ȨÁÖ¼Ò⠷α×ÀΠȸ¿ø°¡ÀÔ ³» ÇѱÛÁÖ¼Ò °ü¸® °í°´¸¸Á·¼¾ÅÍ Åä·Ð°Ô½ÃÆÇ »çÀÌÆ®¸Ê °í°´ ÁöÅ´ÀÌ
Ȩ / DNSÄÁ¼³Æà / ¹¯°í ´äÇϱâ
 
DNSC ¼Ò°³ ¹× Ư¡
DNSC ¼­ºñ½º ¾È³»
nBIND(BIND) ¼Ò°³
nBIND(BIND) ´Ù¿î·Îµå
¹¯°í ´äÇϱâ
DNS(³×Æ®¿öÅ©) ÃÖ±Ù ¼Ò½Ä
¹®ÀÇÇϱâ
ÀÚÁÖ ¹¯´Â Áú¹®°ú ´äº¯
°í°´ ¹®ÀÇ °Ô½ÃÆÇ
DNS¿Í °ü·ÃµÈ ±Ã±ÝÇÑ Á¡µéÀ» Áú¹®ÇØ ÁÖ¼¼¿ä. ´ã´çÀÚ°¡ Áï½Ã ´äº¯ÇØ µå¸®°Ú½À´Ï´Ù.

¡Ø DNS¿Í °ü·ÃµÈ ³»¿ëÀÌ ¾Æ´Ò °æ¿ì »èÁ¦µÉ ¼ö ÀÖ½À´Ï´Ù.
 
 
Á¦ ¸ñ  RE : cache poisoning ??
±Û¾´ÀÌ   ¼ÛÁ¾¼ö Á¶È¸ 4547
°Ô½ÃÀÏÀÚ   2009-03-31 ¿ÀÀü 11:06:30
 
´äº¯µå¸³´Ï´Ù.

DNS Cache Poisoning


¡á DNS ÀÇ Cache Poisoning Ãë¾àÁ¡
DNS ÇÁ·ÎÅäÄÝ¿¡ Cache Poisoning Ãë¾àÁ¡À¸·Î °ø°ÝÀÚ´Â Ãë¾àÇÑ DNS ¸¦ »ç¿ëÇÏ´Â ½Ã½ºÅÛ¿¡ Á¶ÀÛµÈ DNS Äõ¸®¸¦ Àü¼ÛÇÏ¿© ij½¬ÀÇ Á¤º¸¸¦ º¯°æ, Á¤»óÀûÀÎ »çÀÌÆ®¿¡ Á¢¼Ó ½Ã ´Ù¸¥ »çÀÌÆ®ÀÇ ip·Î º¯Á¶½ÃÅ°´Â ¹æ¹ýÀÔ´Ï´Ù.
¡á ´ë»ó
DNS ÇÁ·ÎÅäÄÝÀÌ Àû¿ëµÈ ¼ÒÇÁÆ®¿þ¾î
¡á Ãë¾àÁ¡ ³»¿ë
°ø°ÝÀÚ´Â Á¶ÀÛµÈ DNS Äõ¸®¸¦ ´Ù·®À¸·Î Àü´ÞÇÏ¿© DNS ij½¬¼­¹öÀÇ ³»¿ëÀ» ÀÓÀÇ·Î º¯°æÇÒ ¼ö ÀÖ½À´Ï´Ù. ¿äûÇÑ ÁÖ¼ÒÀÇ ¿ø·¡ ÁÖ¼Ò°¡ ¾Æ´Ñ °ø°ÝÀÚ°¡ ÁöÁ¤ÇÑ ÁÖ¼Ò·Î º¯°æÇÏ¿© ij½¬¸¦ º¯°æÇÒ ¼ö ÀÖÀ¸¹Ç·Î ¾Ç¼ºÄڵ尡 ¼³Ä¡µÈ ÀÓÀÇÀÇ ÁÖ¼Ò µîÀ¸·Î º¯°æÀÌ °¡´ÉÇÕ´Ï´Ù.

