DNS¿Í °ü·ÃµÈ ±Ã±ÝÇÑ Á¡µéÀ» Áú¹®ÇØ ÁÖ¼¼¿ä. ´ã´çÀÚ°¡ Áï½Ã ´äº¯ÇØ µå¸®°Ú½À´Ï´Ù. ¡Ø DNS¿Í °ü·ÃµÈ ³»¿ëÀÌ ¾Æ´Ò °æ¿ì »èÁ¦µÉ ¼ö ÀÖ½À´Ï´Ù.
Á¦ ¸ñ
RE : cache poisoning ??
±Û¾´ÀÌ
¼ÛÁ¾¼ö
Á¶È¸
4547
°Ô½ÃÀÏÀÚ
2009-03-31 ¿ÀÀü 11:06:30
´äº¯µå¸³´Ï´Ù.
DNS Cache Poisoning
¡á DNS ÀÇ Cache Poisoning Ãë¾àÁ¡
DNS ÇÁ·ÎÅäÄÝ¿¡ Cache Poisoning Ãë¾àÁ¡À¸·Î °ø°ÝÀÚ´Â Ãë¾àÇÑ DNS ¸¦ »ç¿ëÇÏ´Â ½Ã½ºÅÛ¿¡ Á¶ÀÛµÈ DNS Äõ¸®¸¦ Àü¼ÛÇÏ¿© ij½¬ÀÇ Á¤º¸¸¦ º¯°æ, Á¤»óÀûÀÎ »çÀÌÆ®¿¡ Á¢¼Ó ½Ã ´Ù¸¥ »çÀÌÆ®ÀÇ ip·Î º¯Á¶½ÃÅ°´Â ¹æ¹ýÀÔ´Ï´Ù.
¡á ´ë»ó
DNS ÇÁ·ÎÅäÄÝÀÌ Àû¿ëµÈ ¼ÒÇÁÆ®¿þ¾î
¡á Ãë¾àÁ¡ ³»¿ë
°ø°ÝÀÚ´Â Á¶ÀÛµÈ DNS Äõ¸®¸¦ ´Ù·®À¸·Î Àü´ÞÇÏ¿© DNS ij½¬¼¹öÀÇ ³»¿ëÀ» ÀÓÀÇ·Î º¯°æÇÒ ¼ö ÀÖ½À´Ï´Ù. ¿äûÇÑ ÁÖ¼ÒÀÇ ¿ø·¡ ÁÖ¼Ò°¡ ¾Æ´Ñ °ø°ÝÀÚ°¡ ÁöÁ¤ÇÑ ÁÖ¼Ò·Î º¯°æÇÏ¿© ij½¬¸¦ º¯°æÇÒ ¼ö ÀÖÀ¸¹Ç·Î ¾Ç¼ºÄڵ尡 ¼³Ä¡µÈ ÀÓÀÇÀÇ ÁÖ¼Ò µîÀ¸·Î º¯°æÀÌ °¡´ÉÇÕ´Ï´Ù.
ÀÌ Ãë¾àÁ¡Àº ƯÁ¤ DNS ¼ÒÇÁÆ®¿þ¾î¿¡ ÇÑÁ¤µÇÁö ¾Ê°í DNS ÇÁ·ÎÅäÄÝÀ» µû¸£´Â ¸ðµç ¼ÒÇÁÆ®¿þ¾î¿¡ ¿µÇâÀ» ÁÝ´Ï´Ù. DNS(Domain Name System)´Â ÀÎÅÍ³Ý ÀÎÇÁ¶óÀÇ Áß¿äÇÑ ¿ä¼Ò·Î È£½ºÆ® À̸§À» IP ÁÖ¼Ò·Î º¯°æÇØ Áְųª ¶Ç´Â ¹Ý´ëÀÇ ¿ªÇÒÀ» ¼öÇàÇÕ´Ï´Ù. °ø°ÝÀÚ´Â Á¶ÀÛµÈ DNS Á¤º¸¸¦ Àü´ÞÇÏ¿© Á¶ÀÛµÈ DNS Á¤º¸°¡ ij½¬ ³×ÀÓ¼¹ö¿¡ ±â·ÏµÉ ¼ö ÀÖµµ·Ï ÇÕ´Ï´Ù. ÀÌ °ø°Ý±â¹ýÀº Cache Poisoning À¸·Î ºÒ¸®¸ç ´ÙÀ½°ú °°Àº °æ¿ì¿¡ À̹ø Ãë¾àÁ¡ ¿µÇâÀ» ¹ÞÀ» ¼ö ÀÖ½À´Ï´Ù.
DNS ÇÁ·ÎÅäÄÝÀº Transaction ID ¶ó´Â 16ºñÆ®ÀÇ Çʵ带 °¡Áö°í ÀÖ½À´Ï´Ù. Äõ¸® ¿äû½Ã ÀÌ ID ¹øÈ£°¡ ÀÓÀÇ·Î ¼±ÅõǾîÁö´Â °ÍÀ» ¿¹ÃøÇÏ¿© ij½¬ Á¶ÀÛÀÌ °¡´ÉÇÏ°í, ID °ªÀº 32,768 °³ÀÇ °ªÀÌ Á¸ÀçÇÏ¿© ÃßÃøÇϱâ ÈûµéÁö¸¸ Ãë¾àÁ¡À» ³»Æ÷ÇÑ DNS ÀÇ °æ¿ì´Â À̺¸´Ù ´õ ÀÛÀº ¹øÈ£·Î ¿¹ÃøÇÏ¿© °ø°Ý½Ãµµ °¡ °¡´ÉÇØ Áý´Ï´Ù.
