shibasaki(印刷用)

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "shibasaki(印刷用)"

Transcription

1 M M M

2 NIC

3 alert NIDS Snort alert tcp /24 any -> $HTTP_SERVER 80 (msg: HTTP Access Detected";) alert tcp /24 any $HTTP_SERVER -> 80 oinkmaster Oink M M ANNEX PC-UNIX DSU M KIU L3

4 Web alert ACIDBIONS ANNEX ANNEX ANNEX-WatchDog Watchdog PC-UNIXANNEX ANNEX Perl PC-UNIX ANNEX Watchdog ping Postfix MTA Mail Transfer Agent)

5 ALL OK snort OK mysql OK apache NG postfix OK ANNEX ERROR Apache NG ANNEX PC-UNIX snort mysql apache postfix PC-UNIXANNEX ANNEXPC-UNIX ALL OK dhcpd OK squid OK apache NG bind OK ANNEX ERROR apache NG dhcpd squid apache bind ANNEX PC-UNIX ANNEX 4 8 Snort 8 NIC OS 8 9 PC-UNIX ANNEX L3 PC(A)

6 ANNEX PC alert UPnP alert alert PC SNMP BIONS SNMP alert alert KIU 10 ANNEX 2 NIC 3 OS

7 URL

8 1. Snort (local.rules) 2. (bad-traffic.rules) 3. (exploit.rules) 4. (scan.rules) 5. Finger (finger.rules) 6. FTP (ftp.rules) 7. Telnet (telnet.rules) 8. RPC (rpc.rules) 9. Rsh,rlogin,rexec (rservices.rules) 10. DoS (dos.rules) 11. DdoS (ddos.rules) 12. DNS (dns.rules) 13. TFTP (tftp.rules) 14. CGI (weg-cgi.rules) 15. ColdFusion Web (web-coldfusion.rules) 16. IIS (web-iis.rules) 17. Frontpage Server Extension (web-frontpage.rules) 18. Web (web-misc.rules) 19. Web (web-client.rules) 20. PHP (web-php.rules) 21. Microsoft SQL Server (sql.rules) 22. X (x11.rules) 23. ICMP (icmp.rules) 24. NetBIOS (netbios.rules) 25. (misc.rules) 26. (attack-responses.rules) 27. Oracle (oracle.rules) 28. MySQL (mysql.rules) 29. SNMP (snmp.rules) 30. SMTP (smtp.rules) 31. IMAP (imap.rules) 32. POP2 (pop2.rules) 33. POP3 (pop3.rules) 34. NNTP (nntp.rules) 35. Snort IDS (other-ids.rules) 36. Web (web-attacks.rules) 37. (backdoor.rules) 38. (shellcode.rules) 39. (policy.rules) 40. (porn.rules) 41. (info.rules) 42. ICMP (icmp-info.rules) 43. SMTP (virus.rules) 44. AIM,ICQ,IRC (chat.rules) 45. Quick Time MPEG (multimedia.rules) 46. Kazaa P2P (p2p.rules) 47. Snort (experimental.rules) 48. (deleted.rules) IDS -Snort&Tripwire -

9

10

11 : [PC-UNIX:Critical] (tsuchis-e) (Thu, 13 Jan :50: (JST)) : PC-UNIX : date : 2005/01/13-20:50:00 host : tsuchis-e IP address : school domain : tsuchis-e.tsuchis-e.kashiwa.ed.jp Message: ANNEX [PING TEST] ANNEX: L3SWITCH: ping OK [DAEMON CHECK] syslogd is running inetd is running cron is running named is running squid is running snmpd is running dhcpd is running [DISK SIZE CHECK] MAX:95 / OK /tmp OK /usr OK /var OK [SERVER SERVICE PORT CHECK] service 21(ftpd): OK! service 23(telnetd): OK! service 25(smtpd): OK! [SERVER DAEMON CHECK] syslogd OK! inetd OK! cron OK! httpd NG! rl0 OK! rl1 OK! postfix OK! mysqld OK! [MAIL] ERROR MAIL. --- Annex Watch Dog Center Annex ver1.4 (C) Kyoichiro Shibasaki 2004

12 AlertSCAN UPnP service discover attempt UPnPUniversal Plug and Play Windows98 Windows Me WindowsXP UPnP WindowsXP Windows98/Me XP IP IP UPnP Alert UPnP TCP/IP UPnP LAN DHCP UPnP BaseBand Private Windows PC Newsletter Windows XP UPnP BaseBand Private Windows PC Newsletter

13