$B%M%C%H%o!<%/$N$$$/$D$+$N35G0$r!"(B
$BFC$K$=$l$i$,$I$N$h$&$K%;%-%e%j%F%#$K@x:_E*$J1F6A$rM?$($k$N$+$r!"(B
$B5;=QE*$K$J$i$J$$$h$&$K
$B$b$&$*5$$E$-$K$J$C$F$$$k$+$b$7$l$^$;$s$,!"(B Linux $B$OHs>o$K%M%C%H%o!<%/;X8~$J%*%Z%l!<%F%#%s%0%7%9%F%`$G$9!#(B $BB?$/$N$3$H$,0l$D$N%?%$%W$N!"$^$?$O$=$N$[$+$N(B"$B%5!<%P(B"$B!"(B $BNc$($P!"(BX $B%5!<%P!"%U%)%s%H%5!<%P!"%W%j%s%H%5!<%P!"(B $BEy$K@\B3$9$k$3$H$K$h$C$F9T$o$l$^$9!#(B
$B%5!<%P$O(B"$B%5!<%t%#%9(B"$B$rDs6!$7!"(B $B$=$N%5!<%t%#%9$OMM!9$JG=NO$r!"(B $B%m!<%+%k%7%9%F%`$H!"@x:_E*$K$OB>$N%j%b!<%H%7%9%F%`$NN>LL$KDs6!$7$^$9!#(B $B0lHLE*$K$O!"F1$8%5!<%P$,N>J}$N5!G=$rDs6!$7$F$$$^$9!#(B $B$=$l$>$l$N>lLL$NGX8e$G@E$+$KF/$$$F$$$k%5!<%P$b$"$j$^$9$7!"(B $B$^$?B>$N%5!<%P$O$=$N@-Dj$7$F$G$9$,!K!"(B $B$=$l$O$=$3$GF0$$$F$$$F!"<*$r$9$^$;$F$$$F!"@\B3MW5a$rBT$C$F$$$k$N$G$9!#(B $BE57?E*$J(B Linux $B%$%s%9%H!<%k$G$OK\Ev$KBt;3$N%?%$%W$N%5!<%P$,(B $B;H$($k$h$&$K$J$C$F$$$k$G$7$g$&!#(B $B%G%U%)%k%H$N%$%s%9%H!<%k$O$7$P$7$P!"(B $B$3$l$i$N$$$/$D$+$r(B"$B%*%s(B"$B$K$7$F$7$^$&!"(B $B$D$^$jAv$i$;$F$7$^$$$^$9!#(B
$B$G$9$+$i!">o;~!"K\Ev$N%M%C%H%o!<%/$K@\B3$7$F$$$J$$$H$7$F$b!"(B
$B$d$O$j!"8@$o$P(B"$B%M%C%H%o!<%/4D6-$K$"$k(B"$B$N$G$9!#(B
$BNc$($P!"Fk@w$_?<$$%m!<%+%k$J(B X $B%5!<%P$r$H$j$^$7$g$&!#(B
$B$3$l$OC1$K(B GUI $B%$%s%?!<%U%'!<%9$rDs6!$9$k$@$1$N$b$N$H9M$($i$l$,$A(B
$B$+$b$7$l$^$;$s$,!"$3$l$O$"$kE@$K$*$$$F$N$_@5$7$$$@$1$G$9!#(B
$B$=$l$O%/%i%$%"%s%H$N%"%W%j%1!<%7%g%s$K(B"$B%5!<%t%#%9$rDs6!$9$k(B"
$B$3$H$G$3$l$r9T$C$F$$$F!"$D$^$j
$B$=$7$F!"$=$&$G$9!"$"$J$?$,%U%!%$%"!<%&%)!<%k$rAv$i$;$F$*$i$:!"(B
$B$^$?$O!"Be$o$j$N $B$3$3$G5DO@$7$F$$$k(B Linux $B$d%$%s%?!<%M%C%H$G$N(B
TCP/IP (Transmission Control Protocol/Internet Protocol) $B%M%C%H%o!<%/$G$O!"(B
$BA4$F$N@\B3$5$l$?%3%s%T%e!<%?$,0l0U$J(B "IP $B%"%I%l%9(B"
$B$r;}$C$F$$$^$9!#EEOCHV9f$N$h$&$K9M$($l$P$$$$$G$7$g$&!#(B
$B3F?M$,0l$D$NEEOCHV9f$r;}$C$F$$$F!"(B
$B$=$7$F!"B>$NC/$+$KEEOC$r$+$1$k$?$a$K$O$=$N?M$NEEOCHV9f$rCN$kI,MW$,$"$j!"(B
$B$=$NEEOCHV9f$r%@%$%"%k$9$k$o$1$G$9!#(B
$BEEOCHV9f$,5!G=$9$k$K$O!"HV9f$O$=$N%7%9%F%`$G0l0U$G$J$1$l$P$J$j$^$;$s!#(B
IP $B%"%I%l%9$O0lHLE*$K%I%C%H$GJ,$1$i$l$?;M$D$N?t;z$G!"(B
$BNc$($P(B 152.19.254.81 $B$N$h$&$K5-=R$5$l$F$$$^$9!#(B $B$3$N "$B%]!<%H(B"
$B$O $BM#0l$D$N%5!<%P$@$1$,0lEY$K0l$D$N%]!<%H$K<*$r$9$^$;$F$$$k$+!"(B
$B$^$?$O(B"$B7k$S$D$1(B"$B$i$l$F$$$^$9!#(B
$B%5!<%P$O$=$N0l$D$N%]!<%H$rDL$8$FJ#?t$N@\B3$r3+$/$3$H$,$G$-$^$9$,!#(B
$B%3%s%T%e!<%?$OB>$N%3%s%T%e!<%?$K$3$l$i$N(B"$B%]!<%H(B"
$B$N@\B3$rDL$7$FOC$7$+$1$k$N$G$9!#(B
$B0l$D$N%3%s%T%e!<%?$OB>$N%3%s%T%e!<%?$N0l$D$N(B"$B%]!<%H(B"
$B$K@\B3$r3+$-!"$=$7$F$=$l$i3F<+$N%]!<%H$N4V$K3NN)$5$l$?@\B3$rDL$8$F(B
$B%G!<%?$r8r49$9$k$3$H$,$G$-$k$N$G$9!#(B $BEEOC$NSH$($KLa$j$^$7$g$&!#OC$r>/$73H$2$F!"(B
$BJ#;($JEEOC%7%9%F%`$r;}$DBg$-$JAH?%$r8F$S=P$9$3$H$r9M$($^$7$g$&!#(B
$B$=$NAH?%$O$?$/$5$s$N(B"$BIt=p(B"$B$r;}$C$F$$$^$9!#(B
$B%;!<%k%92]!"=P2Y2]!"@A5a2]!"F~2Y2]!"(B
$B%+%9%?%^!<%5!<%S%92]!"8&5f3+H/2]!"$J$I$J$I!#(B
$B3F2]$O$=$l$>$l$N(B"$BFb@~(B"$BHV9f$r;}$C$F$$$^$9!#(B
$B$D$^$j!"=P2Y2]$OFb@~(B 21 $BHV!"%;!<%k%92]$OFb@~(B 80 $BHV!"$J$I$G$9!#(B
$B$3$NSH$($G$O!"$=$NBeI=HV9f$,(B IP $B%"%I%l%9$G!"(B
$B3FIt=p$NFb@~HV9f$,%]!<%HHV9f$H$$$&$3$H$K$J$j$^$9!#(B
$B8F$S=P$9;~$K$O!"$=$N(B"$BIt=p(B"$B$NHV9f$O>o$KF1$8$G$9!#(B
$B$=$7$F0lHLE*$K$O!"F1;~$K$+$+$C$F$/$kB?$/$NEEOC$r07$&$3$H$,2DG=$G$9!#(B $B%G!<%?<+?H$O(B"$B%Q%1%C%H(B"$B$NCf$K4^$^$l$F$$$^$9!#(B
$B%Q%1%C%H$H$O%G!<%?$N>.$5$J$+$?$^$j$G!"(B
$B0lHLE*$K$O(B 1500 $B%P%$%H0J2<$G$9!#(B
$B%Q%1%C%H$O%G!<%?$r1?$V$@$1$G$O$J$/!"(B
$B@\B3$r@)8f$7AH?%2=$9$k$?$a$KMQ$$$i$l$^$9!#(B
$B%Q%1%C%H$K$O0[$J$k%?%$%W$,$"$j$^$9!#(B
$B$"$k$b$N$O@\B3$r@)8f$9$k$?$a$KFCJL$KMQ$$$i$l!"(B
$B$^$?$"$k%Q%1%C%H$O$=$N@Q2Y$H$7$F%G!<%?$r1?$S$^$9!#(B
$B$b$7$?$/$5$s$N%G!<%?$,$"$l$P!"$=$l$OJ#?t$N%Q%1%C%H$KJ,3d$5$l$^$9!#(B
$B $B0J2<$N(B netstat $B$N=PNO$+$i$N0l9T$N0zMQ$G!"(B
$BFs$D$N%3%s%T%e!<%?$N4V$NE57?E*$J@\B3$r8+$k$3$H$,$G$-$^$9!'(B
tcp 30 0 169.254.179.139:1359 18.29.1.67:21 CLOSE_WAIT
$B6=L#?<$$ItJ,$O;MHVL\$H8^HVL\$N%3%i%`$N(B IP $B%"%I%l%9$H%]!<%HHV9f$G$9!#(B
$B%]!<%HHV9f$O%3%m%s$N1&$K$"$k?t;z$G$9!#(B
$B%3%m%s$N:8B&$,3F%3%s%T%e!<%?$N(B IP $B%"%I%l%9$K$J$j$^$9!#(B
$B;MHVL\$N%3%i%`$O%m!<%+%k%"%I%l%9!"$D$^$j@\B3$N$3$A$iB&$NC<$G$9!#(B
$B$3$N>l9g!"(B169.254.179.139 $B$,!"(B
$B%W%m%P%$%@$K$h$C$F3d$jEv$F$i$l$?;d$N(B IP $B%"%I%l%9$G$9!#(B
$B$=$l$,(B 18.29.1.67 $B!J$3$l$O(B rpmfind.net $B$N%"%I%l%9$G$9!K>e$N(B
21 $BHV%]!<%H(B(FTP)$B$K@\B3$5$l$F$$$^$9!#(B
$B$3$l$O(B rpmfind.net $B$+$i$N(B FTP $B%@%&%s%m!<%I$ND>8e$N$b$N$G$9!#(B
$B;d$,(B 21 $BHV%]!<%H>e$N(B FTP $B%5!<%P$H@\B3$7$F$$$k4V$K!"(B
$B;d$N(B FTP $B%/%i%$%"%s%H$K$h$C$FMQ$$$i$l$F$$$k;dB&$N%]!<%HHV9f$O(B 1359 $B$G$9!#(B
$B$3$NHV9f$O%i%s%@%`$K(B"$BFC8"$N$J$$(B"$B%]!<%H$+$i3d$jEv$F$i$l!"(B
$BAPJ}8~(B(2-way)"$BBPOC(B"$B$N$3$A$iB&$NC
$B@\B3$N$3$A$iB&$GMQ$$$F$$$k(B"$BHsFC8"(B"$B%]!<%H$O(B $B0l;~E*$J$b$N$G!"%m!<%+%k$KAv$C$F$$$k%5!<%P$K$O4X78$7$^$;$s!#(B $B$=$l$O@\B3$,=*N;$7$?$H$-$K!"%+!<%M%k$K$h$C$FJD$8$i$l$^$9!#(B $B$3$l$O(B"$B<*$r$9$^$;$F$$$k(B"$B%5!<%P$K$h$C$F(B $B3+$-B3$1$i$l$F$$$k%]!<%H$H$OA4$/0c$&$b$N$G$9!#(B $B$3$l$i$N%]!<%H$O1JB3E*$J$b$N$G!"(B $B%j%b!<%H@\B3$,=*N;$7$?8e$b$:$C$H(B"$B3+$$$F(B"$B$$$^$9!#(B
$B$5$F!">e$NNc$rMQ$$$F$^$H$a$F$_$^$7$g$&!#(B
$B2f!9$O%5!<%P(B(rpmfind.net)$B$K%/%i%$%"%s%H!J;d!K$r@\B3$7!"(B
$B$=$N@\B3$ON>C<$N$=$l$>$l$N%]!<%H$K$h$C$FDj5A$5$l@)8f$5$l$^$9!#(B
$B%G!<%?$O%Q%1%C%H$K$h$C$FAw$i$l@)8f$5$l$^$9!#(B
$B%5!<%P$O(B"$BFC8"(B"$B%]!<%H!J$D$^$j!"(B1024 $BL$K~$NHV9f$N%]!<%H!K(B
$B$rMQ$$$F!"%]!<%H$r3+$-@\B3$N$?$a$K<*$r$9$^$;$F$$$^$9!#(B
$B;d$N%/%i%$%"%s%H$K$h$C$FMQ$$$i$l$F$$$k;d$NB&$NC<$N(B
"$BHsFC8"(B"$B%]!<%H$O0l;~E*$J$b$N$G!"(B
$B@\B3$,;}B3$7$F$$$k4V$@$13+$$$F$$$F!"(B
$B@\B3$NB>C<$N%5!<%P$N%]!<%H$X$N1~Ez$@$1$r9T$$$^$9!#(B
$B0lHLE*$K8@$C$F!"$3$N%?%$%W$N%]!<%H$O967b$d?/F~$N
$B%]!<%H$K$D$$$F$N%]%$%s%H$r$b$&0l$D!'(B $B%]!<%H$O$=$3$K<*$r$9$^$;$F$$$k2?$+$,$"$k$H$-$K!"(B $B%"%/%;%92DG=$G$"$k$@$1$G$9!#(B $B$b$7$=$3$G<*$r$9$^$;$F$$$k%5!<%t%#%9$d%G!<%b%s$,$$$F!"(B $BF~$C$F$/$k@\B3MW5a$K1~$($k$h$&BT$A
$B%/%i%$%"%s%H$H%5!<%P$N4V$N0c$$$K$D$$$F$N:G8e$N%]%$%s%H!#(B $B>e$NNc$G$O(B netstat $B$N(BLISTENER $B$N2U=j$K(B telnet $B$d(B ftp $B$J$I$N9`L\$,$"$j$^$;$s$G$7$?!#(B $B8@$$49$($l$P!"$3$N$h$&$J%5!<%P$O%m!<%+%k$KAv$C$F$$$J$$$N$G$9!#(B $BC/$+B>$N(B telnet $B$^$?$O(B ftp $B%5!<%P$K@\B3$9$k$?$a$K!"(B telnet $B$d(B ftp $B$N%5!<%P%G!<%b%s$rAv$i$;$kI,MW$O$"$j$^$;$s!#(B $B$3$l$i$O@\B3$7$h$&$H$9$kB>$N?M$?$A$KBP$7$F!"(B $B%5!<%t%#%9$rDs6!$9$k$?$a$K$"$k$N$G$9!#(B $B$[$H$s$I$N>l9g!"K\Ev$K$=$&$7$?$$?M$O>/$J$$$G$7$g$&!#(B $B%5!<%P$rAv$i$;$F$$$J$/$F$b!"(B telnet $B$H(B ftp $B$N%/%i%$%"%s%H%=%U%H%&%'%"$r;HMQ$9$k$N$K!"(B $B2?$NLdBj$b$J$$$N$G$9!#(B
$BDL>oNI$/8+$i$l!"MQ$$$i$l$F$$$k%]!<%H!"(B
$BDL>o$=$l$KIU?o$7$F$$$k%5!<%t%#%9L>$H$=$N4m81$K$D$$$F!"(B
$B4JC1$K8+$F$_$^$7$g$&!#(B
$BA4$F$N%]!<%H$O(B$B$J$s$i$+$N(B$B4m81$r$H$b$J$C$F$$$^$9!#(B
$BC1$K!"$=$NFb$N$$$/$D$+$O!"Nr;KE*$KB>$N$b$N$h$j(B
$BB?$/$N967b$r2A$5$l$k$+$r8+$^$9$,!"(B
$BI,$:$7$b$=$l$>$l$N%5!<%t%#%9$,0BA4$+$=$&$G$J$$$+(B
$B$G2r 1$BHV$+$i(B19$BHV$H!"$=$l$i$K7k$S$D$$$?%W%m%H%3%k$NB?$/$O8E=-$/$F!"(B
$B$*$=$i$/$=$N$I$l$b8=Be$N%7%9%F%`$G$OI,MW$J$$$G$7$g$&!#(B
$B$b$7$"$J$?$,$=$l$i$,2?$J$N$+$I$l$bCN$i$J$$$J$i!"3Necho $B%5!<%t%#%9$r(B
$BDL>o$N(B ping $B%W%m%0%i%`$H:.F1$7$F$O$$$1$^$;$s!#(B
$B$3$l$iA4$F$r%*%U$N$^$^$K$7$F$*$$$F$/$@$5$$!#(B
| 20$BHV%]!<%H!J(BFTP-DATA$B!K!#(B"$B%"%/%F%#%V$J(B" FTP $B@\B3$O(B
$BFs$D$N%]!<%H$r;H$$$^$9!'(B21 $BHV%]!<%H$O@)8fMQ%]!<%H$G!"(B
20 $BHV%]!<%H$O%G!<%?$,DL$k$?$a$KMQ$$$i$l$^$9!#(B
$B |
| 21 $BHV%]!<%H!J(BFTP $B%5!<%P%]!<%H!"$9$J$o$A%U%!%$%kE>Aw%W%m%H%3%k!K!#(B $B%7%9%F%`4V$G%U%!%$%k$rE>Aw$9$k$?$a$N!"Hs>o$K3NN)$5$l$?%W%m%H%3%k$G$9!#(B $BBgJQ4m81$,Bg$-$/!"%J%s%P!<%o%s$N967b%?!<%2%C%H$+$b$7$l$^$;$s!#(B |
| 22 $BHV%]!<%H!J(BSSH, Secure Shell, $B$^$?$O;~$K(B PCAnywhere $B%W%m%H%3%k!K!#(B $B4m81$ODc$$$+CfDxEY!#!J$b$A$m$s!"$$$o$f$k(B"$B0BA4$J(B" $B%5!<%t%#%9$KBP$7$F$5$(967b$O$"$j$^$9!K(B |
| 23 $BHV%]!<%H!J(BTelnet $B%5!<%P!K!#(BLAN $B$G$N;HMQ$N$_$K!#(B $B0BA4$G$J$$4D6-$K$*$$$F$O!"(B $BBe$o$j$K(B ssh $B$rMQ$$$F$/$@$5$$!#4m81$OCfDxEY!#(B |
