¿¹Àü ³»°¡ ½º¸¶Àϼºê °Ô½ÃÆÇ¿¡ ´Þ¾ÆµÐ°Å´Ù.....¤»
±×´ë·Î Ctrl + C --> Ctrl + V
FTP ¿ä³ðÀº ÆÄÀϼۼö½Å¿¡´Â ¾öû Æí¸®ÇÏ°Ô ½á¸Ô´Â ³à¼®À̳ª ¹æȺ® Or °øÀ¯±â »ç¼³¾ÆÀÌÇÇ¿Í ¿¬°áµÇ´Â ºÎºÐÇÏ°í ¿¬°áµÇ¸é ¾î¶²ºÎºÐÀÌ À߸øµÈ°ÍÀÎÁö ã±â°¡ Èûµé´Ù.
°£´ÜÈ÷ ¸»ÇÏÀÚ¸é ¿¬°á¿äûÀ» ¾î´À´©°¡ ÇÒ°ÍÀΰ¡¿¡ Â÷ÀÌÀÌ´Ù.
2°³ÀÇ Àü¼Û¸ðµå¿¡ Â÷ÀÌÁ¡Àº ¹«¾ùÀÌ¸ç ¾î¶°ÇÑ ¿ø¸®¸¦ °¡Áö°í Á¢¼ÓµÇ´ÂÁö ¾Ë¾Æº¸ÀÚ.
1. FTP
¸ÕÀú FTP ¼¹ö°¡ »ç¿ëÇÏ´Â Æ÷Æ®´Â 2°³ ÀÌ´Ù.
Çϳª´Â ·Î±×Àΰú µð·ºÅ丮 °Ë»öÀ» ÇϱâÀ§ÇØ »ç¿ëµÇ´Â Á¤º¸Æ÷Æ®¿Í ½ÇÁ¦ÀûÀ¸·Î µ¥ÀÌÅ͸¦ ¾÷´Ù¿î·ÎµåÇϴµ¥ ¾²ÀÌ´Â µ¥ÀÌÅÍ Æ÷Æ® ÀÌ´Ù.
FTP ¼ºñ½º´Â Æнúê¸ðµå(Passive-mode)¿Í ¾×Ƽºê¸ðµå(Active-mode) 2°¡Áö¸¦ Áö¿øÇÑ´Ù.
Active-mode ´Â Ŭ¶óÀ̾ðÆ® ±â¹Ý Á¢¼ÓÀ¸·Î Ŭ¶óÀ̾ðÆ®¿¡ ¼±Á¡µÇÁö ¾ÊÀº(1024ÀÌ»ó)ÀÇ Æ÷Æ®¿¡¼ À¥¼¹öÂÊ¿¡ 21¹ø Æ÷Æ®·Î FTP¸¦ Á¢¼ÓÇÑ´Ù.
Ŭ¶óÀ̾ðÆ®¿¡¼ ¼¹öÂÊÀ¸·Î port ¸í·É¾î¸¦ º¸³»´Â°ÍÀ¸·Î ·£´ýÆ÷Æ®¸¦ ÀÌ¿ëÇÏ¿© ¼¹ö Æ÷Æ®·Î Á¢¼ÓÇÏ´Â °ÍÀ¸·Î ¼¹öÆ÷Æ®´Â Ç×»ó 21¹ø Æ÷Æ®·Î Á¢¼ÓµÈ´Ù.
µû¶ó¼ Active ¸ðµå Á¢¼Ó½Ã¿¡ ¹®Á¦Á¡ÀÌ ¹ß»ýµÇ´Â °æ¿ì´Â ´ëºÎºÐÀÌ Å¬¶óÀ̾ðÆ®Ãø¿¡ ÀÖ´Ù.
