\uc544\ub798 \uae00\uc744 \ubcf4\uace0 \uc778\ud130\ub137\uc5d0\uc11c \ucc3e\uc544 \ubcf4\uc558\uc2b5\ub2c8\ub2e4<\/p>\n\n\n\n
\uc124\uc815\ud558\ub294 \uac83\uc740 \uac04\ub2e8\ud558\ub098 \ubc30\uacbd \uc9c0\uc2dd\uc774 \ubc29\ub300\ud558\ub2e4 \ubcf4\ub2c8 \ub0b4\uc6a9\uc774 \uae34\uac70 \uac19\ub124\uc694 \uadf8\ub798\ub3c4 \ubcf4\uc548 \uc124\uc815\uc744 \uc9c1\uc811\ud574\uc57c \ud558\ub294 \uc704\uce58\uc5d0 \uc788\ub2e4\uba74 \ud55c\ubc88\ucbe4 \uc2dc\uac04\ub0b4\uc11c \uc77d\uc5b4 \ubcf4\ub294 \uac83\uc774 \uc88b\uc744\uac70 \uac19\uc544 \ud37c\uc654\uc5b4\uc694..<\/p>\n\n\n\n
\uc6d0\ubcf8 \ub9c1\ud06c : http:\/\/ihelpers.x2soft.co.kr\/programming\/tipntech.php?CMD=view&IDX=350&source=overture#wf<\/a>
<\/p>\n\n\n\nTCP SYN_Flooding \uacf5\uaca9\uc758 \uc6d0\uc778\uacfc \ud574\uacb0\ucc45\u00a0
\uc624\ub298\uacfc \ub0b4\uc77c \ub137\uc13c\ud130\u00a0\ud64d\uc11d\ubc94(antihong@tt.co.kr)<\/a>\u00a0
\ucd5c \uadfc \uc790\uc2e0\uc774 \uc6b4\uc601\ud558\ub294 \uc11c\ubc84\uc5d0 \ud2b9\ubcc4\ud788 \ubd80\ud558\uac00 \uac78\ub9ac\uac70\ub098 \uc774\uc0c1\uc774 \uc788\ub294 \uac83\ub3c4 \uc544\ub2c8\uace0\u00a0
\ub610 \ub370\ubaac\ub3c4 \uc815\uc0c1\uc801\uc73c\ub85c \ub5a0 \uc788\ub294\ub370, \uc815\uc791 \uc11c\ube44\uc2a4\uac00 \uc791\ub3d9\ud558\uc9c0 \uc54a\ub294 \uacbd\uc6b0\uac00 \uc885\uc885 \uc788\ub2e4.
\uc774\ub7ec\ud55c \uacbd\uc6b0\uc5d0\ub294 \ud574\ub2f9 \ub370\ubaac\uc744 \uc644\uc804\ud788 \uba48\ucd94\uc5c8\ub2e4\uac00 \uc0b4\ub9ac\uba74 \ub2e4\uc2dc \uc791\ub3d9\ud558\ub294\ub370,\u00a0
\uc7a0\uc2dc \ud6c4\uc5d0 \ud655\uc778\ud574 \ubcf4\uba74 \ub611\uac19\uc740 \ud604\uc0c1\uc774 \ub2e4\uc2dc \ub098\ud0c0\ub098\uace4 \ud55c\ub2e4.
\ud639\uc2dc \ud504\ub85c\uadf8\ub7a8\uc744 \uc798\ubabb \uc124\uce58\ud588\ub098 \uc2f6\uc5b4 \uc9c0\uc6b0\uace0 \ub2e4\uc2dc \uc124\uce58\ud574\ub3c4 \ub9c8\ucc2c\uac00\uc9c0\uc774\ub2e4.\u00a0
\ub9cc \uc57d \ucd5c\uadfc \ub4e4\uc5b4 \uc774\ub7ec\ud55c \uacbd\ud5d8\uc774 \uc788\ub2e4\uba74 \uc774\ub294 \ucd5c\uadfc \uc720\ud589\ud558\ub294 DoS(\uc11c\ube44\uc2a4 \uac70\ubd80 \uacf5\uaca9)\uc758 \uc77c\uc885\uc778\u00a0
TCP SYN Flooding \uacf5\uaca9\uc744 \ub2f9\ud588\uc744 \uac00\ub2a5\uc131\uc774 \ud06c\ub2e4.
SYN Flooding \uacf5\uaca9\uc758 \uac1c\ub150\uc774 \uc18c\uac1c\ub41c\uc9c0\ub294 \uaf64 \ub418\uc5c8\uc9c0\ub9cc \ucd5c\uadfc \ub4e4\uc5b4 \ub9ac\ub205\uc2a4\uac00 \ud655\uc0b0\ub418\uace0, \uac04\ub2e8\ud558\uac8c \uc2e4\ud589\ud560 \uc218 \uc788\ub294 \uacf5\uaca9 \uc18c\uc2a4\uac00 \uad11\ubc94\uc704\ud558\uac8c \ubc30\ud3ec\ub418\uba74\uc11c \uc774 \uacf5\uaca9\uc774 \uc790\uc8fc \ud655\uc778\ub418\uace0 \uc788\uace0, \uc774\ub85c \uc778\ud574 \uadf8 \ud53c\ud574\uac00 \uae09\uc18d\ud788 \ud655\uc0b0\ub418\uace0 \uc788\ub2e4. \uc2e4\uc81c\ub85c \ud604\uc7ac \uac00\uc7a5 \ub9ce\uc774 \uc0ac\uc6a9\ub418\uace0 \uc788\ub294 \ubc30\ud3ec\ud310\uc778 \ub808\ub4dc\ud587 6.X \uacc4\uc5f4\uc5d0 \uc774 \uacf5\uaca9\uc744 \uc2e4\ud589\ud558\uae30\ub9cc \ud558\uba74 \ub2e8 \uba87 \ucd08\ub9cc\uc5d0 \uc11c\ube44\uc2a4\uac00 \uc815\uc9c0\ud574 \ubc84\ub9ac\uac8c \ub41c\ub2e4.
\ub530\ub77c\uc11c \ud53c\ud574\uac00 \ud655\uc0b0\ub418\uace0 \uc788\ub294 \uc774 \uacf5\uaca9\uc758 \uc6d0\ub9ac\uc640 \ub300\ucc98\ubc29\ubc95\uc5d0 \ub300\ud574 \uc54c\uc544\ubcf4\ub3c4\ub85d \ud558\uc790.
\u201cTCP \uc758 \uc57d\uc810\uc744 \uc774\uc6a9\ud55c \uacf5\uaca9\uc6d0\ub9ac\u201d
SYN Flooding \uacf5\uaca9\uc740 TCP \uc758 \ucde8\uc57d\uc810\uc744 \uc774\uc6a9\ud55c \uacf5\uaca9\uc758 \ud615\ud0dc\uc774\ubbc0\ub85c \uba3c\uc800 TCP \uc5d0 \ub300\ud574\u00a0
\uc54c\uc544\uc57c \ud55c\ub2e4. TCP \ub294 Transmition Control Protocol \uc758 \uc57d\uc790\ub85c UDP\uc640\ub294 \ub2ec\ub9ac \uc2e0\ub8b0\uc131 \uc788\ub294 \uc5f0\uacb0\uc744 \ub2f4\ub2f9\ud55c\ub2e4. \ub530\ub77c\uc11c \uc11c\ubc84\uc640 \ud074\ub77c\uc774\uc5b8\ud2b8\uac04\uc5d0 \ubcf8\uaca9\uc801\uc778 \ud1b5\uc2e0\uc774 \uc774\ub8e8\uc5b4\uc9c0\uae30 \uc804\uc5d0\ub294\u00a0
\ub2e4\uc74c \uadf8\ub9bc\uacfc \uac19\uc774 \uc18c\uc704 \"3 Way handshaking\" \uc774\ub77c\ub294 \uc815\ud574\uc9c4 \uaddc\uce59\uc774 \uc0ac\uc804\uc5d0 \uc120\ud589\ub418\uc5b4\uc57c \ud55c\ub2e4.
1\ub2e8\uacc4. A \ud074\ub77c\uc774\uc5b8\ud2b8\ub294 B \uc11c\ubc84\uc5d0 \uc811\uc18d\uc744 \uc694\uccad\ud558\ub294 SYN \ud328\ud0b7\uc744 \ubcf4\ub0b8\ub2e4.
2\ub2e8\uacc4. B \uc11c\ubc84\ub294 \uc694\uccad\uc744 \ubc1b\uace0 A \ud074\ub77c\uc774\uc5b8\ud2b8\uc5d0\uac8c \uc694\uccad\uc744 \uc218\ub77d\ud55c\ub2e4\ub294 SYN \ud328\ud0b7\uacfc\u00a0
ACK \ud328\ud0b7\uc744 \ubc1c\uc1a1\ud55c\ub2e4.\u00a0
3\ub2e8\uacc4. A \ud074\ub77c\uc774\uc5b8\ud2b8\ub294 B \uc11c\ubc84\uc5d0\uac8c ACK \ub97c \ubcf4\ub0b4\uace0 \uc774\ud6c4\ub85c\ubd80\ud130 \uc5f0\uacb0\uc774 \uc774\ub8e8\uc5b4\uc9c0\uace0\u00a0
\ubcf8\uaca9\uc801\uc73c\ub85c \ub370\uc774\ud130\uac00 \uad50\ud658\ub41c\ub2e4.
