Chap 1 Introduction to Intrusion Detection - PowerPoint PPT Presentation

About This Presentation

Title:

Chap 1 Introduction to Intrusion Detection

Description:

Title: Chap 1 Introduction to Intrusion Detection Author: Last modified by: salut Created Date: 7/18/2001 3:22:37 AM Document presentation format – PowerPoint PPT presentation

Number of Views:234

Avg rating:3.0/5.0

Slides: 92

Provided by: 498871

Category:

more less

Transcript and Presenter's Notes

Title: Chap 1 Introduction to Intrusion Detection

1
?????? ?? ? ??

??????????
? ? ? ??

2
??

??? ?? ??(Network Security Overview)
??? ???(Network Scanning)
???(Packet Sniffing)
???(IP Spoofing)
?? ????(Session Hijacking)
DoS/DDoS Attack

3
??? ??? ??

??? ??? ??
????? ?? ?? ??
???? ?? ? ??? ?? ?? - ???? ??? ??
???? ??, ?? ??, ???
Packet Sniffing? ?? ??? ??? ? ?? ??
DOS(Denial of Service) ??
??? ?????? ??
TCP/IP ???? ???? ??
???? ?? ?? ?? ? ????
??? ??? ?? ??? ??
??? ??? ??? ???
???? ?? ??? ???

4
??? ???
5
??? ???

??? ???? ??
????? ??? ?? ???? ???
?? ??? ???? ??? ?? ? ?? ??? ??
??? ?? ??
OS ?? ? ??
??? ?? ?? ? ??? ??
??? ??? ??
?? ??(Port Scanning)
Open Port Detection
OS Detection
Etc
??? ??(Vulnerability Scanning)
?? ??? ???(?? ??????)? ??? ??

6
??? ???

???? ??? ??
nmap(Network mapper), mscan, sscan, portscan,
HakTek, porttest, dnscan, checkos, etc
CGI Vulnerability Scanner
CGI scanner, Perl CGI Checker, etc

7
Port Scanning

??
?? ???? ?? ???? ????.
??
???? ???? ?? scanning ??? ????.
Network Scanning? ?? ???? ??? ? ???? IP ??? ??? ?
???? ?? ???? ?????? ????.
???? ???? ?? ??? ??? ????. ?? ??? ? ??? ??? ???
????. ??? ?? ??? ?? ??? ??? ???? ???? ?? ????.

8
Port Scanning

mscan ??
???? ?? ??? ????? ??? ??? ?? ???? ??? ???
?? ??? ??
wingate
phf, handler, test-cgi
NFS exports, statd, named
X server, ipopd, imapd

9
Port Scanning

sscan ??
mscan? ??? jsbach? ??
mscan? ?? ???? ???? ?? ??? ?? ??
mscan ??? ?? ??
????? ??(31337 ??)
??? CGI ?????(Count.cgi, php.cgi ? ??)
bind/iquery ?? ????? ?
???? ?? ?? ??(???? ??? ???? ?? ??)
z0ne
?? ???? ??? IP? ???? ????
imapvun, imapd_scan.sh
imap ??? ???
phfscan
phf.cgi ??? ???

10
Port Scanning

Nmap(Network Mapper)? ??? ?? ??

11
Port Scanning(by hand)

???? ?? ?? ?? (TCP ??? ??)

victim telnet 10.10.10.1 3306 . GET /
HTTP/1.0 Accept / HTTP/1.0 200 OK Date
Server Apache/1.3.6 (Unix) Victim telent
10.10.10.1 23 . Unix System V Realse
4.9(10.10.10.1) Login Victim telnet 10.10.10.1
21 . . FTP server(UNIX System V Realse 4.0
ready. SYST
12
OS Detection

??
???? ??? ????.
???? ??? ?? ???? ???? ???? ? ? ??, ?? ?? ??????
??? ???? ?? ? ??? ??(Assembly Language)? ? ? ??.
??
???? ???? ?? ?? ??? ????.

victim nmap O 10.10.10.1 . Remote operation
system guess Linux 2.1.122 2.2.14 .
13
Vulnerability Scanning

Vulnerability Scanning ??
?? ???? ?? ???? ???? ?? ?? ? ???? ??
Scanner? ??
??? ???
COPS(The Computer Oracle and Password System)
????? ??? ?? ???
??? ??
????? ??? UID ??
ISS? System Scanner
???? ???
ISS(Internet Security Scanner)
SATAN(Security Administrators Tool for Analyzing
Networks)
SAINT
CGI Scanner

14
Vulnerability Scanning

Scanning ?? ??
courtney SATAN? SAINT ???
icmpinfo ICMP ??/?? ???
scan-detector ???? UDP ?? ???
Psionic PortSentry stealth scanner ???

