{"id":898,"date":"2010-07-10T21:43:19","date_gmt":"2010-07-10T21:43:19","guid":{"rendered":"http:\/\/pchero21.com\/?p=898"},"modified":"2010-07-10T21:43:19","modified_gmt":"2010-07-10T21:43:19","slug":"11-psad%ec%99%80-fwsnort%ec%9d%98-%ea%b2%b0%ed%95%a9","status":"publish","type":"post","link":"http:\/\/pchero21.com\/?p=898","title":{"rendered":"11.psad\uc640 fwsnort\uc758 \uacb0\ud569"},"content":{"rendered":"<p><span style=\"font-weight: bold;\">&nbsp;* fwsnort \ud0d0\uc9c0\uc640 psad \ub3d9\uc791\uc758 \uacb0\ud569<\/span><\/p>\n<p>&nbsp;fwsnort\ub294 \uacf5\uaca9\uc744 \ud0d0\uc9c0\ud558\uba74 iptables \ub85c\uadf8 \uba54\uc2dc\uc9c0\ub97c \uc0dd\uc131\ud55c\ub2e4. \uc774 \uba54\uc2dc\uc9c0\ub294 \uc0ac\uc6a9\uc790\uc5d0\uac8c \ud574\ub2f9 \ub85c\uadf8 \uba54\uc2dc\uc9c0\ub97c \ucd09\ubc1c\ud55c \uc2a4\ub178\ud2b8 \uaddc\uce59 ID, fwsnort \uccb4\uc778\ub0b4\uc758 \uaddc\uce59 \ubc88\ud638, \ud328\ud0b7\uc774 \uc218\ub9bd\ub41c TCP \uc138\uc158\uc758 \uc77c\ubd80\uc778\uc9c0 \uc5ec\ubd80\ub97c \uc54c\ub824\uc8fc\ub294 \ub85c\uadf8 \uc811\ub450\uc5b4\ub97c \ud3ec\ud568\ud55c\ub2e4.<\/p>\n<p>&nbsp;** WEB-PHP Setup.php access \uacf5\uaca9<\/p>\n<p>&nbsp;\uc2a4\ub178\ud2b8 \uaddc\uce59 ID 2281\uc740 \ubbf8\ub514\uc5b4\uc704\ud0a4 \uc18c\ud504\ud2b8\uc6e8\uc5b4(\uc6d0\ub798\ub294 \uc704\ud0a4\ud53c\ub514\uc544\ub97c \ubcf4\uc870\ud558\uae30 \uc704\ud574 \uc124\uacc4\ub41c \uc18c\ud504\ud2b8\uc6e8\uc5b4\ub2e4. <a target=\"_blank\" href=\"http:\/\/en.wikipedia.org\/wiki\/Mediawiki\">http:\/\/en.wikipedia.org\/wiki\/Mediawiki<\/a> \ucc38\uc870)\uc758 \uc785\ub825 \ud655\uc778 \ucde8\uc57d\uc810\uc744 \uacf5\uaca9\ud558\ub824\ub294 \uc2dc\ub3c4\ub97c \ud0d0\uc9c0\ud558\uac8c \uc124\uacc4\ub410\ub2e4. \uc774 \ucde8\uc57d\uc810\uc740 Bugtraq ID 9057\uc5d0\uc11c \uae30\uc220\ud558\uace0 \uc788\uc73c\uba70, \uc2a4\ub178\ud2b8 \uaddc\uce59 ID 2281\uc740 \uc774\ub97c WEB-PHP Setup.php access \uacf5\uaca9\uc774\ub77c\uace0 \uba85\uba85\ud55c\ub2e4. \uc774 \ucde8\uc57d\uc810\uc744 \uc131\uacf5\uc801\uc73c\ub85c \uacf5\uaca9\ud558\uba74 \ubaa9\ud45c \uc2dc\uc2a4\ud15c\uc774 HTTP \uc694\uccad \ub0b4\uc758 \ud2b9\ubcc4\ud788 \uad6c\uc131\ub41c URI \ub9e4\uac1c\ubcc0\uc218\ub97c \uc218\uc2e0\ud560 \ub54c \ubaa9\ud45c \uc2dc\uc2a4\ud15c\uc5d0\uc11c \uc2b9\uc778 \ubc1b\uc9c0 \uc54a\uc740 \uc6d0\uaca9 \ucf54\ub4dc\ub97c \uc2e4\ud589\ud560 \uc218 \uc788\ub2e4. \ub0b4\ubd80 \uc6f9\uc11c\ubc84\uc5d0 \ub300\ud574 WEB-PHP Setup.php access \ucde8\uc57d\uc810\uc744 \uacf5\uaca9\ud558\uac8c \uc124\uacc4\ub41c \uacf5\uaca9\uc744 \uac00\uc0c1\uc73c\ub85c \uc2e4\ud589\ud574\ubcf4\uc790. seclab \uc2dc\uc2a4\ud15c\uc5d0\ub294 \uae30\ubcf8 iptables \uc815\ucc45\uc774 \ubc30\uce58\ub3fc \uc788\uc73c\uba70, \uac00\uc0c1 \uacf5\uaca9\uc740 soft-ftp \uc2dc\uc2a4\ud15c\uc5d0\uc11c \uc218\ud589\ud55c\ub2e4\uace0 \uac00\uc815\ud55c\ub2e4.<\/p>\n<p>&nbsp;\uc6b0\uc120 \ud14d\uc2a4\ud2b8 \uae30\ubc18 \uc6f9 \ube0c\ub77c\uc6b0\uc800\uc778 \ub9c1\ud06c\uc2a4(lynx)\ub97c \uc0ac\uc6a9\ud574\uc11c seclab \uc2dc\uc2a4\ud15c\uc5d0\uc11c iptables \ubc29\ud654\ubcbd\uc744 \ud1b5\ud574 webserver\ub85c \uc6f9 \uc5f0\uacb0\uc744 \uc0dd\uc131\ud560 \uc218 \uc788\ub294\uc9c0 \ud655\uc778\ud558\uc790.