¶ÇÇÑ, ¿äûµÈ Äõ¸®¿¡ ´ëÇØ ÀÀ´äµÇ´Â Äõ¸®´Â °°Àº ¼Ò½ºÆ÷Æ® ¹øÈ£¸¦ »ç¿ëÇÏ¿© ½ºÇªÇÎÀÌ ´õ¿í ½±°Ô °¡´ÉÇØ Áý´Ï´Ù. ¿äûÇÑ DNS Äõ¸®¿¡ ´ëÇØ ÀÀ´äÀ» Áִ°æ¿ì Ãâ¹ßÁö¿Í ¸ñÀûÁö Æ÷Æ®°¡ µ¿ÀÏÇÏ°í Æ®·£Á§¼Ç ID ±îÁö °°Àº °æ¿ì´Â, ¿Ã¹Ù¸¥ °ÍÀ¸·Î ÆǴܵǾî ij½¬¿¡ À߸øµÈ Á¤º¸¸¦ ±â·ÏÇÒ ¼ö ÀÖ°Ô µË´Ï´Ù.
¡á Ãë¾àÁ¡ È®Àιæ¹ý
1. ÁúÀǸ¦ ÀÌ¿ëÇÑ È®ÀÎ
- ´ÙÀ½ ¸í·É ½ÇÇà
$dig @localhost +short porttest.dns-oarc.net TXT ¶Ç´Â ¾Æ·¡¿Í °°ÀÌ IP·Î Á¶È¸
$dig @ÇØ´ç¼¹öIP +short porttest.dns-oarc.net TXT
- Ãë¾àÇÑ °æ¿ì ÀÀ´ä ³»¿ë
porttest.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.net.
"ÇØ´ç¼¹öIP is POOR: 26 queries in 3.6 seconds from 1 ports with std dev0"
- Ãë¾àÇÏÁö ¾ÊÀº°æ¿ì DNS È®Àΰá°ú
porttest.z.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.net.
"ÇØ´ç¼¹ö IP is GOOD: 26 queries in 2.0 seconds from 26 ports with std dev 17685.51"
2. À¥ÅøÀ» ÀÌ¿ëÇÑ È®ÀÎ
- https://www.dns-oarc.net/oarc/services/dnsentropy Á¢¼Ó ÈÄ, TEST MY DNS Ŭ¸¯
¡á ÆÐÄ¡¹æ¹ý
- ¾÷±×·¹À̵å
ij½Ã DNS ¼¹ö·Î »ç¿ëµÇ´Â ½Ã½ºÅÛÀ» ¿î¿µ ÁßÀ̶ó¸é, ÆÐÄ¡°¡ µÈ ¹öÀüÀ¸·Î ¾÷±×·¹À̵å ÇÕ´Ï´Ù.ÆÐÄ¡¹öÀü: BIND 9.3.5-p1, BIND 9.4.2-p1, BIND 9.5.0-p1 ÀÌ»ó
- ¾÷±×·¹ÀÌµå ¿Ü¿¡ recursive query Á¦ÇÑ
$ vi /etc/named.conf
acl xxx { 127.0.0.1; ÇØ´ç¼¹öIP; };
options {
version "unknown";
allow-recursion { xxx; };
};
acl ¸®½ºÆ®¿¡ ÀÖ´Â IP¿¡¸¸ recursive query Çã¿ëÇϵµ·Ï ¼³Á¤ÇÕ´Ï´Ù.
¡á windows OS »ç¿ëÀÚÀÇ °æ¿ì ¾Æ·¡ URLÀ» ÂüÁ¶ÇÏ¿© ÇØ´ç DNSÃë¾àÁ¡ ÆÐÄ¡¸¦ ¾÷±×·¹À̵å ÇϽñ⠹ٶø´Ï´Ù.
- ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®
http://www.microsoft.com/korea/technet/security/bulletin/ms08-037.mspx
¡á ¾ð±ÞµÇÁö ¾ÊÀº ¼ÒÇÁÆ®¿þ¾î´Â »ç¿ëÇÏ´Â ÇØ´ç DNSÀÇ È®ÀÎ ÈÄ Ãë¾àÁ¡ ¿©ºÎ¸¦ ¹Ýµå½Ã È®ÀÎÇÒ °ÍÀ» ±Ç°íÇÕ´Ï´Ù.
¡á Âü°íÁ¤º¸
- CVE Á¤º¸ : CVE-2008-1447
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447
- US-CERT Ãë¾àÁ¡ ³ëÆ®, VU#800113
http://www.kb.cert.org/vuls/id/800113
-Âü°í ÀÎÅͳÝħÇØ»ç°í´ëÀÀ¼¾ÅÍ
=========================== ¿øº»±Û ===========================
DNS¸¦ °øºÎÇÏ´Ù º¸´Ï "cache poisoning" À̶ó´Â ¸»ÀÌ ³ª¿À´øµ¥..
cache poisoning ¹¹°¡¿ä??
Open source web analytics