ub85c SYN packet\uc744 \ubcf4\ub0c4\uc73c\ub85c\uc368 \uc2dc\uc791\ud55c\ub2e4. \uc5f4\ub9b0 port\ub4e4\uc740 SYN|ACK \ub85c \uc751\ub2f5\uc744 \ud560 \uac83\uc774\ub2e4. \uadf8\ub7ec\ub098 \uc774\ub54c \uacf5\uaca9\uc790\uac00 ACK\ub300\uc2e0 RST\ub97c \uc804\uc1a1\ud558\uba74 \uc5f0\uacb0\uc740 \uc885\ub8cc\ub418\uac8c \ub41c\ub2e4. \uc7a5\uc810\uc744 3-way handshake\uac00 \uc808\ub300 \uc644\uc131\ub418\ub294 \uc54a\ub294\ub2e4\ub294 \uac83\uacfc \uc774\ub7f0 \ud0c0\uc785\uc758 \ub85c\uadf8 \uae30\ub85d\uc744 \ub0a8\uae30\ub294 \uc0ac\uc774\ud2b8\ub294 \uac70\uc758 \uc5c6\ub2e4\ub294 \uac83\uc774\ub2e4. \ud55c\ud3b8 \ub2eb\ud600\uc788\ub294 port\ub4e4\uc740 RST\uc640 \ud568\uaed8 \ucc98\uc74c\uc758 SYN\uc5d0 \uc751\ub2f5\ud560 \uac83\uc774\uace0 Nmap\uc740 \uadf8 \ud638\uc2a4\ud2b8\uc758 port\uac00 \ub2eb\ud600 \uc788\ub294\ub2e4\ub294 \uac83\uc744 \uacb0\uc815\ud560 \uc218 \uc788\uac8c \ub41c\ub2e4. SYN scan\uc740 “-sS” flag\ub97c \uc774\uc6a9\ud558\uc5ec \uc2e4\ud589\ud55c\ub2e4.<\/p>\npchero@MyNote:~$ sudo nmap -sS 192.168.3.0\/24<\/p>\n
Starting Nmap 4.53 ( http:\/\/insecure.org ) at 2008-08-06 00:54 KST
Interesting ports on 192.168.3.1:
Not shown: 1712 closed ports
PORT STATE SERVICE
22\/tcp filtered ssh
23\/tcp open telnet
MAC Address: 00:11:88:4D:3D:82 (Enterasys)<\/p>\nAll 1714 scanned ports on 192.168.3.215 are closed<\/p>\n
Nmap done: 256 IP addresses (2 hosts up) scanned in 27.168 seconds<\/p><\/blockquote>\n
\ube44\ub85d SYN scan\uc774 \ub354 \uc54c\uc544\ucc4c \uc218 \uc5c6\uc744\uc9c0\ub77c\ub3c4, \uba87 \uac00\uc9c0 \uce68\uc785 \ud0d0\uc9c0 \ub300\ucc45\ub4e4\uc744 \uc774\uc6a9\ud558\uc5ec \ud0d0\uc9c0\ud574 \ub0bc \uc218 \uc788\ub2e4. Stealth FIN, Xmas Tree, \uadf8\ub9ac\uace0 Null scan\ub4e4\uc740 packet filter\ub098 firewall \ub4e4\uc744 \ud53c\ud558\ub294\ub370 \uc0ac\uc6a9\ub418\uc5b4 \uc9c4\ub2e4. \uc774\ub7f0 3\uac00\uc9c0 \uc2a4\uce94\ub4e4\uc740 \ub2eb\ud78c port\ub4e4\uc744 \uc704\ud574 RST\ub97c \ub9ac\ud140\ud558\uace0, \uc5f4\ub9b0 \ud3ec\ud2b8\ub4e4\uc744 packet\ub97c \ubc84\ub9b0\ub2e4. FIN “-sF” \uc2a4\ucea0\uc740 FIN packet\uc744 \uac01\uac01\uc758 port\ub85c \ubcf4\ub0bc \uac83\uc774\uace0, \ud55c\ud3b8 Xmas Tree scan “-sX”\ub294 FIN, URG, PUSH flag\ub97c \ubaa8\ub450 \ucf20\ub2e4. \uadf8\ub9ac\uace0 Null scan “-sN”\uc740 \ubaa8\ub4e0 flag\ub97c \ub048\ub2e4.