| 25 $BHV!J(BSMTP, Simple Mail Transfer Protocol, $B$^$?$O%a%$%k%5!<%P%]!<%H!K(B $B$O%a%$%k$r30$KAw$k$?$a$H!"%a%$%k$r$"$k>l=j$+$iB>$N$H$3$m$X(B $BE>Aw$9$k$?$a$KMQ$$$i$l$^$9!#4m81$OCfDxEY!#(B $B$3$l$OD9$$4V!"9s$$967b$K$5$i$5$l$F$-$^$7$?$,!"(B $B:G6a2~A1$5$l$F$-$F$$$^$9!#(B |
| 37 $BHV%]!<%H!J(Btime $B%5!<%t%#%9!K!#$3$l$OAH$_9~$_$N(B inetd time $B%5!<%t%#%9$G$9!#(B $B4m81EY$ODc!#(BLAN $B$G$N;HMQ$N$_$K!#(B |
| 53 $BHV%]!<%H!J(BDNS, Domain Name Server $B%]!<%H!K!#(B $B%M!<%`%5!<%P$O$3$N%]!<%H$G<*$r$9$^$;!"%[%9%HL>$r(B IP $B%"%I%l%9$K(B $B2r7h$9$k$?$a$NLd$$9g$o$;$K1~$($^$9!#4m81EY$O9b!#(B |
| 67 $BHV(B(UDP)$B%]!<%H!J(BBOOTP, DHCP $B$N%5!<%P%]!<%H!K!#4m81EY$ODc!#(B $B$b$7(B LAN $B$G(B DHCP $B$rMQ$$$k$J$i!"(B $B$3$l$r%$%s%?!<%M%C%H$K$5$i$9I,MW$O$"$j$^$;$s!#(B |
| 68 $BHV(B(UDP)$B%]!<%H!J(BBOOTP $B$^$?$O(B DHCP $B$N%/%i%$%"%s%H%]!<%H!K!#4m81EY$ODc!#(B |
| 69 $BHV%]!<%H!J(Btfpt, Trivial File Transfer Protcol)$B!#(B $B6K$a$F4m81!#K\Ev$K!"K\Ev$KI,MW$J$i!"(BLAN $B$N$_$G;H$C$F$/$@$5$$!#(B |
| 79 $BHV%]!<%H!J(Bfinger, $B%7%9%F%`$H%m%0%$%s$7$F$$$k%f!<%6$N>pJs$rDs6!$9$k$?$a$KMQ$$$i$l$k!K!#(B $B%/%i%C%/$NI8E*$H$7$F$O4m81EY$ODc$$$,!"$"$^$j$KB?$/$N>pJs$rN.$9$?$a!"(B $BAv$i$;$k$Y$-$G$O$J$$!#(B |
| 80 $BHV%]!<%H!J(BWWW $B$^$?$O(B HTTP $BI8=`(B web $B%5!<%P%]!<%H!K!#(B $B%$%s%?!<%M%C%H$G$b$C$H$bDL>o$KMQ$$$i$l$k%5!<%t%#%9!#4m81EY$ODc$$!#(B |
| 98 $BHV%]!<%H!J(BLinuxconf web $B%"%/%;%94IM}%]!<%H!K!#(B $B$b$7!"K\Ev$KI,MW$J$i$P!"(BLAN $B$N$_$G!#(B |
| 110 $BHV%]!<%H(B
$B!J(BPOP3 $B$D$^$j(B Post Office Protocol, $B%a%$%k%5!<%P%]!<%H!K!#(B
POP $B%a%$%k$G$O!"%f!<%6$,%j%b!<%H%7%9%F%`$+$i%a%$%k$r |
| 111 $BHV%]!<%H!J(Bsunrpc, Sun Remote Procudure Call, $B$^$?$O(B portmapper $B%]!<%H!K!#(B
NFS (Network File System), NIS (Network Information Service),
$B$=$7$FMM!9$N4X78%5!<%t%#%9$KMQ$$$i$l$^$9!#(B
$B4m81$=$&$KJ9$3$($^$9$7!" |
| 113 $BHV%]!<%H!J(Bidentd $B$^$?$O(B auth $B%5!<%P%]!<%H!K!#(B
$B8E$$%9%?%$%k$N%5!<%t%#%9!J(BSMTP $B$d(B IRC $B$N$h$&$J!K$G!"(B
$B@\B3$r5v2D$9$k$?$a$KMQ$$$i$l$k$3$H$,$"$j!";~$KI,MW$G$9!#(B
$B$*$=$i$/$[$H$s$I$N>l9g$G$OI,MW$G$O$J$/!"(B
$B4m81EY$ODc$$$G$9$,!"967b |
| 119 $BHV%]!<%H!J(Bnntp $B$^$?$O%K%e!<%9%5!<%P%]!<%H!K!#4m81EY$ODc!#(B |
| 123 $BHV%]!<%H!J9b$$@:EY$,I,MW$J(B time $B%5!<%P$GF14|$r$9$k$?$a$N(B Network Time $B%W%m%H%3%k!K!#(B $B4m81EY$ODc$$$G$9$,!"$*$=$i$/$[$H$s$I$N%f!<%6$K$OI,MW$G$J$$$G$7$g$&!#(B $B%7%9%F%`%/%m%C%/$r99?7$9$k$K$O!"(B rdate $B$rMQ$$$k$N$,$h$j4JC1$G0BA4$G$9!#(B $B$=$7$F!"(BLAN $B%7%9%F%`$rF14|$9$k$?$a$K$O(B time $B%5!<%t%#%9(B $B$K%S%k%I$5$l$?(B inetd $B$r;H$&$H$$$&(B $BA*Br$b$"$k$G$7$g$&!#(B |
| 137 $B$+$i(B139 $BHV%]!<%H!J(BNetBios (SMB) $B%5!<%t%#%9!K!#(B $B$[$H$s$I$N>l9g!"(BWindows $B4X78$G$9!#(B Linux $B$G$O4m81EY$ODc$$$G$9$,!"(BLAN $B$G$N;HMQ$N$_$K$7$F$/$@$5$$!#(B 137 $BHV$X$N967b$OHs>o$KNI$/8+$i$l$^$9!#(B $BB?$/$OL532$G$O$"$j$^$9$,$?$/$5$s$N%N%$%:$r@8@.$9$k$3$H$G!"(B $BHsFq$5$l$,$A$J(B Redmond $B;:%W%m%H%3%k$G$9!#(B |
| 143 $BHV%]!<%H!J(BIMAP, Interim Mail Access Protocol$B!K!#(B $B$3$l$b$^$?!"%a%$%k |
| 161 $BHV%]!<%H!J(BSNMP, Simple Network Management Protocol$B!K!#(B $B%k!<%?$d%9%$%C%A$,E}7W$d=EBg$J%5%$%s$r%b%K%?$9$k$?$a$K(B $B$b$C$H$bIaDL$KMQ$$$i$l$^$9!#$[$H$s$I$N>l9g$K$OI,MW$G$J$/!"(B $B4m81EY$bDc$$$G$9!#(B |
| 177 $BHV%]!<%H!J(BXDMCP, X $B%5!<%P$K%j%b!<%H@\B3$9$k$?$a$N(B X Display Management Control Protocol$B!K!#(B $B4m81EY$ODc$$$G$9$,!"(BLAN $B$G$N;HMQ$N$_$K$9$k$3$H$r$*4+$a$7$^$9!#(B |
| 443 $BHV%]!<%H!J(BHTTPS, $B9-$/MQ$$$i$l$F$$$k0BA4$J(B HTTP (WWW) $B%W%m%H%3%k!K!#(B $B4m81EY$ODc!#(B |
| 465 $BHV%]!<%H!J(BSSL $B7PM3$N(BSMTP (secure mail server protocol) $B!K!#(B $B4m81EY$ODc!#(B |
| 512 $BHV(B(TCP)$B%]!<%H!J(Bnetstat$B$G$O(B
exec $B$HI=<($5$l$^$9$,!" |
| 512 $BHV(B(UDP)$B%]!<%H!J(Bbiff, $B%a%$%kDLCN%W%m%H%3%k!K!#(B $B4m81EY$ODc!#(BLAN $B$N$_$G!#(B |
| 513 $BHV%]!<%H!J(Blogin, $B |
| 514 $BHV(B(TCP)$B%]!<%H!J(Bshell $B$,$=$NJLL>$G!"(B
netstat $B$G$O$=$&<($5$l$^$9!#(B
$B |
| 514 $BHV(B(UDP)$B%]!<%H!J(Bsyslog $B%G!<%b%s$N%]!<%H$G!"(B $B%j%b!<%H%m%0%$%sL\E*$N$?$a$K$N$_MQ$$$i$l$k!K!#(B $BJ?6QE*$J%f!<%6$K$OI,MW$"$j$^$;$s!#$*$=$i$/4m81EY$ODc$$$G$7$g$&$,!"(B $BK\Ev$KI,MW$J;~$K$G$b@dBP$K(B LAN $B;HMQ$G!#(B |
| 515 $BHV%]!<%H!J(Blp $B$D$^$j%W%j%s%H%5!<%P%]!<%H!K!#(B $B9b%j%9%/!#$b$A$m$s(B LAN $B$N$_$G!#(B $B@$3&$NH?BPB&$K$$$kC/$+$O$"$J$?$N%W%j%s%?$rK\Mh$NL\E*$G;H$$$O$7$^$;$s!*(B |
| 587 $BHV%]!<%H!J(BMSA, $B$D$^$j(B"$BEjH!(B"$B!"%a%$%kEjH!%(!<%8%'%s%H(B (Mail Submission Agent)$B%W%m%H%3%k!K!#(B $B$[$H$s$I$N(B MTA $B!J%a%$%k%5!<%P!K(B $B$K$h$C$F%5%]!<%H$5$l$F$$$k?7$7$$%a%$%k1?MQ%W%m%H%3%k!#(B $B4m81EY$ODc!#(B |
| 631 $BHV%]!<%H!J(BCUPS $B!J%W%j%s%H%G!<%b%s!K(B web $B%^%M!<%8%a%s%H%]!<%H!K!#(B LAN $B$N$_$N;HMQ$G!#4m81EY$ODc!#(B |
| 635 $BHV%]!<%H!J(Bmountd, NFS $B$N0lIt!K!#(BLAN $B$N$_$N;HMQ$G!#(B |
| 901 $BHV%]!<%H!J(BSWAT, Samba Web $B4IM}%D!<%k%]!<%H!K!#(B LAN $B$N$_$N;HMQ$G!#(B |
| 993 $BHV%]!<%H!J(BSSL $B7PM3$N(BIMAP, $B0BA4$J(B IMAP $B%a%$%k%5!<%t%#%9!K!#(B $B4m81EY$OHs>o$KDc$$!#(B |
| 995 $BHV%]!<%H!J(BSSL $B7PM3$N(B POP, $B0BA4$J(B POP $B%a%$%k%5!<%t%#%9!K!#(B $B4m81EY$OHs>o$KDc$$!#(B |
| 1024 $BHV%]!<%H!J$3$l$O:G=i$N(B"$BHsFC8"(B"$B%]!<%H$G!"(B $BMW5a$,$"$C$?%"%W%j%1!<%7%g%s$KBP$7%+!<%M%k$K$h$C$FF0E*$K3d$jEv$F$i$l$k!K!#(B $B$3$l$O$[$H$s$I2?$K$G$b$J$l$^$9!#>e$N%]!<%H$i$N5-=R$KF1$8!#(B |
| 1080 $BHV%]!<%H!J(BSocks Proxy $B%5!<%P!K!#%/%i%C%+!<$N$*5$$KF~$j$NI8E*$G$9!#(B |
| 1243 $BHV%]!<%H!J(BSubSeven Trojan$B!K!#(BWindows $B$N$_$NLdBj$G$9!#(B |
| 1433 $BHV%]!<%H!J(BMS SQL $B%5!<%P%]!<%H!K!#(B $B;~$KI8E*$K$J$j$^$9!#(BLinux $B$K$OE,MQ$5$l$^$;$s(B. |
| 2049 $BHV%]!<%H!J(Bnfsd, $B$D$^$j(B Network File Service Daemon $B%]!<%H!K!#(B $B4m81EY$O9b!#(BLAN $B$@$1$G;HMQ$9$k$3$H$r4+$a$^$9!#(B |
| 3128 $BHV%]!<%H!J(Bsquid proxy $B%5!<%P%]!<%H!K!#(B $B4m81EY$ODc$$$G$9$,!"$[$H$s$I$N>l9g$O(B LAN $B$G$N;HMQ$N$_$K$9$Y$-$G$9!#(B |
| 3306 $BHV%]!<%H!J(BMySQL $B%5!<%P%]!<%H!K4m81EY$ODc$$$G$9$,!"(B $B$[$H$s$I$N>l9g(B LAN $B$G$N;HMQ$N$_$K$9$Y$-$G$9!#(B |
| 5432 $BHV%]!<%H!J(BPostgreSQL $B%5!<%P%]!<%H!K(BLAN $B$N$_$G!#Hf3SE*Dc%j%9%/!#(B |
| 5631 $BHV(B(TCP), 5632 $BHV(B(UDP)$B%]!<%H!J(BPCAnywhere $B%]!<%H!K!#(B Windows $B$N$_!#(BPCAnywhere $B$OBgJQ(B"$B%N%$%:$NB?$$(B" $B$b$N$K$J$j$($^$9$7!"9-$$HO0O$N%"%I%l%9$K%V%m!<%I%-%c%9%H$7$^$9!#(B |
| 6000 $BHV%]!<%H!J%j%b!<%H@\B3$N$?$a$N(B X11 TCP $B%]!<%H!K!#(B
$B4m81EY$ODc$+$iCfDxEY$G$9$,!"$d$O$j!"(BLAN $B$G$N;HMQ$N$_$K$9$Y$-$G$9!#(B
$B |
| 6346 $BHV%]!<%H!J(Bgnutella$B!K!#(B |
| 6667 $BHV%]!<%H!J(Bircd, $B$D$^$j(B Internet Relay Chat Daemon$B!K!#(B |
| 6699 $BHV%]!<%H!J(Bnapster$B!K!#(B |
| 7100-7101 $BHV%]!<%H!J%U%)%s%H%5!<%P$K$3$l$i$N%]!<%H$r;H$&$b$N$,$"$j$^$9!K!#(B $B4m81EY$ODc$$$G$9$,!"(BLAN $B$G$N;HMQ$N$_$G!#(B |
| 8000 $BHV$H(B 8080 $BHV%]!<%H!JDL>o(B web $B%-%c%C%7%e$H%W%m%-%7$N%5!<%P%]!<%H!K!#(B LAN $B$N$_!#(B |
| 10000 $BHV%]!<%H!J(Bwebmin, $B$D$^$j(B web $B%Y!<%9$N%7%9%F%`4IM}%f!<%F%#%j%F%#!K!#(B $B$3$NE@$G$O4m81EY$ODc!#(B |
| 27374 $BHV%]!<%H!J(BSubSeven, $B$D$^$j(B Windows $B$N$_$N(B Trojan $B$G(B $B;HMQ$5$l$^$9!K!#(B1243 $BHV%]!<%H$b$=$&$G$9!#(B |
| 31337 $BHV%]!<%H!J(BBack Orifice, $B$D$^$j!"$^$?JL$NNI$/8+$i$l$k(B Windows $B$N$_$N(B Trojan $B$G;H$o$l$^$9!K!#(B |
$B$5$i$KB?$/$N%5!<%t%#%9$HBP1~$9$k%]!<%HHV9f$O(B /etc/services $B$G8+$k$3$H$,$G$-$^$9!#(B $B$^$?!"(B"$B8x<0$N(B"$B%j%9%H$O(B http://www.iana.org/assignments/port-numbers $B$K$"$j$^$9!#(B
$B$3$l$i$HB>$N%]!<%H$X$N%W%m!<%V$,2?$r0UL#$7$F$$$k$+$K$D$$$F$O!"(B Robert Graham $B$K$h$kAG@2$i$7$$2r@O$,0J2<$K$"$j$^$9!'(B http://www.linuxsecurity.com/resource_files/firewalls/firewall-seen.html $B$3$l$OHs>o$KNI$$J88%$G$9!#(B
$B$3$3$G$N$b$&0l$D$N%]%$%s%H$O!"(B $B$3$l$i$,(B$BI8=`$N(B$B%]!<%H;XDj$@$H$$$&$3$H$G$9!#(B $B$I$N%5!<%t%#%9$bFCDj$N%]!<%H$GAv$C$F$$$k$H8@$($kK!B'$O$"$j$^$;$s!#(B $BDL>o$OI8=`%]!<%H$r;H$C$F$$$^$9$,!">o$K$=$&$G$"$k$H$O8B$j$^$;$s!#(B
$B<+J,$N%U%!%$%"!<%&%)!<%k$N%m%0$K(B $B$3$l$i$N%?%$%W$N%]!<%H$,8+$D$+$C$?$+$i$H8@$C$F!"(B $BFMA3Bg92$F$9$kI,MW$O$J$$$H$$$&$3$H$r3P$($F$*$$$F$/$@$5$$!#(B $BA0=R$N%9%F%C%W#1$+$i#3$K=>$C$F!"(B $B%U%!%$%"!<%&%)!<%k$,@5$7$/F/$$$F$$$k$3$H$r3NG'$7$F$$$l$P!"(B $B$^$:$O0BA4$G$9!#(B $B$3$NDL?.$NB?$/$O(B"$BN.$lCF(B"$B$+$bCN$l$^$;$s!"(B $B$D$^$j%$%s%?!<%M%C%H$NGX7J%N%$%:$+!"$I$3$+$N%/%i%$%"%s%H$+%k!<%?$N@_Dj%_%9!"(B $B%N%$%:$NB?$$(B Windows $B4XO"%=%U%H$+$iMh$?$b$N$+$bCN$l$J$$$N$G$9!#(B