<\/p>\n<blockquote><p># lynx http:\/\/seclab.x.x.kr<\/p><\/blockquote>\n<p><img loading=\"lazy\" src=\"http:\/\/pchero21.com\/wp-content\/uploads\/1\/XMitSwDnlI.png\" class=\"aligncenter\" width=\"560\" height=\"441\" alt=\"\" \/><br \/>&nbsp;iptables \ubc29\ud654\ubcbd\uc744 \ud1b5\ud55c \uc6f9 \uc5f0\uacb0\uc131\uc744 \ud655\uc778\ud588\uc73c\ub2c8 \uacf5\uaca9\uc5d0 \ub300\ud574 \uc608\uc0c1\ud560 \uc218 \uc788\ub294 \uc751\ub2f5\uc744 \ubcf4\uae30 \uc704\ud574 fwsnort psad\ub97c \ubc30\uce58\ud558\uae30 \uc804\uc5d0 \uac00\uc0c1 \uacf5\uaca9\uc744 \uc218\ud589\ud574\ubcf4\uc790. \uc6b0\uc120 Bugtraq ID 9057 \ucde8\uc57d\uc810\uc744 \uacf5\uaca9\ud558\ub824\ub294 \uc2dc\ub3c4\ub97c \ud0d0\uc9c0\ud558\uac8c \uc124\uacc4\ub41c \uc2a4\ub178\ud2b8 \uaddc\uce59 ID 2281\uc740 \ub2e4\uc74c\uacfc \uac19\ub2e4.(\uc6d0\ub798 \ucc45\uc5d0\ub294 \/etc\/fwsnort\/snort_rules\/emerging-all.rules \ud30c\uc77c\uc5d0 \uc801\ud600\uc788\ub2e4\uace0 \ud558\uc600\uc73c\ub098, \uc774\uc0c1\ud558\uac8c \ud544\uc790\uc758 \uc11c\ubc84\uc5d0\uc11c\ub294 \uadf8 \ub0b4\uc6a9\uc744 \ucc3e\uc744 \uc218\uac00 \uc5c6\uc5c8\ub2e4. \uadf8\ub798\uc11c \uc544\ub798\uc640 \uac19\uc774 \ub530\ub85c\uc774 \uc81c\uc77c \ub9c8\uc9c0\ub9c9 \ub77c\uc778\uc5d0 \ud574\ub2f9 \uaddc\uce59\uc744 \uae30\uc220\ud574\ub123\uc5c8\ub2e4.)<\/p>\n<p><img loading=\"lazy\" src=\"http:\/\/pchero21.com\/wp-content\/uploads\/1\/XDpF3rWb72.png\" class=\"aligncenter\" width=\"560\" height=\"441\" alt=\"\" \/><\/p>\n<p>&nbsp;\ubb38\uc790\uc5f4 \/Setup.php\ub9cc \uc81c\uc678\ud558\uba74 \uc704\uc758 \uaddc\uce59\uc740 \uc6f9\uc11c\ubc84\ub85c\ubd80\ud130 \uc694\uccad\ub41c URI \ub9e4\uac1c\ubcc0\uc218\uc758 \ub0b4\uc6a9(\uc774\ub294 \uacf5\uaca9\uc790\uac00 \ub2ec\uc131\ud558\uace0\uc790 \ud558\ub294 \uac83\uc5d0 \ub530\ub77c \ub2ec\ub77c\uc9c8 \uc218 \uc788\ub2e4)\uc744 \uc2e0\uacbd\uc4f0\uc9c0 \uc54a\ub294\ub2e4. \uc774 \uc11c\uba85\uc740 \uc6f9 \uc694\uccad\uc758 URI \ubd80\ubd84\uc5d0\uc11c \ubb38\uc790\uc5f4 \/Setup.php \ub97c \uc5c4\uaca9\ud788 \uac80\uc0c9\ud558\uba70, \uc774 \ub370\uc774\ud130\ub294 flow \ud0a4\uc6cc\ub4dc\uc5d0\uc11c \uc694\uad6c\ud558\ub294 \ub300\ub85c \uc218\ub9bd\ub41c TCP \uc5f0\uacb0\uc5d0\uc11c \ubcf4\uc5ec\uc57c \ud55c\ub2e4. \uc774 \ub355\ubd84\uc5d0 \ub2e4\uc74c\uacfc \uac19\uc774 \ucde8\uc57d\uc810\uc5d0 \ub300\ud55c \uac00\uc0c1 \uacf5\uaca9\uc774 \ub9e4\uc6b0 \uc2dc\uc6cc\uc9c4\ub2e4.<\/p>\n<blockquote><p>soft-ftp:~# lynx http:\/\/seclab.X.X.kr\/Setup.php<\/p>\n<p>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 404 Not Found<\/p>\n<p>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp; Not Found<\/p>\n<p>&nbsp;&nbsp; The requested URL \/Setup.php was not found on this server.<br \/>&nbsp; &nbsp;&nbsp; _________________________________________________________________<\/p>\n<p>&nbsp; &nbsp; Apache\/2.2.11 (Ubuntu) PHP\/5.2.6-3ubuntu4.5 with Suhosin-Patch<br \/>&nbsp; &nbsp; Server at seclab.kongju.ac.kr Port 80<\/p><\/blockquote>\n<p>&nbsp;\uc704\ub85c\ubd80\ud130 \ub0b4\ubd80 \uc6f9\uc11c\ubc84\uac00 \ucde8\uc57d\ud558\uc9c0 \uc54a\ub2e4\ub294 \uac83\uc744 \uc54c \uc218 \uc788\uc73c\uba70(\ub0b4\ubd80 \uc6f9\uc11c\ubc84\ub294 \ubbf8\ub514\uc5b4\uc704\ud0a4\ub97c \uc2e4\ud589\ud558\uace0 \uc788\uc9c0 \uc54a\ub2e4) \uc608\uc0c1\ub300\ub85c \uc694\uccad\ub41c \ud398\uc774\uc9c0\uac00 \uc874\uc7ac\ud558\uc9c0 \uc54a\ub294\ub2e4\ub294 \uac83\uc744 \uc758\ubbf8\ud558\ub294 404 Not Found \uc624\ub958\ub97c \ub3cc\ub824\ubc1b\ub294\ub2e4. \uac00\uc0c1 \uacf5\uaca9\uc744 \uc218\ud589\ud558\uace0 \uc788\ub2e4\ub294 \uc810\uc744 \uae30\uc5b5\ud558\uc790. \uac00\uc0c1 \uacf5\uaca9\uc5d0\uc11c\ub294 \uc2a4\ub178\ud2b8 \uc11c\uba85\uc774 \ucc3e\uace0\uc790 \ud558\ub294 \uac83\ucc98\ub7fc \ubcf4\uc774\ub294 \ub124\ud2b8\uc6cc\ud06c \ud2b8\ub798\ud53d\ub9cc \uc0dd\uc131\ud558\uba74 \ub41c\ub2e4.