TCP \ud45c\uc900\ub4e4\uc5d0 Microsoft\ub294 \uc21c\uc885\ud558\uace0 \uc788\uc9c0 \uc54a\uae30 \ub54c\ubb38\uc5d0 FIN, Xmas Tree, \uadf8\ub9ac\uace0 Null scan\uc740 \uc624\uc9c1 Microsoft \uc6b4\uc601\uccb4\uc81c\uac00 \uc544\ub2cc \uacbd\uc6b0\uc5d0\uc11c\ub9cc \uc601\ud5a5\uc744 \ubc1c\ud718\ud55c\ub2e4.<\/p>\n* UDP Scanning<\/p>\n
\ub9cc\uc57d \uce68\uc785\uc790\uac00 exploit(\uc5ed\uc790 \uc8fc : \ud06c\ub798\ucee4\ub4e4\uc774 \uc2dc\uc2a4\ud15c\uc744 \uce69\uc784\ud558\uae30 \uc704\ud574 \uc0ac\uc6a9\ud558\ub294 \ud2b9\uc815\ud55c \ud504\ub85c\uadf8\ub7a8\ub4e4\uc744 \uc9c0\uce6d\ud568)\ub97c \uc704\ud574 \ud2b9\uc815 rpcbind hole \uc774\ub098 cDc Back Orifice \uac19\uc740 UDP hole\uc744 \ucc3e\ub294\ub2e4\uba74, \uadf8\/\uadf8\ub140\ub294 \uc5b4\ub5a4 UDP port\uac00 \uc5f4\ub824\uc788\ub294\uc9c0 \uc54c\uae30\ub97c \uc6d0\ud560 \uac83\uc774\ub2e4.
\uce68\uc785\uc790\ub294 UDP scan “-sU”\ub97c \uc0ac\uc6a9\ud558\uc5ec \ud638\uc2a4\ud2b8\uc5d0 \uc5b4\ub5a4 UDP port\uac00 \uc5f4\ub824\uc788\ub294\uc9c0 \uc54c \uc218 \uc788\ub2e4. \ub9cc\uc57d \ud638\uc2a4\ud2b8\uc5d0\uc11c “port unreachable” \uba54\uc2dc\uc9c0\ub97c \ub9ac\ud134\ud558\uba74 \uadf8 \ud3ec\ud2b8\ub294 \ub2eb\ud600\uc788\ub294 \uac83\uc73c\ub85c \uac04\uc8fc\ub41c\ub2e4. \ub300\ubd80\ubd84\uc758 UNIX \ud638\uc2a4\ud2b8\ub4e4\uc740 ICMP \uc5d0\ub7ec\uc758 \ube44\uc728\uc744 \uc81c\ud55c\ud558\uace0 \uc788\uae30 \ub54c\ubb38\uc5d0 \uc774\ub7f0 \ubc29\ubc95\uc740 \uc2dc\uac04\uc744 \ub9ce\uc774 \uc18c\ube44\ud558\uac8c \ub41c\ub2e4. \ub2e4\ud589\ud788\ub3c4 Nmap\uc740 \uc774\ub7f0 \ube44\uc728\uc744 \ud0d0\uc9c0\ud558\uace0 \uadf8 \uc790\uc2e0\uc758 \uc18d\ub3c4\ub97c \ub0ae\ucd94\uc5b4 \uac70\ubd80\ud588\uc744 \ub54c\uc758 \uba54\uc2dc\uc9c0\ub85c \uc778\ud574 \ubaa9\ud45c\uac00 \uc624\ubc84\ud50c\ub85c\uc5b4 \ub418\uc9c0 \uc54a\ub3c4\ub85d \ud55c\ub2e4. \ub2e4\uc74c\uc740 UDP scan\uc758 \uc2e4\ud589\uacb0\uacfc\uc774\ub2e4.<\/p>\npchero@MyNote:~$ sudo nmap -sU 192.168.3.0\/24<\/p>\n
Starting Nmap 4.53 ( http:\/\/insecure.org ) at 2008-08-06 01:02 KST
Interesting ports on 192.168.3.1:
Not shown: 1485 closed ports
PORT STATE SERVICE
67\/udp open|filtered dhcps
