PPT – PLUS PowerPoint presentation | free to download

About This Presentation

Title:

PLUS

Description:

Title: Linux Author: pegasus Last modified by: ohhara Created Date: 7/16/1998 3:46:33 AM Document presentation format: Company – PowerPoint PPT presentation

Number of Views:42

Avg rating:3.0/5.0

Slides: 30

Provided by: peg113

Category:

more less

Transcript and Presenter's Notes

Title: PLUS

1
???? ??

PLUS
???

2
??(1)

?????
???? ?? ??? ??? ?? ??
?? ?? ??? ?? ??
named? ??? ??
imapd? ??? ??
smbd? ??? ??

3
??(2)

?? ??? ????
mscan
imapd? ?? ????
named? ?? ????
??? ??? ?? ??

4
?????

???? ?? Linus Torvalds?? ???? ?? PC?? ?? ??? UNIX
clone
??(kernel)? ??? ??? ???? ?? PC?? ??? ? ?? ??? ???
???? OS

5
???? ?? ??? ??? ?? ??(1)

OS?? ??? ??? ???? ??
??? ??(kernel)? ??? ??? ??? ??? ? ??
??? ???? ??? ??
??? ???
??? ???
????? ???
???? ???CD ??? ??

6
???? ?? ??? ??? ?? ??(2)

?? ??? ???? ??? ??? ?? ??? ????? ?? ?? ??? ?

???? Alzza Redhat Linux 5.0 Patch man II
?? 1998? 3? named(bind)?? ?? (CERT) 1998? 4?
8? named? ??? linux? ?? ?? ??? 1998? 5?
19? named? ??? ???? ?? ?? ?? 1998? 7? 1?
7
?? ??? ?? ??? ?? ??(1)

named
Redhat Linux 5.0? ??
inverse query? ? buffer overflow??
CA-98.05.bind_problems ??
imapd
Redhat Linux 4.0? ??
username? ?? ?? ? buffer overflow??
CA-97.09.imap_pop ??

8
?? ??? ?? ??? ?? ??(2)

smbd
Redhat Linux 4.2? ??
password? ?? ?? ? buffer overflow??

9
named? ??? ??(1)

ADMw0rm

??? /tmp/.w0rm0r? ??
named? ??
w0rm?? ??
host??? /tmp/.X11x? ??
/tmp/.X11x? index.html? ??
/tmp/.w0rm? /var/log? ??
????
10
named? ??? ??(2)

Hnamed
?? ???? ? ???? root???? ???? ? ??
? ? ???? named? crash?? ??? ? ? ??? ? ??

11
imapd? ??? ??

imap
offset? ?? ?? buffer overflow? ?? ???? ?? ??
standard output?? ??
netcat? ???? 143port? ???? ?? ???? ??? ? ????
root???? ???? ? ??

12
smbd? ??? ??

ADMkillsamba
buffer size? offset size? ??? ?? ???? ???? ??
????? root???? ???? xterm? ?? ???? ???
ADMkillsamba? ???? ???? ????? ????? ?????? ?? ??
? ?? smbclient? ???

13
mscan

??? ???? ?? ??? ??? ? ?? ?? ???? ???? ???? ?? ??
????
?? ???? ???? ???? mscan? ??? ????? ????? ??? ?
?) mscan -z postech.ac.kr -a gt mscan.log

14
imapd? ?? ????(1)

????? ????? ??? ????? x? imapd? ??? ?? ??? ??
??? ??? ?? ???? x? ?? ???? ??? ?? ?? ?? ???

15
imapd? ?? ????(2)

x?? ??? ? ??
/etc/passwd ? dark?? id? ???
/.bash_history? /dev/null? ????
/etc/securetty? ??? ???? superuser?? ???? ?
/tmp ? zgr, bnc? ??
zgr? /var/log/wtmp, /var/run/utmp,
/var/log/lastlog?? ?? ???? ??? ?? (?? ??? Zap2)

16
imapd? ?? ????(3)

bnc? irc? ??? ? ??? ??? ?? ? ?? ? ?? ????
?? www.g.org? ?? ???? mount?? ?? ??
?? K??? ?? k? imapd? ??? ???? k??
???(sniffer)? ??? k?? ???? id? password? ???
?? top? ps? ??? ?????? ??? sniffer? top?? ps? ???
????? ????