\uc774\uac83\uc774 TCP \uc758 \uae30\ubcf8\uc801\uc778 Flow \uc774\ub2e4.
\uadf8\ub7f0\ub370, \uc774 \uadf8\ub9bc\uc5d0\uc11c \uc545\uc758\uc801\uc778 \uacf5\uaca9\uc790\uac00 1\ub2e8\uacc4\ub9cc \uc694\uccad(SYN)\ud558\uace0 B\uc11c\ubc84\ub85c\ubd80\ud130 \uc751\ub2f5\uc744 \ubc1b\uc740 \ud6c4(SYN+ACK) 3\ub2e8\uacc4, \uc989 \ud074\ub77c\uc774\uc5b8\ud2b8\uc5d0\uac8c ACK\ub97c \ubcf4\ub0b4\uc9c0 \uc54a\ub294\ub2e4\uba74 \uc5b4\ub5bb\uac8c \ub420\uae4c?
SYN+ACK \ud328\ud0b7\uc744 \ubc1b\uc740 B \ud638\uc2a4\ud2b8\ub294 A \ub85c\ubd80\ud130 \uc751\ub2f5\uc774 \uc62c \uac83\uc744 \uae30\ub300\ud558\uace0 \ubc18\ucbe4 \uc5f4\ub9b0\u00a0
\uc774\ub978\ubc14 \u201cHalf Open\u201d \uc0c1\ud0dc\uac00 \ub418\uc5b4 \ub300\uae30 \uc0c1\ud0dc\uc5d0 \uba38\ubb34\ub978 \ud6c4 \uc77c\uc815 \uc2dc\uac04(75\ucd08) \ud6c4\uc5d0 \ub2e4\uc74c \uc694\uccad\uc774 \uc624\uc9c0 \uc54a\uc73c\uba74 \ud574\ub2f9 \uc5f0\uacb0\uc744 \ucd08\uae30\ud654 \ud558\uac8c \ub418\ub294\ub370, \ucd08\uae30\ud654\ud558\uae30 \uc804\uae4c\uc9c0 \uc774 \uc5f0\uacb0\uc740 \uba54\ubaa8\ub9ac \uacf5\uac04\uc778 \ubc31\ub85c\uadf8\ud050(Backlog Queue)\uc5d0 \uacc4\uc18d \uc313\uc774\uac8c \ub41c\ub2e4.\u00a0
\uadf8\ub7f0\ub370, \uc774 \uc704\uc870\ub41c \uc5f0\uacb0 \uc2dc\ub3c4\ub97c \ucd08\uae30\ud654\ud558\uae30 \uc804\uc5d0 \uc704\uc870\ub41c \uc0c8\ub85c\uc6b4 \uc694\uad6c\uac00 \uacc4\uc18d \ub4e4\uc5b4\uc624\uac8c \ub41c\ub2e4\uba74 \ub610\ud55c \uc704\uc870\ub41c \uc0c8\ub85c\uc6b4 \uc694\uad6c\uac00 \uc5f0\uacb0\uc744 \ucd08\uae30\ud654\ud558\ub294 \uc18d\ub3c4\ubcf4\ub2e4 \ub354 \ube68\ub9ac \uc774\ub8e8\uc5b4\uc9c4\ub2e4\uba74 \uc5b4\ub5bb\uac8c \ub420\uae4c? \uc774\ub7ec\ud55c \uacbd\uc6b0 SYN \ud328\ud0b7\uc774 \uc5b4\ub290 \uc815\ub3c4 \ubc31\ub85c\uadf8\ud050\uc5d0 \uc800\uc7a5\uc774 \ub418\ub2e4 \uacb0\uad6d \uaf49\ucc28\uac8c \ub418\uc5b4 \ub354 \uc774\uc0c1\uc758 \uc5f0\uacb0\uc744 \ubc1b\uc544\ub4e4\uc77c \uc218 \uc5c6\ub294 \uc0c1\ud0dc, \uc989 \uc11c\ube44\uc2a4 \uac70\ubd80 \uc0c1\ud0dc\ub85c \ub4e4\uc5b4\uac00\uac8c \ub418\ub294 \uac83\uc774\ub2e4. \uc774\ucc98\ub7fc \ubc31\ub85c\uadf8\ud050\uac00 \uac00\ub4dd \ucc3c\uc744 \uacbd\uc6b0\uc5d0 \uacf5\uaca9\uc744 \ub2f9\ud55c \ud574\ub2f9 \ud3ec\ud2b8\ub85c\ub9cc \uc811\uc18d\uc774 \uc774\ub8e8\uc5b4\uc9c0\uc9c0 \uc54a\uc744 \ubfd0 \ub2e4\ub978 \ud3ec\ud2b8\uc5d0\ub294 \uc601\ud5a5\uc744 \uc8fc\uc9c0 \uc54a\uace0, \ub610\ud55c \uc11c\ubc84\uc5d0 \ubcc4\ub2e4\ub978 \ubd80\ud558\ub3c4 \uc720\ubc1c\ud558\uc9c0 \uc54a\uc73c\ubbc0\ub85c \uad00\ub9ac\uc790\uac00 \uc798 \ubaa8\ub974\ub294 \uacbd\uc6b0\uac00 \ub9ce\ub2e4. \ub610\ud55c \ub2e4\ub978 DoS \uacf5\uaca9\uacfc\ub294 \ub2ec\ub9ac \ub9ce\uc740 \ud2b8\ub798\ud53d\uc744 \uc720\ubc1c\ud558\ub294 \uacf5\uaca9\uc774 \uc544\ub2c8\ubbc0\ub85c \uc27d\uac8c \ud30c\uc545\uc774 \ub418\uc9c0 \uc54a\ub294 \uacf5\uaca9 \ud615\ud0dc\uc774\ub2e4.
\uadf8\ub807\ub2e4\uba74 \uc774 \uacf5\uaca9\uc744 \ub2f9\ud558\uace0 \uc788\ub294\uc9c0 \uc5ec\ubd80\ub294 \uc5b4\ub5bb\uac8c \uc54c \uc218 \uc788\uc744\uae4c?
\uc2dc\uc2a4\ud15c\uc5d0 \ub85c\uae34\ud6c4 \"netstat\" \uc774\ub77c\ub294 \uba85\ub839\uc73c\ub85c \ud655\uc778 \uac00\ub2a5\ud558\ub2e4.
\u201c\uadf8 \ub7fc, \uc5b4\ub5bb\uac8c \ud30c\uc545\ud558\ub294\uac00?\u201d
netstat \uc740 \uc2dc\uc2a4\ud15c\uc758 \uac01\uc885 \ub124\ud2b8\uc6cc\ud06c \uc815\ubcf4\ub97c \uc54c\ub824\uc8fc\ub294 \uba85\ub839\uc5b4\ub85c \ub124\ud2b8\uc6cc\ud06c \uc5f0\uacb0, \ub77c\uc6b0\ud305 \ud604\ud669, \uc778\ud130\ud398\uc774\uc2a4 \ud1b5\uacc4\ub4f1\uc758 \uc815\ubcf4\ub97c \ud655\uc778\ud560 \uc218 \uc788\uac8c \ud574 \uc900\ub2e4. \uc5ec\uae30\uc11c \uc7a0\uae50 netstat \uc73c\ub85c \ub098\uc624\ub294 \uc5f0\uacb0 \uc0c1\ud0dc\uc5d0 \ub300\ud574 \uc54c\uc544\ubcf4\uc790.
netstat -na \ub85c \ud655\uc778\ud574 \ubcf4\uba74 Local Address, Foreign Address, State \ub4f1\uc758 \uc815\ubcf4\uac00 \ucd9c\ub825\ub418\ub294\ub370,
\uc774 \uc911 State \ubd80\ubd84\uc5d0 \ubcf4\uc774\ub294 \uba54\uc2dc\uc9c0\ub97c \uc8fc\ubaa9\ud558\uba74 \ub41c\ub2e4.