161\/udp open|filtered snmp
520\/udp open|filtered route
MAC Address: 00:11:88:4D:3D:82 (Enterasys)<\/p>\nInteresting ports on 192.168.3.215:
Not shown: 1486 closed ports
PORT STATE SERVICE
68\/udp open|filtered dhcpc
5353\/udp open|filtered zeroconf<\/p>\nNmap done: 256 IP addresses (2 hosts up) scanned in 8.846 seconds<\/p><\/blockquote>\n
* OS Fingerprinting<\/p>\n
\uc885\uc885 \uce68\uc785\uc790\ub294 \ud2b9\uc815\ud55c \ud50c\ub7ab\ud3fc\uc5d0\uc11c\ub9cc \uc2e4\ud589\ub418\ub294 exploit\ub97c \uc2e4\ud589\ud558\uae30 \uc704\ud574 \uadf8\uc640 \uc720\uc0ac\ud55c \uc724\uc601\uccb4\uc81c\ub97c \ucc3e\uc744 \uac83\uc774\ub2e4. \uc77c\ubc18\uc801\uc73c\ub85c TCP\/IP fingerprinting\uc740 “-O”\uc635\uc158\uc744 \ud3ec\ud568\ud558\uc5ec \uc6d0\uaca9\uc73c\ub85c \uc6b4\uc601\uccb4\uc81c\ub97c \ud0d0\uc9c0\ud574\ub0b8\ub2e4. \uc774\uac83\uc740 ping scan\uc744 \uc81c\uc678\ud55c port scan\uacfc \uacb0\ud569\ud558\uc5ec \uc0ac\uc6a9\ud574\uc57c\ub9cc \ud55c\ub2e4. Nmap\uc740 \ud638\uc2a4\ud2b8\uc5d0 \ub2e4\ub978 \ud0c0\uc785\uc758 \uc870\uc0ac\ub97c \ud589\ud558\uc5ec OS\ub97c \ucc3e\uc544\ub0b8\ub2e4. \uc6d0\uaca9\uc73c\ub85c OS\ub97c \ud0d0\uc9c0\ud574\ub0b4\uae30 \uc704\ud55c \ub2e4\ub978 \ubc29\ubc95\uacfc \ub9c8\ucc2c\uac00\uc9c0\ub85c ICP initial Sequence Number(ISN)\uc758 \ud328\ud134\uc744 \ucc3e\uae30 \uc704\ud574 SYN packet\uacfc \ud568\uaed8 \uc120\uc5b8\ud558\uc9c0 \uc54a\uc740 flag\ub97c \ub9ac\ubaa8\ud2b8 \ud638\uc2a4\ud2b8\ub85c \ubcf4\ub0b4\uace0, BOGUS flag\ub294 \uc6d0\uaca9 \ud638\uc2a4\ud2b8\uc758 \uadf8 \ubc18\uc751\uc774 \uc5b4\ub5a4 \uc885\ub958\uc778\uac00\ub97c \uc785\uc99d\ud558\uae30 \uc704\ud574 FIN \uc870\uc0ac\uac19\uc740 \uae30\ub2a5\uc744 \uc0ac\uc6a9\ud55c\ub2e4. \uadf8\uac83\uc740 TCP stack\uc5d0\uc11c \ud3ec\ud568\ud558\uace0 \uc788\uace0 \uc774\ub97c Fingerprinting\ud558\uac8c \ub41c\ub2e4. \ubcf8 \ubb38\uc11c\uc5d0\uc11c stack fingerprinting \uae4c\uc9c0 \ub17c\uc758\ud558\ub294 \uac83\uc740 \ud55c\uacc4\uac00 \uc788\uc73c\ubbc0\ub85c \uad00\uc2ec\uc774 \uc788\ub294 \uc0ac\ub78c\uc740 Nmap\uc758 \uc800\uc790\uc778 Fyodor\uc5d0 \uc758\ud574 \uc4f0\uc5ec\uc9c4 \ubb38\uc11c\ub97c \ucc3e\uc544\ubcf4\uae30 \ubc14\ub780\ub2e4.