15
SAINT

SAINT(Security Administrators Integrated Network
Tool)
SATAN? ??? ?? ???
SAINT? ?? ?? ??
CGI ??? ? ??
DOS ??
POS ?? ??
SSH Security holes
Remote Buffer Overflow

16
?? - ?? ?? ??

??? ?? ??
finger (/usr/bin/finger)
rusers (/usr/bin/rusers)

victim finger _at_victim.com victim.com Login Nam
e TTY idle When Where zen Dr.Foobar co 1d
Wed 0800 death.com
Victim rusers victim.com Login Home-dir
Shell Last login, from where root / /bin/sh
Fri Nov 5 0742 on ttyp1 from big.victim.com bin /
bin Never logged in nobody / Tue Jun 15
0857 on ttyp2 from server.victim.com daemon /
Tue Mar 23 1214 on ttyp0 from big.victim.com
17
?? - ?? ?? ??

NFS ?? ??
showmount
NFS?
??? ???? ???????? read/write only? ????,
??? Read-only? ???.

evil showmount e victim.com export list form
victim.com /export (everyone) /var (everyon
e) /usr easy /export/exec/kvm/sun4c.sunos.4.1.3
easy /export/root/easy easy /export/swap/easy
easy
18
?? - ?? ?? ??

RPC ?? ??? ?? ??
rpcinfo
NIS ?? ? master/slave ??
??? ?? ?????? ?? ??
?? ??? ?? ??

evil rpcinfo p victim.com program vers proto po
rt 100004 2 tcp 673 ypserv 100005 1 udp
721 mountd 100003 2 udp 2049 nfs 100026 1 udp
733 bootparam 100017 1 tcp 1274 rexd
19
?? - ???? ??

???? ??(Password Guessing)
??? ??? ???? ????? ???? ??
???? ??? ?? ??
?? ??? ???? ?? ?? ??
????? ?? ??? ??? ?? ???? ?? ??? ??? Brute force
??? ??? ??
???? ?? ??
Brute-force
??? ???
?? ???
??? ?? - ??? ??? ??
Crack, webcrack

20
???/Sniffing
21
Sniffing ?? - 1

sniff? ???? ???? ?? ??????? ??
?? ?????? ??? ??? ??? ?? ???? ???? ??
??? ??? ?? ?? ????, ?? ?? ?? ??
??? ??? ???(Passive) ??

22
Sniffing ?? - 2

???? ???? ???????(Promiscuous) ???? ??
? ??? ??? IP ?? ?? ??? MAC(Media Access Control)
?? ?? ??? ??
??? ? ??? ???? ???? ??? ?? ??? ??? ?? ??, ? ?? ??
???? ??? ??? ????? ????.
???? ??? ??? ??? ? ???? ?? ????? ?
??? ?? ?? ???? ?? ??? ????? ??? ??????? ???? ?

23
Sniffing
? ?????? ??????? ??? ????
Root ifconfig eth0 promisc
24
???????? ???

??? ????? ????? ???? ???.
??
??? ??? ???? ?? ??? ???? ?? ??? ?? ???? ??? ??.
??? ??????(Broadcast) ???? ?????(Unicast) ?????
???? ?? ??? ????? ????? ???? ??? ??? ????.
?????
???? ???? MAC ?? ?? ???? ?????? ??? ??? ?? ??? ?
??? ???? ???? ???.
???? ???? ?? ?? ???? ??? ???? ????? ???? ????
???? ??? ???.

25
???????? ???
? ARP ???/?????

ARP ????? ??? ????? 2???? ?? ??
??? ??? ARP reply ??? ??? ??? ??
??? MAC ??? ????? ??????? ????? ?? ??? ?
ARP ???? ??? ? ??? ????, ARP ?????? ?? ?? ??? ?
????? ? ??? ? ???? ??
ARP ?????? ????? ??? ???? ?? ???? MAC ??? ?? ???
?? ?? ?? ??? ?? ???? ???? ???? ??. (Fragroute??)