ÀÌ Ãë¾àÁ¡Àº ƯÁ¤ DNS ¼ÒÇÁÆ®¿þ¾î¿¡ ÇÑÁ¤µÇÁö ¾Ê°í DNS ÇÁ·ÎÅäÄÝÀ» µû¸£´Â ¸ðµç ¼ÒÇÁÆ®¿þ¾î¿¡ ¿µÇâÀ» ÁÝ´Ï´Ù. DNS(Domain Name System)´Â ÀÎÅÍ³Ý ÀÎÇÁ¶óÀÇ Áß¿äÇÑ ¿ä¼Ò·Î È£½ºÆ® À̸§À» IP ÁÖ¼Ò·Î º¯°æÇØ Áְųª ¶Ç´Â ¹Ý´ëÀÇ ¿ªÇÒÀ» ¼öÇàÇÕ´Ï´Ù. °ø°ÝÀÚ´Â Á¶ÀÛµÈ DNS Á¤º¸¸¦ Àü´ÞÇÏ¿© Á¶ÀÛµÈ DNS Á¤º¸°¡ ij½¬ ³×ÀÓ¼­¹ö¿¡ ±â·ÏµÉ ¼ö ÀÖµµ·Ï ÇÕ´Ï´Ù. ÀÌ °ø°Ý±â¹ýÀº Cache Poisoning À¸·Î ºÒ¸®¸ç ´ÙÀ½°ú °°Àº °æ¿ì¿¡ À̹ø Ãë¾àÁ¡ ¿µÇâÀ» ¹ÞÀ» ¼ö ÀÖ½À´Ï´Ù.
DNS ÇÁ·ÎÅäÄÝÀº Transaction ID ¶ó´Â 16ºñÆ®ÀÇ Çʵ带 °¡Áö°í ÀÖ½À´Ï´Ù. Äõ¸® ¿äû½Ã ÀÌ ID ¹øÈ£°¡ ÀÓÀÇ·Î ¼±ÅõǾîÁö´Â °ÍÀ» ¿¹ÃøÇÏ¿© ij½¬ Á¶ÀÛÀÌ °¡´ÉÇÏ°í, ID °ªÀº 32,768 °³ÀÇ °ªÀÌ Á¸ÀçÇÏ¿© ÃßÃøÇϱâ ÈûµéÁö¸¸ Ãë¾àÁ¡À» ³»Æ÷ÇÑ DNS ÀÇ °æ¿ì´Â À̺¸´Ù ´õ ÀÛÀº ¹øÈ£·Î ¿¹ÃøÇÏ¿© °ø°Ý½Ãµµ °¡ °¡´ÉÇØ Áý´Ï´Ù.

¶ÇÇÑ, ¿äûµÈ Äõ¸®¿¡ ´ëÇØ ÀÀ´äµÇ´Â Äõ¸®´Â °°Àº ¼Ò½ºÆ÷Æ® ¹øÈ£¸¦ »ç¿ëÇÏ¿© ½ºÇªÇÎÀÌ ´õ¿í ½±°Ô °¡´ÉÇØ Áý´Ï´Ù. ¿äûÇÑ DNS Äõ¸®¿¡ ´ëÇØ ÀÀ´äÀ» Áִ°æ¿ì Ãâ¹ßÁö¿Í ¸ñÀûÁö Æ÷Æ®°¡ µ¿ÀÏÇÏ°í Æ®·£Á§¼Ç ID ±îÁö °°Àº °æ¿ì´Â, ¿Ã¹Ù¸¥ °ÍÀ¸·Î ÆǴܵǾî ij½¬¿¡ À߸øµÈ Á¤º¸¸¦ ±â·ÏÇÒ ¼ö ÀÖ°Ô µË´Ï´Ù.
¡á Ãë¾àÁ¡ È®Àιæ¹ý
1. ÁúÀǸ¦ ÀÌ¿ëÇÑ È®ÀÎ
- ´ÙÀ½ ¸í·É ½ÇÇà
$dig @localhost +short porttest.dns-oarc.net TXT ¶Ç´Â ¾Æ·¡¿Í °°ÀÌ IP·Î Á¶È¸
$dig @ÇØ´ç¼­¹öIP +short porttest.dns-oarc.net TXT

- Ãë¾àÇÑ °æ¿ì ÀÀ´ä ³»¿ë
porttest.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.net.
"ÇØ´ç¼­¹öIP is POOR: 26 queries in 3.6 seconds from 1 ports with std dev0"
- Ãë¾àÇÏÁö ¾ÊÀº°æ¿ì DNS È®Àΰá°ú
porttest.z.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.net.
"ÇØ´ç¼­¹ö IP is GOOD: 26 queries in 2.0 seconds from 26 ports with std dev 17685.51"