(http:\/\/www.insecure.org\/nmap\/nmap-fingerprinting-aricle.html)<\/p>\nNmap\uc758 OS \ud0d0\uc9c0\uae30\ub2a5\uc758 \ud2b9\uc9d5\uc740 \ub9e4\uc6b0 \uc815\ud655\ud558\uba70, SYN scan\uc744 \ud3ec\ud568\ud558\uc5ec \uc194\ub77c\ub9ac\uc2a4 2.7 \uba38\uc2e0\uc758 stack\uc744 fingerprinting\ud574\uc11c \uc99d\uba85\ud558\ub294 \uac83\uacfc \uac19\uc740 \uc77c\uc5d0 \ud6a8\uacfc\uc801\uc778 \ub3c4\uad6c\uc774\ub2e4.<\/p>\n
# nmap -sS -O
\n 192.168.7.12
Starting nmap V. 2.12 by Fyodor
\n (fyodor@dhp.com, www.insecure.org\/nmap\/)
Interesting
\n ports on comet (192.168.7.12):
Port State
\n Protocol Service
\n 7 open
\n tcp echo
\n 9 open
\n tcp discard
\n 13 open tcp
\n daytime
\n 19 open tcp
\n chargen
\n 21 open tcp
\n ftp
\n …
TCP Sequence Prediction: Class=random positive
\n increments
Difficulty=17818
\n (Worthy challenge)
Remote operating system guess:
\n Solaris 2.6 – 2.7
Nmap run completed — 1 IP
\n address (1 host up) scanned in 5 seconds<\/font><\/p><\/blockquote>\nTCP Sequence Prediction \ubd80\ubd84\uc744 \uc8fc\uc758\ud574\uc11c \ubcf4\uae30 \ubc14\ub780\ub2e4. -O \uc635\uc158\uc744 \uc8fc\uc5b4 Nmap\uc744 \uc2e4\ud589\uc2dc\ud0a4\uac8c \ub418\uba74 TCP Sequence Prediction\uc774 \uc5bc\ub9c8\ub098 \uc5b4\ub824\uc6b4\uc9c0\ub3c4 \uc54c\ub824\uc900\ub2e4. \uc774\uac83\uc740 \uce68\uc785\uc790\uac00 \ud638\uc2a4\ud2b8\uc758 \uacf5\uaca9\ud560 \uc218 \uc788\ub294 \uc704\ud5d8\uc131\uc5d0 \ub300\ud55c \uc815\ub3c4\ub85c\uc368 \uc5bc\ub9c8\ub098 \uce68\uc785\ud560 \uac00\uce58\uac00 \uc788\ub294\uac00\ub97c \ud3ec\ud568\ud558\uace0 \uc788\uae30\ub3c4 \ud558\ub2e4.<\/p>\n
* Ident Scanning<\/p>\n
\uce68\uc785\uc790\ub294 \uc885\uc885 root\ub85c \ub3cc\uc544\uac00\ub294 web server\uc640 \uac19\uc740 \ud504\ub85c\uc138\uc2a4\ub97c \uacf5\uaca9 \ub300\uc0c1\uc73c\ub85c \uc0bc\uc744 \ub54c\uac00 \uc788\ub2e4. \ub9cc\uc57d \ud0c0\uac9f\uc774 identd\ub97c \ub3cc\ub9ac\uace0 \uc788\ub2e4\uba74 \uce68\uc785\uc790\ub294 Nmap\uc744 \uc0ac\uc6a9\ud558\uc5ec httpd \ub370\ubaac\uc774 \uc5b4\ub5a4 \uc18c\uc720\uc790\ub85c \uc2e4\ud589\ub418\uace0 \uc788\ub294\uc9c0 \ucc3e\uc544\ub0bc \uc218 \uc788\ub2e4. \uc774\ub294 TCP connect scan\uc5d0 “-I”\uc635\uc158\uc744 \ud3ec\ud568\ud558\uc5ec \uc2e4\ud589\ud55c\ub2e4. \uc544\ub798\uc5d0 \ud55c \ub9ac\ub205\uc2a4 \uc6f9\uc11c\ubc84\ub97c \uc2a4\uce94 \ud55c \uc608\uac00 \uc788\ub2e4.<\/p>\n
# nmap -sT -p
\n 80 -I -O www.yourserver.com
Starting nmap V.