netstat $B$O%M%C%H%o!<%/$N8=:_$N>uBV$r(B $B8+$k$N$KHs>o$KJXMx$J%f!<%F%#%j%F%#$G$9!#(B $B$D$^$j!"$I$s$J%5!<%P$,F~$C$F$/$k@\B3$K<*$r$9$^$;$F$$$k$+!"(B $B$I$N%$%s%?!<%U%'!<%9$K<*$r$9$^$;$F$$$k$+!"(B $B$3$A$i$K@\B3$7$F$$$k$N$OC/$+!"$3$A$i$+$i@\B3$7$F$$$k$N$OC/$+!"$J$I$G$9!#(B $B$?$/$5$s$"$k%3%^%s%I%i%$%s%*%W%7%g%s$N$$$/$D$+$K$D$$$F$O(B man $B%Z!<%8$KL\$rDL$7$F$/$@$5$$!#(B $B$3$3$G$O!"Hf3SE*>/?t$N%*%W%7%g%s$@$1$r@bL@$7$^$9!#(B
$B0lNc$H$7$F!"2>A[E*%[%9%H(B big cat $B>e$N(B TCP $B$H(B UDP $BN>J}$K$D$$$F!"(B $B<*$r$9$^$;$F$$$k%5!<%P$H%"%/%F%#%V$J@\B3$NA4$F$r%A%'%C%/$7$F$_$^$7$g$&!#(B big cat $B$O<+Bp$N%G%9%/%H%C%W%^%7%s$G!"(B $B$3$NNc$G$O(B DSL $B%$%s%?!<%M%C%H@\B3$7$F$$$^$9!#(B bigcat $B$OFsKg$N%$!<%5%M%C%H%+!<%I$rA^$7$F$$$F!"(B $B0l$D$O%W%m%P%$%@$X$N30It@\B3$K!"(B $B0l$D$O%"%I%l%9(B 192.168.1.1 $B$N>.$5$J(B LAN $B$KMQ$$$i$l$F$$$^$9!#(B
$ netstat -tua Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 *:printer *:* LISTEN tcp 0 0 bigcat:8000 *:* LISTEN tcp 0 0 *:time *:* LISTEN tcp 0 0 *:x11 *:* LISTEN tcp 0 0 *:http *:* LISTEN tcp 0 0 bigcat:domain *:* LISTEN tcp 0 0 bigcat:domain *:* LISTEN tcp 0 0 *:ssh *:* LISTEN tcp 0 0 *:631 *:* LISTEN tcp 0 0 *:smtp *:* LISTEN tcp 0 1 dsl-78-199-139.s:1174 64.152.100.93:nntp SYN_SENT tcp 0 1 dsl-78-199-139.s:1175 64.152.100.93:nntp SYN_SENT tcp 0 1 dsl-78-199-139.s:1173 64.152.100.93:nntp SYN_SENT tcp 0 0 dsl-78-199-139.s:1172 207.153.203.114:http ESTABLISHED tcp 1 0 dsl-78-199-139.s:1199 www.xodiax.com:http CLOSE_WAIT tcp 0 0 dsl-78-199-139.sd:http 63.236.92.144:34197 TIME_WAIT tcp 400 0 bigcat:1152 bigcat:8000 CLOSE_WAIT tcp 6648 0 bigcat:1162 bigcat:8000 CLOSE_WAIT tcp 553 0 bigcat:1164 bigcat:8000 CLOSE_WAIT udp 0 0 *:32768 *:* udp 0 0 bigcat:domain *:* udp 0 0 bigcat:domain *:* udp 0 0 *:631 *:* |
$B$*$=$i$/$3$N=PNO$O$"$J$?<+?H$N%7%9%F%`$K$D$$$F$N$b$N$H(B
$B$:$$$V$s$H0c$C$?8+$+$1$r$7$F$$$k$+$b$7$l$^$;$s!#(B
"Local Address" $B$H(B "Foreign Address"
$B$NMs$N4V$N5-=R$N0c$$$H!"(B
$B$=$l$>$l$,BP1~$9$k%]!<%HHV9f!J2DG=$J;~$O$=$N%5!<%t%#%9L>!K(B
$B$,%3%m%s$N8e$K$I$N$h$&$K=q$+$l$F$$$k$+$KCm0U$7$F$/$@$5$$!#(B
"Local Address" $B$O@\B3$N2f!9$NB&$NC $B$3$3$G!"(B"$B%5!<%t%#%9L>(B"$B$X$NJQ49$r$5$;$J$$$?$a$K!"(B
"-n" $B%U%i%C%0$r$D$1$FF1$8$3$H$r$7$F$_$k$H!"(B
$B $B$3$N:G=i$N?t9T$r>\$7$/8+$F8+$^$7$g$&!#0l9TL\$O!"(B
$ netstat -taun
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:515 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:8000 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:37 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:6000 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN
tcp 0 0 192.168.1.1:53 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:631 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN
tcp 0 1 169.254.179.139:1174 64.152.100.93:119 SYN_SENT
tcp 0 1 169.254.179.139:1175 64.152.100.93:119 SYN_SENT
tcp 0 1 169.254.179.139:1173 64.152.100.93:119 SYN_SENT
tcp 0 0 169.254.179.139:1172 207.153.203.114:80 ESTABLISHED
tcp 1 0 169.254.179.139:1199 216.26.129.136:80 CLOSE_WAIT
tcp 0 0 169.254.179.139:80 63.236.92.144:34197 TIME_WAIT
tcp 400 0 127.0.0.1:1152 127.0.0.1:8000 CLOSE_WAIT
tcp 6648 0 127.0.0.1:1162 127.0.0.1:8000 CLOSE_WAIT
tcp 553 0 127.0.0.1:1164 127.0.0.1:8000 CLOSE_WAIT
udp 0 0 0.0.0.0:32768 0.0.0.0:*
udp 0 0 192.168.1.1:53 0.0.0.0:*
udp 0 0 127.0.0.1:53 0.0.0.0:*
udp 0 0 0.0.0.0:631 0.0.0.0:*
tcp 0 0 0.0.0.0:515 0.0.0.0:* LISTEN
"Local Address" $B$O(B 0.0.0.0 $B$G!"(B $B;HMQ2DG=$JA4$F$N%$%s%?!<%U%'!<%9$r0UL#$7$F$$$^$9!#(B $B%m!<%+%k%]!<%HHV9f$O(B 515 $BHV!"$D$^$jI8=`$N%W%j%s%H%5!<%P%]!<%H$G!"(B $BDL>o$O(B lpd $B%G!<%b%s$K$h$C$F;H$o$l$F$$$^$9!#(B $BDL>o$N%5!<%t%#%9L>$HBP1~$9$k%]!<%H$O(B /etc/services $B%U%!%$%k$G8+$k$3$H$,$G$-$^$9!#(B
$B$3$l$,A4$F$N%$%s%?!<%U%'!<%9$N>e$G<*$r$9$^$;$F$$$k$H$$$&;vl9g$G$O!"$=$l$O(B lo (localhost $B%m!<%+%k%[%9%H!K!"(B eth0 $B$H(B eth1 $B$G$9!#%W%j%s%?@\B3$O$3$l$i$N%$%s%?!<%U%'!<%9$N(B $B$I$l$rDL$7$F;HMQ$9$k$3$H$b$G$-$^$9!#(B $B$3$N%7%9%F%`$N%f!<%6$,(B PPP $B$G@\B3$9$k$N$J$i!"(B $B%W%j%s%H%G!<%b%s$O$=$N%$%s%?!<%U%'!<%9(B (ppp0) $B$G<*$r$9$^$;$k(B $B$3$H$K$J$k$G$7$g$&!#(B "Foreign Address" $B$b$^$?(B 0.0.0.0 $B$G!"(B"$B$I$3$+$i$G$b(B"$B$r0UL#$7$^$9!#(B
$B$^$?!"(B $B$3$N%5!<%P$OA4$F$N%$%s%?!<%U%'!<%9>e$G<*$r$9$^$;$k$h$&$K!"(B $B%+!<%M%k$K0MMj$7$F$O$$$^$9$,!"(B $BF~$C$F$/$k@\B3$r%U%#%k%?%j%s%0$9$k%U%!%$%"!<%&%)!<%k$,(B $BF/$$$F$$$k$+$I$&$+$K$D$$$F$O!"(B netstat $B=PNO$K$O2?$bI=<($5$l$F$$$J$$$H$$$&;vo$KK>$^$7$$$3$H$G$9!#(B $BNc$($P!"(BLAN $B$N30$K$$$kC/$b!"(B $B$"$J$?$N%W%j%s%H%5!<%P%]!<%H$K@\B3$7$h$&$H$9$k(B $BM}M3$OA4$/$J$$$G$7$g$&!#(B
$BFs9TL\$O>/$70c$$$^$9!'(B
tcp 0 0 127.0.0.1:8000 0.0.0.0:* LISTEN |
$B:#EY$O(B "Local Address" $B$O%m!<%+%k%[%9%H$N%"%I%l%9(B
127.0.0.1 $B$K$J$C$F$$$^$9!#(B
$B$3$l$O$3$N%^%7%s$X$N%m!<%+%k@\B3$@$1$,5v2D$5$l$F$$$k$H$$$&$3$H$G!"(B
$BBgJQ=EMW$J;ve$N0UL#$OL@Gr$G$7$g$&!#(B
$BA4$F$N%5!<%P$,$3$N
$B<!$N;0$D$N%(%s%H%j$G$O!"$^$?A4$F$N2DG=$J%$%s%?!<%U%'!<%9$N>e$G(B $B<*$r$9$^$;$k$h$&$KLa$C$F$$$^$9!'(B
tcp 0 0 0.0.0.0:37 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:6000 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN |
/etc/services $B$r8+$k$H!"(B
37 $BHV%]!<%H$O(B "time" $B%5!<%t%#%9$G!"(B
$B$D$^$j$3$N%5!<%P$O(B time $B%5!<%P$G$"$k$3$H$,$o$+$j$^$9!#(B
6000 $BHV%]!<%H$O(B X11 $B$G!"(B
80 $BHV%]!<%H$O(B Apache $B$N$h$&$J(B
HTTP $B%5!<%P$NI8=`%]!<%H$G$9!#(B
$B$3$3$G$O $B>e$N:G=i$NFs$D$O@dBP$K!"(B
$BB>$NC/$+$K@\B3$7$F$b$i$$$?$$ 80 $BHV%]!<%H$N(B web $B%5!<%P<+?H$O(B
$BBg$-$J%;%-%e%j%F%#>e$N%j%9%/$G$O$"$j$^$;$s!#(B
HTTP $B$O$7$P$7$PA4$F$NK,Ld $B<!$NFs$D$N9T$O6=L#?<$$$b$N$G$9!'(B
tcp 0 0 192.168.1.1:53 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN
$B:F$S!"(B"Local Address" $B$,(B 0.0.0.0 $B$G$O$J$$$3$H$KCm0U$7$^$7$g$&!#$3$l$O7k9=$J$3$H$G$9!*(B $B:#EY$N%]!<%HHV9f$O(B 53 $BHV!"$D$^$j(B named $B$N$h$&$J(B $B%M%$%`%5!<%P$K$h$C$FMQ$$$i$l$k(B DNS $B%]!<%H$G$9!#(B $B$7$+$7!"$3$N%M%$%`%5!<%P%G!<%b%s$O(B lo $B%$%s%?!<%U%'!<%9!J(Blocalhost)$B!"(B bigcat $B$r(B LAN $B$K@\B3$7$F$$$k%$%s%?!<%U%'!<%9$G(B $B<*$r$9$^$;$F$$$k$@$1$@$H$$$&$3$H$,$o$+$j$^$9!#(B $B$G$9$+$i!"%+!<%M%k$O(B localhost $B$+$i!"$D$^$j(B LAN $B$+$i$N@\B3$N$_$r(B $B5v2D$7$F$$$^$9!#30It$+$i2DG=$J@\B3$O(B 53 $BHV%]!<%H$K$OA4$/$"$j$^$;$s!#(B $B$3$l$O$$$+$K8DJL$N%"%W%j%1!<%7%g%s$r0BA4$K@_Dj$G$-$k$+$r<($9(B $BNI$$Nc$G$9!#$3$N>l9g$G$O!"(BDNS $BMW5a$r07$&$?$a$NBP1~$r$9$kK\Ev$N(B $B%M%$%`%5!<%P$J$i@$3&$K8~$1$F(B 53 $BHV%]!<%H$r3+$/I,MW$,$"$k$G$7$g$&$+$i!"(B $B$3$3$G8+$F$$$k$b$N$O$*$=$i$/%-%c%C%7%s%0(B DNS $B%5!<%P$J$N$G$9!#(B $B30It$K$^$G3+$/$J$i!"(B $B$3$l$O0l$D$N%;%-%e%j%F%#>e$N%j%9%/$G!"FCJL$JBP1~$,I,MW$G$9!#(B
$B:G8e$N;0$D$O(B LISTENER$B!"(B $B$D$^$j%]!<%H$G<*$r$9$^$;$F$$$k%(%s%H%j$G$9!'(B
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:631 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN |
$B$3$l$i$O$^$?A4$F$N2DG=$J%$%s%?!<%U%'!<%9>e$G<*$r$9$^$;$F$$$^$9!#(B 22 $BHV%]!<%H$O(B sshd $B$D$^$j!"(B Secure Shell $B%5!<%P%G!<%b%s$G$9!#$3$l$ONI$$C{8u$G$9!*(B $B:G=i$NNc$N=PNO$r8+$k$K!"(B631 $BHV%]!<%H$N%5!<%t%#%9$OL>A0$r;}$C$F$$$^$;$s!#(B $B$3$l$O$3$3$G2?$+IaDL$G$J$$$3$H$,5/$-$F$$$k>Z5r$+$b$7$l$^$;$s!#(B $B!J$3$NFf$K$D$$$F$NEz$($O<!$N>O$r8+$F$/$@$5$$!#!K(B $B$=$7$F:G8e$K!"(B25 $BHV%]!<%H!"$D$^$j(B SMTP $B%a%$%k%G!<%b%s$NI8=`%]!<%H$G$9!#(B $B$[$H$s$I$N(B Linux $B%$%s%9%H!<%k$G$O$*$=$i$/(B SMTP $B%G!<%b%s$,Av$C$F$$$k$G$7$g$&$+$i!"(B $B$3$l$OI,$:$7$b0[>o$J$3$H$G$O$"$j$^$;$s!#(B $B$G$b!"K\Ev$K(B SMTP $B%G!<%b%s$,I,MW$G$7$g$&$+!)(B
$B<!$N%0%k!<%W$O3NN)$5$l$?@\B3$G$9!#2f!9$NL\E*$K$O!"(B $B:G8e$N%3%i%`$G<($5$l$F$$$k@\B3$N>uBV$O$=$l$[$I=EMW$G$O$"$j$^$;$s!#(B $B$3$l$O(B man $B%Z!<%8$G>\$7$/@bL@$5$l$F$$$^$9!#(B
tcp 0 1 169.254.179.139:1174 64.152.100.93:119 SYN_SENT tcp 0 1 169.254.179.139:1175 64.152.100.93:119 SYN_SENT tcp 0 1 169.254.179.139:1173 64.152.100.93:119 SYN_SENT tcp 0 0 169.254.179.139:1172 207.153.203.114:80 ESTABLISHED tcp 1 0 169.254.179.139:1199 216.26.129.136:80 CLOSE_WAIT tcp 0 0 169.254.179.139:80 63.236.92.144:34197 TIME_WAIT tcp 400 0 127.0.0.1:1152 127.0.0.1:8000 CLOSE_WAIT tcp 6648 0 127.0.0.1:1162 127.0.0.1:8000 CLOSE_WAIT tcp 553 0 127.0.0.1:1164 127.0.0.1:8000 CLOSE_WAIT |