### \ucc38\uace0 : State \ubd80\ubd84\uc5d0 \uac00\ub2a5\ud55c \uc5f0\uacb0\uc0c1\ud0dc ###################################
LISTEN : \uc11c\ubc84\uc758 \ub370\ubaac\uc774 \ub5a0\uc11c \uc811\uc18d \uc694\uccad\uc744 \uae30\ub2e4\ub9ac\ub294 \uc0c1\ud0dc
SYS-SENT : \ub85c\uceec\uc758 \ud074\ub77c\uc774\uc5b8\ud2b8 \uc5b4\ud50c\ub9ac\ucf00\uc774\uc158\uc774 \uc6d0\uaca9 \ud638\uc2a4\ud2b8\uc5d0 \uc5f0\uacb0\uc744 \uc694\uccad\ud55c \uc0c1\ud0dc
SYN_RECEIVED : \uc11c\ubc84\uac00 \uc6d0\uaca9 \ud074\ub77c\uc774\uc5b8\ud2b8\ub85c\ubd80\ud130 \uc811\uc18d \uc694\uad6c\ub97c \ubc1b\uc544 \ud074\ub77c\uc774\uc5b8\ud2b8\uc5d0\uac8c
\uc751\ub2f5\uc744 \ud558\uc600\uc9c0\ub9cc \uc544\uc9c1 \ud074\ub77c\uc774\uc5b8\ud2b8\uc5d0\uac8c \ud655\uc778 \uba54\uc2dc\uc9c0\ub294 \ubc1b\uc9c0 \uc54a\uc740 \uc0c1\ud0dc
ESTABLISHED : 3 Way-Handshaking \uc774 \uc644\ub8cc\ub41c \ud6c4 \uc11c\ub85c \uc5f0\uacb0\ub41c \uc0c1\ud0dc
FIN-WAIT1 , CLOSE-WAIT , FIN-WAIT2 :\u00a0
\uc11c\ubc84\uc5d0\uc11c \uc5f0\uacb0\uc744 \uc885\ub8cc\ud558\uae30 \uc704\ud574 \ud074\ub77c\uc774\uc5b8\ud2b8\uc5d0\uac8c \uc885\uacb0\uc744 \uc694\uccad\ud558\uace0\u00a0
\ud68c\uc2e0\uc744 \ubc1b\uc544 \uc885\ub8cc\ud558\ub294 \uacfc\uc815\uc758 \uc0c1\ud0dc
CLOSING : \ud754\ud558\uc9c0 \uc54a\uc9c0\ub9cc \uc8fc\ub85c \ud655\uc778 \uba54\uc2dc\uc9c0\uac00 \uc804\uc1a1\ub3c4\uc911 \ubd84\uc2e4\ub41c \uc0c1\ud0dc
TIME-WAIT : \uc5f0\uacb0\uc740 \uc885\ub8cc\ub418\uc5c8\uc9c0\ub9cc \ubd84\uc2e4\ub418\uc5c8\uc744\uc9c0 \ubaa8\ub97c \ub290\ub9b0 \uc138\uadf8\uba3c\ud2b8\ub97c \uc704\ud574\u00a0
\ub2f9\ubd84\uac04 \uc18c\ucf13\uc744 \uc5f4\uc5b4\ub193\uc740 \uc0c1\ud0dc
CLOSED : \uc644\uc804\ud788 \uc885\ub8cc\u00a0
################################################################################
\uac01\uac01\uc758 \uc5f0\uacb0 \uc0c1\ud0dc\ub294 \ud1b5\uc2e0 \uc0c1\ud669\uc5d0 \ub530\ub77c \ub9e4\uc6b0 \ubcf5\uc7a1\ud558\uac8c \uc21c\uac04\uc801\uc73c\ub85c \ubcc0\ud654\ud558\ub294\ub370,\u00a0
\uc774 \uc911 \uc8fc\ub85c \uc8fc\ubaa9\ud558\uc5ec\uc57c \ud560 \uc0c1\ud0dc\ub294 SYN_RECEIVED \uc774\ub2e4. \uc124\uba85\uc5d0 \ub098\uc628 \ub300\ub85c \uc774 \uc0c1\ud0dc\ub294\u00a0
\ud074\ub77c\uc774\uc5b8\ud2b8\uc758 \ud655\uc778 \uba54\uc2dc\uc9c0\ub97c \uae30\ub2e4\ub9ac\ub294 \uc0c1\ud0dc\uc774\uc9c0\ub9cc \ud2b9\ubcc4\ud788 \uc804\uc6a9 \ud68c\uc120\uc5d0 \uc7a5\uc560\uac00 \uc5c6\ub294 \ud55c \uc774 \uacfc\uc815\uc740 \uc21c\uac04\uc801\uc73c\ub85c \uc77c\uc5b4\ub098\ubbc0\ub85c \uc2e4\uc81c netstat \uc73c\ub85c \ud655\uc778\ub418\ub294 \uacbd\uc6b0\ub294 \uac70\uc758 \uc5c6\ub2e4.
\ub530\ub77c\uc11c netstat -na|grep SYN_RECV \ub85c \ud655\uc778\ud574 \ubcf4\uc544 \ub9ce\uc740 \uba54\uc2dc\uc9c0\uac00 \ubcf4\uc778\ub2e4\uba74\u00a0
Syn Flooding \uacf5\uaca9\uc744 \ub2f9\ud558\uace0 \uc788\ub294 \uac83\uc73c\ub85c \ud310\ub2e8\ud558\uba74 \ub41c\ub2e4.
\u201c\uc2e4\uc81c \ud14c\uc2a4\ud2b8 \uacf5\uaca9\uc73c\ub85c \uc9c1\uc811 \ud655\uc778\ud574 \ubcf4\uc790!!\u201d\u00a0
\uc2e4\uc81c \uc790\uc2e0\uc758 \uc2dc\uc2a4\ud15c\uc774 \uc5bc\ub9c8\ub098 \ucde8\uc57d\ud55c\uc9c0 \uc790\uc2e0\uc758 \uc2dc\uc2a4\ud15c\uc5d0 \ud14c\uc2a4\ud2b8\ud574 \ubcf4\ub3c4\ub85d \ud558\uc790.
\ub178\ud30c\uc2ec\uc5d0 \uc774\uc57c\uae30\ud558\ub294 \uac83\uc774\uc9c0\ub9cc \uc774 \uacf5\uaca9\uc740 \ubc18\ub4dc\uc2dc \uc790\uc2e0\uc758 \uc2dc\uc2a4\ud15c\uc5d0\uc11c\ub9cc \ud14c\uc2a4\ud2b8 \uc6a9\ub3c4\ub85c \uc2e4\ud589\ud574 \ubcf4\uae30 \ubc14\ub780\ub2e4. \uc774 \uacf5\uaca9 \uc18c\uc2a4\ub294 \uc778\ud130\ub137\uc0c1\uc5d0\uc11c \uc27d\uac8c \ucc3e\uc744 \uc218 \uc788\ub2e4.
http:\/\/packetstorm.securify.com\/<\/a>\ub098\u00a0http:\/\/rootshell.com\/<\/a>\uc5d0 \uc811\uc18d\ud6c4 syn \uc73c\ub85c \uac80\uc0c9\ud574 \ubcf4\uba74 \ub9ce\uc740 \uc18c\uc2a4\uc640 \ubb38\uc11c\uac00 \uc788\ub294\ub370, \uc774\uc911 \uad00\ub828 \ud30c\uc77c\uc744 \ub2e4\uc6b4\ub85c\ub4dc\ubc1b\uc544 \uc124\uce58\ud574 \ubcf4\uba74 \ub41c\ub2e4.
\uc18c \uc2a4\uc5d0 \ub530\ub77c \uc2e4\ud589 \ubc29\ubc95\uc774 \ub2e4\ub974\uc9c0\ub9cc \ub2e4\uc6b4\ub85c\ub4dc \ubc1b\uc740 \uc18c\uc2a4\ud30c\uc77c\uc774 syn_floodinbg_dos.c \ub77c\uba74 gcc ?o syn_flooding_dos syn_flooding_dos.c \ub85c \ucef4\ud30c\uc77c\uc744 \ud55c\ub2e4. \uc774\ud6c4\u00a0
\".\/syn_flooding_dos \uc18cIP \uacf5\uaca9\uc9c0IP \uacf5\uaca9\ud560\ud558\uc704\ud3ec\ud2b8\ubc88\ud638 \uc0c1\uc704\ud3ec\ud2b8\ubc88\ud638\" \uc640 \uac19\uc774 \uc2e4\ud589\ud558\uba74 \ub418\ub294\ub370, \ud544\uc790\ub294 .\/syn_flodding_dos 0 localhost 80 80 \uacfc \uac19\uc774 \ud14c\uc2a4\ud2b8\ud574 \ubcf4\uc558\ub2e4.
\uc704 \uba85\ub839\uc5b4\uc758 \uc758\ubbf8\ub294 \uacf5\uaca9\uc9c0 \uc8fc\uc18c\ub97c \ub79c\ub364\ud558\uac8c \ubb34\uc791\uc704 IP\uc8fc\uc18c\ub85c \uc124\uc815(0) \ud558\uc5ec localhost \uc11c\ubc84\uc758 80 \ubc88 \ud3ec\ud2b8\uc5d0 Syn_Flooding \uacf5\uaca9\uc744 \ud55c\ub2e4\ub294 \ub0b4\uc6a9\uc774\ub2e4.
\uc2e4\uc81c \ubcf8\uc778\uc774 \ud14c\uc2a4\ud2b8\ud55c \ub808\ub4dc\ud587 6.2 \uc11c\ubc84\uc5d0\uc11c\ub294 \uacf5\uaca9\ud6c4 2-3\ucd08\ub9cc\uc5d0 \uc6f9\uc11c\ube44\uc2a4\uac00 \uc911\uc9c0\ub418\uc5c8\ub2e4.
\ud14c \uc2a4\ud2b8 \uacf5\uaca9 \ud6c4 telnet localhost 80 \uc73c\ub85c \uc811\uc18d\ud574 \ubcf4\uae30 \ubc14\ub780\ub2e4.
\ubd84\uba85\ud788 httpd \ub370\ubaac\uc740 \ub5a0 \uc788\ub294\ub370, \uc811\uc18d\uc774 \ub418\uc9c0 \uc54a\uc744 \uac83\uc774\ub2e4.
\uc544\ub798\ub294 \uacf5\uaca9\uc744 \ub2f9\ud55c \uc11c\ubc84\uc5d0\uc11c netstat -na|grep SYN \uc73c\ub85c SYN \ud328\ud0b7\uc744 \uc7a1\uc740 \ubd80\ubd84\uc774\ub2e4.