\n 2.12 by Fyodor (fyodor@dhp.com, www.insecure.org\/nmap\/)
\n Interesting ports on www.yourserver.com (xxx.xxx.xxx.xxx):
\n Port State Protocol
\n Service Owner
\n 80 open tcp
\n http root
\n TCP Sequence Prediction: Class=random positive increments
\n Difficulty=1140492
\n (Good luck!)
Remote operating system guess:
\n Linux 2.1.122 – 2.1.132; 2.2.0-pre1 – 2.2.2
\n Nmap run completed — 1 IP address (1 host up) scanned
\n in 1 second<\/font><\/p><\/blockquote>\n\ub9cc\uc57d \ub2f9\uc2e0\uc758 \uc6f9\uc11c\ubc84\uac00 \uc2e4\uc218\ub85c root\ub85c \uc2e4\ud589\ub418\ub3c4\ub85d \uc124\uc815\ub418\uc5c8\ub2e4\uba74, \ub2f9\uc2e0\uc5d0\uac8c \ud68c\uc0ac\uc5d0\uc138 \ubc24\uc0d0 \uc77c\uc774 \uc0dd\uae38\uc9c0\ub3c4 \ubaa8\uadfc\ub2e4.<\/p>\n
\ub8e8\ud2b8\ub85c \uc544\ud30c\uce58\ub97c \uc2e4\ud589\uc2dc\ud0a4\ub294 \uac83\uc740 \ub098\uc05c \ubcf4\uc548 \uc2b5\uad00\uc774\ub2e4. \/etc\/inetd.conf \uc5d0\uc11c auth \ubd80\ubd84\uc744 \uc8fc\uc11d \ucc98\ub9ac\ud574\uc11c ident \uc694\uccad\uc744 \ub9c9\uc544\ub450\uc5b4\uc57c \ud55c\ub2e4. \uadf8\ub9ac\uace0 inetd\ub97c \uc7ac \uc2e4\ud589 \uc2dc\ud0a8\ub2e4. ident \uc694\uccad\uc744 \ub9c9\ub294 \ub2e4\ub978 \ubc29\ubc95\uc740 ipchains\ub098 \ub2e4\ub978 firewall\uc744 \uc774\uc6a9\ud558\uc5ec \ub2f9\uc2e0\uc758 \ub124\ud2b8\uc6cc\ud06c\uc5d0 \uc7a5\ubcbd\uc744 \uc124\uce58\ud558\ub294 \uac83\uc774\ub2e4. \uc774\uac83\uc740 \uc5b4\ub5a4 \ub370\ubaac\uc774 \ub204\uad6c\uc758 \uc18c\uc720\ub85c \ub3d9\uc791\ud558\ub294\uc9c0 \ub2f9\uc2e0\uc758 \uc0ac\uc774\ud2b8\ub97c \uc870\uc0ac\ud574\ubcf4\ub824\ub294 \ud638\uae30\uc2ec \ub9ce\uc740 \ubb34\ub8b0\ud55c\ub4e4\uc744 \ub9c9\uc744 \uc218 \uc788\uc744 \uac83\uc774\ub2e4.<\/p>\n
* Options<\/p>\n
\uc774\ub7f0 scan\ub4e4\uc5d0 \ub367\ubd99\uc5ec\uc11c Nmap\uc774 \uc81c\uacf5\ud558\ub294 \ubb34\uc218\ud55c \uc635\uc158\ub4e4\uc744 \uc18c\uac1c\ud558\uaca0\ub2e4. \uadf8 \uc911 \ud558\ub098\uac00 “-PT”\uc774\ub2e4. \uc6b0\ub9ac\ub294 \uc774\ubbf8 \uc704\uc5d0\uc11c \ub2e4\ub8e8\uc5c8\ub2e4. \uc774 \uc635\uc158\uc740 \ud0c0\uac9f \uba38\uc2e0\uc774\ub098 \ub124\ud2b8\uc6cc\ud06c\uc758 \uc77c\ubc18\uc801\uc73c\ub85c filter\ub418\uc9c0 \uc54a\uc740 