FTP Ŭ¶óÀ̾ðÆ®´Â ¼¹öÀÇ µ¥ÀÌÅÍÆ÷Æ®·Î ½ÇÁ¦ ¿¬°áÀ» »ý¼ºÇÏÁö ¾Ê°í ´ÜÁö ¼¹ö¿¡°Ô ÀÚ½ÅÀÌ ¸®½º´×ÇÏ´Â Æ÷Æ®¸¦ À̾߱âÇÏ°í ¼¹ö Ŭ¶óÀ̾ðÆ®°¡ À̾߱âÇÑ Æ÷Æ®·Î ¿¬°áÀ» ¸Î´Â´Ù.
¸¸ÀÏ ÀÚ½ÅÀÌ °øÀ¯±â³ª ¸¶½ºÄ¿·¹À̵带 ÅëÇؼ FTP ¼¹ö·Î Á¢¼ÓÀ» ½ÃµµÇÏ°Ô µÉ¶§ Á¢¼ÓÀÌ ¾ÈµÇ´Â°æ¿ì¿¡ ´ëºÎºÐÀº ¼¹ö·ÎÀÇ Á¢¼ÓÈÄ¿¡ Ŭ¶óÀ̾ðÆ®ÂÊÀ¸·Î Á¢¼ÓÀ» ¿äûÇÒ¶§ »ç¼³¾ÆÀÌÇǸ¦ ¸øã¾Æ¼ ½ÇÆÐÇÏ´Â °æ¿ìÀÌ´Ù.
ÀÌ´Â ¼¹ö¿¡ Passive ¸ðµåÁ¢¼ÓÀ» Çã¿ëÇÏÁö ¾Ê°Ô²û ¼³Á¤µÎ¾î¼ »ý±â°ÔµÇ´Â °æ¿ì·Î ¼¹ö¼³Á¤¿¡ º¯°æ¾øÀÌ ²ÀÁ¢¼ÓÀ» Çϱ⸦ ¿øÇÑ´Ù¸é °øÀ¯±â¸¦ ¶¼°í ´ÙÀÌ·ºÆ®·Î Á¢¼ÓÇØ º¸¸é µÈ´Ù.
ÀÌ¿¡ °øÀ¯±â³ª ¸¶½ºÄ¿·¹ÀÌµå °°Àº »ç¼³»ç¿ëÀÚµéÀ» À§ÇØ »ý°Ü³ ¹æ½ÄÀÌ Passive ¸ðµåÀÌ´Ù.
Passive-mode ´Â ¼¹öÂÊ 21¹ø Æ÷Æ®·Î Á¢¼Ó½Ã, Ŭ¶óÀ̾ðÆ®ÀÇ ·£´ýÆ÷Æ®°¡ ¾Æ´Ï¶ó ¼¹öÂÊ ·£´ýÆ÷Æ®¸¦ ÀÌ¿ëÇÏ°Ô µÈ´Ù.
¼¹ö´Â Ŭ¶ó¾ðÆ®¿¡°Ô pasv ¸í·É¾î¸¦ º¸³»¸ç, Ŭ¶óÀ̾ðÆ®´Â ½ÂÀÎÇÏ°Ô µÈ´Ù.
¹®Á¦´Â, Æнúê¸ðµåÀÇ °æ¿ì ¼¹öÂÊ¿¡ 1024 ¿¡¼ 65535 Æ÷Æ® »çÀ̸¦ ·£´ýÇÏ°Ô ÇÒ´çÇϸç, ³×Æ®¿öÅ© ¼¼¼ÇÀÌ ÀÖÀ»¶§¸¶´Ù ½Å±ÔÆ÷Æ®¸¦ ÀÌ¿ëÇÏ°Ô µÈ´Ù.
À̶§, ¼¹öÂÊ¿¡ ¹æȺ®À» ¿î¿µÇϰųª ´ë·®Á¢¼Ó¼ºñ½º°¡ ¿î¿µÁßÀ϶§´Â ³×Æ®¿öÅ© ÀÚ¿øÀÌ ºÎÁ·ÇÏ°Ô µÇ¾î Á¢¼ÓÀå¾Ö°¡ ÀÖÀ»¼ö ÀÖ´Ù.
