{"id":81,"date":"2007-05-05T16:59:47","date_gmt":"2007-05-05T16:59:47","guid":{"rendered":"http:\/\/newblog.mix1009.net\/?p=81"},"modified":"2007-05-05T16:59:47","modified_gmt":"2007-05-05T16:59:47","slug":"freebsd-blackhole-%ea%b8%b0%eb%8a%a5","status":"publish","type":"post","link":"https:\/\/mix1009.net\/?p=81","title":{"rendered":"FreeBSD blackhole \uae30\ub2a5"},"content":{"rendered":"

FreeBSD\uc5d0\uc11c DoS \uacf5\uaca9\uc744 \uadfc\ubcf8\uc801\uc73c\ub85c \ub9c9\uc744 \ubc29\ubc95\uc740 \ubfb0\uc871\ud788 \uc5c6\uc9c0\ub9cc \uc880 \ub290\ub9ac\uac8c \ub9cc\ub4dc\ub294 \ubc29\ubc95\uc785\ub2c8\ub2e4. PF(Packet Filter)\ub85c \uc798 \uc124\uc815\ud558\uace0 \uc2f6\uc9c0\ub9cc \uc5f0\uacb0\uc744 \ub9ce\uc774 \uc720\uc9c0\ud558\ub294 \uc11c\ubc84\uc5d0\uc11c PF\uac00 \uc131\ub2a5\uc800\ud558\uac00 \uc788\ub294\uac70 \uac19\uc544\uc11c \uc77c\ub2e8 \ub2e4\ub978\ubc29\ubc95\uc73c\ub85c \ub300\ucc98\ud588\uc2b5\ub2c8\ub2e4.<\/p>\n

man blackhole \ud558\uba74 \uc790\uc138\ud55c \uc124\uba85 \ubcfc\uc218 \uc788\uc73c\uba70,<\/p>\n

net.inet.tcp.blackhole\uc640 net.inet.udp.blackhole\uc744 \uc138\ud305\ud558\uba74 \ub429\ub2c8\ub2e4.<\/p>\n

# sysctl -w net.inet.tcp.blackhole=1<\/span>
\n# sysctl -w net.inet.udp.blackhole=1<\/span><\/div>\n

\n\ud3ec\ud2b8 \uc2a4\uce94\ud560\ub54c, \ub2eb\ud600\uc788\ub294 \ud3ec\ud2b8\uc5d0 \ub300\ud574\uc11c\ub294 \ub9ac\uc14b(RST) \ud328\ud0b7\uc774 \ub0a0\ub77c\uac00\ub294\ub370 \uc774\uac78 \uc544\uc608 \uc548\ubcf4\ub0b4\uac8c \ud569\ub2c8\ub2e4. tcp.blackhole\uc758 \uacbd\uc6b0 1\uc774\uba74 \uc5f0\uacb0(SYN) \ud328\ud0b7\uc5d0 \ub300\ud574\uc11c RST\ub97c \uc548\ubcf4\ub0b4\uba70, 2\ub85c \uc138\ud305\ud558\uba74 \ubaa8\ub4e0 \ud328\ud0b7\uc5d0 \ub300\ud574\uc11c RST\ub97c \uc548\ubcf4\ub0c5\ub2c8\ub2e4. UDP\ub294 \ub530\ub85c \uc5f0\uacb0 \ud328\ud0b7\uc774 \uc5c6\uae30 \ub54c\ubb38\uc5d0 1\ub85c \uc138\ud305\ud558\uba74 \ub2eb\ud600\uc788\ub294 \ud3ec\ud2b8\ub85c \uc624\ub294 \ud328\ud0b7\uc5d0 \ub300\ud574\uc11c RST \uc751\ub2f5\uc744 \uc548\ubcf4\ub0b4\uace0 \ubb34\uc2dc\ud569\ub2c8\ub2e4.<\/p>\n

\ud3ec\ud2b8\uc2a4\uce94\uc744 \ud558\uba74 \uc5c6\ub294 \ud3ec\ud2b8\ub85c \ub9ce\uc740 \ud328\ud0b7\uc774 \uc624\uae30 \ub54c\ubb38\uc5d0 RST \ud328\ud0b7\uc774 \ub9ce\uc774 \ub098\uac00\uac8c \ub429\ub2c8\ub2e4. \uc774\ub7f4 \uacbd\uc6b0 \uc2dc\uc2a4\ud15c\uc5d0 \ubd80\ud558\ub97c \uc77c\uc73c\ud0ac \uc18c\uc9c0\uac00 \uc788\uc73c\ubbc0\ub85c, FreeBSD\uc5d0\uc11c\ub294 RST\ub97c \ubcf4\ub0bc\ub54c 1\ucd08\uc5d0 200\uac1c\uc758 RST \ud328\ud0b7\ub9cc \ubcf4\ub0b4\ub3c4\ub85d \uc81c\ud55c\uc774 \ub418\uc5b4\uc788\uc2b5\ub2c8\ub2e4. \uc774\ub97c \ub118\uc744 \uacbd\uc6b0 \uc544\ub798\uc640 \uac19\uc740 \uacbd\uace0 \uba54\uc2dc\uc9c0\uac00 dmesg \ub4f1\uc5d0 \ub098\ud0c0\ub0a9\ub2c8\ub2e4.<\/p>\n