<\/p>\n<p>&nbsp;&#8211; fwsnort \ub97c \uc774\uc6a9\ud55c \uacf5\uaca9 \ud0d0\uc9c0<\/p>\n<p>&nbsp;\uc774\uc81c iptables\ub85c WEB-PHP Setup.php access \uacf5\uaca9\uc744 \ud0d0\uc9c0\ud558\uae30 \uc704\ud574 (\uc77c\ub2e8\uc740) &#8211;ipt-drop \uc774\ub098 &#8211;ipt-reject \uc778\uc790 \uc5c6\uc774 fwsnort\ub97c \uc2e4\ud589\ud558\uc790.<\/p>\n<p><img loading=\"lazy\" src=\"http:\/\/pchero21.com\/wp-content\/uploads\/1\/XKI3qEn14n.png\" class=\"aligncenter\" width=\"560\" height=\"441\" alt=\"\" \/><br \/>&nbsp;\/etc\/fwsnort\/fwsnort.sh \uc2a4\ud06c\ub9bd\ud2b8\ub97c \uc0b4\ud3b4\ubcf4\uba74 \uc218\ub9bd\ub41c TCP \uc5f0\uacb0\uc5d0\uc11c \/Setup.php \ubb38\uc790\uc5f4\uc744 \ud0d0\uc9c0\ud558\uae30 \uc704\ud574 \ubb38\uc790\uc5f4 \ub9e4\uce6d \ud655\uc7a5\uacfc \ub9de\ucda4\ud654 FWSNORT_FORWARD_ESTAB \uccb4\uc778\uc744 \ud0d0\uc9c0\ud558\uae30 \uc704\ud574 \ubb38\uc790\uc5f4 \ub9e4\uce6d \ud655\uc7a5\uacfc \ub9de\ucda4\ud654 FWSNORT_FORWARD_ESTAB \uccb4\uc778\uc744 \uc0ac\uc6a9\ud558\ub294 iptables \uba85\ub839\uc744 \ubcfc \uc218 \uc788\ub2e4. \uc774 \uba85\ub839\uc740 \uc544\ub798\uc640 \uac19\uc73c\uba70, \uacf5\uaca9\uc744 \ud0d0\uc9c0\ud558\uae30 \uc704\ud574 \uc0c1\ub2f9\ud55c \uc5f0\uc0b0\uc744 \uc218\ud589\ud55c\ub2e4.<\/p>\n<blockquote><p>$IPTABLES -A FWSNORT_FORWARD_ESTAB -p tcp &#8211;dport 80 -m string &#8211;string &#8220;\/Setup.php&#8221; &#8211;algo bm -m comment &#8211;comment &#8220;sid:2281; msg:WEB-PHP Setup.php access; classtype:web-application-activity; reference:bugtraq,9057; rev:2; FWS:1.0.5;&#8221; -j LOG &#8211;log-ip-options &#8211;log-tcp-options <span style=\"font-weight: bold;\">&#8211;log-prefix &#8220;[1] SID2281 ESTAB &#8220;<\/span><br \/>$IPTABLES -A FWSNORT_INPUT_ESTAB -p tcp &#8211;dport 80 -m string &#8211;string &#8220;\/Setup.php&#8221; &#8211;algo bm -m comment &#8211;comment &#8220;sid:2281; msg:WEB-PHP Setup.php access; classtype:web-application-activity; reference:bugtraq,9057; rev:2; FWS:1.0.5;&#8221; -j LOG &#8211;log-ip-options &#8211;log-tcp-options <span style=\"font-weight: bold;\">&#8211;log-prefix &#8220;[1] SID2281 ESTAB &#8220;<\/span><\/p><\/blockquote>\n<p>&nbsp;\uad75\uac8c \ub098\ud0c0\ub0b8 \ubd80\ubd84\uc774 iptables \ub85c\uadf8 \uc811\ub450\uc5b4\uc774\ub2e4. \uc774 \uc811\ub450\uc5b4\ub97c \ud1b5\ud574 iptables \ub85c\uadf8 \uba54\uc2dc\uc9c0\uc5d0\uc11c \ud574\ub2f9 \uaddc\uce59\uc758 \uc2e4\ud589 \uc5ec\ubd80\ub97c \ud655\uc778\ud560 \uc218 \uc788\ub2e4. \uc774\uc81c \ub2e4\uc2dc \uacf5\uaca9 \ud2b8\ub798\ud53d\uc744 \uc0dd\uc131\ud574\ubcf4\uc790. \uacf5\uaca9 \ud2b8\ub798\ud53d \uc0dd\uc131 \ud6c4, \uc544\ub798\uc758 \ub85c\uadf8 \uba54\uc2dc\uc9c0\ub97c \uc5bb\uc744 \uc218 \uc788\uc744 \uac83\uc774\ub2e4.