FTP¸¦ ÅëÇÑ ½ÇÁ¦¼¼¼ÇÀº ¾î¶°ÇÑÁö Çѹø È®ÀÎÇغ¸ÀÚ.
¾Æ·¡´Â FileZilla¸¦ ÅëÇؼ FTP ¼¹ö·Î Á¢¼ÓÇؼ ƯÁ¤ µ¿¿µ»óÆÄÀÏÀ» ´Ù¿î·ÎµåÇÏ´Â °úÁ¤ÀÌ´Ù.
# Active-mode »óÅ·ÎÀÇ FTP Á¢¼Ó
ÀÀ´ä: 220 (vsFTPd 2.0.5)
¸í·É: USER mojily
ÀÀ´ä: 331 Please specify the password.
¸í·É: PASS **********
ÀÀ´ä: 230 Login successful.
¸í·É: SYST
ÀÀ´ä: 215 UNIX Type: L8
¸í·É: FEAT
ÀÀ´ä: 211-Features:
ÀÀ´ä: EPRT
ÀÀ´ä: EPSV
ÀÀ´ä: MDTM
ÀÀ´ä: SIZE
ÀÀ´ä: TVFS
ÀÀ´ä: 211 End
»óÅÂ: Á¢¼ÓµÇ¾ú½À´Ï´Ù
»óÅÂ: /DVDRip.XviD.CD1-XXXXX.avi ´Ù¿î·Îµå ½ÃÀÛ Áß
¸í·É: PWD
ÀÀ´ä: 257 "/"
¸í·É: TYPE I
ÀÀ´ä: 200 Switching to Binary mode.
¸í·É: PORT 192,168,0,239,12,13
ÀÀ´ä: 200 PORT command successful.
¸í·É: RETR DVDRip.XviD.CD1-XXXXX.avi
ÀÀ´ä: 150 Opening BINARY mode data connection for DVDRip.XviD.CD1-XXXXX.avi (162157784 bytes).
ÀÀ´ä: 226 File send OK.
»óÅÂ: ´Ù¿î·Îµå ¿Ï·á
¸í·É: PWD
ÀÀ´ä: 257 "/"
¸í·É: TYPE A
ÀÀ´ä: 200 Switching to ASCII mode.
¸í·É: REST 0
ÀÀ´ä: 350 Restart position accepted (0).
Á¢¼Ó°úÁ¤À» ÅëÇؼ º¸¸é PORT ¸í·ÉÀÇ ¿É¼ÇÀ¸·Î 6°¡ÁöÀÇ ¼ýÀÚ°¡ »ç¿ëµÇ´Âµ¥ óÀ½ 4°¡ÁöÀÇ ¼ýÀÚ´Â IPÁÖ¼Ò¸¦ ÀǹÌÇÏ°í ¸¶Áö¸· 2°¡ÁöÀÇ ¼ýÀÚ´Â Æ÷Æ®¹øÈ£ÀÌ´Ù.
Æ÷Æ®¹øÈ£ÀÇ (ù¹øÀç ¼ýÀÚ * 256) + µÎ¹ø° ¼ýÀÚ¸¦ °è»êÇغ¸¸é ½ÇÁ¦ Æ÷Æ®¹øÈ£¸¦ ¾òÀ»¼ö ÀÖ´Ù.
PORT 218,236,115,239,12,13
(12 * 256) + 13 = 3085
½ÇÁ¦ ½Ã½ºÅÛ¿¡¼ÀÇ Æ÷Æ®»ç¿ë¹øÈ£¸¦ ºñ±³Çغ¸¸é ÀÏÄ¡ÇÑ´Ù.