port\ub4e4\uc744 TCP ping\uc73c\ub85c \uc9c1\uc811 ping scan\ud560 \ub54c \uc0ac\uc6a9\ub41c\ub2e4. \uc720\uc6a9\ud55c \uc635\uc158\uc73c\ub85c “-Po”\uac00 \uc788\ub2e4. Nmap\uc740 port scan\uc744 \ud558\uae30\uc804\uc5d0 TCP “ping”\uacfc ICMP echo \ubaa8\ub450\ub97c \uc774\uc6a9\ud558\uc5ec \ud0c0\uac9f\uc744 ping \ud560 \uac83\uc774\ub2e4. \ub9cc\uc57d \uc0ac\uc774\ud2b8\uc5d0\uc11c ICMP\uc640 TCP \uac80\uc0c9\uc744 \ub9c9\uc544 \ub193\uc558\uc744 \uacbd\uc6b0 \ubcf4\ud1b5 \uc2a4\uce94\ub418\uc9c0 \uc54a\uc744 \uac83\uc774\ub2e4. \uadf8\ub798\uc11c “-Po” \uc635\uc158\uc744 \uc774\uc6a9\ud558\uba74 \ucc98\uc74c\uc5d0 ping\uc744 \ud558\uc9c0 \uc54a\uace0 \ud638\uc2a4\ud2b8\ub97c \uc2a4\uce94 \ud558\ub3c4\ub85d Nmap\uc5d0\uc11c \uc9c0\uc6d0\ud558\uace0 \uc788\ub2e4.<\/p>\n
\ud55c\uac00\uc9c0, \ub3c5\uc790\uac00 \ud55c\ubc88 \uc0ac\uc6a9\ud558\uba74 \uc2b5\uad00\ucc98\ub7fc \uc0ac\uc6a9\ud558\uac8c \ub420 \uc635\uc158\uc774 \uc788\ub2e4. \ubc14\ub85c “-v” \uc790\uc138\ud55c \uc635\uc158\uc774\ub2e4. \uc774 \uc635\uc158\uc740 \ubaa8\ub4e0 \uc2a4\uce94 \ud0c0\uc785\ub4e4\uacfc \ud568\uaed8 \uc0ac\uc6a9\ud560 \uc218 \uc788\ub2e4. \uc774 \uc635\uc158\uc744 \ud55c\ubc88 \ud639\uc740 \ub450 \ubc88 \uc0ac\uc6a9\ud574\uc11c \ud0c0\uac9f \uba38\uc2e0\uc5d0 \uad00\ud55c \ubcf4\ub2e4 \ub354 \uc790\uc138\ud55c \uc815\ubcf4\ub97c \uc5bb\uc744 \uc218 \uc788\ub2e4.<\/p>\n
\ud2b9\uc815\ud55c port\ub97c \ud0c0\uac9f\uc73c\ub85c \uc0bc\ub294 \uae30\ub2a5\uc740 “-p”\uc635\uc158\uc744 \uc774\uc6a9\ud558\uc5ec \uc2e4\ud589\ub41c\ub2e4. \uc608\ub97c \ub4e4\uc5b4 \uce68\uc785\uc790\uac00 \ub2f9\uc2e0\uc758 \uc6f9\uc11c\ubc84\ub97c ftp(port 21), telnet(port 23), name service(port 53), \uadf8\ub9ac\uace0 http(port 80)\uc5d0 \uad00\ud574 \uc870\uc0ac\ud558\uace0, \uc5b4\ub5a4 OS\ub97c \uc4f0\ub294\uc9c0 \uae4c\uc9c0 \uc54c\uae38 \uc6d0\ud55c\ub2e4\uba74 \ub2e4\uc74c\uacfc \uac19\uc740 SYN scan\uc744 \uc774\uc6a9\ud560 \uac83\uc774\ub2e4.<\/p>\n
# nmap -sS -p
\n 21,23,53,80 -O -v www.yourserver.com<\/font><\/p><\/blockquote>\n* \uacb0\ub860<\/p>\n