$B$3$3$K$OA4It$G(B 9 $B$D$N@\B3$,$"$j$^$9!#(B $B:G=i$N;0$D$O(B 119 $BHV%]!<%H!JI8=`$N(B NNTP $B%K%e!<%9%]!<%H!K(B $B$G%j%b!<%H$N%[%9%H$X@\B3$7$F$$$k30It%$%s%?!<%U%'!<%9$G$9!#(B $B$3$3$G$OF1$8%K%e!<%9%5!<%P$X$N;0$D$N@\B3$,$"$j$^$9!#(B $B$3$l$OF1$80l$D$N%K%e!<%9%5!<%P$KB?=E$N@\B3$r3+$3$&$H$7$F$$$^$9$+$i!"(B $BL@$i$+$K!"$3$N%"%W%j%1!<%7%g%s$O%^%k%A%9%l%C%I2=$5$l$F$$$^$9!#(B $B<!$NFs$D$N%(%s%H%j$O(B 5 $BHVL\$N%3%i%`$K%3%m%s$N8e$K(B 80 $BHV%]!<%H$H(B $B<($5$l$F$$$k$h$&$K!"%j%b!<%H$N(B web $B%5!<%P$K@\B3$7$F$$$^$9!#(B $B$*$=$i$/$[$H$s$I$N>l9g$K$OHs>o$KNI$/8+$i$l$k$b$N$G$7$g$&!#(B $B$7$+$7!"$=$N$9$00l$D8e$N9T$G$O$3$N5U$K!"(B 4 $BHVL\$N%3%i%`$K(B 80 $BHV%]!<%H$,$"$j$^$9!#(B $B$D$^$j$3$l$OC/$+$,!"$=$N30It!"%$%s%?!<%M%C%HB&$N%$%s%?!<%U%'!<%9$r(B $BDL$7$F(B bigcat $B$N(B web $B%5!<%P$K@\B3$7$F$$$k$N$G$9!#(B $B:G8e$N;0$D$N%(%s%H%j$O$9$Y$F%m!<%+%k%[%9%H$+$i%m!<%+%k%[%9%H$X$N@\B3$G$9!#(B $B$D$^$j!"<+J,<+?H$K@\B3$7$F$$$k$N$G$9!#(B 8000 $BHV%]!<%H$,(B bigcat $B$N(B web $B%W%m%-%7$G$"$C$?$3$H$r;W$$JV$;$PJ,$k$h$&$K!"(B $B$3$l$O%m!<%+%k$KAv$C$F$$$k%W%m%-%7$K@\B3$7$F$$$k(B web $B%V%i%&%6$G$9!#(B $B%W%m%-%7$O$=$l<+?H$N30It@\B3$r3+$-$^$9$,!"(B $B$=$N@\B3$,$*$=$i$/(B 4 $B9TL\$H(B 5 $B9TL\$G5/$3$C$F$$$k$3$H$G$7$g$&!#(B
netstat $B$K(B -t $B$H(B -u $B%*%W%7%g%s$NN>J}$r$D$1$?$N$G!"(B TCP $B$H(B UDP $B$NN>J}$N<*$r$9$^$;$F$$$k%5!<%P$,I=<($5$l$F$$$^$9!#(B $B:G8e$N?t9T$O(B UDP $B$N$b$N$G$9!'(B
udp 0 0 0.0.0.0:32768 0.0.0.0:* udp 0 0 192.168.1.1:53 0.0.0.0:* udp 0 0 127.0.0.1:53 0.0.0.0:* udp 0 0 0.0.0.0:631 0.0.0.0:* |
$B:G8e$N;0$D$N%(%s%H%j$O>e$N5DO@$G8+47$l$?%]!<%H$r;}$C$F$$$^$9!#(B $B$3$l$i$N%5!<%P$O(B TCP $B$H(B UDP $B$NN>J}$N@\B3$K<*$r$9$^$;$F$$$k$N$G$7$?!#(B $B$3$N>l9g$OF1$8%5!<%P$,!"0[$J$kFs$D$N%W%m%H%3%k$r;H$C$F$$$k$N$G$9!#(B $B%m!<%+%k%]!<%H(B 32768 $BHV$r;H$C$F$$$k:G=i$N0l$D$O=i4i$G$9$,!"(B /etc/services $B$NCf$K$O%5!<%t%#%9L>$O$"$j$^$;$s!#(B $B$G$9$+$i!"0l8+$O!"$3$l$O5?$&$Y$-$b$N$G!"2f!9$N9%4q?4$r;I7c$7$^$9!#(B $B$3$N@bL@$K$D$$$F$O<!$N>O$r8+$F$/$@$5$$!#(B
$B$3$N2>A[E*$J>u67$+$i$I$s$J7kO@$,F@$i$l$k$G$7$g$&$+!)(B
$B$[$H$s$I$N>l9g$K$D$$$F!"(B
$B$3$l$i$O(B Linux $B$K$*$$$FHs>o$K%N!<%^%k$K8+$($k%M%C%H%o!<%/%5!<%t%#%9(B
$B$H@\B3$G$9!#(B
$B$3$3$G$O2aEY$KB?$/$N%5!<%P$,Av$C$F$$$k$h$&$K$O8+$($^$;$s$,!"(B
$B$3$l$iA4$F$N%5!<%P$,K\Ev$KI,MW$J$N$+$=$&$G$J$$$+CN$i$J$1$l$P!"(B
$B$=$l$K$OBg$7$?0UL#$O$"$j$^$;$s!#(B
$B$3$l$i$N$I$l$b8z2LE*$K%U%!%$%"!<%&%)!<%k$Gnetstat $B$O2?$b65$($F$/$l$J$$$N$G$7$?!#(B
$B$G$9$+$i!"$3$l$iA4It$,$I$l$/$i$$0BA4$J$N$+!"(B
$B2?$b8@$&$3$H$O$G$-$^$;$s!#$^$?$3$3$G$O!"(B
$B$9$Y$F$N<*$r$9$^$;$F$$$k%5!<%P$?$A$,(B
$B$=$N;}$A
$B$3$N>O$G$O!"(B $B$"$A$3$A$G$h$/8+$+$1$i$l$k6<0R$H%F%/%K%C%/$K$D$$$F4JC1$K>R2p$7$F!"(B $B$$$/$i$+$N8+DL$7$rM?$($^$7$g$&!#(B
$BK!?M$N@$3&$d!"@/I\5!4X$d!"(B $B9-$/CmL\$5$l$F$$$k%$%s%?!<%M%C%H%5%$%H$G$O!"(B $BE57?E*$J<+Bp$G$N%G%9%/%H%C%W%f!<%6$h$j$b!"(B $B$O$k$+$K9-$/Fq$7$$6<0R$KCm0U$;$M$P$J$j$^$;$s!#(B $BC/$+$,B>$NC/$+$N%3%s%T%e!<%?$K?/F~$7$h$&$H$9$kM}M3$O$?$/$5$s$"$j$^$9!#(B $B$=$l$OC1$K%9%j%k$,L\E*$+$b$7$l$^$;$s$,!"(B $B0-0U$N$"$kM}M3$OB>$K$$$/$i$G$b$"$j$($k$G$7$g$&!#(B $BH`$i$OC1$KB>$NC/$+$r967b$9$k$?$a$NB-$,$+$j$rF@$?$$$@$1$+$b$7$l$^$;$s!#(B $B$3$l$OHs>o$K$h$/$"$kF05!$N0l$D$G$9!#(B
$B2f!9$N$[$H$s$I$K$H$C$F!"$b$C$H$b$h$/$"$k(B"$B967b(B"$B$O(B
$B4{$K>h$C $B$3$l$i$N%9%-%c%s$O@\B3$7$?$H$-$K<($5$l$k(B
$B%m%0%$%s%P%J!<$r8+$k$?$a$K$7$F$$$k$N$G$O$"$j$^$;$s!#(B
$B$=$l$O$"$J$?$,$$$/$i$+ITL@NF$J%*%Z%l!<%F%#%s%0%7%9%F%`$r(B
$BAv$i$;$F$$$k$+$N$h$&$K56$k$h$&$K!"(B
$B$"$J$?$N(B /etc/issue.net $B$rJQ99$9$k$H$$$C$?(B
$B$A$g$C$H$7$?$3$H$r$9$k$N$G$9!#(B
$BH`$i$O<*$r$9$^$;$F$$$k%]!<%H$r8+$D$1$k$H!"(B
$B$=$N%7%9%F%`$,$I$s$J;X<($rM?$($h$&$,$+$^$o$:$K!"(B
$B$=$N%]!<%H$KBP$7$F$"$F$O$^$kA4$F$N967b$r;n$7$F$_$k$G$7$g$&!#(B
$B$b$7$=$l$,$&$^$/$$$1$P!"H`$i$OF~$C$F$-$^$9$7!"(B
$B$b$7BLL\$J$i!"JL$NI8E*$K0\F0$9$k$o$1$G$9!#(B "$B%9%-%c%s(B"$B$H(B"$B%W%m!<%V!JD4::!K(B"
$B$H$$$&8@MU$O2?EY$bLdBj$K$J$C$F$-$^$9$+$i!"(B
$B$^$:$3$l$i$N8@MU$NDj5A$+$i;O$a$^$7$g$&!#(B
"$B%W%m!<%V(B"$B$H$O!"(B
$B$"$kM?$($i$l$?%]!<%H$,3+$$$F$$$k$+JD$8$F$$$k$+!"(B
$B$=$7$F$=$N%]!<%H$G2?$,<*$r$9$^$;$F$$$k$+$r!"(B
$B%F%9%H$9$k$3$H$r0UL#$7$^$9!#(B
"$B%9%-%c%s(B"$B$H$O!"(B
$B0l$D$^$?$O$=$l0J>e$N%7%9%F%`>e$GJ#?t$N%]!<%H$r(B
"$B%W%m!<%V$9$k(B"$B$3$H$G$9!#(B
$B$^$?$OJ#?t$N%7%9%F%`>e$NFCDj$N%]!<%H$+$b$7$l$^$;$s!#(B
$B$G$9$+$i!"Nc$($P!"<+J,$N%7%9%F%`>e$NA4$F$N%]!<%H$r(B
"$B%9%-%c%s$9$k(B"$B$H$+!"(B
$B$^$?$O%/%i%C%+!<$,(B 111 $BHV%]!<%H$r3+$$$F$$$k$N$OC/$+$rCN$k$?$a$K(B
216.78.*.* $B%"%I%l%9$r(B"$B%9%-%c%s$7$F$$$k(B"$B!"(B
$B$J$I$H8@$&$N$G$9!#(B black hat $B!J9uK9;R!"0- "$B%9%-%c%s(B"$B$H(B"$B%W%m!<%V(B"$B$N4V$N6hJL$O(B
$B$7$P$7$P[#Kf$G$9!#(B
$BN>J}$H$bC/$,!"2?$N$?$a$K!"9T$&$N$+$K0MB8$7$F!"(B
$BNI$$0UL#$K$b0-$$0UL#$K$b;H$o$l$^$9!#(B
$BNc$($P!"%U%!%$%"!<%&%)!<%k$N@_Dj$,$&$^$/9T$C$F$$$k$+CN$k$?$a$K!"(B
$B$"$J$?$,M'C#$K$"$J$?<+?H$r%9%-%c%s$7$F$b$i$&$h$&Mj$`$+$bCN$l$^$;$s!#(B
$B$3$l$O(B nmap $B$N$h$&$J%9%-%c%sMQ%D!<%k$N(B
$B9gK!E*$J;HMQ$H$$$&$3$H$K$J$j$^$9!#(B
$B$7$+$7!"$"$J$?$NCN$i$J$$C/$+$,F1$8$3$H$r$7$?$i$I$&$G$7$g$&!)(B
$BH`$i$NL\E*$O2?$G$7$g$&!)$b$7$=$l$,$"$J$?$N%W%m%P%$%@$J$i$P!"(B
$B%5!<%t%#%97@Ls=q$N>r9`$r"$B=P$F$/$k$+(B"$B8+$F$$$k$@$1$+$b$7$l$^$;$s!#(B
$B$7$+$7!"$b$C$H$"$j$=$&$J$N$O!"(B
$B$=$l$,$3$N$h$&$JA10U$N0U?^$r;}$C$F$$$J$$C/$+$+2?$+$G$"$k$3$H$G$9!#(B $BA4HO0O$N%]!<%H$N%9%-%c%s(B
$B!JF1$80lBf$N%^%7%s>e$NB?$/$N%]!<%H$r%W%m!<%V$9$k$3$H!K(B
$B$O<+Bp$G$N%M%C%H%o!<%/$K$D$$$F$O$=$l$[$I$h$/$"$k6<0R$G$O(B
$B$J$$$h$&$G$9!#(B
$B$7$+$73N$+$K!"B?$/$N%7%9%F%`$KBP$7$FFCDj$N%]!<%H$r%9%-%c%s$9$k$3$H$O!"(B
$BHs>o$K!"Hs>o$K!"$h$/5/$3$C$F$$$k$3$H$G$9!#(B "$B%k!<%H%-%C%H(B(rootkit)" $B$H$O%9%/%j%W%H%-%G%#(B
$B!J4{@.$N%9%/%j%W%H;H$$$N0-$,$-$I$b!"?7JF%/%i%C%+!<!K(B
$B$NF;6qH"$H$7$FDs6!$5$l$F$$$k$b$N$G$9!#(B
$B?/F~$,$&$^$/@.8y$7$?$H$-!"$7$P$7$P:G=i$K$J$5$l$k$3$H$O!"(B
$B$3$N$h$&$J(B"$B%k!<%H%-%C%H(B"$B$r%@%&%s%m!<%I$7!"(B
$B%$%s%9%H!<%k$9$k$3$H$J$N$G$9!#(B $B%k!<%H%-%C%H$OE57?E*$K$O(B
ls, ps, netstat,
login $B$J$I$N4pK\E*$J%7%9%F%`%3%^%s%I$rCV$-49$($^$9!#(B
$B%Q%9%o!<%I$r2C$($?$j!"L)$+$K%G!<%b%s$r%9%?!<%H$7$?$j!"(B
$B%m%0$rJQ99$7$?$j$9$k$+$b$7$l$^$;$s$7!"(B
$B3Ne$N%P%C%/%I%"!JN"8}!K$r3+$/$G$7$g$&!#(B
$B1#$5$l$?%P%C%/%I%"$K$h$C$F!"967b "$B%o!<%`(B"$B$H$O<+8JJ#@=$9$k967b%W%m%0%i%`$G$9!#(B
$B%o!<%`$O%7%9%F%`$K46@w$9$k$H!"E57?E*$J3hF0$H$7$F$O!"(B
$BF1$8%7%9%F%`$N $B$7$+$7!"%>%s%S$NGX8e$N$I$3$+$K$O!"$=$l$r$"$d$D$C$F$$$k$b$N$,$$$^$9!#(B
$BC/$+$,%o!<%`$rN)$A>e$2!"?/F~$,$&$^$/$$$C$?8e$G%o!<%`$,$=$l$rJs$;$k$N$G$9!#(B
$B$=$7$F!"%7%9%F%`$,$I$N$h$&$K;H$o$l$F$$$k$+$rCN$k$o$1$G$9!#(B $B$3$l$i$NB?$/$O(B Linux $B%7%9%F%`$G!"(B
$B?t$"$k $B$3$l$OIT5H$JOC$KJ9$3$($^$9$,!"(B
$BFs!";0$N4JC1$JCm0U$G8z2LE*$KKI$0$3$H$,$G$-$^$9!#(B
$B$?$/$5$s$N0W$7$$1B?)$,$"$A$3$A$K$$$k$N$K!"(B
$B$o$6$o$6(B$B$"$J$?$N(B$B%7%9%F%`$K?/F~$9$k$?$a$K(B
$BB?Bg$JEXNO$rHq$d$9$G$7$g$&$+!)(B
$BK\5$$GHs>o$KFq$7$$$3$H$KD)@o$9$k%$%s%;%s%F%#%V$O$"$j$^$;$s!#(B
$BC1$K%9%-%c%s$7$F!"8+$F!";n$7$F!"BLL\$J$i<!$X9T$/!#(B
$B@$$NCf$K$O%9%-%c%s$9$k(B IP $B$,>o$K$^$@$$$/$i$G$b$"$k$N$G$9!#(B
$B$b$7$"$J$?$N%U%!%$%"!<%&%)!<%k$,8z2LE*$K$3$N $B$3$l$i$N%o!<%`$O(B"$BL5M}$d$j$K(B"$BF~$C$F$/$k$3$H$O$G$-$J$$!"(B
$B$H$$$&$3$H$OCm0U$7$F$*$/2ACM$,$"$k$G$7$g$&!#(B
$B%o!<%`$K$O3+$$$F$$$F%"%/%;%92DG=$J%]!<%H$,I,MW$G!"(B
$B$+$D(B$B!"4{$KCN$i$l$F$$$k "$B%9%/%j%W%H%-%G%#(B"$B$H$O(B"$B%/%i%C%+!<(B"
$B%o%J%S!<!J$J$j$?$,$j20!K$G!"(B
$BH`$^$?$OH`=w<+?H$N967b$r$9$k$N$K= $B%9%/%j%W%H%-%G%#$O<+J,$,;H$&4{@=IJ$N%H%j%C%/$rF~$l$?3s$r;}$C$F$$$F!"(B
$B$=$3$K$OMM!9$J%*%Z%l!<%F%#%s%0%7%9%F%`$N(B"$B%k!<%H%-%C%H(B"
$B$NJ<4o8K$,4^$^$l$F$$$^$9!#(B
$B967b$7$d$9$$5>@7 $B:F$S!"$3$3$G$N%-!<%]%$%s%H$OH`$i$,(B"$B%9%/%j%W%H(B"$B$r;H$$!"(B
$B0W$7$$1B?)$rC5$7$F$$$k$H$$$&$3$H$G$9!#(B
$B%o!<%`$N6<0R$HF1MM$K!"5!G=$r2L$?$7$F$$$k%U%!%$%"!<%&%)!<%k$H!"(B
$BFs!";0$N4pK\E*$JMQ?4$,$"$l$P!"$3$3$G$N$I$s$J6<0R$b= IP $B%"%I%l%9$r$4$^$+$9$3$H$O$I$l$/$i$$0W$7$$$3$H$G$7$g$&$+!)(B
$BE,@Z$J%D!<%k$,$"$l$P!"Hs>o$K4JC1$J$3$H$J$N$G$9!#(B
$B$3$l$O$I$l$/$i$$$N6<0R$K$J$k$G$7$g$&!)(B