<\/p>\n<blockquote><p>Jul 11 05:30:13 seclab kernel: [4540091.006611] [1] SID2281 ESTAB IN=eth0 OUT= MAC=00:21:5e:4e:bb:da:00:11:88:42:99:43:08:00 SRC=X.X.X.X DST=Y.Y.Y.Y LEN=414 TOS=0x00 PREC=0x00 TTL=62 ID=44542 DF PROTO=TCP SPT=47966 DPT=80 WINDOW=365 RES=0x00 ACK PSH URGP=0 OPT (0101080A2FED6AD91B0F2BDB)<\/p><\/blockquote>\n<p>&nbsp;&#8211; psad\ub97c \uc774\uc6a9\ud55c \uacbd\uace0<\/p>\n<p>&nbsp;fwsnort\ub294 \uacf5\uaca9\uc744 \ud0d0\uc9c0\ud588\uc9c0\ub9cc iptables\ub85c\ubd80\ud130 \ub85c\uadf8 \uba54\uc2dc\uc9c0\ub9cc \uc0dd\uc131\ud588\ub2e4. fwsnort\ub294 whois \uac80\uc0c9\uc774\ub098 \uba54\uc77c \uacbd\uace0 \uc804\uc1a1 \ub4f1\uc758 \uae30\ub2a5\uc744 \uac00\uc9c0\uace0 \uc788\uc9c0 \uc54a\uae30 \ub54c\ubb38\uc5d0 \uc774\ub97c \uc218\ud589\ud558\uc9c0 \uc54a\uc558\ub2e4.<\/p>\n<p>&nbsp;\uadf8\ub7ec\ub098 fwsnort\uac00 iptables \ub85c\uadf8 \uba54\uc2dc\uc9c0\ub97c \uc0dd\uc131\ud558\uae30 \ub54c\ubb38\uc5d0 psad\uac00 \uc774\ub97c \ubd84\uc11d\ud55c \ud6c4, \ud574\ub2f9 \uc774\ubca4\ud2b8\uc5d0 \uc790\uc2e0\uc758 \uacbd\uace0\uc640 \ubcf4\uace0 \uae30\ub2a5\uc744 \uc801\uc6a9\ud560 \uc218 \uc788\ub2e4. \uadf8\ub7ec\ub098 \uc6b0\uc120 psad\ub294 fwsnort \ub85c\uadf8 \uba54\uc2dc\uc9c0\ub97c \uc801\uc808\ud788 \ucc98\ub9ac\ud574\uc57c \ud55c\ub2e4. \uc774 \uba54\uc2dc\uc9c0\ub294 \uc560\ud50c\ub9ac\ucf00\uc774\uc158 \uacc4\uce35 \ub370\uc774\ud130\uc758 \uac80\uc0ac\ub97c \ud1b5\ud574 \uc0dd\uc131\ub41c \uac83\uc774\uc9c0\ub9cc \uacb0\uad6d \ub370\uc774\ud130 \uc790\uccb4\ub294 \ub85c\uadf8 \uba54\uc2dc\uc9c0\uc5d0 \ud3ec\ud568\ub418\uc9c0 \uc54a\ub294\ub2e4.<\/p>\n<p>&nbsp;\ub85c\uadf8 \uba54\uc2dc\uc9c0\ub97c \ud574\uc11d\ud558\ub294 \ub370 \uc911\uc694\ud55c \uac83\uc774 \/etc\/psad\/psad.conf \ud30c\uc77c\uc758 SNORT_SID_STR \ubcc0\uc218\ub2e4. \uc774 \ubcc0\uc218\ub294 psad\uac00 \ub85c\uadf8 \uba54\uc2dc\uc9c0 fwsnort\uc5d0 \uc758\ud574 \uc0dd\uc131\ub410\ub2e4\ub294 \uac83\uc744 \uc720\ucd94\ud558\uae30 \uc704\ud574 \ubd10\uc57c \ud560 \ub85c\uadf8 \uc811\ub450\uc5b4 \ubd80\ubd84\uc744 \uae30\uc220\ud55c\ub2e4. \uae30\ubcf8\uc801\uc73c\ub85c SNORT_SOD_STR\uc740 \ub2e4\uc74c\uacfc \uac19\uc774 \uc124\uc815\ub41c\ub2e4.<\/p>\n<p><img loading=\"lazy\" src=\"http:\/\/pchero21.com\/wp-content\/uploads\/1\/XGmEp4ALc3.png\" class=\"aligncenter\" width=\"560\" height=\"441\" alt=\"\" \/><br \/>&nbsp;\ub85c\uae45 \uc811\ub450\uc5b4\uc5d0 \ubd80\ubd84 \ubb38\uc790\uc5f4 SID\ub97c \ud3ec\ud568\ud558\ub294 iptables \ub85c\uadf8 \uba54\uc2dc\uc9c0\ub294 fwsnort\uac00 \uc0dd\uc131\ud55c \uba54\uc2dc\uc9c0\ub85c \uac70\uc758 \ud56d\uc0c1 \uc560\ud50c\ub9ac\ucf00\uc774\uc158 \uacc4\uce35 \uacf5\uaca9\uc5d0 \ub300\ud55c \uac83\uc774\ub2e4.<\/p>\n<p>&nbsp;\uc774\uc81c psad\ub97c \ud655\uc2e4\ud574 \uc2e4\ud589\ud558\uace0(\/etc\/init.d\/psad start \ub97c \uc2e4\ud589) \uac00\uc0c1 \uacf5\uaca9\uc744 \ub2e4\uc2dc \ud55c \ubc88 \uc218\ud589\ud558\uc790. \uc774\ubc88\uc5d0\ub294 psad \uac00 iptables \ub85c\uadf8 \uba54\uc2dc\uc9c0\ub97c \uac00\ub85c\ucc44\uc11c \uad6c\ubb38 \ubd84\uc11d\ud55c \ud6c4 \uc544\ub798\uc640 \uac19\uc740 \uba54\uc77c \uacbd\uace0\ub97c \uc0dd\uc131\ud55c\ub2e4.