26
???????? ???
ARP Spoof ????(Flash) http//www.oxid.it/downloads
/apr-intro.swf
27
???????? ???
? ??? ??(MACOF)

??? ??(Switch Jamming)? ???? ?? ????.
?? ?? ?? ?? ?????(Buffer Overflow) ??? ??. ??
????? ??? ??? ???? ???? ??????? ???? ????? ??,
??(Root) ??? ???? ? ???? ??. ??? ?? ??? ????? ???
? ??. CPU? ?? ???? ??? MAC ???? ???? ?? ?? ???
??.
??? ??? MAC ???? ?? ?? ??? ?? ????? ??? ???? ????
???? ??? ??.
MAC ???? ?? ??? ??? ???? ??? ??? ?? ?? ?? ??? ???
????.

28
???????? ???
? macof? ??? ????? Root macof
?? ? tcpdump
29
???????? ???
? SPAN ?? ??(Tapping)
SPAN(Switch Port Analyzer)? ?? ???(Port
Mirroring)? ??? ???. ?? ????? ? ??? ???? ????
????? ?? ???? ??? ???? ???. ?? IDS? ??? ? ??
????. SPAN? ?? ????? ?? ????, ?? ???? Port
Roving?? ???? ??. SPAN? ??? ?? ???? ??? ?? ????
????? ?? ? ?? ???? ??. ?? ??? ? ?? ??? ????. ???
?? ??? ?????? ?? ???? Splitter?? ???? ??. SPAN
??? ?? ??? ??? ???? ??? IDS? ????? ?? ?? ??? ????
?? ??? ??? ? ??. ??? ??? ??? ?????? ????? ???? ??
???? ? ???.
30
Dsniff
31
Dsniff ??
DSniff ?? ? ???? ?
? ? ?
filesnarf NFS ????? ???? ??? ?? ????? ????.
macof ???? ??? ?? ???? ?? ??? ??? MAC ??? ???? MAC ???? ?????(Overflow)???.
mailsnarf SNMP? POP ? ????? ???? ? ? ?? ???.
msgsnarf ?? ???? ?????.
tcpkill ??? ? ?? TCP ??? ?? ???.
tcpnice ICMP source quench ???? ?? ?? TCP ??? ??? ???. ??? ?? ?????? ??? ? ?
arpspoof ARP ??? ??? ????.
dnsspoof DNS ??? ??? ????.
urlsnarf CLF(Common Log Format)?? HTTP ???? ????? ??? URL? ????.
32
Dsniff ??(Redhat7.3)

Source Install http//monkey.org/dugsong/dsniff
/
dsniff-2.3.tar.gz
?? Library
db-2.7.7.tar.gz
cd db-2.7.7/dist
./configure --enable-compat185
ver 1.8.5 ?? ??? ??
libnet-1.0.2a.tar.gz
libnids-1.16.tar.gz

33
Dsniff ??(Redhat8.0 or 9.0)

Source Install http//monkey.org/dugsong/dsniff
/
dsniff-2.3.tar.gz
?? Library
db-2.7.7.tar.gz
cd db-2.7.7/dist
./configure --enable-compat185
ver 1.8.5 ?? ??? ??
libnet-1.0.2a.tar.gz
libnnids-1.16.tar.gz
openssl-0.9.7c.tar.gz

34
Fragrouter - ???
? Fragrouter
?? ??? ?????? ?? ???. ???? ??? ??? ????? ? ?????
? ??? ????? ?????? ?? ???? ??? ????. ????? ???
???? ?? ??? ? ?? ??? ??? ?? ???? ??? ?? ??.
Fragrouter ????
Root ./configure Root make
35
??? Sniffing

echo "1" gt /proc/sys/net/ipv4/ip_forward
fragrouter -B1
// ARP redirect, ARP spoofing ?? ??? ?? ? ????
???? ??? ???? ??? ??? ???? ????? ?????
arpspoof -t victim_host gateway
msgsnarf -i eth0 gt msg1
iconv -f UTF-8 -t eucKR file1 gt msg2
cat file2
// MSN? ??? UTF-8????, ?????? ?? ???. eucKR? ??

36
?? Sniffing - Outlook

echo "1" gt /proc/sys/net/ipv4/ip_forward
fragrouter -B1
arpspoof -t victim_host smtp_server
mailsnarf -i eth0 gt mail1
cat mail1
// ??? ??. Outlook express? ??? ?? ?? ? base64?
????? ???.
???,??? ???? ?? - base64 (www.fourmilab.ch/webtool
s/base64)
base64 -d mail1 mail2
// ??? ? ????? ?? ??