\ubd84\uba85\ud788 localhost \uc5d0\uc11c \uacf5\uaca9\uc744 \ud588\uc74c\uc5d0\ub3c4 \uc704 \uadf8\ub9bc\uc5d0\uc11c\ucc98\ub7fc 80\ubc88 \ud3ec\ud2b8\ub85c SYN \ud328\ud0b7\uc744 \uc694\uccad\ud55c IP\uc8fc\uc18c\ub294 \ub79c\ub364\ud558\uac8c \ubcf4\uc774\uace0 \uc788\uc5b4 \ub3c4\ubb34\uc9c0 \uc5b4\ub5a4 IP \uc5d0\uc11c \uacf5\uaca9\ud558\uace0 \uc788\ub294 \uac83\uc778\uc9c0 \uc54c \uc218 \uc5c6\ub2e4. \uc2e4\uc81c\ub85c \uacf5\uaca9\uc9c0 IP \ub97c \ud655\uc778\ud574 \ubcf4\uba74 \ub300\ubd80\ubd84\uc774 \ud604\uc7ac \uc778\ud130\ub137\uc0c1\uc5d0 \uc5f0\uacb0\ub418\uc9c0 \uc54a\uc740 \uc874\uc7ac\ud558\uc9c0 \uc54a\ub294 \uc704\uc870\ub41c IP\ub4e4\uc774\ub2e4.
\uc2e4\uc81c \uacf5\uaca9 \uc18c\uc2a4 \ucf54\ub4dc\uc911 \uc18c\uc2a4 IP\ub97c \uc0dd\uc131\ud558\ub294 \ubd80\ubd84\uc744 \ubcf4\uba74 \uc544\ub798\uc640 \uac19\uc774 0\ubd80\ud130 255\uae4c\uc9c0\u00a0
\uc784\uc758\uc758 \uac12\uc744 \ubf51\uc544 IP \uc8fc\uc18c\ub85c \uc124\uc815\ud558\ub294 \uac83\uc744 \ud655\uc778\ud560 \uc218 \uc788\ub2e4.
{
a = getrandom(0, 255);
b = getrandom(0, 255);
c = getrandom(0, 255);
d = getrandom(0, 255);
sprintf(junk, \"%i.%i.%i.%i\", a, b, c, d);
me_fake = getaddr(junk);
}
SYN_Flooding \uacf5\uaca9\uc5d0 \ub300\ud55c \ub300\ube44 \ubc0f \ud574\uacb0\ucc45\u00a0
\uadf8\ub807\ub2e4\uba74 \uc774 \uacf5\uaca9\uc5d0 \ub300\ud574 \uc5b4\ub5bb\uac8c \ub300\ube44\ud558\uc5ec\uc57c \ud560\uae4c?
1. \ubc31\ub85c\uadf8 \ud050\ub97c \ub298\ub824\uc900\ub2e4.\u00a0
\uc9c1 \uad00\uc801\uc73c\ub85c \ubcf4\uc558\uc744 \ub54c \uc11c\ube44\uc2a4 \uac70\ubd80\uc5d0 \ub3cc\uc785\ud558\uac8c \ub418\ub294 \uac83\uc740 \ubc31\ub85c\uadf8\ud050(Backlog Queue)\uac00 \uac00\ub4dd\u00a0
\ucc28\uc11c \ub2e4\ub978 \uc811\uc18d \uc694\uad6c\ub97c \ubc1b\uc544\ub4e4\uc774\uc9c0 \ubabb\ud558\uae30 \ub54c\ubb38\uc774\ubbc0\ub85c \ubc31\ub85c\uadf8 \ud050\uc758 \ud06c\uae30\ub97c \ub298\ub824\uc8fc\uba74 \ub420 \uac83\uc774\ub2e4. \uc2e4\uc81c\ub85c \ub9ac\ub205\uc2a4\ub97c \ud3ec\ud568\ud574\uc11c \ub9ce\uc740 \uc6b4\uc601\uccb4\uc81c\ub4e4\uc758 \ubc31\ub85c\uadf8\ud050\uac12\uc744 \uc870\uc0ac\ud574 \ubcf4\uba74 \uc774 \uac12\uc774 \ud544\uc694 \uc774\uc0c1\uc73c\ub85c \uc791\uac8c \uc124\uc815\ub418\uc5b4 \uc788\uc5b4 \uc801\uc808\ud788 \ub298\ub824\uc8fc\ub294 \uac83\uc774 \uc88b\ub2e4.
\ud604\uc7ac \uc2dc\uc2a4\ud15c\uc5d0 \uc124\uc815\ub41c \ubc31\ub85c\uadf8\ud050\uc758 \ud06c\uae30\ub294\u00a0
[root@net \/root]# sysctl -a|grep syn_backlog
net.ipv4.tcp_max_syn_backlog = 128\u00a0
\ub610\ub294\u00a0
[root@net \/root]# cat \/proc\/sys\/net\/ipv4\/tcp_max_syn_backlog
128\u00a0
\ub85c \ud655\uc778\uac00\ub2a5\ud558\uba70 128kb \uc778 \uac83\uc744 \ud655\uc778\ud560 \uc218 \uc788\ub2e4.
\uc77c\ubc18\uc801\uc73c\ub85c \uc2dc\uc2a4\ud15c\uc758 RAM \uc774 128M \uc77c \uacbd\uc6b0\uc5d0\ub294 128 \uc744 \uc124\uc815\ud558\uace0 \uadf8 \uc774\uc0c1\uc77c \uacbd\uc6b0\uc5d0\ub294 1024 \uc815\ub3c4\ub85c \uc124\uc815\ud574 \uc8fc\ub294 \uac83\uc774 \uc88b\ub2e4. \uc774 \ub54c \uc8fc\uc758\ud560 \uc810\uc740 \uc774 \uac12\uc744 \ubb34\uc791\uc815 \ud06c\uac8c \uc124\uc815\ud55c\ub2e4\uace0 \uc88b\uc740 \uac83\uc740 \uc544\ub2c8\uba70 1024 \uc774\uc0c1\uc73c\ub85c \uc124\uc815\ud560 \uacbd\uc6b0\ub294 \/usr\/src\/linux\/include\/net\/tcp.h \uc18c\uc2a4\uc5d0\uc11c TCP_SYNQ_SIZE \ubcc0\uc218\ub97c \uc218\uc815 \ud6c4 \ucee4\ub110\uc744 \uc7ac\ucef4\ud30c\uc77c\ud558\uc5ec\uc57c \ud55c\ub2e4. \uc774 \ubcc0\uc218\ub97c \uc124\uc815\uc2dc TCP_SYNQ_HSIZE\uc5d0 16\uc744 \uacf1\ud55c \uac12\uc774 tcp_max_syn_backlog \ubcf4\ub2e4\ub294 \uc791\uac70\ub098 \uac19\uc544\uc57c \ud558\ub294\ub370, \uadf8\ub807\uc9c0 \uc54a\uc744 \uacbd\uc6b0\uc5d0\ub294 \uc2dc\uc2a4\ud15c\uc5d0 \ubb38\uc81c\uac00 \ubc1c\uc0dd\ud560 \uc218 \uc788\uc73c\ub2c8 1024 \ubcf4\ub2e4 \ub192\uc740 \uac12\uc73c\ub85c \uc124\uc815\ud558\uc9c0 \ub9d0\uae30 \ubc14\ub780\ub2e4. \uadf8\ub9ac\uace0 \uc774 \uac12\uc744 \ub108\ubb34 \ud06c\uac8c \uc124\uc815\ud558\uc600\uc744 \uacbd\uc6b0\uc5d0\ub294 \uacbd\ud5d8\uc801\uc73c\ub85c \uc544\ub798 \uc124\uba85\ud560 syncookies \uae30\ub2a5\uc774 \uc798 \uc801\uc6a9\ub418\uc9c0 \uc54a\ub294 \ud604\uc0c1\uc774 \uac00\ub054 \ud655\uc778\ub418\uc5c8\ub2e4.\u00a0
\uc774\uc640\ub294 \ubcc4\uac1c\ub85c \uc2dc\uc2a4\ud15c\uc758 \ubd80\ud558\uac00 \ub9ce\uc774 \uac78\ub9b4 \uacbd\uc6b0\uc5d0\ub3c4 \ubc31\ub85c\uadf8\ud050\ub97c \ub298\ub824\uc8fc\uba74 \uc77c\uc815 \uc815\ub3c4\uc758 \ud6a8\uacfc\ub97c \ubcfc \uc218 \uc788\ub294 \uac83\uc73c\ub85c \uc54c\ub824\uc838 \uc788\ub2e4.\u00a0
\ubc31\ub85c\uadf8\ud050\uc758 \uac12\uc744 \uc124\uc815\ud558\ub294 \ubc29\ubc95\uc740 \ub2e4\uc74c\uacfc \uac19\ub2e4.
[root@net \/root]# sysctl -w net.ipv4.tcp_max_syn_backlog=1024
\ub610\ub294\u00a0
[root@net \/root]# echo 1024 > \/proc\/sys\/net\/ipv4\/tcp_max_syn_backlog
\ub85c \ud574\ub3c4 \ub41c\ub2e4.\u00a0
\uadf8\ub7ec\ub098 \uc774 \ubc29\ubc95\uc740 \uc784\uc2dc\uc801\uc778 \ub300\ucc45\uc77c \ubfd0, \uc9c0\uc18d\uc801\uc73c\ub85c \ub9ce\uc740 TCP SYN Flooding \uacf5\uaca9\uc744 \ub2f9\ud560 \ub54c\ub294 \uacb0\uad6d \ubc31\ub85c\ud06c\ud050\uac00 \uac00\ub4dd \ucc28\uac8c \ub418\ubbc0\ub85c \uadfc\ubcf8\uc801\uc778 \ud574\uacb0 \ubc29\uc548\uc740 \uc544\ub2c8\ub2e4.