$B TCP/IP $B$,F/$/J}K!$H$7$F!"(B
$B3F%Q%1%C%H$O$=$N=PH/E@$H$"$F@h$N(B IP $B%"%I%l%9$NN>J}$r1?$s$G$$$^$9!#(B
$B$=$l$KBP$9$kJVEz$NDL?.$OA4$F!"$3$N>pJs$K4p$E$$$F$$$^$9!#(B
$B$G$9$+$i!"(BIP $B$N$J$j$9$^$7$K$h$C$F!"(B
$B$@$^$7$?%Q%1%C%H$rAw$j=P$7$?967b $B$7$+$7!"(B
$B$3$l$OI8E*$K$9$k%7%9%F%`$K$D$$$F2?$+$rCN$k$3$H$,=EMW$G$J$$>l9g!"(B
"DoS" $B967b!J0J2<$r;2>H!K$N2DG=@-$r3N$+$K;}$C$F$$$^$9!#(B
$B$=$7$FF1MM$K!"$"$k $B%o!<%`$H9-$$HO0O$KEO$k%"%I%l%9$N%9%-%c%s$O!"Hs8D?ME*$J$b$N$G$9!#(B
$B$=$l$i$OC1$K@H $B$3$N>l9g$K$O!"967b $B7+$jJV$7$^$9$,!"$3$N%7%J%j%*$OE57?E*$J<+Bp$N%7%9%F%`$K$D$$$F$O!"(B
$B$a$C$?$K$"$j$=$&$K$J$$$3$H$G$9!#(B
$B0lHLE*$K$O!"$b$C$HBg$-$J3MJ*$,$"$k;~$K!"(B
$B>.$5$J5{$K;~4V$HEXNO$r;H$&%$%s%;%s%F%#%V$,C1$K$J$$$+$i$G$9!#(B
$BI8E*$K$J$k$+$b$7$l$J$$?M!9$K$D$$$F$N!"(B
$B:GA1$NKI8f$O2f!9$,4{$K5DO@$7$F$-$?J}K!$NB?$/$r4^$s$G$$$^$9!#(B
$BCm0U?<$/$"$k$3$H$,2?$h$j$b=EMW$J$3$H$G$9!#(B
$BNI$$%m%0$N "DoS" $B$H$O$^$?JL$N%?%$%W$N967b$G!"(B
$B$=$NL\E*$O!"(B
$BL\I8$N%7%9%F%`$d%M%C%H%o!<%/$,$=$N5!G=$r@5>o$K2L$?$;$J$/$J$k$h$&$K!"(B
$B:.Mp$5$;!"%H%i%U%#%C%/NL$G05E]$9$k$3$H$G$9!#(B
DoS $B$K$OMM!9$J7A$,$"$j$($^$9$,!"(B
$B%$%s%?!<%M%C%H>e$G$O$3$l$O$7$P$7$P!"(B
$BBgNL$N%Q%1%C%H$rAw$j$D$1!"8z2LE*$K@\B3$rIT2DG=$K$9$k$3$H$G!"(B
$B5>@7 $B$3$N967b$O<+Bp%f!<%6$h$j$b!"4k6H$d!"(B
$B9-$/CmL\$5$l$F$$$k%5%$%H$r%?!<%2%C%H$K$9$k$3$H$NJ}$,!"(B
$B$h$j$"$j$=$&$J$3$H$G$9!#(B
$B$=$7$F$3$N%F%/%K%C%/$K6~I~$9$k$N$r?)$$;_$a$k$3$H$O(B
$B6K$a$FFq$7$$$3$H$K$J$j$($^$9!#(B
$B$=$7$F$=$N$?$a$K$O!"0lHLE*$K$O!"(B
$B$=$NI8E*$KE~C#$9$kA0$K$=$NN.$l$r;_$a$k$+!"$^$?$O:G>.2=$9$k$?$a$K!"(B
$B$=$N8;$HI8E*$N4V$N%M%C%H%o!<%/$N6(NO$,I,MW$K$J$j$^$9!#(B
$B$R$H$?$S!"$=$l$i$,L\I8$KFO$$$F$7$^$($P!"(B
$B40A4$K$=$l$i$rL5;k$9$kNI$$J}K!$O$"$j$^$;$s!#(B "DDoS" (Distributed Denial of Service),
$B$D$^$jJ,;6$5$l$?%5!<%t%#%95qH]967b$O!"(B
$B$=$N8z2L$r:GBg2=$9$k$?$a$KJ#?t$N8;$r;H$&$b$N$G$9!#(B
$B$3$l$b$^$?!"D>@\%[!<%`%f!<%6$rI8E*$K$9$k$3$H$O$"$j$=$&$K$J$$$G$7$g$&!#(B
$B$3$l$i$O(B"$B%/%i%C%+!<(B"$B$^$?$O%9%/%j%W%H%-%G%#$K$h$C$F(B
"$B=jM-$5$l$F$$$k(B""$BE[Nl$?$A(B(slaves)"$B$G!"(B
$BL\$r3P$^$5$l$k$H5>@7 $B$b$7$"$J$?$,%[!<%`%f!<%6$G!"F0E*$J(B IP $B%"%I%l%9$r;H$C$F$$$l$P!"(B
$B$"$J$?$,$=$NI8E*$K$J$C$?$H$-$K$O!"(B
$B?7$7$$(B IP $B$rF@$k$?$a$K@\B3$r@Z$C$F:F@\B3$9$k$3$H$,!"(B
$B8z2LE*$JBP=hK!$+$b$7$l$^$;$s!#$*$=$i$/!#(B "Brute force$B!JNO$^$+$;!"$7$i$_$D$V$7!K(B"$B967b$O(B
$B967b $B$H$3$m$G!"(B
$B$3$l$O1s3V$+$i$N(B root $B%m%0%$%s$r5v2D$9$k$3$H$KH?BP$9$k!"(B
$B0l$D$NNI$$O@E@$rM?$($F$b$$$^$9!#(B
root $B%"%+%&%s%H$OA4$F$N%7%9%F%`$GB8:_$7$^$9!#(B
$B$*$=$i$/$3$N$h$&$J@-$H%Q%9%o!<%I$N(B$BN>J}(B$B$r(B
$B?dB,$5$;$?$$$G$7$g$&$,!"(B
$B$b$7(B root $B$K%j%b!<%H%m%0%$%s$,5v$5$l$F$$$l$P!"(B
$B967b $B$3$l$O?4G[$9$k$3$H$N(B$B$J$$(B$B$b$N$G$9!#(B
$B%&%#%k%9$O8.4.1. $B%]!<%H%9%-%c%s$H%W%m!<%V(B
8.4.2. $B%k!<%H%-%C%H(B (rootkit)
8.4.3. $B%o!<%`$H%>%s%S(B
8.4.4. $B%9%/%j%W%H%-%G%#$?$A(B
8.4.5. IP $B$N$J$j$9$^$7(B
8.4.6. $BI8E*$rDj$a$?967b(B
8.4.7. $B%5!<%t%#%95qH]967b(B(Denial fo Service DoS)
8.4.8. Brute Force $B!JNO$^$+$;!"iM$D$V$7967b!K(B
8.4.9. $B%&%#%k%9(B
$B$5$i$J$kFI$_J*$X$N%j%U%!%l%s%9$r0J2<$K5s$2$^$9!#(B $B$"$J$?$,;H$C$F$$$k%G%#%9%H%j%S%e!<%7%g%s$N%5%$%H!"(B $B%;%-%e%j%F%#%Z!<%8!"(Bftp $B%@%&%s%m!<%I%5%$%H$O5s$2$i$l$F$$$^$;$s$N$G!"(B $B<+J,$G8+$D$1$kI,MW$,$"$j$^$9!#(B $B$=$7$F$=$l$i$rI,$:%V%C%/%^!<%/$7$F$/$@$5$$!*(B
$BB>$N4XO"J8=q$O(B Linux $B%I%-%e%a%s%H%W%m%8%'%/%H$G8+$D$1$i$l$^$9!'(B
| Security HOWTO: http://tldp.org/HOWTO/Security-HOWTO.html $B!J(BJF$BF|K\8lHG(Bhttp://www.linux.or.jp/JF/JFdocs/Security-HOWTO.html$B!K(B |
| Firewall HOWTO: http://tldp.org/HOWTO/Firewall-HOWTO.html $B!J(BJF$BF|K\8lHG(Bhttp://www.linux.or.jp/JF/JFdocs/Firewall-HOWTO.html$B!K(B |
| Ipchains HOWTO: http://tldp.org/HOWTO/IPCHAINS-HOWTO.html $B!J(BJF$BF|K\8lHG(Bhttp://www.linux.or.jp/JF/JFdocs/IPCHAINS-HOWTO.html$B!K(B |
| User Authentication: http://tldp.org/HOWTO/User-Authentication-HOWTO/index.html, $B$3$l$O(B PAM $B$K$D$$$F$NAG@2$i$7$$5DO@$r4^$s$G$$$^$9!#(B $B!J(BJF$BF|K\8lHG(Bhttp://www.linux.or.jp/JF/JFdocs/User-Authentication-HOWTO.txt$B!K(B |
| VPN (Virtual Private Network): http://tldp.org/HOWTO/VPN-HOWTO.html $B$H(B http://tldp.org/HOWTO/VPN-Masquerade-HOWTO.html $B!J(BJF$BF|K\8lHG(Bhttp://www.linux.or.jp/JF/JFdocs/VPN-HOWTO.txt$B!K(B |
| The Remote X Apps Mini HOWTO,
http://www.tldp.org/HOWTO/mini/Remote-X-Apps.html,
$B$K$O(B X Window $B$r%;%-%e%"$K |
| The Linux Network Administrators Guide: http://tldp.org/LDP/nag2/index.html, $B$O%M%C%H%o!<%/$H(B TCP/IP $B$H%U%!%$%"!<%&%)!<%k$K$D$$$F$NNI$$(B $B354Q@bL@$r4^$s$G$$$^$9!#(B |
| The Linux Administrator's Security Guide: http://www.seifried.org/lasg/, $B$O!"%U%!%$%"!<%&%)!<%k!"%Q%9%o!<%I!"G'>Z!"(BPAM $B$J$I$J$I$K$D$$$F$N!"(B $B6=L#?<$$B?$/$N%H%T%C%/$r4^$s$G$$$^$9!#(B |
| Securing Red Hat: http://tldp.org/LDP/solrhe/Securing-Optimizing-Linux-RH-Edition-v1.3/index.html |
ipchains $B$H(B iptables $B%U%!%$%"!<%&%)!<%k%9%/%j%W%H$N%+%9%?%`@_Dj$r:n$k$?$a$N%D!<%k!'(B
| Firestarter: http://firestarter.sourceforge.net |
| $BFs$D$N4XO"%W%m%8%'%/%H!'(B http://seawall.sourceforge.net/ (ipchains), http://shorewall.sourceforge.net/ (iptables). |
netfilter $B%G%#%Y%m%C%Q!<$+$i$N(B netfilter $B$H(B iptables $B$NJ8=q(B
$B!JB?$/$NB>$N8@8l$G$bF~ FAQ: http://netfilter.samba.org/documentation/FAQ/netfilter-faq.html
$B%Q%1%C%H%U%#%k%?%j%s%0!'(B http://netfilter.samba.org/documentation/HOWTO/packet-filtering-HOWTO.html
$B%M%C%H%o!<%-%s%0!'(B http://netfilter.samba.org/documentation/HOWTO/networking-concepts-HOWTO.html
NAT/$B%^%9%+%l!<%G%#%s%0!'(B http://netfilter.samba.org/documentation/HOWTO/NAT-HOWTO.html
$B%]!<%HHV9f3d$jEv$F!"%9%-%c%J!<$,%9%-%c%s$9$k$+$b$7$l$J$$$b$N$K$D$$$F!'(B
| http://www.linuxsecurity.com/resource_files/firewalls/firewall-seen.html |
| http://www.sans.org/newlook/resources/IDFAQ/oddports.htm |
| http://www.iana.org/assignments/port-numbers, $B8x<0$N%]!<%HHV9f3d$jEv$F!#(B |
$B0lHLE*$J%;%-%e%j%F%#%5%$%H!#(B $B$3$l$i$K$OA4$F!"J8=q!"7Y9p!"%K%e!<%9%l%?!<!"%a%$%j%s%0%j%9%H!"(B $B$=$N$[$+$N>pJs8;$K$D$$$F$N%3!<%J!<$,$"$j$^$9!#(B
| Linux Security.com: http://www.linuxsecurity.com, $BNI$$>pJs$,=8$a$i$l$F$$$k!#(BLinux $B8GM-$N>pJs!#(B $BNI$$J8=q$,Bt;3!'(B http://www.linuxsecurity.com/docs/ |
| CERT, http://www.cert.org |
| The SANS Institute: http://www.sans.org/ |
| The Coroner's Toolkit (TCT)$B!J8!;k41$NF;6qH"!K(B: http://www.fish.com/security/,
$B?/F~$N$=$N8e$NLdBj!J?/F~ |
$B%W%i%$%P%7!<!'(B
| Junkbuster: http://www.junkbuster.com, web $B%W%m%-%7!"%/%C%-!<%^%M!<%8%c!#(B |
| PGP: http://www.gnupg.org/ |
$BB>$NJ8=q$H;29M%5%$%H!'(B
| Linux Security.com: http://www.linuxsecurity.com/docs/ |
| Linux Newbie: http://www.linuxnewbie.org/nhf/intel/security/index.html |
| The comp.os.linux.security FAQ: http://www.linuxsecurity.com/docs/colsfaq.html |
| The Internet Firewall FAQ: http://www.interhack.net/pubs/fwfaq/ |
| The Site Security Handbook RFC: http://www.ietf.org/rfc/rfc2196.txt |
$B6=L#?<$$%5%$%H$$$m$$$m!'(B
| http://www.bastille-linux.org, Mandrake $B$H(B Redhat $B$N$_!#(B |
| SAINT: http://www.wwdsi.com/saint/, $B%7%9%F%`%;%-%e%j%F%#2r@O!#(B |
| SSL: http://www.openssl.org/ |
| SSH: http://www.openssh.org/ |
| $B<+J,<+?H$r%9%-%c%s!'(Bhttp://www.hackerwhacker.com |
| PAM: http://www.kernel.org/pub/linux/libs/pam/index.html |
| $B%H%m%$$NLZGO$r$7$+$1$i$l$?(B Linux $B%+!<%M%k%b%8%e!<%k$r8!=P!'(B http://members.prestige.net/tmiller12/papers/lkm.htm |
| $B%k!<%H%-%C%H!&%A%'%C%+!<(Bhttp://www.chkrootkit.org |
| $B%]!<%H%9%-%c%s!&%D!<%k(B nmap $B$N%[!<%`%Z!<%8!'(B http://www.insecure.org |
| Nessus$B!JC1$J$k%]!<%H%9%-%c%J!<0J>e$N$b$N!K!'(B http://www.nessus.org |
| tripwire, $B?/F~8!=P%D!<%k!'(B http://www.tripwire.org |
| snort, $B%9%K%C%U%!!<!"$=$NB>!'(B http://www.snort.org |
| http://www.mynetwatchman.com
$B$H(B http://dshield.org
$B$O(B"$BJ,;6?/F~8!=P%7%9%F%`(B"$B$G$9!#(B
$B$3$l$OA0$b$C$FMQ0U$7$?(B"$B%(!<%8%'%s%H$?$A(B"
$B$K$h$C$F%m%0$r=8$a!"(B
$B%G!<%?$r2r@O$9$k$3$H$G |
By Bill Staehle
$BA4$F$N@$3&$O0l$D$N%U%!%$%k$G$9!#(B
$B%U%!%$%k$K$OHs>o$KMM!9$J%?%$%W$,$"$j$^$9$,!"(B $B$3$3$G$OL5M}$KFs$D$N$+$J$j9-$$B2$KJ,$1$F$_$^$9!'(B