Limiting closed port RST response from 286 to 200 packets\/sec
\nLimiting closed port RST response from 463 to 200 packets\/sec\n<\/div>\n

\n\uc5ec\uae30 IP \uc815\ubcf4\uac00 \ub098\uc624\uc9c0 \uc54a\uae30 \ub54c\ubb38\uc5d0 \uc815\ubcf4\ub97c \ubcf4\uae30 \uc704\ud574\uc11c\ub294<\/p>\n

# sysctl -w net.inet.tcp.log_in_vain=1<\/span>
\n# sysctl -w net.inet.udp.log_in_vain=1<\/span>\n<\/div>\n

\n\ud558\uc9c0\ub9cc \uc774\ub807\uac8c \ud558\uba74 \ub85c\uae45\ub418\ub294 \uc815\ubcf4\uac00 \ub108\ubb34 \uc0c1\ub2f9\ud788 \ub54c\ubb38\uc5d0 \uc2dc\uc2a4\ud15c\uc5d0 \ub354 \ud070 \ubd80\ud558\ub97c \uc77c\uc73c\ud0ac \uac00\ub2a5\uc131\uc774\uc788\uc2b5\ub2c8\ub2e4. \uacf5\uaca9\uc744 \ub2f9\ud558\ub294 \uc11c\ubc84\uc5d0\uc11c\ub294 \uc7a0\uae50\ub3d9\uc548 \uae30\ub2a5\uc744 \ucf30\ub2e4\uac00 \ub044\ub3c4\ub85d \uc544\ub798\ucc98\ub7fc \uc2e4\ud589\ud558\uc138\uc694.<\/p>\n

# sysctl -w net.inet.tcp.log_in_vain=1; sleep 5; sysctl -w net.inet.tcp.log_in_vain=0<\/span>\n<\/div>\n

\n\uc704\uc5d0 \ucc98\ub7fc \uc11c\ubc84(SERVER_IP)\uc5d0\uc11c \ub3cc\ub9ac\uace0, \uc6d0\uaca9 \uc11c\ubc84(SCANNER_IP)\uc5d0\uc11c nmap\uc744 \ub3cc\ub824\ubd24\uc2b5\ub2c8\ub2e4. \uc2a4\uce94 \ub2f9\ud558\ub294 SERVER_IP\uc5d0\uc11c\ub294 blackhole \uae30\ub2a5\uc740 \ub048\uc0c1\ud0dc\uc785\ub2c8\ub2e4.<\/p>\n

Connection attempt to TCP SERVER_IP:25 from SCANNER_IP:38947 flags:0x02
\nConnection attempt to TCP SERVER_IP:1723 from SCANNER_IP:38947 flags:0x02
\nConnection attempt to TCP SERVER_IP:3389 from SCANNER_IP:38947 flags:0x02
\n… (\uc0dd\ub7b5)<\/span>
\nLimiting closed port RST response from 233 to 200 packets\/sec
\n… (\uc0dd\ub7b5)<\/span>
\nLimiting closed port RST response from 262 to 200 packets\/sec
\n… (\uc0dd\ub7b5)<\/span>
\nLimiting closed port RST response from 279 to 200 packets\/sec\n<\/div>\n

\nblackhole=1\ub85c \uc124\uc815\ud55c \uc0c1\ud0dc\uc5d0\uc11c\ub294 Limiting closed port… \uba54\uc2dc\uc9c0\uac00 \ub098\ud0c0\ub098\uc9c0 \uc54a\uace0, nmap\uc758 \uc2e4\ud589\uc18d\ub3c4\uac00 \ub9ce\uc774 \ub290\ub824\uc9d1\ub2c8\ub2e4. \uae00\uc4f0\uba74\uc11c \uc2e4\ud589\ud574\ubd24\ub294\ub370 \uba87\ubd84\uc774 \uc9c0\ub098\ub3c4 \ub05d\ub098\uc9c0\uac00 \uc54a\ub294\uad70\uc694. \ub2f5\ub2f5\ud574\uc11c nmap \uc2e4\ud589\ucc3d\uc5d0\uc11c \uc5d4\ud130\ub97c \ucce4\ub354\ub2c8 \ub2e4\uc74c\uacfc \uac19\uc740 \uba54\uc2dc\uc9c0\uac00 \ub098\uc624\ub124\uc694. \u314e\u314e \ucf58\uc194 \ud504\ub85c\uadf8\ub7a8\uc778\ub370 \uc774\ub7f0\uac70\uae4c\uc9c0 \uc2e0\uacbd\uc368\uc8fc\ub294\uad70\uc694. ^^<\/p>\n