<\/p>\n<blockquote><p>=-=-=-=-=-=-=-=-=-=-=-= Sun Jul 11 05:30:23 2010 =-=-=-=-=-=-=-=-=-=-=-=<\/p>\n<p>&nbsp; &nbsp; &nbsp; &nbsp;&nbsp; Danger level: [5] (out of 5)<\/p>\n<p>&nbsp; &nbsp; Scanned TCP ports: [80: 1 packets]<br \/>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; TCP flags: [ACK PSH: 1 packets]<br \/>&nbsp; &nbsp; &nbsp;&nbsp; iptables chain: FWSNORT_INPUT_ESTAB (prefix &#8220;[1] SID2281 ESTAB&#8221;), 1 packets<br \/>&nbsp; &nbsp; &nbsp; &nbsp;&nbsp; fwsnort rule: 1<\/p>\n<p>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp; Source: X.X.X.X<br \/>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; DNS: [No reverse dns info available]<br \/>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp; OS guess: SunOS:4.1::SunOS 4.1.x<\/p>\n<p>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; Destination: Y.Y.Y.Y<br \/>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; DNS: seclab.kongju.ac.kr<\/p>\n<p>&nbsp;&nbsp; Overall scan start: Thu Jul&nbsp; 1 23:50:42 2010<br \/>&nbsp;&nbsp; Total email alerts: 23<br \/>&nbsp;&nbsp; Complete TCP range: [1-65301]<br \/>&nbsp; &nbsp; &nbsp; Syslog hostname: seclab<\/p>\n<p>&nbsp; &nbsp; &nbsp; &nbsp;&nbsp; Global stats: chain: &nbsp; interface: &nbsp; TCP: &nbsp; UDP: &nbsp; ICMP:&nbsp; <br \/>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp; INPUT &nbsp;&nbsp; eth0 &nbsp; &nbsp; &nbsp; &nbsp; 11182&nbsp; 0 &nbsp; &nbsp;&nbsp; 0 &nbsp; &nbsp;&nbsp; <\/p>\n<p>[+] TCP scan signatures:<\/p>\n<p>&nbsp;&nbsp; &#8220;MISC xfs communication attempt&#8221;<br \/>&nbsp; &nbsp; &nbsp;&nbsp; dst port:&nbsp; 7100 (no server bound to local port)<br \/>&nbsp; &nbsp; &nbsp;&nbsp; flags: &nbsp; &nbsp; SYN<br \/>&nbsp; &nbsp; &nbsp;&nbsp; sid: &nbsp; &nbsp; &nbsp; 1987<br \/>&nbsp; &nbsp; &nbsp;&nbsp; chain: &nbsp; &nbsp; INPUT<br \/>&nbsp; &nbsp; &nbsp;&nbsp; packets: &nbsp; 2<br \/>&nbsp; &nbsp; &nbsp;&nbsp; classtype: misc-activity<\/p>\n<p>&nbsp;&nbsp; &#8220;MISC Radmin Default install options attempt&#8221;<br \/>&nbsp; &nbsp; &nbsp;&nbsp; dst port:&nbsp; 4899 (no server bound to local port)<br \/>&nbsp; &nbsp; &nbsp;&nbsp; flags: &nbsp; &nbsp; SYN<br \/>&nbsp; &nbsp; &nbsp;&nbsp; psad_id: &nbsp; 100204<br \/>&nbsp; &nbsp; &nbsp;&nbsp; chain: &nbsp; &nbsp; INPUT<br \/>&nbsp; &nbsp; &nbsp;&nbsp; packets: &nbsp; 2<br \/>&nbsp; &nbsp; &nbsp;&nbsp; classtype: attempted-admin<\/p>\n<p>&nbsp;&nbsp; &#8220;WEB-PHP Setup.php access&#8221;<br \/>&nbsp; &nbsp; &nbsp;&nbsp; dst port:&nbsp; 80 (no server bound to local port)<br \/>&nbsp; &nbsp; &nbsp;&nbsp; flags: &nbsp; &nbsp; ACK PSH<br \/>&nbsp; &nbsp; &nbsp;&nbsp; content: &nbsp; &#8220;\/Setup.php&#8221;<br \/>&nbsp; &nbsp; &nbsp;&nbsp; sid: &nbsp; &nbsp; &nbsp; 2281<br \/>&nbsp; &nbsp; &nbsp;&nbsp; chain: &nbsp; &nbsp; FWSNORT_INPUT_ESTAB<br \/>&nbsp; &nbsp; &nbsp;&nbsp; packets: &nbsp; 1<br \/>&nbsp; &nbsp; &nbsp;&nbsp; classtype: web-application-activity<\/p>\n<p>=-=-=-=-=-=-=-=-=-=-=-= Sun Jul 11 05:30:23 2010 =-=-=-=-=-=-=-=-=-=-=-=<\/p><\/blockquote>\n<p>&nbsp;\uc704\uc758 psad \uba54\uc77c \uacbd\uace0\uac00 \ubcf4\ud1b5 psad\uac00 \uc0dd\uc131\ud558\ub294 \uba54\uc77c \uacbd\uace0\ub77c\uace0 \uc0dd\uac01\ud558\uba74 \ub418\uba70, \uc5ec\uae30\uc5d0\ub294 \ud0c0\uc784 \uc2a4\ud0ec\ud504, \ud328\ud0b7 \uc218, TCP \ud50c\ub798\uadf8\uc640 \ud3ec\ud2b8 \ub4f1\uacfc \uac19\uc740 \ud45c\uc900 \uc815\ubcf4\uac00 \ubaa8\ub450 \ud3ec\ud568\ub41c\ub2e4.<\/p>\n<blockquote><p>&nbsp;iptables \uadf8 \uc790\uccb4\ub85c\ub294 LOG \ud0c0\uac9f\uc744 \ud1b5\ud574 \ud328\ud0b7\uc758 \uc2e4\uc81c \ub0b4\uc6a9\uc744 \ubcf4\uace0\ud558\ub294 \uae30\ub2a5\uc744 \uac00\uc9c0\uc9c0 \uc54a\uc73c\uba70, \uc811\ub450\uc5b4 \ubb38\uc790\uc5f4 \uae38\uc774\ub294 29\uae00\uc790\ub85c \uc81c\ud55c\ub418\uae30 \ub54c\ubb38\uc5d0 \uc77c\ubc18\uc801\uc73c\ub85c \ub2e8\uc21c\ud788 \ub85c\uadf8 \uc811\ub450\uc5b4\uc5d0 \ub0b4\uc6a9 \ubb38\uc790\uc5f4\uc744 \ud3ec\ud568\uc2dc\ud0a4\ub294 \uac83\uc774 \ud569\ub2f9\ud558\ub2e4. syslog \uba54\uc2dc\uc9c0\uc5d0 \ubc14\uc774\ub108\ub9ac \ud328\ud0b7 \ub370\uc774\ud130\ub97c \ud3ec\ud568\uc2dc\ud0a4\ub294 \uac83 \uc5ed\uc2dc \uc88b\uc740 \uc0dd\uac01\uc774 \uc544\ub2c8\ub2e4.