2. syncookies \uae30\ub2a5\uc744 \ucf20\ub2e4.
Syncookies(\u201c\uc2e0 \ucfe0\ud0a4\u201d \ub77c\uace0 \ubc1c\uc74c\ud55c\ub2e4.) \ub294 \"Three-way handshake\" \uc9c4\ud589 \uacfc\uc815\uc744 \ub2e4\uc18c \ubcc0\uacbd\ud558\ub294 \uac83\uc73c\ub85c Alex Yuriev \uc640 Avi Freedman \uc5d0 \uc758\ud574 \uc81c\uc548\ub418\uc5c8\ub294\ub370, TCP header \uc758 \ud2b9\uc815\ud55c \ubd80\ubd84\uc744 \ubf51\uc544\ub0b4\uc5b4 \uc554\ud638\ud654 \uc54c\uace0\ub9ac\uc998\uc744 \uc774\uc6a9\ud558\ub294 \ubc29\uc2dd\uc73c\ub85c Three-way Handshake \uac00 \uc131\uacf5\uc801\uc73c\ub85c \uc774\ub8e8\uc5b4\uc9c0\uc9c0 \uc54a\uc73c\uba74 \ub354 \uc774\uc0c1 \uc18c\uc2a4 \uacbd\ub85c\ub97c \uac70\uc2ac\ub7ec \uc62c\ub77c\uac00\uc9c0 \uc54a\ub294\ub2e4. \ub530\ub77c\uc11c \uc801\uc808\ud55c \uc5f0\uacb0 \uc694\uccad\uc5d0 \ub300\ud574\uc11c\ub9cc \uc5f0\uacb0\uc744 \ub9fa\uae30 \uc704\ud574 \ub9ac\uc18c\uc2a4\ub97c \uc18c\ube44\ud558\uac8c \ub418\ub294 \uac83\uc774\ub2e4.\u00a0
syncookies \uae30\ub2a5\uc740 TCP_Syn_Flooding \uacf5\uaca9\uc744 \ucc28\ub2e8\ud558\uae30 \uc704\ud55c \uac00\uc7a5 \ud655\uc2e4\ud55c \ubc29\ubc95\uc73c\ub85c \uc774 \uae30\ub2a5\uc744 \uc774\uc6a9\ud558\ub824\uba74 \uc77c\ub2e8 \ucee4\ub110 \ucef4\ud30c\uc77c \uc635\uc158\uc5d0\uc11c CONFIG_SYN_COOKIES\uc774 Y \ub85c \uc120\ud0dd\ub418\uc5b4 \uc788\uc5b4\uc57c \ud55c\ub2e4.
\uc790\uc2e0\uc758 \ucee4\ub110 \uc635\uc158\uc5d0 \uc774 \uae30\ub2a5\uc774 \uc124\uc815\ub418\uc5b4 \uc788\ub294\uc9c0 \ud655\uc778\ud558\ub824\uba74\u00a0
\/usr\/src\/linux \ub514\ub809\ud1a0\ub9ac\ub85c \uc774\ub3d9\ud6c4 make menuconfig \ud6c4\u00a0
Networking options --->\u00a0
[*] IP: TCP syncookie support (disabled per default)\u00a0
\uc640 \uac19\uc774 \ud655\uc778\ud558\uba74 \ub41c\ub2e4.
\ub9cc\uc57d \uc124\uc815\uc774 \ub418\uc5b4 \uc788\uc9c0 \uc54a\ub2e4\uba74 \uc120\ud0dd \ud6c4 \ucee4\ub110 \ucef4\ud30c\uc77c\uc744 \ub2e4\uc2dc \ud558\uc5ec\uc57c \ud558\uc9c0\ub9cc \ub300\ubd80\ubd84 \ubc30\ud3ec\ud310\uc740 \uae30\ubcf8\uc801\uc73c\ub85c \uc774 \uc635\uc158\uc774 \uc120\ud0dd\ub418\uc5b4 \uc788\uc73c\ubbc0\ub85c \uac71\uc815\ud560 \ud544\uc694\ub294 \uc5c6\ub2e4.
\uadf8\ub7ec\ub098 \uc704\uc640 \uac19\uc774 \ucee4\ub110 \uc635\uc158\uc5d0 \uc124\uc815\ub418\uc5b4 \uc788\ub2e4 \ud558\ub354\ub77c\ub3c4 \uc2e4\uc81c syncookies \uc801\uc6a9\uc740 \uaebc\uc838 \uc788\uc73c\ubbc0\ub85c \uc774 \uac12\uc744 \ub2e4\uc74c\uacfc \uac19\uc740 \ubc29\ubc95\uc73c\ub85c \ud65c\uc131\ud654\ud574\uc57c \ud55c\ub2e4.
[root@control src]# sysctl -a|grep syncookie
net.ipv4.tcp_syncookies = 0\u00a0
0 \uc73c\ub85c \uc124\uc815\ub418\uc5b4 \uc788\uc73c\ubbc0\ub85c \ud604\uc7ac syncookies\ub294 \uc801\uc6a9\ub418\uc9c0 \uc54a\ub294\ub2e4.\u00a0
\ub530\ub77c\uc11c \uc544\ub798\uc640 \uac19\uc774 1\uc744 \uc124\uc815\ud558\uc5ec syncookies \uae30\ub2a5\uc744 \ud65c\uc131\ud654\ud558\ub3c4\ub85d \ud55c\ub2e4.\u00a0
[root@control src]# sysctl -w net.ipv4.tcp_syncookies=1
syncookies\ub294 \ubc31\ub85c\uadf8\ud050\uac00 \uac00\ub4dd \ucc3c\uc744 \uacbd\uc6b0\uc5d0\ub3c4 \uc815\uc0c1\uc801\uc778 \uc811\uc18d \uc694\uad6c\ub97c \uacc4\uc18d \ubc1b\uc544\ub4e4\uc77c \uc218 \uc788\ub3c4\ub85d \ud574 \uc8fc\ubbc0\ub85c SYN_Flooding \uacf5\uaca9\uc5d0 \ub300\ube44\ud55c \uac00\uc7a5 \ud6a8\uacfc\uc801\uc778 \ubc29\ubc95\uc911 \ud558\ub098\uc774\ub2e4.
\ub9cc\uc57d \uacf5\uaca9\uc744 \ub2f9\ud574 syncookies \uac00 \uc791\ub3d9\ud560 \ub54c\uc5d0\ub294 \/var\/log\/messages \ud30c\uc77c\uc5d0 \uc544\ub798\uc640 \uac19\uc774 SynFlooding \uacf5\uaca9\uc774 \uc9c4\ud589\uc911\uc774\ub77c\ub294 \uba54\uc2dc\uc9c0\uac00 \ucd9c\ub825\ub41c\ub2e4.
Jun 11 18:54:08 net kernel: possible SYN flooding on port 80. Sending cookies.
SYN_Flooding \uacf5\uaca9\uc774 \uc9c0\uc18d\uc801\uc73c\ub85c \ub9e4\uc6b0 \uc2ec\ud558\uac8c \uc9c4\ud589\uc911\uc77c \ub54c\uc5d0\ub294 syncookies \uae30\ub2a5\uc774 \uc791\ub3d9\ud55c\ub2e4 \ud558\ub354\ub77c\ub3c4 \ub124\ud2b8\uc6cc\ud06c\uac00 \ub2e4\uc6b4\ub418\ub294 \ud604\uc0c1\uc774 \uac00\ub054 \ud655\uc778\ub418\uc5c8\ub2e4. \ub530\ub77c\uc11c syncookies \uae30\ub2a5 \uc678\uc5d0 \uba87 \uac00\uc9c0 \uc124\uc815\ub3c4 \ud568\uaed8 \uc801\uc6a9\ud558\ub294 \uac83\uc774 \uc2dc\uc2a4\ud15c\uc758 \uc548\uc815\uc131\uc744 \uc704\ud574 \uad8c\uc7a5\ud558\ub294 \ubc29\ubc95\uc774\ub2e4. \uc544\uc6b8\ub7ec \ub124\ud2b8\uc6cc\ud06c\uac00 \ub2e4\uc6b4\ub418\uc5c8\uc744 \uacbd\uc6b0\uc5d0\ub294 \/etc\/rc.d\/init.d\/network restart \ub85c network \ub97c \uc7ac\uc124\uc815\ud574 \ubcf4\uac70\ub098 reboot \ub97c \ud558\uc5ec\uc57c \ud55c\ub2e4.\u00a0
3. \uae30\ud0c0 \uc2dc\uc2a4\ud15c\uc758 \ub124\ud2b8\uc6cc\ud06c \uc124\uc815\uc744 \ucd5c\uc801\ud654\ud55c\ub2e4.