37
Web Sniffing

echo "1" gt /proc/sys/net/ipv4/ip_forward
fragrouter -B1
arpspoof -t victim_host gateway
Webspy -i eth0 victim_host
// ?????? ?? ?? ??? ?

38
DNS Spoofing

echo "1" gt /proc/sys/net/ipv4/ip_forward
fragrouter -B1
arpspoof -t victim_host gateway
vi /etc/hosts
202.43.214.151 yahoo.com
dnsspoof -f /etc/hosts
Sample hosts file
/usr/local/lib/dnsspoof.hosts

39
Ettercap
40
(No Transcript)
41
(No Transcript)
42
(No Transcript)
43
(No Transcript)
44
Sniffing?? ? ???
45
Sniffing ????

??? ??? ???? ??? ???? ?? ??? ????? ??? ?? ???
??? ?? ??? ???? ?? ???? ?? ???. ??? ???? ???? ??
????? ????? ????? ???? ??? ??? ?? ??.
???? ?? ??? ????? ???? ??????? ???? ????? ???
????.

46
Sniffing ????
? Ping? ??? ?? ???? ???? ?? TCP/IP?? ???? ???
request? ??? response? ????. ?? ??? ??? ??? ??
???? ping? ????, ????? ???? ?? MAC ??? ???? ???.
?? ICMP Echo reply? ??? ?? ???? ???? ?? ?? ???.
???? ???? ?? MAC ??? ???? ??? ???? ?? ?? ???? ???
ping request? ? ? ?? ?? ????. ? ARP? ???? ??
ping? ??? ???? ??? ARP request? ??? ? ARP
response? ?? ??????? ??? ???? ?? ???.
47
Sniffing ????
? ??(Decoy)?? ??? ??? ?? ???? ?? ??? ??? ?????
??? ??. ?? ???? ??? ???? ????? ?? ??? ????? ?????
???. ???? ? ??? ????? ???? ??? ???? ? ??? ????
???? ?????? ???? ??? ? ??. ? ARP watch ??? MAC
??? IP ??? ?? ?? ???? ARP ???? ?????? ?? ??? ??
??? ???? ????? ??? ???? ???.
48
Sniffing ?? (Xarp)
??? ?(ARP Table ??) Download http//www.chrismc.
de
49
Sniffing ?? (Sentinel)

Sentinel
http//www.packetfactory.net/Projects/sentinel/

Sentinel usage ./sentinel options methods
-c ltx.x.xgt -f ltfilenamegt host methods
-a arp test -d dns test -e icmp etherping
test options -c ltx.x.xgt class c to scan
-f ltfilegt file of ip addresses -i ltdevicegt
network interface -n ltnumbergt number of
packets to send
50
Sniffing ?? (Sentinel)
Ping? ??? ??? ?? ./sentinel -e -t 192.168.1.144
51
Sniffing ?? (Sentinel)
??? MAC??? ICMP Echo Request? ????? ???? ????
??? ? ???? ICMP Echo Reply? ???.
???? ???? ?? ?? ??, tcpdump? ??
52
Sniffing ???

?????? MAC??? ???? ??
???? ???? ????? ??? ??? ??????? ?????? ??? ???
??.
Arp ?? ???? ????? MAC??? ???? ???? ??? ????.
????
?????? MAC??? ????.
Arp ?? ???? ???? ?? ???.
arp -s 192.168.1.5 00096DFE00C9

53
Sniffing ???(???)
? SSL(Security Sockets Layer) ???? ? ??? ????
???. SSL? ?? ? ?? ????? ???? ??? ????? ???? ????
??? ??? ?, ???? ?? ?? ?? ? ????. SSL? 40??? 128??
? ?? ??? ?? ??? ?? ???? ???? ???? ???? 40?? ???
??? ?? ??. ? SSH(Secure Shell) SSH? telnet? ??
???? ???? ??? ????. ???, DSniff? ???? ???? SSH1?
????? ???? ???? ? ??.
54
Sniffing ???(???)
? PGP(Pretty Good Privacy)? PEM(Pricacy Enhanced
Mail), S/MIME PGP? PEM, S/MIME? ?? ???? ??? ??
??? ????. PGP? ??? ?? ??? ??? IDEA? ?? IDEA ??
????? ??????, RSA(Rivest, Shamir, Addleman) ?????
??. ????? PGP? 'Web of Trust'? ??? ??. ??? PGP
???? ??? ?? ???? ??? ??? ??? ?? ??? ??? ? 3?? ??
???. PEM? PGP?? ?? ??? ??? ??(PKCSPublic Key
Cryptography Standards)? ???, CA(Certificate
Authority)?? ??? ?????? ?? ????. ??? ?????
DES-EDE, ?? ?? ??? ????? RSA, ????? ?? ?? ???
MD2, MD5? ??. S/MIME? ??? ??? MIME ??? ??? ?????
??? ???. ?? PKCS? ???? ???? ???, ??? ??? X.509?
??.
55
Sniffing ???(???)
? VPN (Virtual Private Network) VPN? ?? T1? ??
?? ????? ?????, ??? ??? ?? ??? ??? ??? ?? ???
???? ??? ????? ?????. ??? ???? ????? ? ??? ??
???? ???? ???? VPN? ???? ???? ???? ????.
56
?? ????/Session Hijacking
57