<\/p><\/blockquote>\n<p><span style=\"font-weight: bold;\">&nbsp;* \ub2e4\uc2dc \ubcf4\ub294 \ub2a5\ub3d9\uc801 \uc751\ub2f5<\/span><\/p>\n<p>&nbsp;** psad\uc640 fwsnort<\/p>\n<p>&nbsp;psad\ub294 \uacf5\uaca9\uc774 \ud0d0\uc9c0\ub418\uba74 \uacf5\uaca9\uc790\uc5d0 \ub300\ud574 \uc601\uc18d\uc801\uc778 \uc2dc\uac04 \ub9cc\ub8cc \uae30\ubc18 iptables \ucc28\ub2e8 \uaddc\uce59\uc744 \uc778\uc2a4\ud134\uc2a4\ud654 \ud560 \uc218\ub294 \uc788\uc9c0\ub9cc \uc2a4\uc2a4\ub85c \uc5f0\uacb0\uc744 \uc885\ub8cc\uc2dc\ud0a4\uac70\ub098 \uc560\ud50c\ub9ac\uc788\ucf00\uc774\uc158 \uacc4\uce35 \uc11c\uba85\uacfc \ub9e4\uce6d\ub418\ub294 \uccab \ubc88\uc9f8 \ud328\ud0b7\uc774 \uc804\ub2ec\ub418\ub294 \uac83\uc744 \ub9c9\uc9c0\ub294 \ubabb\ud55c\ub2e4.\ud55c\ud3b8 fwsnort\uc758 \uacbd\uc6b0 \uc545\uc758\uc801\uc778 \ud328\ud0b7\uc774\ub098 \uc138\uc158\uc744 \uac1c\ubcc4\uc801\uc73c\ub85c \ubb34\ub825\ud654\ud558\uae30 \uc704\ud574 DROP\uc774\ub098 REJECT \ud0c0\uac9f\uc744 \uc0ac\uc6a9\ud560 \uc218\ub294 \uc788\uc9c0\ub9cc \uc77c\uc815 \uae30\uac04 \ub3d9\uc548 \uacf5\uaca9\uc790\ub97c \ucc28\ub2e8\ud558\ub294 \uc0c8\ub85c\uc6b4 iptables \uaddc\uce59\uc744 \uc0dd\uc131\ud558\uc9c0\ub294 \ubabb\ud55c\ub2e4.<\/p>\n<p>&nbsp;\uac01 \ub3c4\uad6c\uc758 \uac15\uc810\uc744 \uace0\ub824\ud558\uba74 \ub450 \uc751\ub2f5 \ubc29\uc2dd\uc744 \uacb0\ud569\ud558\ub294 \uac83\uc774 \uc88b\ub2e4\ub294 \uac83\uc744 \uc54c \uc218 \uc788\ub2e4. \uacb0\uad6d fwsnort\ub294 \ud2b9\uc815 TCP \uc138\uc158\uc5d0 \ud3ec\ud568\ub41c \ud2b9\uc815 \uacf5\uaca9\uc744 \ud0d0\uc9c0\ud558\uace0 \uc800\uc9c0\ud558\ub294 \ub370 \uc6b0\uc218\ud560 \uc218 \uc788\uc9c0\ub9cc \uc601\uc18d\uc801\uc778 \ucc28\ub2e8 \uaddc\uce59\uc744 \uad00\ub9ac\ud558\uae30 \uc704\ud55c psad\uac00 \uc5c6\ub2e4\uba74 \uacf5\uaca9\uc790\ub294 \ub3d9\uc77c\ud55c \ubaa9\ud45c\uc5d0 \ub2e4\ub978 \uacf5\uaca9\uc744 \uc790\uc720\ub86d\uac8c \uc2dc\ub3c4\ud560 \uc218 \uc788\ub2e4. \uccab \ubc88\uc9f8 \uacf5\uaca9 \uc2dc\ub3c4\ub97c \ud0d0\uc9c0\ud588\ub358 \ub3d9\uc791\uc774 \uaf64 \ud589\uc6b4\uc774\uc5c8\uc744 \uc218 \uc788\uc73c\uba70, \ub2e4\uc74c \uacf5\uaca9 \uc2dc\ub3c4\ub294 \uc804\ud600 \ud0d0\uc9c0\ud558\uc9c0 \ubabb\ud560 \uc218\ub3c4 \uc788\ub2e4. \uc774 \ub54c\ubb38\uc5d0 \ucc28\ub2e8 \uaddc\uce59\uc774 \uc911\uc694\ud558\ub2e4. \uacf5\uaca9\uc790\uac00 \uccab \ubc88\uc9f8 \uacf5\uaca9\uacfc \ubb34\uad00\ud558\uba70 \uc11c\uba85\ub3c4 \uc874\uc7ac\ud558\uc9c0 \uc54a\ub294 \ucde8\uc57d\uc7a0\uc5d0 \ub300\ud55c \ucd94\uac00\uc801\uc778 \uacf5\uaca9\uc744 \uac00\uc9c0\uace0 \uc788\ub294 \uacbd\uc6b0 \ud2b9\ud788 \uadf8\ub807\ub2e4. \ub610 \uacf5\uaca9\uc790\uac00 TCP \uc11c\ube44\uc2a4\ub97c \uacf5\uaca9\ud560 \ub54c Tor \uc775\uba85\ud654 \ub124\ud2b8\uc6cc\ud06c(http:\/\/tor.eff.org)\ub97c \uc0ac\uc6a9\ud558\uba74 \uacf5\uaca9\uc740 \ub9e4\ubc88 \ub2e4\ub978 \ucd9c\uad6c \ub77c\uc6b0\ud130(Tor \uac00 \uac01 TCP \uc138\uc158\ub9c8\ub2e4 \ubb34\uc791\uc704\ub85c \uc120\ud0dd\ud55c\ub2e4)\uc5d0\uc11c \uc624\ub294 \uac83\ucc98\ub7fc \ubcf4\uc774\uae30 \ub54c\ubb38\uc5d0 \uac1c\ubcc4\uc801\uc778 IP \uc8fc\uc18c\ub97c \ucc28\ub2e8\ud558\ub294 \uac83\uc740 \uc758\ubbf8\uac00 \uc5c6\ub2e4.