\uc544\ub798 \uc124\uc815\uc740 \ube44\ub2e8 TCP Syn_Flooding \uacf5\uaca9\ubfd0\ub9cc\uc774 \uc544\ub2c8\ub77c \ub2e4\ub978 \uc5ec\ud0c0 DoS \uacf5\uaca9\uc5d0\ub3c4 \ud6a8\uacfc\uc801\uc774\uc73c\ub85c \ubc29\uc5b4\ud558\ubbc0\ub85c \uc801\uc808\ud788 \uc124\uc815\ud560 \uac83\uc744 \uad8c\uc7a5\ud55c\ub2e4.
sysctl -w net.ipv4.icmp_destunreach_rate=1
# 1\/100\ucd08 \ub3d9\uc548 \ubc1b\uc544\ub4e4\uc77c \uc218 \uc788\ub294 \"dest unreach (type 3) icmp\" \uc758 \uac1c\uc218
sysctl -w net.ipv4.icmp_echo_ignore_broadcasts=1\u00a0
# Broadcast \ub85c\ubd80\ud130 \uc624\ub294 ping \uc744 \ucc28\ub2e8\ud568. (Smurf \uacf5\uaca9\uc744 \ucc28\ub2e8\ud568)
sysctl -w net.ipv4.icmp_echoreply_rate=1\u00a0
# 1\/100\ucd08\uc5d0 \ubc18\uc751\ud558\ub294 ping \uc758 \ucd5c\ub300 \uc22b\uc790
sysctl -w net.ipv4.icmp_echo_ignore_all=1\u00a0
#\ubaa8\ub4e0 ping \uc744 \ucc28\ub2e8\ud568
sysctl -w net.ipv4.icmp_ignore_bogus_error_responses=1\u00a0
# IP \ub098 TCP \ud5e4\ub354\uac00 \uae68\uc9c4 bad icmp packet\uc744 \ubb34\uc2dc\ud55c\ub2e4.
sysctl -w net.ipv4.icmp_paramprob_rate=1\u00a0
# 1\/100 \ucd08\uc5d0 \ubc1b\uc544\ub4e4\uc774\ub294 param probe packets\uc758 \uc218
sysctl -w net.ipv4.icmp_timeexceed_rate=1\u00a0
# 1\/100 \ucd08\uc5d0 \ubc1b\uc544\ub4e4\uc774\ub294 timeexceed \ud328\ud0b7\uc758 \uc218(traceroute \uc640 \uad00\ub828)
sysctl -w net.ipv4.igmp_max_memberships=1\u00a0
# 1\/100 \ucd08\uc5d0 \ubc1b\uc544\ub4e4\uc774\ub294 igmp \"memberships\" \uc758 \uc218\u00a0
sysctl -w net.ipv4.ip_always_defrag=0\u00a0
# \ud56d\uc0c1 \ud328\ud0b7 \uc870\uac01 \ubaa8\uc74c\uc744 \ud558\uc9c0 \uc54a\ub294\ub2e4.\u00a0
sysctl -w net.ipv4.ip_default_ttl=64\u00a0
# \ub9e4\uc6b0 \ubcf5\uc7a1\ud55c \uc0ac\uc774\ud2b8\uc5d0\uc11c\ub294 \uc774 \uac12\uc744 \ub298\ub9ac\ub294 \uac83\ub3c4 \uac00\ub2a5\ud558\uc9c0\ub9cc\u00a0
# 64\ub85c \ub450\ub294 \uac83\uc774 \uc801\ub2f9\ud558\uba70 \ub354 \ub298\ub838\uc744 \uacbd\uc6b0\uc5d0\ub294 \ud070 \ubb38\uc81c\uac00 \ubc1c\uc0dd\ud560 \uc218\ub3c4 \uc788\ub2e4.
sysctl -w net.ipv4.ip_forward=0\u00a0
# \uac8c\uc774\ud2b8\uc6e8\uc774 \uc11c\ubc84\uac00 \uc544\ub2cc \uc774\uc0c1 \ud328\ud0b7\uc744 \ud3ec\uc6cc\ub529 \ud560 \ud544\uc694\ub294 \uc5c6\ub2e4.
sysctl -w net.ipv4.ipfrag_time=15\u00a0
# fragmented packet\uc774 \uba54\ubaa8\ub9ac\uc5d0 \uc874\uc7ac\ud558\ub294 \uc2dc\uac04\uc744 15\ucd08\ub85c \uc124\uc815\ud55c\ub2e4.
sysctl -w net.ipv4.tcp_syn_retries=3\u00a0
# \uc77c\uc815\ud55c \uc2dc\uac04\uacfc IP \ubcc4\ub85c \ubcf4\ub0b4\uace0 \ubc1b\ub294 SYN \uc7ac\uc2dc\ub3c4 \ud69f\uc218\ub97c 3\ud68c\ub85c \uc81c\ud55c\ud55c\ub2e4.
# \uc774 \uc635\uc158\uc740 \uc2a4\ud478\ud551\ub41c(\uc704\uc870\ub41c) \uc8fc\uc18c\ub85c \uc624\ub294 SYN \uc5f0\uacb0\uc758 \uc591\uc744 \uc904\uc5ec\uc900\ub2e4.\u00a0
# \uae30\ubcf8\uac12\uc740 5\uc774\uba70 255\ub97c \ub118\uc9c0 \uc54a\uc544\uc57c \ud55c\ub2e4.\u00a0
sysctl -w net.ipv4.tcp_retries1=3\u00a0
# \ubb34\uc5b8\uac00 \ubb38\uc81c\uac00 \uc788\uc744 \ub54c \uc5f0\uacb0\uc744 \uc704\ud574 \uc7ac\uc2dc\ub3c4 \ud560 \ud69f\uc218. \ucd5c\uc18c\uac12\uacfc \uae30\ubcf8\uac12\uc740 3\uc774\ub2e4.
sysctl -w net.ipv4.tcp_retries2=7\u00a0
# TCP \uc5f0\uacb0\uc744 \ub04a\uae30 \uc804\uc5d0 \uc7ac\uc2dc\ub3c4\ud560 \ud69f\uc218.
sysctl -w net.ipv4.conf.eth0.rp_filter=2
sysctl -w net.ipv4.conf.lo.rp_filter=2
susctl -w net.ipv4.conf.default.rp_filter=2
sysctl -w net.ipv4.conf.all.rp_filter=2
# \uc774 \uc124\uc815\uc740 \uc790\uc2e0\uc758 \ub124\ud2b8\uc6cc\ud06c\uac00 \uc2a4\ud478\ud551\ub41c \uacf5\uaca9\uc9c0\uc758 \uc18c\uc2a4\ub85c \uc4f0\uc774\ub294 \uac83\uc744 \ucc28\ub2e8\ud55c\ub2e4.
# \ubaa8\ub4e0 \uc778\ud130\ud398\uc774\uc2a4\uc5d0\uc11c \ub4e4\uc5b4\uc624\ub294 \ud328\ud0b7\uc5d0 \ub300\ud574 reply\ub97c \ud558\uc5ec \ub4e4\uc5b4\uc624\ub294 \uc778\ud130\ud398\uc774\uc2a4\ub85c \ub098\uac00\uc9c0\u00a0
# \ubabb\ud558\ub294 \ud328\ud0b7\uc744 \uac70\ubd80\ud55c\ub2e4.\u00a0
sysctl -w net.ipv4.conf.eth0.accept_redirects=0
sysctl -w net.ipv4.conf.lo.accept_redirects=0
sysctl -w net.ipv4.conf.default.accept_redirects=0
sysctl -w net.ipv4.conf.all.accept_redirects=0
# icmp redirects \ub97c \ud5c8\uc6a9\ud558\uc9c0 \uc54a\ub294\ub2e4.
# \ub9cc\uc57d ICMP Redirect \ub97c \ud5c8\uc6a9\ud560 \uacbd\uc6b0\uc5d0\ub294 \uacf5\uaca9\uc790\uac00 \uc784\uc758\uc758 \ub77c\uc6b0\ud305 \ud14c\uc774\ube14\uc744 \ubcc0\uacbd\ud560 \uc218
# \uc788\uac8c \ub418\uc5b4 \uc790\uc2e0\uc774 \uc758\ub3c4\ud558\uc9c0 \uc54a\ub294 \uacbd\ub85c, \uc989 \uacf5\uaca9\uc790\uac00 \uc758\ub3c4\ud55c \uacbd\ub85c\ub85c \ud2b8\ub798\ud53d\uc774 \uc804\ub2ec\ub420 \uc218\u00a0
# \uc788\ub294 \uc704\ud5d8\uc774 \uc788\ub2e4.
sysctl -w net.ipv4.conf.eth0.accept_source_route=0
sysctl -w net.ipv4.conf.lo.accept_source_route=0
sysctl -w net.ipv4.conf.default.accept_source_route=0
sysctl -w net.ipv4.conf.all.accept_source_route=0
# \uc2a4\ud478\ud551\uc744 \ub9c9\uae30 \uc704\ud574 source route \ud328\ud0b7\uc744 \ud5c8\uc6a9\ud558\uc9c0 \uc54a\ub294\ub2e4.