[root@smileserv src]# netstat -atnp |grep vsftpd
tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 21414/vsftpd
tcp 0 0 192.168.0.222:21 192.168.0.239:3082 ESTABLISHED 21461/vsftpd
tcp 0 127424 192.168.0.222:20 192.168.0.239:3085 ESTABLISHED 21472/vsftpd
tcp 0 0 192.168.0.222:21 192.168.0.239:3084 ESTABLISHED 21470/vsftpd
Æнúê¸ðµå¸¦ ¼³Á¤ÇÏ°í È®ÀÎÇغ¸¸é ÀÌ ¹Ý´ëÀÇ °á°úÀÎ ¼¹öÂÊ¿¡ Æ÷Æ®°¡ º¯°æµÇ¼ Á¢¼ÓµÊÀÌ È®ÀÎÀÌ °¡´ÉÇÒ °ÍÀÌ´Ù.
µû¶ó¼ ¹æȺ®À» »ç¿ëÇÏ°Ô µÇ¸é Á¢¼Ó¹× µ¥ÀÌÅÍ ¼Û¼ö½ÅÆ÷Æ®ÀÚü°¡ °íÁ¤ÀûÀÌÁö ¸øÇÒ°æ¿ì¿¡´Â ¹®Á¦Á¡ÀÌ ¸¹´Ù. ÀÌ·²´ë´Â ¼¹öÂÊ¿¡ Æ÷Æ®¸¦ °íÁ¤ÇÏ´Â ¹æ½Ä(Æнúê¸ðµå)À¸·Î ¼öÁ¤Çؼ »ç¿ëÇÏ¸é µÈ´Ù.
ÀÌÁ¦´Â ¹æȺ® ¼³Á¤À» »ç¿ëÇϱâ À§ÇØ Æнúê Æ÷Æ®¸¦ °íÁ¤ÇÏ´Â ¹æ¹ýÀ» È®ÀÎÇØ º¸ÀÚ.
2. Passive-Mode¸¦ »ç¿ëÇϱâ À§ÇÑ Æ÷Æ® °íÁ¤¹æ¹ý
1) Window ½Ã½ºÅÛ
Windows 2000 Server ¹× Windows Server 2003 ¸ðµÎ PassivePortRange °ªÀ» ÀÌ¿ëÇÏ¿© Á¶Á¤ÀÌ °¡´ÉÇÏ´Ù.
Windows Server 2003 ÀÇ °æ¿ì´Â ¸ÞŸº£À̽º¸¦ ¼öÁ¤
1. ÀÎÅÍ³Ý Á¤º¸ ¼ºñ½º °ü¸®] - [·ÎÄà ÄÄÇ»ÅÍ] - [¼Ó¼º ] - [¸ÞŸº£À̽º Á÷Á¢ ÆíÁý Çã¿ë]¿¡ üũ
2. C:\WINDOWS\system32\inetsrv ¹Ø¿¡ metabase.xml À» ¸Þ¸ðÀåÀ¸·Î ¿¬´Ù.
3. °íÁ¤ÇØ¾ßµÉ ÆÐ½Ãºê µ¥ÀÌŸ Æ÷Æ®Ç׸ñÀ» ¾Æ·¡ ¶óÀΰú °°ÀÌ Ãß°¡ÇÑ´Ù.
PassivePortRange="5001-5001"
..................................................................................
..................................................................................
..................................................................................
<IIsFtpService Location ="/LM/MSFTPSVC"
AdminACL="XXXXXXXX"
AllowAnonymous="TRUE"
AnonymousOnly="FALSE"
AnonymousUserName="IUSR_SERVER-X62W0LSZ"
AnonymousUserPass="XXXXXXXXX"
ConnectionTimeout="120"
DownlevelAdminInstance="1"
ExitMessage=" "
LogAnonymous="FALSE"
LogExtFileFlags="XXXXXXXXX"
LogFileDirectory="C:\WINDOWS\system32\LogFiles"
LogFilePeriod="1"
LogFileTruncateSize="20971520"
LogNonAnonymous="FALSE"
LogOdbcDataSource="TSLOG"
LogOdbcPassword="XXXXXXXXXX"
LogOdbcTableName="FTPLog"
LogOdbcUserName="InternetAdmin"
LogPluginClsid="{FF160663-DE82-11CF-BC0A-00AA006111E0}"
LogType="1"
MSDOSDirOutput="TRUE"
MaxClientsMessage=" "
MaxConnections="100000"
PassivePortRange="5001-5001"
>
</IIsFtpService>
..................................................................................