<\/p>\n<blockquote><p>&nbsp;\ub2e4\uc2dc \ud55c \ubc88 \uc774\uc57c\uae30\ud558\uc790\uba74 \ub2a5\ub3d9\uc801 \uc751\ub2f5 \uae30\ubc95\uc744 \uc798 \uc544\ub294 \ub2a5\uc219\ud55c \uacf5\uaca9\uc790\ub294 \uc774 \uae30\ub2a5\uc774 \ubaa9\ud45c \ub124\ud2b8\uc6cc\ud06c\uc5d0 \ubc18\ud558\uac8c \ub9cc\ub4e4\uae30 \uc704\ud574 \uc774\ub97c \uc804\ubcf5\ud558\ub824\uace0 \ud560 \uc218\ub3c4 \uc788\ub2e4. \ub610 \uacf5\uaca9\uc790\uac00 \uacf5\uaca9\uc744 \uc218\ud589\ud560 \ub2e4\uc218\uc758 \ud638\uc2a4\ud2b8\ub97c \uc81c\uc5b4\ud558\ub294 \uacbd\uc6b0(\uacf5\uaca9\uc790 \uc0ac\uc774\uc5d0\uc11c\ub294 \uac1c\uc778\uc774 \ubd07\ub137[botnet]\uc744 \uad6c\uc131\ud558\uae30 \uc704\ud574 \uc5ec\ub7ec \ud638\uc2a4\ud2b8\ub97c \uc81c\uc5b4\ud558\ub294 \uac83\uc774 \ubcf4\ud1b5\uc774\ub2e4) \uacf5\uaca9\uc790\ub294 \ubaa9\ud45c\ub97c \uacf5\uaca9\ud558\ub294\ub370 \uc544\uc9c1 \uc0ac\uc6a9\ud558\uc9c0 \uc54a\uc740 \ud638\uc2a4\ud2b8\ub85c\ubd80\ud130 \uc0c8\ub85c\uc6b4 \uacf5\uaca9\uc744 \uc218\ud589\ud560 \uc218\ub3c4 \uc788\ub2e4. \ub124\ud2b8\uc6cc\ud06c\ub97c \ubcf4\ud638\ud558\ub824\ub294 \uc0ac\ub78c\uacfc \uc774\ub97c \uacf5\uaca9\ud558\ub824\ub294 \uc0ac\ub78c\uac04\uc5d0\ub294 \ud56d\uc0c1 \uacbd\uc7c1 \uad00\uacc4\uac00 \uc874\uc7ac\ud558\uba70, \uc774\ub7f0 \uad00\uc810\uc5d0\uc11c \uacf5\uaca9 \uce21\uc774 \uc0c1\ub2f9\ud55c \ubb34\uc7a5\uc744 \uac16\ucd94\uace0 \uc788\ub2e4\uace0 \uac00\uc815\ud574\uc57c \ud55c\ub2e4.<\/p><\/blockquote>\n<p>&nbsp;** fwsnort\uac00 \ud0d0\uc9c0\ud55c \uacf5\uaca9\uc73c\ub85c psad \uc751\ub2f5\uc744 \uc81c\ud55c<\/p>\n<p>&nbsp;psad\ub294 fwsnort\uac00 \uc0dd\uc131\ud55c \ub85c\uadf8 \uba54\uc2dc\uc9c0\uc5d0 \ub300\ud55c \uacbd\uace0\ub97c \uc804\uc1a1\ud560 \uc218 \uc788\ub2e4. \ub610 \ub2e8\uc21c\ud788 \/etc\/psad\/psad.cnf \ud30c\uc77c\uc758 ENABLE_AUTO_IDS \ub97c Y \ub85c \uc124\uc815\ud568\uc73c\ub85c\uc368 psad\ub294 fwsnort \ub85c\uadf8 \uba54\uc2dc\uc9c0\uc5d0 \ub300\ud55c \uc751\ub2f5\uc73c\ub85c iptables \ucc28\ub2e8 \uaddc\uce59\uc744 \uc124\uc815\ud560 \uc218 \uc788\ub2e4.<\/p>\n<p>&nbsp;fwsnort\uc5d0 \uc758\ud574 \ud0d0\uc9c0\ub41c \uacf5\uaca9\uc774 psad \uc5d0 \uc758\ud574 \uacf5\uaca9\uc790\uc5d0\uac8c \ud560\ub2f9\ub41c \uc704\ud5d8 \uc218\uc900\uc744 AUTO_IDS_DANGER_LEVEL \ubcc0\uc218\uc5d0 \uc124\uc815\ub41c \uac12\ubcf4\ub2e4 \ud06c\uac8c \ud558\uba74 psad\ub294 \uacf5\uaca9\uc790\uc758 IP \uc8fc\uc18c\uc5d0 \ub300\ud574 \uc790\uc720\uc7ac\ub7c9\uc758 DROP \uaddc\uce59\uc744 \uc778\uc2a4\ud134\uc2a4\ud654\ud55c\ub2e4. \uadf8\ub7ec\ub098 fwsnort\uac00 \uacf5\uaca9\uc744 \uae30\ub85d\ud558\uae30 \ub54c\ubb38\uc5d0 \ud3ec\ud2b8 \uc2a4\uce94\uacfc \ubc31\ub3c4\uc5b4\ub97c \uc704\ud568 \ud0d0\uc0ac\ub3c4 \uc704\ud5d8 \uc218\uc900\uc744 \ud560\ub2f9 \ubc1b\ub294\ub2e4.<\/p>\n<p>&nbsp;\ud558\uc9c0\ub9cc \uc27d\uac8c \uc2a4\ud478\ud551\ub418\ub294 \uc2a4\uce94\uacfc \ud0d0\uc0ac\uc5d0 \ub300\ud574 psad \uc751\ub2f5\uc744 \ud65c\uc131\ud654\ud558\ub294 \uac83\uc740 \uc704\ud5d8\ud558\ub2e4. psad\uac00 \uc218\ub9bd\ub41c TCP \uc5f0\uacb0\uc744 \ud1b5\ud55c \uc560\ud50c\ub9ac\ucf00\uc774\uc158 \uacc4\uce35 \ub370\uc774\ud130\ub97c \uc218\ubc18\ud574\uc57c \ud558\ub294 \uacf5\uaca9\uc5d0\ub9cc \uc751\ub2f5\ud558\uace0 \ub2e4\ub978 \uc720\ud615\uc758 \uacf5\uaca9\uc5d0\ub294 \uc5b4\ub5a4 \uc870\uce58\ub3c4 \ucde8\ud558\uc9c0 \uc54a\uac8c \ud558\ub294 \uac83\uc774 \uc88b\ub2e4.