# \uc18c\uc2a4 \ub77c\uc6b0\ud305\uc744 \ud5c8\uc6a9\ud560 \uacbd\uc6b0 \uc545\uc758\uc801\uc778 \uacf5\uaca9\uc790\uac00 IP \uc18c\uc2a4 \ub77c\uc6b0\ud305\uc744 \uc0ac\uc6a9\ud574\uc11c \ubaa9\uc801\uc9c0\uc758 \uacbd\ub85c# \ub97c \uc9c0\uc815\ud560 \uc218\ub3c4 \uc788\uace0, \uc6d0\ub798 \uc704\uce58\ub85c \ub3cc\uc544\uc624\ub294 \uacbd\ub85c\ub3c4 \uc9c0\uc815\ud560 \uc218 \uc788\ub2e4.\u00a0
# \uc774\ub7ec\ud55c \uc18c\uc2a4 \ub77c\uc6b0\ud305\uc774 \uac00\ub2a5\ud55c \uac83\uc744 \uc774\uc6a9\ud574 \uacf5\uaca9\uc790\uac00 \ub9c8\uce58 \uc2e0\ub8b0\ubc1b\ub294 \ud638\uc2a4\ud2b8\ub098
# \ud074\ub77c\uc774\uc5b8\ud2b8\uc778\uac83 \ucc98\ub7fc \uc704\uc7a5\ud560 \uc218 \uc788\ub294 \uac83\uc774\ub2e4.
sysctl -w net.ipv4.conf.eth0.bootp_relay=0
sysctl -w net.ipv4.conf.lo.bootp_relay=0
sysctl -w net.ipv4.conf.default.bootp_relay=0
sysctl -w net.ipv4.conf.all.bootp_relay=0
# bootp \ud328\ud0b7\uc744 \ud5c8\uc6a9\ud558\uc9c0 \uc54a\ub294\ub2e4.\u00a0
sysctl -w net.ipv4.conf.eth0.log_martians=1
sysctl -w net.ipv4.conf.lo.log_martians=1
sysctl -w net.ipv4.conf.default.log_martians=1
sysctl -w net.ipv4.conf.all.log_martians=1
# \uc2a4\ud478\ud551\ub41c \ud328\ud0b7\uc774\ub098 \uc18c\uc2a4\ub77c\uc6b0\ud305, Redirect \ud328\ud0b7\uc5d0 \ub300\ud574 \ub85c\uadf8\ud30c\uc77c\uc5d0 \uc815\ubcf4\ub97c \ub0a8\uae34\ub2e4.
sysctl -w net.ipv4.conf.eth0.secure_redirects=0
sysctl -w net.ipv4.conf.lo.secure_redirects=0
sysctl -w net.ipv4.conf.default.secure_redirects=0
sysctl -w net.ipv4.conf.all.secure_redirects=0
# \uac8c\uc774\ud2b8\uc6e8\uc774\ub85c\ubd80\ud130\uc758 redirect \ub97c \ud5c8\uc6a9\ud558\uc9c0 \uc54a\uc74c\uc73c\ub85c\uc368 \uc2a4\ud478\ud551\uc744 \ub9c9\uae30 \uc704\ud574 \uc124\uc815\ud55c\ub2e4.
sysctl -w net.ipv4.conf.eth0.send_redirects=0
sysctl -w net.ipv4.conf.lo.send_redirects=0
sysctl -w net.ipv4.conf.default.send_redirects=0
sysctl -w net.ipv4.conf.all.send_redirects=0
# icmp redirects \ub97c \ubcf4\ub0b4\uc9c0 \uc54a\ub294\ub2e4.
sysctl -w net.ipv4.conf.eth0.proxy_arp=0
sysctl -w net.ipv4.conf.lo.proxy_arp=0
sysctl -w net.ipv4.conf.default.proxy_arp=0
sysctl -w net.ipv4.conf.all.proxy_arp=0
# proxy arp \ub97c \uc124\uc815\ud558\uc9c0 \uc54a\ub294\ub2e4. \uc774 \uac12\uc774 1\ub85c \uc124\uc815\ub418\uc5c8\uc744 \uacbd\uc6b0 proxy_arp \uac00 \uc124\uc815\ub41c \uc778\ud130\ud398
# \uc774\uc2a4\uc5d0 \ub300\ud574 arp \uc9c8\uc758\uac00 \ub4e4\uc5b4\uc654\uc744 \ub54c \ubaa8\ub4e0 \uc778\ud130\ud398\uc774\uc2a4\uac00 \ubc18\uc751\ud558\uac8c \ub41c\ub2e4.
sysctl -w net.ipv4.tcp_keepalive_time=30
# \uc774\ubbf8 \ud504\ub85c\uc138\uc2a4\uac00 \uc885\ub8cc\ub418\uc5b4 \ubd88\ud544\uc694\ud558\uac8c \ub0a8\uc544 \uc788\ub294 \uc5f0\uacb0\uc744 \ub04a\ub294 \uc2dc\uac04\uc744 \uc904\uc774\ub3c4\ub85d \ud55c\ub2e4.
sysctl -w net.ipv4.tcp_fin_timeout=30
# \uc5f0\uacb0\uc744 \uc885\ub8cc\uc2dc \uc18c\uc694\ub418\ub294 \uc2dc\uac04\uc744 \uc904\uc5ec\uc900\ub2e4. (\uae30\ubcf8 \uc124\uc815\uac12 : 60)
sysctl -w net.ipv4.tcp_tw_buckets=720000\u00a0
# \ub3d9\uc2dc\uc5d0 \uc720\uc9c0 \uac00\ub2a5\ud55c timewait \uc18c\ucf13\uc758 \uc218\uc774\ub2e4. \ub9cc\uc57d \uc9c0\uc815\ub41c \uc22b\uc790\ub97c \ucd08\uacfc\ud558\uc600\uc744 \uacbd\uc6b0\uc5d0\ub294
# timewait \uc18c\ucf13\uc774 \uc5c6\uc5b4\uc9c0\uba70 \uacbd\uace0 \uba54\uc2dc\uc9c0\uac00 \ucd9c\ub825\ub41c\ub2e4. \uc774 \uc81c\ud55c\uc740 \ub2e8\uc21c\ud55c DoS \uacf5\uaca9\uc744 \ucc28\ub2e8\ud558
# \uae30 \uc704\ud574 \uc874\uc7ac\ud558\ub294\ub370, \uc784\uc758\ub85c \uc774 \uac12\uc744 \uc904\uc5ec\uc11c\ub294 \uc548 \ub418\uba70 \uba54\ubaa8\ub9ac\uac00 \ucda9\ubd84\ud558\ub2e4\uba74 \uc801\uc808\ud558\uac8c \ub298
# \ub824\uc8fc\ub294 \uac83\uc774 \uc88b\uc740\ub370, 64M \ub9c8\ub2e4 180000 \uc73c\ub85c \uc124\uc815\ud558\uba74 \ub41c\ub2e4. \ub530\ub77c\uc11c 256M \uc77c \uacbd\uc6b0\uc5d0\ub294\u00a0
# 256\/4=4 4*180000=720000 \uc744 \uc801\uc6a9\ud558\uba74 \ub41c\ub2e4.\u00a0
sysctl -w net.ipv4.tcp_keepalive_probes=2
sysctl -w net.ipv4.tcp_max_ka_probes=100
# \uac04\ub2e8\ud55c DoS \uacf5\uaca9\uc744 \ub9c9\uc544\uc900\ub2e4.
\uc704\uc758 \ubaa8\ub4e0 \uc124\uc815\uc740 \uc7ac\ubd80\ud305 \ud6c4\uc5d0 \uc6d0\ub798\uc758 \uac12\uc73c\ub85c \ub2e4\uc2dc \ucd08\uae30\ud654\ub418\ubbc0\ub85c \/etc\/rc.d\/rc.local \uc5d0 \ub450\uc5b4 \ubd80\ud305\uc2dc\ub9c8\ub2e4 \uc2e4\ud589\ud558\ub3c4\ub85d \ud558\uc5ec\uc57c \ud55c\ub2e4. \uadf8\ub9ac\uace0 \ub9ac\ub205\uc2a4\uc758 \ubc84\uc804\uc774 \ub0ae\uc544 sysctl \uba85\ub839\uc5b4\uac00 \uc5c6\ub294 \uacbd\uc6b0\uc5d0\ub294\u00a0
echo 0 or 1 > \/proc\/sys\/net\/* \uc640 \uac19\uc774 \uc9c1\uc811 \/proc \uc774\ud558\uc758 \uac12\uc744 \uc9c1\uc811 \uc124\uc815\ud574 \uc8fc\uc5b4\ub3c4 \ub41c\ub2e4.
echo \uba85\ub839\uc5b4 \uc5ed\uc2dc \uc7ac\ubd80\ud305\ub418\uba74 \ucd08\uae30\ud654\ub418\ubbc0\ub85c \/etc\/rc.d\/rc.local \uc5d0 \uc124\uc815\ud574 \ub450\uc5b4\uc57c \uc7ac\ubd80\ud305\ud6c4\uc5d0\ub3c4 \uc801\uc6a9\uc774 \ub41c\ub2e4.\u00a0
\uc544\uc6b8\ub7ec \ub808\ub4dc\ud587 6.2 \uc774\uc0c1\uc77c \uacbd\uc6b0\uc5d0\ub294 \/etc\/sysctl.conf \ud30c\uc77c\uc5d0 net.ipv4.tcp_syncookies=1 \uc640 \uac19\uc774 \uc124\uc815\ud55c \ud6c4 network \ub97c restart \ud558\ub294 \ubc29\ubc95\ub3c4 \uc788\ub2e4.
4. \uadf8\uc678 SYN_Flooding \uc5d0 \ub300\ud55c \ubcf4\ucda9 \uc124\uba85 \uba87 \uac00\uc9c0\u00a0
(1) \uc704\uc5d0\uc11c \uc124\uba85\ud55c \ubc29\ubc95 \uc678\uc5d0 \ucd94\uac00\uc801\uc73c\ub85c \uc124\uc815\ud560 \ub9cc\ud55c \uba87 \uac00\uc9c0 \ubc29\ubc95\uc774 \uc788\ub2e4.
