¿ù°£ Àα⠰Խù°

°Ô½Ã¹° 6°Ç
   
DDOS °ø°Ý... IPTABLE TIP
±Û¾´ÀÌ : ÃÖ°í°ü¸®ÀÚ ³¯Â¥ : 2009-12-28 (¿ù) 16:08 Á¶È¸ : 262649
±ÛÁÖ¼Ò :
                       

Æ®·¡ÇÈ»ç¿ë·®ÀÌ ³×Æ®¿öÅ©¿Í ¼­¹ö¿¡¼­ ¹öÆ¿¼ö ÀÖ´Ù´Â °¡Á¤ÇÏ¿¡....
¼Ò·®¿¡ Æ®·¡ÇÈÀ̶ó¸é CC Attakc ¿Í GET Flooding Á¤µµ´Â ¸®´ª½ºÀÇ °æ¿ì¿¡´Â iptables·Î °£´ÜÈ÷ ¸·À»¼ö ÀÖ´Ù.

µÎ °ø°ÝÀº ¸ðµÎ ƯÁ¤ÆäÀÌÁö or À̹ÌÁö¸¸À» °è¼ÓÇؼ­ ¿äûÇÔÀ¸·Î½á ½Ã½ºÅÛ ÀÚ¿øÀ» °í°¥½ÃÄѼ­ ¼­ºñ½º¸¦ Áß´ÜÇϴ Ư¡ÀÌ ÀÖÀ¸¸ç ¸ÕÀú HTTP ÇÁ·ÎÅäÄÝ Çì´õÁ¤º¸¿¡ ´ëÇؼ­ ¾Ë¾Æ¾ß µÈ´Ù.


¿ì¸®°¡ À¥»çÀÌÆ®¸¦ Á¢¼ÓÇÏ°Ô µÇ¸é ÆÐŶÀº ¿äûÇì´õ¿Í ÀÀ´äÇì´õ·Î ³ª´©¾îÁ®ÀÖ´Ù.
¾Æ·¡´Â ¸ðÁö¸®´åÄÄ index ÆäÀÌÁö¸¦ ¿äûÇÏ´Â ÆÐŶÀ» ĸÃÄÇÑ ºÎºÐÀÌ´Ù.

16:18:54.544946 IP XXX.XX.XX.XX.62077 > XXX.XXX.XXX.222.80: P 2660271666:2660272407(741) ack 4054926732 win 509
aH@.t..FsD.M..s..}.P...2..E.P...*...GET / HTTP/1.1
Accept: */*
Accept-Language: ko
UA-CPU: x86
Accept-Encoding: gzip, deflate
If-Modified-Since: Mon, 28 Dec 2009 07:18:46 GMT
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Host: www.chonnom.com
Connection: Keep-Alive
Cookie: f33d2ed86bd82d4c22123c9da444d8ab=MTI1OTYzNDE4NA%3D%3D; 96b28b766b7e0699aa91c9ff3d890663=aHR0cDovL3d3dy5jaG9ubm9tLmNvbS8%3D; 2a0d2363701f23f8a75028924a3af643=MTE1LjY4LjI3Ljc3; f33d2ed86bd82d4c22123c9da444d8ab=MTI2MDg0OTE0Mg%3D%3D; 96b28b766b7e0699a
91c9ff3d890663=aHR0cDovL2Nob25ub20uY29tLw%3D%3D; 2a0d2363701f23f8a75028924a3af643=MTE1LjY4LjI3Ljc3; PHPSESSID=ee9055896cbb812ab1aa30107d56496f

ÀÚ¼¼ÇÑ HTTP ÇÁ·ÎÅäÄÝ Á¤º¸´Â ¾Æ·¡¸µÅ©¸¦ ÅëÇؼ­...
http://www.chonnom.com/bbs/board.php?bo_table=B17&wr_id=27
http://www.chonnom.com/bbs/board.php?bo_table=B17&wr_id=27