$B$3$3$G$^$5$K$"$J$?$,FI$s$G$$$k%F%-%9%H%U%!%$%k$H!"(B
$B!!$=$l$H$O0[$J$k$b$N$G$"$k%P%$%J%j%U%!%$%k!#(B
$B%P%$%J%j%U%!%$%k$O%^%7%s$,FI$`$b$N$G!"(B
$B%F%-%9%H%U%!%$%k$O?M4V$K$h$C$FMF0W$KJT=8$G$-!"(B
$B0lHLE*$K$O?M4V$,FI$`$b$N$G$9!#(B
$B$7$+$7!"%F%-%9%H%U%!%$%k$O%^%7%s$K$bFI$`$3$H$,2DG=$G!"(B
$B *nix $B$G$OMM!9$K0[$J$C$?%F%-%9%H%(%G%#%?$,;HMQ2DG=$G$9!#(B
$BFs!";0$N$b$N$OA4$F$N%7%9%F%`$K$"$j$^$9!#(B
'/bin/ed' $B$H(B '/bin/vi' $B$O$=$&$G$7$g$&!#(B
'vi' $B$O$?$$$F$$$N>l9g!"%i%$%;%s%9$NLdBj$K$h$C$F(B 'vim'
$B$N$h$&$J%/%m!<%s$K$J$C$F$$$^$9!#(B
'vi' $B$H(B 'ed' $B$NLdBjE@$O!"$=$l$i$O62$m$7$/%f!<%6!<$KM%$7$/$J$$!"(B
$B$H$$$&$3$H$G$9!#(B
$B$^$?0l$D$N$h$/$_$i$l$k%(%G%#%?$O(B 'emacs' $B$G$9$,!"(B
$B>o$K%G%U%)%k%H$G%$%s%9%H!<%k$5$l$F$$$k$H$O8B$j$^$;$s!#(B
$B$3$l$O$h$jB?$/$N5!G=$HG=NO$r;}$C$F$$$^$9$,!"(B
$B$3$l$bF1MM$K3X$V$N$,0W$7$/$"$j$^$;$s!#(B $B!V%f!<%6$KM%$7$$!W%(%G%#%?$H$7$F$O!"(B
'mcedit' $B$H(B 'pico' $B$O;O$a$k$N$KNI$$A*Br$G$9!#(B
$B$3$l$i$O$7$P$7$P(B *nix $B$K47$l$F$$$J$$?M$?$A$K$H$C$F$O!"(B
$BB>$N$b$N$h$j$:$C$H0W$7$$$b$N$G$9!#(B $B:G=i$K3X$V$Y$-$3$H$O!"$$$+$KJT=8$N%;%C%7%g%s$r=*N;$9$k$+!"(B
$B$$$+$K%U%!%$%k$NJQ99$rJ]B8$9$k$+!"(B
$B$=$7$F@^$jJV$9$Y$-$G$J$$D9$$0l9T$N@^$jJV$7$rHr$1$k$K$O$I$&$9$k$+(B
$B!J%i%C%W!"$D$^$j9T$N@^$jJV$7$NLdBj!K$G$7$g$&!#(B 'vi' $B%(%G%#%?(B 'vi' $B$O(B Unix $B$N@$3&$G$O:G$bIaDL$N%F%-%9%H%(%G%#%?$N0l$D$G!"(B
$B$[$H$s$IA4$F$N(B *nix $B%7%9%F%`>e$K8+$i$l$^$9!#(B
$B 'vi' $B$,$=$s$J$K62$m$7$$BeJ*$J$i!"(B
$B$I$&$7$F$=$l$r3X$VI,MW$,$"$k$N$G$7$g$&$+!)(B
$BFs$D$NM}M3$,$"$j$^$9!#(B
$B$^$:Bh0l$K!"A0=R$N$h$&$K!"(B
$B$=$l$O$[$H$s$I3NZ$5$l$F$$$F!"(B
$BB>$N!J$b$C$H%f!<%6$KM%$7$$!K%(%G%#%?$O%G%U%)%k%H$G%$%s%9%H!<%k$5$l$F(B
$B$$$k$H$O8B$i$J$$$+$i$G$9!#(B
$BBhFs$NM}M3$O!"(B
$B$=$N!V%3%^%s%I!W$NB?$/$,B>$N%"%W%j%1!<%7%g%s$G$bF/$/$3$H$G$9(B
$B!JNc$($P(B man $B%Z!<%8$r8+$k$?$a$K$bMQ$$$i$l$F$$$k(B 'less' $B$N$h$&$J!K!#(B
'less' $B$r;H$C$F$$$k$H$-$K!"$&$C$+$j(B 'v' $B$N%-!<$r2!$7$F$7$^$&$H!"(B
$B$[$H$s$I$N
nmap $B$N%9%-%c%s$,$I$N$h$&$J$b$N$+(B
$BFs!";0$N4JC1$JNc$r$_$F$_$^$7$g$&!#(B
$B$3$3$G$NL\E*$O2f!9$N%U%!%$%"!<%&%)!<%k$H%7%9%F%`$N40A4$5$r(B
$B8!>Z$9$k$?$a$K$I$N$h$&$K(B nmap $B$r(B
$B;H$&$+$r>R2p$9$k$3$H$G$9!#(B
nmap $B$K$O(B
$B2f!9$KI,MW$N$J$$$=$NB>$N;H$$J}$b$"$j$^$9!#(B
$B$"$J$?$,$=$N=jM- $B4{$K8+$?$h$&$K!"(Bnmap $B$O@vN}$5$l$?(B
$B%]!<%H%9%-%c%sMQ%D!<%k$G$9!#$=$l$O!"(B
$B%[%9%H$,(B"$B$=$3$K(B"$B$"$k$+$I$&$+!"(B
$B$I$N%]!<%H$,3+$$$F$k2DG=@-$,$"$k$N$+$rD4$Y$h$&$H$7$^$9!#(B
$BB>$K$O!"$=$l$i$N%]!<%H$,$I$s$J>uBV$K$"$k$N$+$b!#(B
nmap $B$OJ#;($J%3%^%s%I%i%$%s$r;}$A!"(B
$B?'!9$J%?%$%W$N(B"$B%9%-%c%s(B"$B$,2DG=$G$9!#(B
$B>\:Y$K$D$$$F$O(B man $B%Z!<%8$r$_$F$/$@$5$$!#(B $B$^$:Fs!";0Cm0U$r$7$F$*$-$^$7$g$&!#(B
$B$b$7(B portsentry $B$r;H$C$F$$$k$J$i!"(B
$B$=$l$rDd;_$7$F$/$@$5$$!#(B
$B$3$l$O%9%-%c%s$,$I$3$+$iMh$h$&$,!"$=$N8~$+$&7PO)$rMn$H$7$F$7$^$$$^$9!#(B
$B$9$Y$F$N%m%0 $BC1=c$J!"(B"$B%m!<%+%k%[%9%H(B"$B$N%G%U%)%k%H%9%-%c%s!'(B $B$3$NJ8=q$N$[$H$s$I$K4{$KL\$rDL$7$F$$$kJ}$K$O!"(B
$B:#$d$3$l$i$N%5!<%t%#%9$,8+47$l$?$b$N$K$J$C$F$$$k$3$H$G$7$g$&!#(B
$B$3$l$i$NCf$K$O:#$^$G$NB>$NNc$G8+$F$-$?$b$N$HF1$8%]!<%H$,$"$j$^$9!#(B
$B$3$N%9%-%c%s$GCm0U$9$Y$-$3$H$O!"(B
$B%9%-%c%s$O(B 1500 $B8D6/$N(B"$B6=L#$"$k(B"$B%]!<%H(B
$B$KBP$79T$o$l$?$@$1$G$"$k!JA4$F$N%]!<%H$KBP$7$F$G$O$J$$!K$H$$$&$3$H$G$9!#(B
$B$3$l0J>e$N%9%-%c%s$,$7$?$1$l$P!"$=$&$7$?@_Dj$b2DG=$G$9(B
$B!J(Bman $B%Z!<%8$r;2>H$7$F$/$@$5$$!K!#(B
$B$=$l$K!"(BTCP $B%]!<%H$N$_$7$+%9%-%c%s$5$l$F$$$^$;$s!#(B
$B$3$l$bK>$a$P!"$=$l0J30$N%9%-%c%s$b@_Dj2DG=$G$9!#(B
$B$3$l$O(B netstat $B$,A4$F$N3+$$$?%]!<%H$r!"(B
$B<*$r$9$^$;$F$$$h$&$,$$$^$$$,I=<($9$k$N$H$O0[$J$C$F!"(B
"$B<*$r$9$^$;$F$$$k(B"$B%5!<%t%#%9$@$1$r%T%C%/%"%C%W$7$^$9!#(B
$B$3$3$G$N:G8e$N(B 3000 $BHV$H$J$C$F$$$k(B"$B3+$$$?(B"$B%]!<%H$O!"(B
"PPP" $B$G$"$k$HG'<1$5$l$F$$$^$9!#(B
$B4V0c$$$G$9!*$3$l$O$3$N%]!<%HHV9f$K$D$$$F(B /etc/services
$B%U%!%$%k$K4^$^$l$F$$$k>pJs$K4p$E$$$F(B nmap $B$,3X=,$7$?7k2L$N?dB,$K(B
$B2a$.$J$$$+$i$G$9!#(B
$B $B$3$NJ8=q$NA4$F$N(B netstat $B$NNc$K$*$$$F$O!"(B
$B2f!9$O3+$$$?%]!<%H$rFs$D$N%/%i%9$KJ,$1$F$$$^$7$?!'(B
$B<*$r$9$^$;$F$$$k%5!<%P$H!"2f!9$,@\B3$r4uK>$7$?B>$N%j%b!<%H%[%9%H(B
$B!JNc$($P!"$I$3$+$K$"$k(B web $B%5!<%P!K$H@\B3$,3NN)$7$F$$$k$b$N$G$9!#(B
nmap $B$O:G=i$N%0%k!<%W$7$+8+$^$;$s!"(B
$B$D$^$j<*$r$9$^$;$F$$$k%5!<%P$@$1$G$9!*(B
$B2f!9$r%j%b!<%H%5!<%P$K7R$2$F$$$k%]!<%H$OIT2D;k$G!"(B
$B$f$($K!"4m81$G$O$J$$$N$G$9!#(B
$B$3$l$i$N%]!<%H$O$=$N@\B30l$D$K$D$$$F(B"$B%W%i%$%Y!<%H(B"
$B$J$b$N$J$N$G!"@\B3$,=*N;$7$?;~$KJD$8$i$l$^$9!#(B $B$G$9$+$i!"$3$3$G3+$$$?%]!<%H$HJD$8$?%]!<%H$r;}$C$F$$$k$o$1$G$9!#(B
$B= $B$b$&>/$76/NO$J%9%-%c%s$r$7$F$_$^$7$g$&!#(B
$B:#EY$O!"A4$F$N%]!<%H!"(BTCP $B$b(B UDP $B$b!"$r%A%'%C%/$7$^$9!#(B $B:#EY$O$?$@(B"$B6=L#$"$k(B"$B%]!<%H$@$1$G$O$J$/!"(B
$BA4$F$N%]!<%H$rD4$Y$F$$$^$9!#(B
$B$3$N%W%m%;%9$G?7$?$KFs$D$N$b$N$,%T%C%/%"%C%W$5$l$^$7$?!#(B
$B2f!9$O0JA0$K4{$K$3$l$i$r(B netstat $B$rMQ$$$F(B
$B8+$?$N$G!"2f!9$O$3$l$i$,2?$G$"$k$+$rCN$C$F$$$^$9!#(B
$B$=$l$O(B 8000/tcp $B%]!<%H>e$N(B Junkbuster
$B%&%'%V%W%m%-%7$H!"(B32768/udp $B%]!<%H>e$N(B named $B$G$9!#(B
$B$3$l$K$OA0$N>l9g$h$j$b$C$H!"$b$C$HD9$$;~4V$,$+$+$j$^$9$,!"(B
$BA4$F$N%]!<%H$rD4$Y$k$?$a$NM#0l$NJ}K!$G$9!#(B $B$3$l$G(B bigcat $B$N>e$G$I$N%]!<%H$,3+$$$F$$$k$+$K$D$$$F(B
$B$J$+$J$+NI$$>pJs$rF@$i$l$^$7$?!#(B
$B$3$3$G$O%m!<%+%k%[%9%H$+$i%m!<%+%k%[%9%H$r%9%-%c%s$7$F$$$^$9$+$i!"(B
$BA4$F$N%]!<%H$,2D;k$G$9!#(B
$B2f!9$O0MA3$H$7$F30$N@$3&$+$i2f!9$,$I$&8+$($F$$$k$N$+$O$o$+$j$^$;$s!#(B
$B$3$3$G!"F1$8(B LAN $BFb$NB>$N%[%9%H$K(B ssh
$B@\B3$7$F$_$F!"$^$?%9%-%c%s$7$F$_$^$9!#(B
# nmap localhost
Starting nmap V. 2.53 by [email protected] ( www.insecure.org/nmap/ )
Interesting ports on bigcat (127.0.0.1):
(The 1507 ports scanned but not shown below are in state: closed)
Port State Service
22/tcp open ssh
25/tcp open smtp
37/tcp open time
53/tcp open domain
80/tcp open http
3000/tcp open ppp
Nmap run completed -- 1 IP address (1 host up) scanned in 2 seconds
# nmap -sT -sU -p 1-65535 localhost
Starting nmap V. 2.53 by [email protected] ( www.insecure.org/nmap/ )
Interesting ports on bigcat (127.0.0.1):
(The 131050 ports scanned but not shown below are in state: closed)
Port State Service
22/tcp open ssh
25/tcp open smtp
37/tcp open time
53/tcp open domain
53/udp open domain
80/tcp open http
3000/tcp open ppp
8000/tcp open unknown
32768/udp open unknown
Nmap run completed -- 1 IP address (1 host up) scanned in 385 seconds
# nmap bigcat
Starting nmap V. 2.53 by [email protected] ( www.insecure.org/nmap/ )
Interesting ports on bigcat (192.168.1.1):
(The 1520 ports scanned but not shown below are in state: closed)
Port State Service
22/tcp open ssh
3000/tcp open ppp
Nmap run completed -- 1 IP address (1 host up) scanned in 1 second
$B$3$3$G$O6/D4$N$?$a$K(B iptables
$B$N%k!<%k$K
# nmap bigcat Starting nmap V. 2.53 by [email protected] ( www.insecure.org/nmap/ ) Note: Host seems down. If it is really up, but blocking our ping probes, try -P0 Nmap run completed -- 1 IP address (0 hosts up) scanned in 30 seconds |
$B$*$C$H!":#EY$O;d$,;E;v$r$7$F$$$k4V$K!"(B ICMP (ping) $B$r%V%m%C%/$7$F$7$^$C$?$h$&$G$9!#(B $B$b$&0l2s!'(B
# nmap -P0 bigcat Starting nmap V. 2.53 by [email protected] ( www.insecure.org/nmap/ ) All 1523 scanned ports on bigcat (192.168.1.1) are: filtered Nmap run completed -- 1 IP address (1 host up) scanned in 1643 seconds |
$B$3$l$G$9!#$$$+$KD9$$;~4V$,$+$+$C$F$$$k$+$KCm0U$7$F$/$@$5$$!#(B $B%]!<%H$O:#!"(B"$BJD$8$F(B"$B$$$kBe$o$j$K!"(B "$B%U%#%k%?!<(B"$B$r$+$1$i$l$F$$$k$3$H$KCm0U$7$F$/$@$5$$!#(B "nmap" $B$O$I$&$d$C$F$3$l$rCN$k$N$G$7$g$&!)(B "$BJD$8$F$$$k(B(closed)"$B$H$$$&8@MU$,0UL#$9$k$N$O(B bigcat $B$,(B"$B$3$3$K$O2?$bAv$C$F$$$^$;$s$h(B"$B!"(B $B$H%Q%1%C%H$rAw$jJV$7$F$-$?!"$H$$$&$3$H$G!"(B $B$D$^$j!"%]!<%H$,JD$6$5$l$F$$$k!"$H$$$&$3$H$K$J$j$^$9!#(B $B$3$N:G8e$NNc$G$O!"(Biptables $B$N5,B'$O(B ICMP (ping) $B$r5v2D$;$:!"A4$F$NF~$C$F$/$k%Q%1%C%H$r(B "$BMn$H$9(B(DROP)"$B$h$&$KJQ99$5$l$F$$$^$7$?!#(B $B8@$$49$($l$P!"$^$C$?$/2?$NJV;v$b$"$j$^$;$s!#(B $B$?$H$(2?$NJV;v$b$J$$$H$7$F$b!"(B nmap $B$O0MA3$H$7$F%[%9%H$,$=$3$K$"$k$3$H$OCN$C$F$$$k(B $B$N$G$9$+$i!"$3$3$K$OHyL/$J:9$,$"$j$^$9!#(B $B$3$3$G$N0l$D$N6571$O!"$b$7$"$J$?$,%9%-%c%s$rCY$/$5$;$?$$$J$i!"(B $B%Q%1%C%H$r(B"DROP" ($B$^$?$O(B "DENY") $B$9$l$P$h$$$H8@$&$3$H$G$9!#(B $B$3$l$K$h$C$F!"3F%]!<%H$N8!>Z$K$*$$$F!"(B $B%j%b!<%H@\B3$,(B TCP $B%?%$%`%"%&%H$9$k$3$H$K$J$j$^$9!#(B $B7k6I!"%9%-%c%s$,$3$N$h$&$J7k2L$r<($7$F$$$k$J$i!"(B $B$&$^$/4|BTDL$j$NF0:n$r$7$F$$$k!"$D$^$j!"(B $B$"$J$?$N%U%!%$%"!<%&%)!<%k$,<+J,$N;E;v$r2L$?$7$F$$$k$N$G$9!#(B