2. À¥ÅøÀ» ÀÌ¿ëÇÑ È®ÀÎ
- https://www.dns-oarc.net/oarc/services/dnsentropy Á¢¼Ó ÈÄ, TEST MY DNS Ŭ¸¯





¡á ÆÐÄ¡¹æ¹ý
- ¾÷±×·¹À̵å
ij½Ã DNS ¼­¹ö·Î »ç¿ëµÇ´Â ½Ã½ºÅÛÀ» ¿î¿µ ÁßÀ̶ó¸é, ÆÐÄ¡°¡ µÈ ¹öÀüÀ¸·Î ¾÷±×·¹À̵å ÇÕ´Ï´Ù.ÆÐÄ¡¹öÀü: BIND 9.3.5-p1, BIND 9.4.2-p1, BIND 9.5.0-p1 ÀÌ»ó
- ¾÷±×·¹ÀÌµå ¿Ü¿¡ recursive query Á¦ÇÑ

$ vi /etc/named.conf
acl xxx { 127.0.0.1; ÇØ´ç¼­¹öIP; };
options {
version "unknown";
allow-recursion { xxx; };
};

acl ¸®½ºÆ®¿¡ ÀÖ´Â IP¿¡¸¸ recursive query Çã¿ëÇϵµ·Ï ¼³Á¤ÇÕ´Ï´Ù.

¡á windows OS »ç¿ëÀÚÀÇ °æ¿ì ¾Æ·¡ URLÀ» ÂüÁ¶ÇÏ¿© ÇØ´ç DNSÃë¾àÁ¡ ÆÐÄ¡¸¦ ¾÷±×·¹À̵å ÇϽñ⠹ٶø´Ï´Ù.
- ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®
http://www.microsoft.com/korea/technet/security/bulletin/ms08-037.mspx

¡á ¾ð±ÞµÇÁö ¾ÊÀº ¼ÒÇÁÆ®¿þ¾î´Â »ç¿ëÇÏ´Â ÇØ´ç DNSÀÇ È®ÀÎ ÈÄ Ãë¾àÁ¡ ¿©ºÎ¸¦ ¹Ýµå½Ã È®ÀÎÇÒ °ÍÀ» ±Ç°íÇÕ´Ï´Ù.


¡á Âü°íÁ¤º¸
- CVE Á¤º¸ : CVE-2008-1447
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447
- US-CERT Ãë¾àÁ¡ ³ëÆ®, VU#800113
http://www.kb.cert.org/vuls/id/800113
-Âü°í ÀÎÅͳÝħÇØ»ç°í´ëÀÀ¼¾ÅÍ



=========================== ¿øº»±Û ===========================
DNS¸¦ °øºÎÇÏ´Ù º¸´Ï "cache poisoning" À̶ó´Â ¸»ÀÌ ³ª¿À´øµ¥..
cache poisoning ¹¹°¡¿ä??
 
 

   cache poisoning ??  2009-03-30 ij½Ã¸®
       RE : cache poisoning ??  2009-03-31 º¯»óö
       RE : cache poisoning ??  2009-03-31 ¼ÛÁ¾¼ö

 
ÀÌÀü±Û   named.ca »èÁ¦ 
´ÙÀ½±Û   [Ãʺ¸] Æ÷¿öµù 



Çѱ¹¾îEnglishJapanese Á¦ÈÞÁ¦¾È ÀÎÀçä¿ë ¼­ºñ½º ¾à°ü ¹× Á¤Ã¥ °³ÀÎÁ¤º¸Ã³¸®¹æħ Ã¥ÀÓÇÑ°è ¹× ¹ýÀû °íÁö À̸ÞÀϹ«´Ü¼öÁý °ÅºÎ
´ëÇ¥ÀüÈ­ : 02-3665-0123   °í°´»ó´ã : 02-2165-3000   FAX : 02-2671-5613   e¸ÞÀÏ : °í°´»ó´ã@³ÝÇǾÆÄß
°³ÀÎÁ¤º¸ ¾Ç¿ë ½Å°í : reportabuse@ibi.net Copyright (C) 1995 - 2025 Netpia, Inc. All rights reserved.