Stats: 0:06:49 elapsed; 1 hosts completed (1 up), 1 undergoing SYN Stealth Scan
\nSYN Stealth Scan Timing: About 72.17% done; ETC: 01:59 (0:02:37 remaining)\n<\/div>\n

\ud55c\uac00\uc9c0 \ubb38\uc81c\uac00 blackhole \uae30\ub2a5\uc744 \ucf1c\ub450\uba74 \uc6d0\uaca9\uc5d0\uc11c \uc11c\ubc84 \ubaa8\ub2c8\ud130\ub9c1\ud560\ub54c \uc11c\ubc84\uac00 \uc8fd\uc5b4\ub3c4 \uc751\ub2f5\uc774 \ubc14\ub85c \uc624\uc9c0\uc54a\ub294 \ubb38\uc81c\uac00 \uc788\ub294\ub370, PF\ub97c \ud1b5\ud574\uc11c \ud3ec\ud2b8\uc5d0 \ub530\ub77c\uc11c \uc120\ud0dd\uc801\uc73c\ub85c blackhole \uae30\ub2a5\ucc98\ub7fc RST \ubcf4\ub0b4\uc9c0 \uc54a\ub3c4\ub85d \uc124\uc815\ud558\ub294\uac83\uc774 \ub354 \uc88b\uc744\uac70 \uac19\ub124\uc694.<\/p>\n","protected":false},"excerpt":{"rendered":"

FreeBSD\uc5d0\uc11c DoS \uacf5\uaca9\uc744 \uadfc\ubcf8\uc801\uc73c\ub85c \ub9c9\uc744 \ubc29\ubc95\uc740 \ubfb0\uc871\ud788 \uc5c6\uc9c0\ub9cc \uc880 \ub290\ub9ac\uac8c \ub9cc\ub4dc\ub294 \ubc29\ubc95\uc785\ub2c8\ub2e4. PF(Packet Filter)\ub85c \uc798 \uc124\uc815\ud558\uace0 \uc2f6\uc9c0\ub9cc \uc5f0\uacb0\uc744 \ub9ce\uc774 \uc720\uc9c0\ud558\ub294 \uc11c\ubc84\uc5d0\uc11c PF\uac00 \uc131\ub2a5\uc800\ud558\uac00 \uc788\ub294\uac70 \uac19\uc544\uc11c \uc77c\ub2e8 \ub2e4\ub978\ubc29\ubc95\uc73c\ub85c \ub300\ucc98\ud588\uc2b5\ub2c8\ub2e4. man blackhole \ud558\uba74 \uc790\uc138\ud55c \uc124\uba85 \ubcfc\uc218 \uc788\uc73c\uba70, net.inet.tcp.blackhole\uc640 net.inet.udp.blackhole\uc744 \uc138\ud305\ud558\uba74 \ub429\ub2c8\ub2e4. # sysctl -w net.inet.tcp.blackhole=1 # sysctl -w net.inet.udp.blackhole=1 \ud3ec\ud2b8 \uc2a4\uce94\ud560\ub54c, \ub2eb\ud600\uc788\ub294 \ud3ec\ud2b8\uc5d0 \ub300\ud574\uc11c\ub294 \ub9ac\uc14b(RST) \ud328\ud0b7\uc774 \ub0a0\ub77c\uac00\ub294\ub370 […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[78,2],"class_list":["post-81","post","type-post","status-publish","format-standard","hentry","category-unix","tag-blackhole","tag-freebsd"],"_links":{"self":[{"href":"https:\/\/mix1009.net\/index.php?rest_route=\/wp\/v2\/posts\/81","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mix1009.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mix1009.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mix1009.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mix1009.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=81"}],"version-history":[{"count":0,"href":"https:\/\/mix1009.net\/index.php?rest_route=\/wp\/v2\/posts\/81\/revisions"}],"wp:attachment":[{"href":"https:\/\/mix1009.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=81"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mix1009.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=81"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mix1009.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=81"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}