È£½ºÆà TIP
º¸¾È
½Ã½ºÅÛ
ÇÁ·Î±×·¡¹Ö
³×Æ®¿öÅ©
|
½Ã½ºÅÛº¸¾È
|
DDOS
ÀÌ¿ë¾È³»
|
È£½ºÆà TIP
|
ÀÚÀ¯°Ô½ÃÆÇ
|
ȸ¿ø°¡ÀÔ

¿ù°£ Àα⠰Խù°

°Ô½Ã¹° 160°Ç
   
rawpacket ¼öÁ¤ - tcprewrite
±Û¾´ÀÌ : ÃÖ°í°ü¸®ÀÚ ³¯Â¥ : 2010-09-14 (È­) 16:04 Á¶È¸ : 11038
±ÛÁÖ¼Ò :
                          

Âü°í : http://tcpreplay.synfin.net/wiki/tcprewrite

tcpdump -w ¿É¼ÇÀ» ÅëÇØ »ý¼ºµÈ rawpacket ³»¿ëÀ» ¼öÁ¤ÇÒ¼ö ÀÖ°Ô ÇØÁÖ´Â ÇÁ·Î±×·¥ÀÌ´Ù.
ÆÐŶÆÄÀÏÀÇ src ip . dst ip, mac, port µîµîÀ» ÀçÀÛ¼ºÇÒ¼ö ÀÖ°Ô ÇØÁÖ¸ç ±âŸ ÆÐŶÆÄÀÏÀÇ ¼¼ºÎÀûÀ¸·Î ¼öÁ¤µµ °¡´ÉÇÏ´Ù.


¿É¼Ç


µðµµ½º°ø°Ý½Ã¿¡ ĸÃÄÇÑ rawpacket ÆÄÀÏ¿¡ dst ip °ªÀ» º¯°æÇÏ°íÀÚ ÇÑ´Ù¸é...

ÇöÀç rawpacket
15:29:43.375061 IP 58.22.43.178.16591 > 183.100.240.41.18968: S 140103850:140104710(860) win 128
15:29:43.375113 IP 222.54.130.209.11238 > 183.100.240.41.16044: S 1213429559:1213430419(860) win 128
15:29:43.375162 IP 218.75.100.193.15070 > 183.100.240.41.31680: S 987086282:987087142(860) win 128
15:29:43.375261 IP 222.170.63.73.2280 > 183.100.240.41.26715: S 1920033858:1920034268(410) win 128
15:29:43.375311 IP 61.237.86.95.30105 > 183.100.240.41.31521: S 1205711487:1205712347(860) win 128
15:29:43.375410 IP 218.75.100.195.11662 > 183.100.240.41.28295: S 1526893938:1526894798(860) win 128
15:29:43.375460 IP 222.54.131.224.9912 > 183.100.240.41.27422: S 1634479563:1634480223(660) win 128
.........................................
.........................................


º¯È¯
tcprewrite -i kt.pcap-20100914-1529 -o ddos.pcap -D 183.100.240.41:218.236.115.222 -C -v

-i : Input À¸·Î »ç¿ëÇÒ PCAP ÆÄÀÏ
-o : ÀçÀÛ¼º ÇÏ¿© ÀúÀåµÉ PCAP ÆÄÀÏ/ Output ÆÄÀÏ
-D --dstipmap : º¯°æÇÒ ¸ñÀûÁö IP  / ÀÎÀÚ°ªÀ» µÎ°³ »ç¿ë
                        ¾Õ ÀÎÀÚ°ªÀº ¿ø·¡ÀÇ ÁÖ¼ÒÀ̸ç, ´ÙÀ½ ÀÎÀÚ°ªÀºº¯°æÇÒ IP ÁÖ¼Ò
-S --srcipmap : dstipmap °ú °°ÀÌ ¶È°°ÀÌ ¼Ò½ºIP ¸¦ º¯°æÇÒ ¶§ »ç¿ë
--endpoints : Ãâ¹ßÁö¿Í ¸ñÀûÁö ¾çÂÊÀÇ ¿£µåÆ÷ÀÎÆ®¸¦ º¯°æÇÒ ¶§ »ç¿ë
--portmap : TCP/UDP Æ÷Æ®¸¦ º¯°æ
--seed : Ãâ¹ßÁö/¸ñÀûÁö IP ÁÖ¼Ò¸¦ ·£´ýÇÏ°Ô º¯°æ
-C : IP/TCP/UDP üũ¼¶°ªÀ» Àç °è»ê
-v : ¼¼ºÎÀûÀÎ Á¤º¸¸¦ Ãâ·Â


dst ip º¯È¯ÀÌÈÄ »ý¼ºµÈ rawpacket
15:29:43.375061 IP 58.22.43.178.16591 > 218.236.115.222.18968: S 140103850:140104710(860) win 128
15:29:43.375113 IP 222.54.130.209.11238 > 218.236.115.222.16044: S 1213429559:1213430419(860) win 128
15:29:43.375162 IP 218.75.100.193.15070 > 218.236.115.222.31680: S 987086282:987087142(860) win 128
15:29:43.375261 IP 222.170.63.73.2280 > 218.236.115.222.26715: S 1920033858:1920034268(410) win 128
15:29:43.375311 IP 61.237.86.95.30105 > 218.236.115.222.31521: S 1205711487:1205712347(860) win 128
15:29:43.375410 IP 218.75.100.195.11662 > 218.236.115.222.28295: S 1526893938:1526894798(860) win 128
15:29:43.375460 IP 222.54.131.224.9912 > 218.236.115.222.27422: S 1634479563:1634480223(660) win 128

À̸§ Æнº¿öµå
ºñ¹Ð±Û (üũÇÏ¸é ±Û¾´À̸¸ ³»¿ëÀ» È®ÀÎÇÒ ¼ö ÀÖ½À´Ï´Ù.)
¿ÞÂÊÀÇ ±ÛÀÚ¸¦ ÀÔ·ÂÇϼ¼¿ä.
   

 



Àαâ°Ë»ö¾î
ceph
http
sq
 1
ddos
 1
volume
 5
snmp
format
 1
squid
 1
remote
 2
for
 8
 
»çÀÌÆ®¸í : ¸ðÁö¸®³× | ´ëÇ¥ : ÀÌ°æÇö | °³ÀÎÄ¿¹Â´ÏƼ : ·©Å°´åÄÄ ¿î¿µÃ¼Á¦(OS) | °æ±âµµ ¼º³²½Ã ºÐ´ç±¸ | ÀüÀÚ¿ìÆí : mojily°ñ¹ðÀÌchonnom.com
| ÀÌ¿ë¾à°ü | °³ÀÎÁ¤º¸Ãë±Þ¹æħ | Ã¥ÀÓÀÇÇÑ°è¿Í ¹ýÀû°íÁö | À̸ÞÀϹ«´Ü¼öÁý°ÅºÎ | ÀÌ¿ë¾È³»
Copyright ¨Ï www.chonnom.com www.kyunghyun.net www.mojily.net. All rights reserved.