..................................................................................
..................................................................................
4. ÆíÁýÇÑ metabase.xml ÆÄÀÏÀ» ÀúÀåÇÑ´Ù
5. IIS ¸¦ ´Ù½ÃÇѹø Àç½ÃÀÛÇÑ´Ù.
6. Ipsec À̳ª ¹æȺ®ÀÌ ¼³Á¤µÇ¾îÀÖ´Ù¸é tcp 5001À» Ãß°¡ÇÑ´Ù.
Windows 2000 Server ÀÇ °æ¿ì´Â ·¹Áö½ºÆ®¸® °ªÀ» Ãß°¡
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Msftpsvc\Parameters\
¿¡¼ REG_SZ ŸÀÔÀÇ PassivePortRange °ªÀ̸§À» Ãß°¡ÇÑ´Ù.
°ªÀ¸·Î´Â, 5500-5700 À» ¼³Á¤ÇÑ´Ù.
2) Linux ½Ã½ºÅÛ
¸ÕÀú ÆÐ½Ãºê ¸ðµå¸¦ »ç¿ëÇϱâ À§Çؼ´Â ¼¹ö¿¡ ip_conntrack ¸ðµâÀÌ ÀÖ¾î¾ß ÇÑ´Ù.
ip_conntrack Àº ¿¬°áÃßÀû ¸ðµâÀÌ´Ù. ¸î¹ø IP °¡ ¸î¹ø Æ÷Æ®¸¦ ÅëÇؼ Á¢¼ÓÇß´ÂÁö¿¡ ´ëÇÑ Á¤º¸°¡ ´ã°ÜÀÖ´Ù.
Á¤º¸°¡ ´ã°ÜÀÖ´Â À§Ä¡´Â /proc/net/ip_conntrack ÀÌ´Ù.
[root@smileserv ~]# cat /proc/net/ip_conntrack
........................................................................................................................
........................................................................................................................
........................................................................................................................
udp 17 27 src=219.78.47.179 dst=111.111.111.241 sport=7957 dport=8630 packets=1 bytes=90 src=111.111.111.241 dst=219.78.47.179 sport=8630 dport=7957 packets=1 bytes=81 mark=0 use=1
udp 17 7 src=58.172.208.159 dst=111.111.111.241 sport=55210 dport=8630 packets=2 bytes=306 src=111.111.111.241 dst=58.172.208.159 sport=8630 dport=55210 packets=2 bytes=411 [ASSURED] mark=0 use=1
udp 17 114 src=111.111.111.1111 dst=222.222.222.22 sport=33181 dport=161 packets=34 bytes=2692 src=222.222.222.22 dst=111.111.111.236 sport=161 dport=33181 packets=34 bytes=2875 [ASSURED] mark=0 use=1
ÆÐ½Ãºê ¸ðµå¸¦ »ç¿ëÇϱâ À§ÇÑ vsftp.conf ¼³Á¤
[root@smileserv ~]# vi /etc/vsftpd/vsftpd.conf
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
........................................................................................................................
........................................................................................................................