UDP $B$K$D$$$F$NC;$$Cm0U!'(B
nmap $B$O
$B30It$N@$3&$+$i%7%9%F%`$,$I$&8+$($F$$$k$+$r%7%_%e%l!<%H$9$k$?$a$K!"(B
LAN $B$N@_Dj$G%U%!%$%"!<%&%)!<%k$r$$$8$C$F$_$k$3$H$,$G$-$^$9!#(B
$B$b$7$"$J$?$,=
"sysctl" $B$N%*%W%7%g%s$O(B /proc $B%U%!%$%k%7%9%F%`$rDL$7$F@_Dj$G$-$k%+!<%M%k%Q%i%a!<%?$G$9!#(B $B$3$l$i$O%i%s%?%$%`;~$KF0E*$KD4@0$9$k$3$H$,$G$-$^$9!#(B $BE57?E*$K$O$3$l$i$N%*%W%7%g%s$O(B "0" $B$K%;%C%H$5$l$F$$$l$P%*%U$G!"(B "1" $B$N$H$-$O%*%s$G$9!#(B
$B$3$l$i$N$$$/$D$+$O%;%-%e%j%F%#
#!/bin/sh # # Configure kernel sysctl run-time options. # kernel sysctl $B%i%s%?%$%`%*%W%7%g%s@_Dj(B ################################################################### # Anti-spoofing blocks # $B%"%s%A!&%9%W!<%U%#%s%0$,%V%m%C%/(B for i in /proc/sys/net/ipv4/conf/*/rp_filter; do echo 1 > $i done # Ensure source routing is OFF # $B%=!<%9%k!<%F%#%s%0$r%*%U$K(B for i in /proc/sys/net/ipv4/conf/*/accept_source_route; do echo 0 > $i done # Ensure TCP SYN cookies protection is enabled # TCP SYN $B%/%C%-!<%W%m%F%/%7%g%s$r2DG=$K(B [ -e /proc/sys/net/ipv4/tcp_syncookies ] &&\ echo 1 > /proc/sys/net/ipv4/tcp_syncookies # Ensure ICMP redirects are disabled # ICMP $B%j%@%$%l%/%H$rIT2DG=$K(B for i in /proc/sys/net/ipv4/conf/*/accept_redirects; do echo 0 > $i done # Ensure oddball addresses are logged # $B$*$+$7$J%"%I%l%9$O%m%0$r |
$B$3$N>O$G$O@x:_E*$K%;%-%e%"$G$J$$J}K!$KBP$7$F!"(B
$B0BA4$JBeBXJ*$r
telnet, rsh $B$O(B ssh $B$K!#(B
ftp, rcp $B$O(B scp $B$^$?$O(B sftp $B$K!#(B $BN>J}$H$b(B ssh $B%Q%C%1!<%8$K4^$^$l$F$$$^$9!#(B $B$^$?!"$b$7(B Apache $B$,4{$KAv$C$F$$$l$P!"(B HTTP $B7PM3$G%U%!%$%k$O4JC1$KE>Aw$G$-$^$9!#(B Apache $B$O(B SSL (HTTPS) $B$rMQ$$$k$3$H$G$5$i$K$7$C$+$j$H80$r$+$1$i$l$^$9!#(B
sendmail $B$O(B postfix, qmail $B$K!#(B sendmail $B$N?7$7$$%P!<%8%g%s$i$,(B $B0BA4$G$J$$$H8@$C$F$$$k$o$1$G$O$"$j$^$;$s!#(B $B$?$@C1$K!"$3$l$K$O:#$^$G$N9s$$Nr;K$,$"$j!"(B $B$"$^$j$K9-$/MQ$$$i$l$F$$$k$N$G!"(B $B%/%i%C%+!<$r8F$S4s$;$,$A$@$H$$$&$3$H$G$9!#(B
$B>e$G=R$Y$?$h$&$K!"(BLinux $B%$%s%9%H!<%k$O$7$P$7$P(B
$B40A4$J5!G=$N%a%$%k%5!<%P$r4^$s$G$$$^$9!#(B
$B$3$l$K$OM-Mx$JE@$,$$$/$D$+$"$j$^$9$,!"(B
$BC1=c$K%a%$%k$rAw$C$?$j
POP3 $B$O(B SPOP3, SSL $B7PM3$N(B POP3 $B$K!#(B
$B$b$7K\Ev$K$"$J$?<+?H$N(B POP $B%5!<%P$r1?MQ$9$kI,MW$,$"$k$N$J$i$P!"(B
$B$3$l$,$=$N@5$7$$J}K!$G$9!#(B
$B%W%m%P%$%@$N%5!<%P$+$i$"$J$?$N%a%$%k$r
IMAP $B$r(B IMAPS $B$K!#>e$KF1$8!#(B
$BFCDj$N%5!<%t%#%9$,I,MW$G!"$=$l$,<+J,<+?H$@$1!"(B $B$^$?$O>/?t$NM'?M$@$1$N>l9g$K$O!"(B $B$=$l$r$=$NI8=`$G$J$$%]!<%H$GAv$i$;$k$3$H$r9M$($^$7$g$&!#(B $B$[$H$s$I$N%5!<%P%G!<%b%s$G$3$l$,2DG=$G$9$7!"(B $B@\B3$9$k?M$?$A$,$=$l$rCN$C$F$$$k8B$jLdBj$O$"$j$^$;$s!#(B $BNc$($P!"(Bsshd $B$NI8=`%]!<%HHV9f$O(B 22 $BHV$G$9!#(B $B$I$N%o!<%`$d%9%-%c%s$b$3$N%]!<%HHV9f$r%W%m!<%V$9$k$G$7$g$&!#(B $B$G$9$+$i!"$3$l$r%i%s%@%`$KA*$s$@%]!<%HHV9f$GAv$i$;$k$N$G$9!#(B $B>\$7$/$O(B sshd $B$N(B man $B%Z!<%8$r;2>H$7$F$/$@$5$$!#(B
$B$3$N>O$G$O(B ipchains $B$H(B iptables $B$K$G$-$k$3$H$N(B $B$$$/$D$+$r$b$&>/$7>\$7$/8+$F$_$^$9!#(B $B$3$l$i$O4pK\E*$K$O>e$N%9%F%C%W#3$G8+$?$b$N$HF1$8%9%/%j%W%H$G$9$,!"(B $B$$$/$i$+$5$i$K?J$s$@@_Dj%*%W%7%g%s$,DI2C$5$l$F$$$^$9!#(B "$B%^%9%+%l!<%G%#%s%0(B"$B!"(B "$B%]!<%H%U%)%o!<%G%#%s%0(B"$B!"(B $B$"$k%f!<%6$K8BDj$7$?%5!<%t%#%9$X$N%"%/%;%95v2D!"(B $B$=$N$[$+Fs!";0$N5!G=$,Ds6!$5$l$F$$$^$9!#(B $B$=$l$i$N@bL@$K$D$$$F$O%3%a%s%HJ8$rFI$s$G$/$@$5$$!#(B
#!/bin/sh # # ipchains.sh # # An example of a simple ipchains configuration. This script # can enable 'masquerading' and will open user definable ports. # $BC1=c$J(B ipchains $B@_Dj$NNc!#$3$N%9%/%j%W%H$O!V%^%9%+%l!<%G%#%s%0!W(B # $B$,2DG=$G!"%f!<%6Dj5A%]!<%H$r3+$/!#(B ################################################################### # Begin variable declarations and user configuration options ###### # $BJQ?t@k8@$H%f!<%6@_Dj%*%W%7%g%s(B # Set the location of ipchains (default). # ipchains $B!J%G%U%)%k%H!K$N>l=j$r@_Dj!#(B IPCHAINS=/sbin/ipchains # Local Interfaces # $B%m!<%+%k%$%s%?!<%U%'!<%9(B # This is the WAN interface, that is our link to the outside world. # $B$3$l$O(B WAN $B%$%s%?!<%U%'!<%9!"30$N@$3&$K2f!9$r$D$J$2$k!#(B # For pppd and pppoe users. # pppd $B$H(B pppoe $B%f!<%6$N$?$a!#(B # WAN_IFACE="ppp0" WAN_IFACE="eth0" # # Local Area Network (LAN) interface. # $B%m!<%+%k%(%j%"%M%C%H%o!<%/(B(LAN)$B%$%s%?!<%U%'!<%9(B #LAN_IFACE="eth0" LAN_IFACE="eth1" # Our private LAN address(es), for masquerading. # $B2f!9$N%W%i%$%Y!<%H(B LAN $B%"%I%l%9!J$?$A!K!"%^%9%+%l!<%G%#%s%0$N$?$a$N!#(B LAN_NET="192.168.1.0/24" # For static IP, set it here! # $B%9%?%F%#%C%/(B IP $B$N$?$a!#$3$3$G@_Dj$;$h!*(B #WAN_IP="1.2.3.4" # Set a list of public server port numbers here...not too many! # These will be open to the world, so use caution. The example is # sshd, and HTTP (www). Any services included here should be the # latest version available from your vendor. Comment out to disable # all PUBLIC services. # $B$3$3$G%Q%V%j%C%/%5!<%P$N%]!<%HHV9f$N%j%9%H$r@_Dj!#B?$9$.$J$$$h$&$K!*(B # $B$3$l$i$O@$3&$K8~$1$F3+$+$l$k$N$G!"MWCm0U!#$3$NNc$O(B sshd, HTTP(www). # $B$3$3$N$I$N%5!<%t%#%9$b%t%'%s%@$N:G?7%P!<%8%g%s$K$9$Y$-!#(B # $BA4$F$N%Q%V%j%C%/%5!<%t%#%9$rIT2DG=$K$9$k$?$a$K$O%3%a%s%H%"%&%H$;$h!#(B #PUBLIC_PORTS="22 80 443" PUBLIC_PORTS="22" # If we want to do port forwarding, this is the host # that will be forwarded to. # $B$b$7%]!<%H%U%)%o!<%G%#%s%0$7$?$$$J$i!"$3$l$,%U%)%o!<%I$5$l$k@h$N%[%9%H(B #FORWARD_HOST="192.168.1.3" # A list of ports that are to be forwarded. # $B%U%)%o!<%I$5$l$k$Y$-%]!<%H$N%j%9%H(B #FORWARD_PORTS="25 80" # If you get your public IP address via DHCP, set this. # $B$b$7(B DHCP $B$rDL$8$F%Q%V%j%C%/$J(B IP $B%"%I%l%9$r@_Dj$9$k$J$i!"$3$3$G!#(B DHCP_SERVER=66.21.184.66 # If you need identd for a mail server, set this. # $B%a%$%k%5!<%P$N$?$a$K(B identd $B$,I,MW$J$i$3$3$G!#(B MAIL_SERVER= # A list of unwelcome hosts or nets. These will be denied access # to everything, even our 'PUBLIC' services. Provide your own list. # $BK>$^$L5R$N%[%9%H$H%M%C%H$N%j%9%H!#$3$l$i$OA4$F$X$N%"%/%;%9!"(B # $B2f!9$N%Q%V%j%C%/%5!<%t%#%9$5$($b!"5qH]$5$l$k(B # $B<+J,<+?H$N%j%9%H$rMQ0U$;$h!#(B #BLACKLIST="11.22.33.44 55.66.77.88" # A list of "trusted" hosts and/or nets. These will have access to # ALL protocols, and ALL open ports. Be selective here. # $B!V?.MQ$G$-$k!W%[%9%H$H(B/$B$^$?$O%M%C%H$N%j%9%H!#$3$l$i$OA4$F$N(B # $B%W%m%H%3%k$HA4$F$N3+$$$?%]!<%H$K%"%/%;%9$G$-$k!#(B # $B$3$l$O@:A*$7$F!#(B #TRUSTED="1.2.3.4/8 5.6.7.8" ## end user configuration options ################################# ## $B%(%s%I%f!<%6@_Dj%*%W%7%g%s(B ################################################################### # The high ports used mostly for connections we initiate and return # traffic. # $B%H%i%U%#%C%/$r=i4|2=!"JV?.$N$?$a$N@\B3$K |
#!/bin/sh
#
# iptables.sh
#
# An example of a simple iptables configuration. This script
# can enable 'masquerading' and will open user definable ports.
# $BC1=c$J(B ipchains $B@_Dj$NNc!#$3$N%9%/%j%W%H$O!V%^%9%+%l!<%G%#%s%0!W(B
# $B$,2DG=$G!"%f!<%6Dj5A%]!<%H$r3+$/!#(B
###################################################################
# Begin variable declarations and user configuration options ######
# $BJQ?t@k8@$H%f!<%6@_Dj%*%W%7%g%s(B
# Set the location of iptables (default).
# ipchains $B!J%G%U%)%k%H!K$N>l=j$r@_Dj!#(B
IPTABLES=/sbin/iptables
# Local Interfaces
# $B%m!<%+%k%$%s%?!<%U%'!<%9(B
# This is the WAN interface that is our link to the outside world.
# $B$3$l$O(B WAN $B%$%s%?!<%U%'!<%9!"30$N@$3&$K2f!9$r$D$J$2$k!#(B
# For pppd and pppoe users.
# pppd $B$H(B pppoe $B%f!<%6$N$?$a!#(B
# WAN_IFACE="ppp0"
WAN_IFACE="eth0"
#
# Local Area Network (LAN) interface.
# $B%m!<%+%k%(%j%"%M%C%H%o!<%/(B(LAN)$B%$%s%?!<%U%'!<%9(B
#LAN_IFACE="eth0"
LAN_IFACE="eth1"