\uce68\uc785\uc790\uac00 Nmap\uc744 \uc0ac\uc6a9\ud558\uc5ec \uc5b4\ub5a4 \uce21\uc815\uc744 \ud588\uaca0\ub294\uac00? Scanlogd, Countney, \uadf8\ub9ac\uace0 Shadow\uc640 \uac19\uc740 \uc218\ub9ce\uc740 \ud234 \ub4e4\uc774 \uc874\uc7ac\ud55c\ub2e4. \uadf8\ub7ec\ub098 \uc774\ub7f0 \ud234\uc744 \uc0ac\uc6a9\ud558\ub294 \uac83\uc774 \uc2e4\ubb34\uc5d0\uc11c \uc77c\ud558\ub294 \uad00\ub9ac\uc790\ub4e4\uc758 \uc9c0\uc2dd\uc744 \ub300\uc2e0\ud560 \uc21c \uc5c6\ub2e4. \uc2a4\uce94\uc740 \uc885\uc885 \uce68\uc785\uc758 \uc804\uc870\ub85c \ub098\ud0c0\ub098\uae30 \ub54c\ubb38\uc5d0 \uc0ac\uc774\ud2b8\ub4e4\uc740 \uadf8\ub4e4\uc758 \uba38\uc2e0\uc5d0 \ub300\ud574 \uac10\uc2dc\uc640 \uc81c\uc5b4\ub97c \uc6b0\uc120\uc2dc\ud574\uc57c \ud55c\ub2e4.<\/p>\n
Nmap\uc744 \uc774\uc6a9\ud574 \uac01\uc790\uc758 \uc0ac\uc774\ud2b8\ub97c \uac10\uc2dc\ud568\uc73c\ub85c\uc11c, \uc2dc\uc2a4\ud15c\uacfc \ub124\ud2b8\uc6cc\ud06c \uad00\ub9ac\uc790\ub4e4\uc740 \uc7a0\uc7ac\uc801\uc778 \uce68\uc785\uc790\ub4e4\uc774 \ub2f9\uc2e0\uc758 \uc0ac\uc774\ud2b8\ub97c \uc870\uc0ac\ud558\ub294 \uac83\ub4e4\uc744 \ubc1c\uacac\ud560 \uc218 \uc788\ub2e4. \uc790,,\uc774\uc81c \ub2f9\uc2e0\uc758 \ub77c\uc6b0\ud130\ub4e4 \uad6c\uc11d\uc5d0 Nmap\uacfc \ud568\uaed8 \ub9ac\ub205\uc2a4 \ubc15\uc2a4\ub97c \uc124\uce58\ud558\uace0, \ud3ad\uadc4 \uad70\ub2e8\uc758 \ud558\ub098\ub85c\uc368 \uc2a4\uce90\ub2dd\uc744 \uc2dc\uc791\ud558\uc790!.<\/p>\n
\ucd9c\ucc98 : http:\/\/www.linuxlab.co.kr\/docs\/00-05-2.htm<\/a><\/p>\n
<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"
Nmap\uc744 \uc774\uc6a9\ud55c \ub124\ud2b8\uc6cc\ud06c \uc2a4\uce90\ub2dd\uacfc \ubc29\uc5b4\ud558\uae30(Scanning and Defending Networks with Nmap) \ud55c \ucef4\ud4e8\ud130 \uc2dc\uc2a4\ud15c\uc744 \ud06c\ub798\ud0b9\ud558\uae30 \uc704\ud574\uc11c\ub294 \uc6b0\uc120 \uacc4\ud68d\uc774 \ud544\uc694\ud558\ub2e4. \ud06c\ub798\ucee4\ub294 \ubaa9\ud45c\ub85c \ud558\ub294 \uc11c\ubc84\ub97c \ucc3e\uc544\uc57c \ud558\uace0, \uadf8 \ub2e4\uc74c\uc5d0 \uba38\uc2e0\uc5d0 \uc5b4\ub5a4 port\uac00 \uc5f4\ub824\uc788\ub294\uc9c0, \uc2dc\uc2a4\ud15c\uc774 \ubb38\uc81c\ub97c \ud574\uacb0\ud558\uae30 \uc804\uc5d0 \ucc3e\uc544\uc57c \ud55c\ub2e4. \uc774\uac83\uc740 \uc77c\ubc18\uc801\uc73c\ub85c \uc2a4\uce90\ub2dd\uc774\ub77c\uace0 \ud558\ub294 … Continue reading