<\/p>\n<p>&nbsp;AUTO_BLOCK_REGEX \ubcc0\uc218\ub294 \ub300\uc751\ub418\ub294 iptables \ub85c\uadf8 \uba54\uc2dc\uc9c0\uac00 \uc815\uaddc\uc2dd\uacfc \ub9e4\uce6d\ud560\ub54c\ub9cc psad\uac00 IP \uc8fc\uc18c \ucc28\ub2e8\uc744 \uc218\ud589\ud558\uac8c \uac15\uc81c\ud558\ub294 \uc815\uaddc\uc2dd\uc744 \ud3ec\ud568\ud55c\ub2e4. AUTO_BLOCK_REGEX\uc758 \uae30\ubcf8 \uac12\uc740 \ubb38\uc790\uc5f4 ESTAB\uba70, \uc774\ub294 \uc218\ub9bd\ub41c TCP \uc5f0\uacb0\uc5d0 \uc18d\ud558\ub294 \ud328\ud0b7\uacfc\ub9cc \ub9e4\uce6d\ud558\uac8c \uc124\uacc4\ub41c \ub9de\ucda4\ud654 \uccb4\uc778 \uc911 \ud558\ub098\uc5d0 \uc758\ud574 \uae30\ub85d\ub41c fwsnort \ub85c\uadf8 \uba54\uc2dc\uc9c0\uc640 \ub9e4\uce6d\ub41c\ub2e4. \uc774 \uae30\ub2a5\uc744 \ud65c\uc131\ud654\ud558\ub824\uba74 psad \uc124\uc815 \ud30c\uc77c\uc5d0\uc11c ENABLE_AUTO_BLOCK_REGEX \ubcc0\uc218\ub97c Y\ub85c \uc124\uc815\ud574\uc57c \ud55c\ub2e4.<\/p>\n<p>&nbsp;psad \uac00 \uacf5\uaca9\uc790\ub97c \ubc29\ud654\ubcbd\uc5d0 \uc811\uadfc\ud560 \uc218 \uc5c6\uac8c \ud558\ub824\uba74 fwsnort\ub97c \uc2e4\ud589\ud558\uace0 AUTO_BLOCK_REGEX \uae30\ub2a5\uc744 \ud65c\uc131\ud654\ud574\uc57c \ud55c\ub2e4. \ud3ec\ud2b8 \uc2a4\uce94\uc774\ub098 \uae30\ud0c0 \uc27d\uac8c \uc2a4\ud478\ud551 \uac00\ub2a5\ud55c \ud2b8\ub798\ud53d\uc5d0 \uc751\ub2f5\ud558\ub294 \uac83\uc740 \ub108\ubb34\ub098 \uc27d\uac8c \uc545\uc6a9\ub420 \uc218 \uc788\ub2e4.<\/p>\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&nbsp;* fwsnort \ud0d0\uc9c0\uc640 psad \ub3d9\uc791\uc758 \uacb0\ud569 &nbsp;fwsnort\ub294 \uacf5\uaca9\uc744 \ud0d0\uc9c0\ud558\uba74 iptables \ub85c\uadf8 \uba54\uc2dc\uc9c0\ub97c \uc0dd\uc131\ud55c\ub2e4. \uc774 \uba54\uc2dc\uc9c0\ub294 \uc0ac\uc6a9\uc790\uc5d0\uac8c \ud574\ub2f9 \ub85c\uadf8 \uba54\uc2dc\uc9c0\ub97c \ucd09\ubc1c\ud55c \uc2a4\ub178\ud2b8 \uaddc\uce59 ID, fwsnort \uccb4\uc778\ub0b4\uc758 \uaddc\uce59 \ubc88\ud638, \ud328\ud0b7\uc774 \uc218\ub9bd\ub41c TCP \uc138\uc158\uc758 \uc77c\ubd80\uc778\uc9c0 \uc5ec\ubd80\ub97c \uc54c\ub824\uc8fc\ub294 \ub85c\uadf8 \uc811\ub450\uc5b4\ub97c \ud3ec\ud568\ud55c\ub2e4. &nbsp;** WEB-PHP Setup.php &hellip; <a href=\"http:\/\/pchero21.com\/?p=898\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[52],"tags":[184,218,241,311,399,528,557,564,608,809],"_links":{"self":[{"href":"http:\/\/pchero21.com\/index.php?rest_route=\/wp\/v2\/posts\/898"}],"collection":[{"href":"http:\/\/pchero21.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/pchero21.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/pchero21.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/pchero21.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=898"}],"version-history":[{"count":0,"href":"http:\/\/pchero21.com\/index.php?rest_route=\/wp\/v2\/posts\/898\/revisions"}],"wp:attachment":[{"href":"http:\/\/pchero21.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=898"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/pchero21.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=898"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/pchero21.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=898"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}