# Our private LAN address(es), for masquerading.
# $B2f!9$N%W%i%$%Y!<%H(B LAN $B%"%I%l%9!J$?$A!K!"%^%9%+%l!<%G%#%s%0$N$?$a$N!#(B
LAN_NET="192.168.1.0/24"
# For static IP, set it here!
# $B%9%?%F%#%C%/(B IP $B$N$?$a!#$3$3$G@_Dj$;$h!*(B
#WAN_IP="1.2.3.4"
# Set a list of public server port numbers here...not too many!
# These will be open to the world, so use caution. The example is
# sshd, and HTTP (www). Any services included here should be the
# latest version available from your vendor. Comment out to disable
# all Public services. Do not put any ports to be forwarded here,
# this only direct access.
# $B$3$3$G%Q%V%j%C%/%5!<%P$N%]!<%HHV9f$N%j%9%H$r@_Dj!#B?$9$.$J$$$h$&$K!*(B
# $B$3$l$i$O@$3&$K8~$1$F3+$+$l$k$N$G!"MWCm0U!#$3$NNc$O(B sshd, HTTP(www).
# $B$3$3$N$I$N%5!<%t%#%9$b%t%'%s%@$N:G?7%P!<%8%g%s$K$9$Y$-!#(B
# $BA4$F$N%Q%V%j%C%/%5!<%t%#%9$rIT2DG=$K$9$k$?$a$K$O%3%a%s%H%"%&%H$;$h!#(B
# $B%U%)%o!<%I$5$l$k%]!<%H$O$I$l$b$3$3$K$*$+$J$$$3$H!"$3$l$OD>@\$N(B
# $B%"%/%;%9$N$_!#(B
#PUBLIC_PORTS="22 80 443"
PUBLIC_PORTS="22"
# If we want to do port forwarding, this is the host
# that will be forwarded to.
# $B$b$7%]!<%H%U%)%o!<%G%#%s%0$7$?$$$J$i!"$3$l$,%U%)%o!<%I$5$l$k@h$N%[%9%H!#(B
#FORWARD_HOST="192.168.1.3"
# A list of ports that are to be forwarded.
# $B%U%)%o!<%I$5$l$k$Y$-%]!<%H$N%j%9%H(B
#FORWARD_PORTS="25 80"
# If you get your public IP address via DHCP, set this.
# $B$b$7(B DHCP $B$rDL$8$F%Q%V%j%C%/$J(B IP $B%"%I%l%9$r@_Dj$9$k$J$i!"$3$3$G!#(B
DHCP_SERVER=66.21.184.66
# If you need identd for a mail server, set this.
# $B%a%$%k%5!<%P$N$?$a$K(B identd $B$,I,MW$J$i$3$3$G!#(B
MAIL_SERVER=
# A list of unwelcome hosts or nets. These will be denied access
# to everything, even our 'Public' services. Provide your own list.
# $BK>$^$L5R$N%[%9%H$H%M%C%H$N%j%9%H!#$3$l$i$OA4$F$X$N%"%/%;%9!"(B
# $B2f!9$N%Q%V%j%C%/%5!<%t%#%9$5$($b!"5qH]$5$l$k(B
# $B<+J,<+?H$N%j%9%H$rMQ0U$;$h!#(B
#BLACKLIST="11.22.33.44 55.66.77.88"
# A list of "trusted" hosts and/or nets. These will have access to
# ALL protocols, and ALL open ports. Be selective here.
# $B!V?.MQ$G$-$k!W%[%9%H$H(B/$B$^$?$O%M%C%H$N%j%9%H!#$3$l$i$OA4$F$N(B
# $B%W%m%H%3%k$HA4$F$N3+$$$?%]!<%H$K%"%/%;%9$G$-$k!#(B
# $B$3$l$O@:A*$7$F!#(B
#TRUSTED="1.2.3.4/8 5.6.7.8"
## end user configuration options #################################
## $B%(%s%I%f!<%6@_Dj%*%W%7%g%s(B
###################################################################
# Any and all addresses from anywhere.
# $BG$0U$N>l=j$+$i$NA4$F$N%"%I%l%9(B
ANYWHERE="0/0"
# These modules may need to be loaded:
# $B$3$l$i$N%b%8%e!<%k$rFI$_9~$`I,MW$,$"$k$+$b!#(B
modprobe ip_conntrack_ftp
modprobe ip_nat_ftp
# Start building chains and rules #################################
## $B%A%'%$%s$H5,B'$N@_Dj$N;O$^$j(B
# Let's start clean and flush all chains to an empty state.
# $B$^$:A4$F$N%A%'%$%s$r6u$N>uBV$K!#(B
$IPTABLES -F
$IPTABLES -X
# Set the default policies of the built-in chains. If no match for any
# of the rules below, these will be the defaults that IPTABLES uses.
# $BAH$_9~$_$N%A%'%$%s$N%G%U%)%k%H%]%j%7!<$r@_Dj!#0J2<$N%k!<%k$N$I$l$K$b(B
# $B0lCW$7$J$1$l$P!"$3$l$i$,(B IPTABLES $B$N;H$&%G%U%)%k%H$K$J$k!#(B
$IPTABLES -P FORWARD DROP
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -P INPUT DROP
# Accept localhost/loopback traffic.
# localhost/loopback $B%H%i%U%#%C%/$re$G(B LAN_NET $B$,Dj5A$5$l$F$$$l$P%^%9%+%l!<%@!<$N(B
# $B%U%)%o!<%G%#%s%0$r@_Dj$9$k!#(B
if [ -n "$LAN_NET" ]; then
echo 1 > /proc/sys/net/ipv4/ip_forward
$IPTABLES -A INPUT -i $LAN_IFACE -j ACCEPT
# $IPTABLES -A INPUT -i $LAN_IFACE -s $LAN_NET -d $LAN_NET -j ACCEPT
$IPTABLES -t nat -A POSTROUTING -s $LAN_NET -o $WAN_IFACE -j MASQUERADE
fi
## Blacklist
#$B!!%V%i%C%/%j%9%H(B
# Get the blacklisted hosts/nets out of the way, before we start opening
# up any services. These will have no access to us at all, and will
# be logged.
# $B%V%i%C%/%j%9%H$K$N$C$?%[%9%H(B/$B%M%C%H$r!"$I$N%5!<%t%#%9$b3+$+$l(B
# $B$kA0$KJD$a=P$9!#$3$l$i$O$^$C$?$/2f!9$K%"%/%;%9$r;}$?$:!"(B
# $B%m%0$r$H$i$l$k!#(B
for i in $BLACKLIST; do
$IPTABLES -A INPUT -s $i -m limit --limit 5/minute \
-j LOG --log-prefix "Blacklisted: "
$IPTABLES -A INPUT -s $i -j DROP
done
## Trusted hosts/nets
#$B?.MQ$G$-$k%[%9%H(B/$B%M%C%H(B
# This is our trusted host list. These have access to everything.
# $B?.MQ$9$k%[%9%H$N%j%9%H!#$3$l$i$OA4$F$X$N%"%/%;%98"$r;}$D!#(B
for i in $TRUSTED; do
$IPTABLES -A INPUT -s $i -j ACCEPT
done
# Port Forwarding
#$B%]!<%H%U%)%o!<%G%#%s%0(B
# Which ports get forwarded to which host. This is one to one
# port mapping (ie 80 -> 80) in this case.
# $B$I$N%]!<%H$,$I$N%[%9%H$X%U%)%o!<%I$5$l$k$+!#$3$l$O$3$N>l9g(B
# $B0lBP0l$N%^%C%T%s%0!J$D$^$j!"(B80 $B$+$i(B 80 $B$X!K!#(B
[ -n "$FORWARD_HOST" ] &&\
for i in $FORWARD_PORTS; do
$IPTABLES -A FORWARD -p tcp -s $ANYWHERE -d $FORWARD_HOST \
--dport $i -j ACCEPT
$IPTABLES -t nat -A PREROUTING -p tcp -d $WAN_IP --dport $i \
-j DNAT --to $FORWARD_HOST:$i
done
## Open, but Restricted Access ports
#$B3+$$$?!"$7$+$7@)8B$5$l$?%"%/%;%9$N%]!<%H(B/$B%5!<%t%#%9(B
# Allow DHCP server (their port 67) to client (to our port 68) UDP
# traffic from outside source.
# $B30It%=!<%9$+$i%/%i%$%"%s%H$N!J2f!9$N(B68$BHV%]!<%H$X$N!K(BUDP $B%H%i%U%#%C%/(B
# $B$X!!(BDHCP $B%5!<%P!J(B67$BHV%]!<%H!K$r5v2D$9$k!#(B
[ -n "$DHCP_SERVER" ] &&\
$IPTABLES -A INPUT -p udp -s $DHCP_SERVER --sport 67 \
-d $ANYWHERE --dport 68 -j ACCEPT
# Allow 'identd' (to our TCP port 113) from mail server only.
# $B%a%$%k%5!<%P$N$_$+$i!J2f!9$N(B TCP 113 $BHV%]!<%H$X$N!K(B'identd' $B$r5v2D(B
[ -n "$MAIL_SERVER" ] &&\
$IPTABLES -A INPUT -p tcp -s $MAIL_SERVER -d $WAN_IP --dport 113 -j ACCEPT
# Open up Public server ports here (available to the world):
# $B$3$3$G(B PUBLIC $B%5!<%P%]!<%H$r3+$/!J@$3&$X7R$2$k$?$a!K!'(B
for i in $PUBLIC_PORTS; do
$IPTABLES -A INPUT -p tcp -s $ANYWHERE -d $WAN_IP --dport $i -j ACCEPT
done
# So I can check my home POP3 mailbox from work. Also, so I can ssh
# in to home system. Only allow connections from my workplace's
# various IPs. Everything else is blocked.
# $B$3$l$K$h$C$F;E;v>l$+$i<+Bp$N(B POP3 $B%a%$%k%\%C%/%9$r%A%'%C%/$G$-$k!#(B
# $B$^$?!"<+Bp%7%9%F%`$X(B ssh $B$GF~$k$3$H$b$G$-$k!#;E;v>l$N$5$^$6$^$J(B
# IP $B%"%I%l%9$+$i$N@\B3$r5v2D$9$k$@$1!#B>$OA4$F%V%m%C%/$5$l$k!#(B
$IPTABLES -A INPUT -p tcp -s 255.10.9.8/29 -d $WAN_IP --dport 110 -j ACCEPT
## ICMP (ping)
#
# ICMP rules, allow the bare essential types of ICMP only. Ping
# request is blocked, ie we won't respond to someone else's pings,
# but can still ping out.
# ICMP $B$N5,B'!"(BICMP $B$N$`$-=P$7$NK\ |
$B:G=EMW%]%$%s%H$r4JC1$K$*$5$i$$$7$F$_$^$7$g$&!D(B
$B2f!9$O%[%9%H$K4p$E$$$?%"%/%;%9@)8f$N5,B'!'(B
"$B%V%i%C%/%j%9%H$K$"$,$k$b$N(B"$B$H(B"$B?.MQ$G$-$k$b$N(B"
$B$NFs$D$K$D$$$F$N5,B'$r2C$($^$7$?!#(B
$B$=$7$FMM!9$J
$B$G$9$+$i!">e$G=R$Y$?>/?t$NNc30$@$1$r$*$$$F!"(B
$B$=$l0J30$N(B bigcat $B>e$NA4$F$N%5!<%t%#%9$K$D$$$F$O!"(B
$B30It$+$i$N@\B3$r!"
$B>e$NNc$G$O!">.$5$J<+BpFb$N%M%C%H%o!<%/$b;}$C$F$$$^$7$?$,!"(B
$B$3$l$i$NDL?.$r%V%m%C%/$9$k$?$a$NBP:v$O
$B$b$A$m$s!"$3$l$OC1$J$k2>A[E*$J0lNc$G$7$?!#(B $B$"$J$?8D?M$N>u67$O3Ne$N5,B'$K$$$/$D$+DI2C$9$k$3$H$bI,MW$H$J$k$G$7$g$&!#(B $B$?$H$($P!"$"$J$?$N%W%m%P%$%@$,(B DHCP $B$r;H$C$F$$$J$$$J$i$P(B $B!JB?$/$O;H$C$F$$$^$;$s!K!">e$N5,B'$O0UL#$r$J$7$^$;$s!#(B PPP $B$O0[$J$C$?F/$-$r$7$^$9$+$i!"(B $B$=$N$h$&$J5,B'$OI,MW$"$j$^$;$s!#(B
$B$3$NNc$G$N$h$&$K%5!<%P$rAv$i$;$k$3$H$,!"(B $BI,$:(B"$B0BA4(B"$B$JJ}K!$G$"$k$H$O;W$o$J$$$G2<$5$$!#(B (a) $BK\Ev$KI,MW$G$J$$8B$j!"(B (b) $B:G?7$N0BA4$J%P!<%8%g%s$rAv$i$;$F$$$J$$8B$j!"(B $B$=$7$F!"(B (c) $B$3$l$i$N%5!<%t%#%9$K1F6A$rM?$($k$@$m$&(B $B%;%-%e%j%F%#4XO"$N>pJs$K>o$KCY$l$J$$$h$&$K$7B3$1$F$$$J$$8B$j!"(B $B$3$NJ}K!$r9T$&$Y$-$G$O$"$j$^$;$s!#(B $B$3$3$G$b7Y2|$HCm0U$,2f!9$N@UG$$K4^$^$l$k$N$G$9!#(B
$B:G>.8B$N>u67$G$$$+$K4J7i$K(B iptables $B$r(B $B@_Dj$9$k$+<($9$?$a$K!"0J2<$r$"$2$^$7$g$&!#(B $B$3$l$O(B Netfilter team $B$N(B Rusty's Really Quick Guide To Packet Filtering $B$+$i$N0zMQ$G$9!#(B
"$B$[$H$s$I$N?M$OC1$K%$%s%?!<%M%C%H$X$N(B PPP $B@\B30l$D$r(B $B;}$C$F$$$k$@$1$G!"C/$K$b<+J,$N%M%C%H%o!<%/$d%U%!%$%"!<%&%)!<%k$K(B $BF~$C$F$-$F$b$i$$$?$/$J$$!'(B"
## Insert connection-tracking modules (not needed if built into kernel). ## $B@\B3DI@W%b%8%e!<%k$rA^F~!J%+!<%M%kAH$_9~$_$J$iITMW!K!#(B insmod ip_conntrack insmod ip_conntrack_ftp ## Create chain which blocks new connections, except if coming from inside. ## $BFbB&$+$iMh$k$b$N0J30!"?7$7$$@\B3$r%V%m%C%/$9$k%A%'%$%s$r:n@.!#(B iptables -N block iptables -A block -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A block -m state --state NEW -i ! ppp0 -j ACCEPT iptables -A block -j DROP ## Jump to that chain from INPUT and FORWARD chains. ## INPUT $B$H(B FORWARD $B%A%'%$%s$+$i$=$N%A%'%$%s$X%8%c%s%W!#(B iptables -A INPUT -j block iptables -A FORWARD -j block |
$B$3$NC1=c$J%9%/%j%W%H$O2f!9$,=i4|2=$7$?A4$F$N308~$-$N@\B3(B $B$D$^$j!"$9$Y$F$N(B NEW $B@\B3$r5v2D$7$^$9(B $B!J(BACCEPT $B$N%G%U%)%k%H$N%]%j%7!<$OJQ99$5$l$F$$$J$$$N$G!K!#(B $B$=$7$F!"$3$l$i$K$D$$$F(B"ESTABLISHED" $B$H(B "RELATED" $B$5$l$?A4$F$NDL?.$b5v2D$7$^$9!#(B $B$5$i$K!"(BWAN $BB&$N%$%s%?!<%U%'!<%9!"(Bppp0, $B$+$iF~$C$F$-$?$N$G$O$J$$A4$F$N@\B3$b5v2D$5$l$^$9!#(B $B$3$l$O(B lo $B$+!"$^$?$O(B eth1 $B$N$h$&$J(B LAN $B%$%s%?!<%U%'!<%9$G$7$g$&!#(B $B$G$9$+$i2f!9$,$7$?$$$3$H$O2?$G$"$lA4$F2DG=$G$9$,!"(B $B%$%s%?!<%M%C%H$+$i$N!"K>$^$L!"Cf$KF~$C$F$/$k@\B3;n9T$OA4$F5v2D$7$^$;$s!#(B $B2?0l$D!#(B
$B$^$?!"$3$N%9%/%j%W%H$O$"$D$i$($N%A%'%$%s$N:[email protected]$r<($7$F$b$$$^$9!#(B $B$3$3$G$O(B "block" $B$HDj5A$5$l$F$$$F!"(B INPUT $B$H(B FORWARD $B%A%'%$%s$NN>J}$KMQ$$$i$l$F$$$^$9!#(B