ÆÐŶÀ» ĸÃÄÇϰųª ¾ÆÆÄÄ¡ ·Î±×»ó¿¡¼­ ´Ü½Ã°£¿¡ µ¿ÀÏ ÆäÀÌÁö°¡ °è¼ÓÇؼ­ º¸ÀÎ´Ù¸é °ø°ÝÀ¸·Î ÀǽÉÇÏ¿© ÀÌ·²°æ¿ì¿¡´Â HTTP ÇÁ·ÎÅäÄÝ¿¡ ±ÔÄ¢¿¡¼­ ƯÁ¤ Çì´õ°ªÀ» È®ÀÎÇؼ­ DROP / ACCEPT ·Î ÆÇ´ÜÇÏ¸é µÈ´Ù.
´ë°Ô´Â ACCEPT Çì´õ°ªÀÌ ¾ø´Â°æ¿ì°¡ ¸¹´Ù.

°ø°ÝÆÐŶ

..L.P.../_..lP..."p..GET /js/default.js HTTP/1.1
Host: www.chonnom.com
Cache-Control: no-store, must-revalidate
Referer: http://www.chonnom.com
Connection: Close

16:40:34.840539 IP XXX.XXX.XX.XXX.4684 > XXX.XXX.XXX.XX.80: F 142:142(0) ack 1 win 65535
E..(.>@.s..J;.K..n
..L.P...._..lP.............
16:40:34.840810 IP XXX.XX.XXX.XXX.4685 > XXX.XXX.XX.XXX.80: . ack 1591675378 win 65535
E..(.?@.s..I;.K..n
..M.P....^. .P....%........
16:40:34.841239 IP XXX.XXX.XXX.XXX.4685 > XXX.XXX.XXX.XXX.80: P 0:142(142) ack 1 win 65535
E....@@.s...;.K..n
..M.P....^. .P....a..GET /js/default.js HTTP/1.1
Host: www.chonnom.com
Cache-Control: no-store, must-revalidate
Referer: http://www.chonnom.com
Connection: Close


¾Æ·¡ÀÇ ·ê·Î ¸ÅĪ½ÃÄѼ­ DROP ó¸®

iptables -N HTTP_REQUEST
iptables -A INPUT -p tcp -m tcp --dport 80 -d XXX.XXX.XXX.XXX -m string --string "$½ºÆ®¸µ°ª" --algo bm --to 512 -j HTTP_REQUEST
iptables -A INPUT -m string --string "Accept" --algo bm --to 512 -j RETURN
iptables -A INPUT -j DROP



Ãß°¡) ¿äûÆÐŶ¿¡ ¾ð¾îÄÁÅÙÃ÷°¡ Áß±¹¿¡¼­ ¼­ºñ½ºÇÏÁö ¾ÊÀ½¿¡µµ ºÒ±¸ÇÏ°í Áß±¹ÂÊÀÏ °æ¿ìµµ ¸¹´Ù...   ZH-CN ½ºÆ®¸µ ¸ÅÄ¡·Î DROP ½ÃÄѵµ ±×·°Àú·° È¿°ú°¡...


À̸§ Æнº¿öµå
ºñ¹Ð±Û (üũÇÏ¸é ±Û¾´À̸¸ ³»¿ëÀ» È®ÀÎÇÒ ¼ö ÀÖ½À´Ï´Ù.)
¿ÞÂÊÀÇ ±ÛÀÚ¸¦ ÀÔ·ÂÇϼ¼¿ä.
   

 



 
»çÀÌÆ®¸í : ¸ðÁö¸®³× | ´ëÇ¥ : ÀÌ°æÇö | °³ÀÎÄ¿¹Â´ÏƼ : ·©Å°´åÄÄ ¿î¿µÃ¼Á¦(OS) | °æ±âµµ ¼º³²½Ã ºÐ´ç±¸ | ÀüÀÚ¿ìÆí : mojily°ñ¹ðÀÌchonnom.com Copyright ¨Ï www.chonnom.com www.kyunghyun.net www.mojily.net. All rights reserved.