?? ??? ??? ??? ? ????
?? ?? ?? ????? ? ? ????

58
??

?? ???? ??
???? ? ??
???? ??? ?? MITM ??

59
?? ?????? ?????

?? ????/Session Hijacking
??? ??? ???? ?? ?? ??? ???? ?.
??? lt-gt ?? ????
????? ????? ??? ??? ?? ??? ?????
FTP? ?? ?? ?????, ??? ??? ?????

60
TCP Session Hijacking
SYN M
ACK M1, SYN N
ACK N1
SEQ M1, ACK N1
20 bytes
SEQ N1, ACK M21
0 bytes
SEQ M21, ACK N1
???? ?? ?? ltCRgt echo gt /.rhosts ltCRgt
61
TCP Packet Blocking (1)

?? ????? ? ?? ??
Without Packet Blocking
With Packet Blocking
Route Table Modification
ARP attack

62
TCP Packet Blocking (2)

Route table modification
ICMP redirect message

20 bytes
source http//www.firewall.cx/icmp-redirect.php
63
TCP Packet Blocking (3)

ARP attack
Arp spoofing
Arp spoofing ???
Arp ???? ??? ???
Arp ??? ???
Arpwatch ?? ???? ?? (ftp//ee.lbl.gov/arpwatch.tar
.gz)

64
UDP Hijacking

UDP Hijacking
TCP?? ?? 3-way handshake? ?? ??? ?
? DNS Spoofing

65
?? ???? ?

Juggernaut
Hunt
Ettercap
SMBRelay

66
Ettercap (1)

(Ettercap ?? ??)

67
Ettercap (2)

(source? destination ?? ?)

68
Ettercap (3)

192.168.0.2?? arp a ?? ?? ?

69
ACK Storm
??
???
?????
Seq M
20 bytes
Seq 100
ACK 120
10 bytes
Anomaly !
ACK 120
Anomaly !
ACK M
70
ACK Storm ??

packet drop
???? ??? ??? ?? ? ??? ??(RST ?? ??)
resynchronize

71
ACK Storm resynchronize
??
???
?????
Seq M
20 bytes
Seq 100
ACK 120
10 bytes
X
Anomaly !
ACK 110
30 bytes
X
ACK 120
72
???? ??? ?? MITM ??

Dsniff
Webmitm
dnsspoof ??
Sshmitm

73
???/Spoofing
74

??? ?? ??? ?? ??? ???? ????? ???? ???? ????.
????, ???? ??? ??? ?? ????? ??? ???? ????? ????.
?? ???, ???, ???, ??, ??, ?? ? ??? ?? ??? ???
???? ??? ? ??? ????. ?? ??? ??, ??? ????, ???? ?
??, ??? ???? ????? ??, ??? ? ?? ?? ?? ?? ??? ???
???. ?? ?? ?? ?? ?? ??? ??? ???.
Dan "Effugas" Kaminsky

75
??

????? ?????
?? ??
??? ??????? ?? ??
? ???? ???
??? ??? ??
?? ?? IP ???

76
????? ?????

??????
Meike Keao ???? ???? ???? ?? ??? ?? ??? ???
???? ?
TCP/IP ????? ??? ??, ? TCP ??? ??, ?? ???, ??
????? ??? ?? ???? ?? ??? ??
?? ??? ??? ?? ???? ???? ?? ???? ???? ???? ??? ??
???? ???? ??
???
??? ??? ?
?? ?? ??? ?? ??? ??
??? ?? ???? ????
?? ?????
???? ???
??? ???? ?? ???
Hot Swappable Router Protocol (HSRP)
Linux? Fake project (www.au.vergenet.net/linux/fak
e)
??? ?? ???