## µ¥ÀÌÅÍ Àü¼ÛÀ» À§Çؼ Passive mode¸¦ »ç¿ëÇÒ °ÍÀÎÁö ¼³Á¤ (±âº»°ª = YES)
## => Active Mode·Î Á¢±ÙÇÒ ¼ö ¾ø´Â »ç¿ëÀÚµéÀ» À§ÇØ È°¼ºÈ
pasv_enable=YES
## ÆÐ½Ãºê ¸ðµå·Î ¿¬°á½Ã ÇÒ´çµÉ ÃÖ´ë ¹× ÃÖ¼Ò Æ÷Æ®¸¦ ¼³Á¤ (±âº»°ª = 0)
## => ÀϹÝÀûÀ¸·Î 50000~60000 Æ÷Æ®¸¦ ÁöÁ¤ (±âº»°ª = 0)
## ±âº»°ªÀÎ 0Àº well-known port¸¦ Á¦¿ÜÇÑ ¹«ÀÛÀ§ Æ÷Æ®¸¦ ÀÌ¿ëÇÏ°Ô µË´Ï´Ù.
pasv_min_port=50000
pasv_max_port=50001
.......................................................................................................................
.......................................................................................................................
ÆÐ½Ãºê ¸ðµå¸¦ »ç¿ëÇϱâ À§ÇÑ proftpd.conf
[root@smileserv ~]# vi /etc/proftpdproftpd.conf
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
........................................................................................................................
........................................................................................................................
AllowForeignAddress on
# 30000 ~ 32000 Port ¸¦ »ç¿ëÇؼ Æнúê Æ÷Æ® ÁöÁ¤
PassivePorts 50000 50001
.......................................................................................................................
........................................................................................................................
½ÇÁ¦·Î ¹Ù²ïºÎºÐÀÌ Àû¿ëµÇ´ÂÁö¸¦ È®ÀÎÇØ º»´Ù.
[root@smileserv ~]# netstat -atnp |grep vsftpd ==> FTP Á¢¼ÓÀü
tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 21363/vsftpd
[root@smileserv ~]# netstat -atnp |grep vsftpd ==> FTP Á¢¼ÓÁß
tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 21363/vsftpd
tcp 0 0 192.168.0.222:21 192.168.0.4:3621 ESTABLISHED 21374/vsftpd
tcp 0 0 192.168.0.222:21 192.168.0.4:3622 ESTABLISHED 21377/vsftpd
[root@smileserv ~]# netstat -atnp |grep vsftpd ==> PASV °íÁ¤Àü µ¥ÀÌŸ Àü¼ÛÁß
tcp 0 0 218.236.115.222:34795 0.0.0.0:* LISTEN 21427/vsftpd
tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 21414/vsftpd
tcp 0 0 192.168.0.222:21 192.168.0.4:1090 ESTABLISHED 21422/vsftpd
tcp 0 0 192.168.0.222:21 192.168.0.4:1091 ESTABLISHED 21425/vsftpd
tcp 0 87765 192.168.0.222:34795 192.168.0.4:1106 ESTABLISHED 21427/vsftpd
[root@smileserv ~]# netstat -atnp |grep vsftpd ==> PASV °íÁ¤ÈÄ µ¥ÀÌŸ Àü¼ÛÁß
tcp 0 0 218.236.115.222:50001 0.0.0.0:* LISTEN 21379/vsftpd
tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 21363/vsftpd
tcp 0 116800 192.168.0.222:50001 192.168.0.4:3666 ESTABLISHED 21379/vsftpd
tcp 0 0 192.168.0.222:21 192.168.0.4:3621 ESTABLISHED 21374/vsftpd
tcp 0 0 192.168.0.222:21 192.168.0.4:3622 ESTABLISHED 21377/vsftpd
¼³Á¤µÈ Á¤º¸°¡ Àß ¹Ý¿µµÇ´Â°ÍÀÌ È®ÀεȴÙ.
ÁÖÀÇ ) ÀͽºÇ÷η¯¸¦ ÅëÇؼ FTP Á¢¼ÓÀº ÆÐ½Ãºê ¸ðµå¹æ½ÄÀÌ´Ù.