17
imapd? ?? ????(4)

?? N??? s? ?? ??
?? C??? t? imapd? ??? ???? ?? K???? ? ?? ??
??? ?
dark?? id? ???? ? ??? 1998? 5? 29??? 6? 23??? ??
?? ????? ISP? ?? ???? x? ???? ?? ?? ?? ???

18
imapd? ?? ????(5)

?????? ??
x? dark? ?? ???? ??? ?? ??? ??? ?

19
named? ?? ????(1)

???? ?? I?? j?? ???? ?? ???? mscan? ??? ??? ??
?? 1998/06/29
PLUS??? mscan?? ???? ??? ??? ?? ???? named,
imapd?? ??? ?? ??? ?? ?? ?? 1998/07/01

20
named? ?? ????(2)

named? ?? ???? ??? ??? ? 4?? ????? ??? ??? ??
?? 1998/07/02
4?? ???? ??? ??? ?? ???? ?? ???? ???? ??? ??? ??
???? ??? ?? ????? ???

21
named? ?? ????(3)

??? 4?? ????? ? ??
password? null? kaka?? id? root??? ?? rewt?? id?
/etc/passwd? ??
named? ???? ?? ??? named? ???? ???? ??? ?
warchild rootkit? s.co.nz?? ftp? ????
/dev/xdd21? ??
??? ??? ?? ??? ??

22
named? ?? ????(4)

warchild rootkit
????? ?? ? ?? rootkit? warchild?? ??? ?? ??? ???
??? ???
chfn, chsh, dir, du, in.idserv, in.inetd,
in.rshd, ifconfig, login, ls, netstat ,passwd,
ps, pstree, syslogd, tcpd, top, vdir? ???? ??

23
named? ?? ????(5)

????? ??? ?? ?? ????? ??? ??? ?? ????? ?? ??? ??
??? ?? ??? ??? ?? ?? uninstall??? ??
????? ??? ?? ??? ? ?? ?? ?? ? ????? ?? ??

24
named? ?? ????(6)

warchild rootkit? ????? ??
ps, pstree, top /dev/edc1? ???? ?? ????? ??? ??
?
netstat /usr/src/linux/arch/alpha/lib/.lib/.1add
r? ???? ?? ??? ??? ?? ?
dir, du, ls, vdir /dev/edc3? ???? ?? ??? ??? ??
?

25
named? ?? ????(7)

syslogd /dev/edc4? ???? ?? ??? ???? ??
ifconfig ???? ????? ??? ??? ??? ?? ?
in.idserv ???? ???? ??? ??? /dev/xdd21/wrksn1ff?
???
login id? m, password? a? ???? root? ????

26
named? ?? ????(8)

in.inetd 510 port?? ???? ???? password? ?? ?? ?
rootshell? spawn?
??? ?????? ?? ?? ??? ??? ??? ????
?? ?? ??? PLUS? ?? ???? ?? ??? ??? ?? ? ???? ???
?? ??? ????? ?? ??? ???? ?? ???? ???

27
??? ??? ?? ??(1)

named? ?? ??
/etc/rc.d/init.d/named stop
chmod 000 /usr/sbin/named
imapd? ?? ??
vi /etc/inetd.conf
imap?? ???? ?? ??? ? comment?? ??.
Killall -HUP inetd

28
??? ??? ?? ??(2)

smbd? ?? ??
/etc/rc.d/init.d/smb stop
chmod 000 /usr/sbin/smbd
mscan?? scan? ??? ? ?? ??
/var/log/secure? ??? ??

Jul 5 115048 victim imapd8580 connect from
141.223.. Jul 5 115048 victim
ipop3d8581 connect from 141.223.. Jul 5
115048 victim in.telnetd8582 connect from
141.223..
29
??? ??? ?? ??(3)

password? null? ??? ??? ??
?? ??? ????? ??
?? ?? ????? ???? ??
?? ?? ??? ?? ??
http//www.redhat.com/support/docs/rhl/
??? ???? ???? ??? ?? ?? ??? ??? ?? ??

Write a Comment

User Comments (0)

About PowerShow.com

PLUS - PowerPoint PPT Presentation

PLUS

Title: Linux Author: pegasus Last modified by: ohhara Created Date: 7/16/1998 3:46:33 AM Document presentation format: Company – PowerPoint PPT presentation