77
ARP ??? (1)

ARP ????

78
ARP ??? (2)

ARP ??/Poisoning
???? ?? ????? ARP ??? ??? ????? ARP ??? ??? ?? ?
?? ??? ??? ??
??? ?? 2.4.x??? ???? ?? ARP ??? ?? ?? ??? ???? ??
??? ??
ARP ??(request)? ?? ?? ? ??? ??? ??? ??? ????? ??
???
SOLARIS? ?? ??? ??? ?? ARP ??(reply)? ??? ???? ??
???? ?? ICMP_ECHO_REQUEST? SOLARIS ???? ??? ARP
??? ??? ?? ?? ARP ?? ?? ??

79
DNS ??? (1)

DNS ?? ??

80
DNS ??? (2)

DNS ??? ??

81
? ???? ???

www.doxpara.com/popup_ie.html

82
??? ??? ??

??? ?? ??? DoxRoute
???? ??
??? MAC ??? ?? ARP ??? ??
??? IP ??? ?? Ping ??? ??
?? ????? ??? ??
DoxRoute
Libpcap? libnet? ??? fake ???

83
?? ?? IP ???
B? ????
???
???
84
???

IP Spoofing ???
??
???? ???? ?? ??
??
?? ??? ??? ?? ???? ??? ??? ????? ???? ?? ??? ??
?? IP ??? ??? ??? ?? ??? ??? ?? ??? ?? ?? ??
Router?? source routing? ???? ??
?? ?????? IP Spoofing? ?? ? ??.
Sequence number? Random ?? ?????? ?
Sequence number? sniff ? ? ?? ???? ?? ? ??.
Denial of Service? ???? ??? ?
IP Spoofing? Denial of Service? ??? ????? Denial
of Service? ??? ???
IP Spoofing ??? ??? ??.
IP? ???? ???? ???? ??
IP Spoofing? ?? ? ??? ??? ?????.
???? Protocol ? ??
???? Protocol? ???? IP Spoofing??? ??? ??? ? ???
??? ????
??? ?? ??? ?? ?? ??.

85
?????(DoS/DDoS)
86
DoS(Denial of Service)

DoS(Denial of Service)
???? ???? H/W? S/W ?? ???? ??? ????? ??? ???? ???
??? ????? ??? ??? ??
??
??? ?? ? ???? ?? ??
?? ??? ?? ??
??? ?? ??? ?? ??? ?? ??
??? ?? ?? ??
?? ????? ??? ?? DOS ?? ??

87
DoS(Denial of Service)

DoS(Denial of Service)
DoS ??? ??
??? ???, ??? ??, ???? ???
???? anonmail, kabomb
Buffer Overflow
Ping Flooding, SYN Flooding, etc
DoS ?? ??
Blood Lust - OOB??? ?? ???? ?? 139? ??
Bitch Slap - IP??? ???? ?? ?? ?????? ?? ?? ??
Click - IRC ?? ??? ?? ??
Cyber - ping ???? ??? ??? ??? ?? ??

88
DoS(Denial of Service)

Smurf ??
ICMP echo/reply packets ??
broadcast networks ??? ???? ??? ??

89
DoS(Denial of Service)

Land
Source ??? ?? ??? ??? IP ? port? ???? ?? ??
??? ?? ???? ?? ??? ???? ???? IP ??? ??? ?? ??
BSDI 2.1 vanilla, FreeBSD 2.2.x, 3.0, HP-UX
10.20, NetBSD 1.2, OpenBSD 2.1, SunOS 4.1.4,
Cisco 2511
?? ????? ?? IP? ?? ?? ??? ??
http//www.cisco.com/warp/public/770/land-pub.shtm
l
Ping of Death, ping flooding
packet fragmentation and reassembly ??? ??
?? ? ping ?? ??
ping -s 65507 hostname
???? IP ??? ??? ?? ??
?? ????(www.sophist.demon.co.uk/ping/ ??)

90
DoS(Denial of Service)

SYN Flooding
?? ?? half-open TCP??? ???? ?? ???? listen queue?
?? ??
TCP ??? ?? ??

flat telnet 200.227.32.15 Trying
203.227.32.15... Connected to 203.227.32.15. Escap
e character is ''. SunOS UNIX (test) login
Login timed out after 60 seconds Connection
closed by foreign host. flat
testsynf 1.1.1.1 2000 203.227.32.15 23 SYN
flooding from 1.1.1.1 to 203.227.32.15.23
91
DDoS(Distributed Denial of Service)