RFC 1918 \uc5d0 \uc758\ud574 \ub0b4\ubd80(Private) IP\ub97c \uc18c\uc2a4\ub85c \ub4e4\uc5b4\uc624\ub294 \ud2b8\ub798\ud53d\uc744 \ucc28\ub2e8\ud55c\ub2e4.
127.0.0.0, 10.0.0.0, 172.16.0.0, 192.168.0.0 \ub4f1\uc740 Private IP \ub85c\uc11c \ub0b4\ubd80\uc758 \uac00\uc0c1 IP \ub97c \uc0ac\uc6a9\ud560 \ub54c \uc4f0\uc774\ub294 \uc8fc\uc18c\uc774\uba70 \uc77c\ubc18\uc801\uc73c\ub85c \uc774\ub7ec\ud55c IP\ub97c \uc18c\uc2a4 \uc8fc\uc18c\ub85c \ub77c\uc6b0\ud305\uc774 \ub420 \uc218 \uc5c6\ub2e4.\u00a0
\ub530\ub77c\uc11c \uc544\ub798\uc640 \uac19\uc774 \ube44\uc815\uc0c1\uc801\uc778 IP \uc8fc\uc18c\ub97c \uc18c\uc2a4\ub85c \ud574\uc11c \ub4e4\uc5b4\uc624\ub294 \ud2b8\ub798\ud53d\uc744 \ucc28\ub2e8\ud55c\ub2e4.
iptables -A INPUT -s 10.0.0.\/8 -j DROP
iptables -A INPUT -s 172.16.0.0\/12 -j DROP
iptables -A INPUT -s 192.168.0.0\/16 -j DROP\u00a0
# \uc0ac\uc124 IP \ub97c \ucc28\ub2e8\ud55c\ub2e4.
# \/8, \/16 \ub4f1\uc740 CIDR \ub77c \ud558\uba70 \/8 \uc740 A Class, \/16 \uc740 B Class \ub97c \ub73b\ud55c\ub2e4.
iptables -A INPUT -s 255.255.255.255\/32 -j DROP
iptables -A INPUT -s 127.0.0.0\/8 -j DROP
# \uc77c\ubc18\uc801\uc73c\ub85c \ub77c\uc6b0\ud305\uc774 \ub418\uc9c0 \uc54a\ub294 IP \ub300\uc5ed\uc744 \ucc28\ub2e8\ud55c\ub2e4.
iptables -A INPUT -s 240.0.0.0\/5 -j DROP
# IANA \uc5d0 \uc608\uc57d\ub41c \uc8fc\uc18c\ub97c \ucc28\ub2e8\ud55c\ub2e4.
iptables -A INPUT -s 211.2.3.4 -j DROP
# \uc544\uc6b8\ub7ec \uc790\uae30 \uc790\uc2e0\uc758 IP \ub97c \uc18c\uc2a4\ub85c \ud558\ub294 \ud328\ud0b7\ub3c4 \ud544\ud130\ub9c1\ud55c\ub2e4.(211.2.3.4 \ub300\uc2e0 \uc790\uc2e0\uc758 IP\uc785\ub825)
# \uc790\uc2e0\uc758 IP \ub97c \uc18c\uc2a4\ub85c \ud574\uc11c \ud328\ud0b7\uc774 \ub4e4\uc5b4\uc62c \uc218\ub294 \uc5c6\ub2e4.
\uc790 \uc2e0\uc758 \uc2dc\uc2a4\ud15c\uc774 Kernel 2.4 \uc774\uc804 \ubc84\uc804\uc758 \uacbd\uc6b0\uc5d0\ub294 iptables \ub300\uc2e0 ipchains \ub97c \uc0ac\uc6a9\ud558\ubbc0\ub85c\u00a0
ipchains -A input -s 10.0.0.\/8 -j DENY \uc640 \uac19\uc740 \ubc29\ubc95\uc73c\ub85c \uc0ac\uc6a9\ud558\uba74 \ub41c\ub2e4.
\ub9cc\uc57d iptables \uac00 \uc124\uce58\ub418\uc5b4 \uc788\uc9c0 \uc54a\uc73c\uba74\u00a0http:\/\/netfilter.kernelnotes.org\/<\/a>\u00a0\uc5d0 \uc811\uc18d \ud6c4 \ucd5c\uc2e0 \ubc84\uc804\uc758 iptables.tar \ub97c \ub2e4\uc6b4\ub85c\ub4dc \ubc1b\uc544 \uc555\ucd95\ud574\uc81c \ud6c4 make; make install \ub85c \uc124\uce58\ud558\uba74 \ub41c\ub2e4.\u00a0
\ud604 \uc7ac \ub9ac\ub205\uc2a4 \uc2dc\uc2a4\ud15c\uc758 Kernel \ubc84\uc804\uc740 uname ?r \uc744 \uc785\ub825\ud558\uba74 \ud655\uc778\ud560 \uc218 \uc788\ub2e4.
\uc544\uc6b8\ub7ec \uc544\ub798\ub294 \ub124\ud2b8\uc6cc\ud06c\ub97c \ud1b5\ud574 \ub77c\uc6b0\ud305 \ub420 \uc218 \uc5c6\ub294 IP \ub300\uc5ed\uc774\ubbc0\ub85c \ud544\ud130\ub9c1 \ud558\uc5ec\uc57c \ud560 IP \uc774\ub2e4.
0.0.0.0\/8 - Historical Broadcast
10.0.0.0\/8 - RFC 1918 \uc5d0 \uc758\ud55c \ub0b4\ubd80 \ub124\ud2b8\uc6cc\ud06c\u00a0
127.0.0.0\/8 - Loopback
169.254.0.0\/16 - Link Local Networks
172.16.0.0\/12 - RFC 1918 \uc5d0 \uc758\ud55c \ub0b4\ubd80 \ub124\ud2b8\uc6cc\ud06c
192.0.2.0\/24 - TEST-NET
192.168.0.0\/16 - RFC 1918\uc5d0 \uc758\ud55c \ub0b4\ubd80 \ub124\ud2b8\uc6cc\ud06c\u00a0
224.0.0.0\/4 - Multicast D Class\u00a0
240.0.0.0\/5 - \uc608\uc57d\ub41c E Class\u00a0
248.0.0.0\/5 - \ubbf8\ud560\ub2f9\u00a0
255.255.255.255\/32 - \ube0c\ub85c\ub4dc\uce90\uc2a4\ud2b8\u00a0
(2) \uc784\uc758\uc758 IP \uac00 \uc544\ub2cc \ud2b9\uc815\ud55c IP\ub97c \uc18c\uc2a4 \uc8fc\uc18c\ub85c \uacc4\uc18d\uc801\uc73c\ub85c SYN \uacf5\uaca9\uc774 \uc774\ub8e8\uc5b4 \uc9c8 \uacbd\uc6b0\uc5d0\ub294 \ud574\ub2f9 IP \ub97c \ucc28\ub2e8\ud558\ub294 \uac83\ub3c4 \uc88b\uc740 \ubc29\ubc95\uc774\ub2e4.\u00a0
\ub9cc\uc57d 211.2.3.4 \uc5d0\uc11c \uc9c0\uc18d\uc801\uc73c\ub85c \uacf5\uaca9\uc774 \ub4e4\uc5b4\uc62c \ub54c\ub294 \uc544\ub798\uc640 \uac19\uc774 \ucc28\ub2e8\ud560 \uc218 \uc788\ub2e4.
iptables -A INPUT -s 211.2.3.4 -j DROP (Kernel 2.4.x \ubc84\uc804)
ipchains -A input -s 211.2.3.4 -j DENY (Kernel 2.4 \uc774\uc804 \ubc84\uc804)
\ub610\ub294\u00a0
route add -host 211.2.3.4 reject \ub85c \ud55c\ub2e4.
\ub9cc\uc57d 211.2.3.X \ub300\uc5ed \uc804\uccb4\ub97c \ucc28\ub2e8\ud558\ub824\uba74 211.2.3.0\/24 \uc640 \uac19\uc774 \ud558\uba74 \ub41c\ub2e4.
(\/24 \ub294 C Class \ub97c \ub73b\ud55c\ub2e4.)
\uadf8\ub7ec\ub098 \uc704\uc640 \uac19\uc774 route \ubcf4\ub2e4\ub294 iptables \ub098 ipchains \ub85c \ucc28\ub2e8\ud558\ub294 \uac83\uc774 \ub354 \ud6a8\uacfc\uc801\uc774\ub2e4.
\ub9cc\uc57d \uc784\uc758\uc758 IP\ub85c \uacf5\uaca9\uc9c0\ub97c \uc0dd\uc131\ud55c\ub2e4\uba74 SYN_RECEIVED \ub85c \ubcf4\uc774\ub294 IP \uc911\uc5d0\ub294 \uc2e4\uc81c \ub124\ud2b8\uc6cc\ud06c\uc5d0 \uc5f0\uacb0\ub418\uc5b4 \uc788\ub294 IP \ub3c4 \uc788\uc744 \uac83\uc774\uace0 \uadf8\ub807\uc9c0 \uc54a\uc740 IP \ub3c4 \uc788\uc744 \uac83\uc774\ub2e4. \uadf8\ub7ec\ub098 \uc2e4\uc81c \uacf5\uaca9\uc744 \ub2f9\ud560 \ub54c \uacf5\uaca9\uc9c0 IP \ub97c \uac80\ucd9c\ud574 \ubcf4\uba74 \ubaa8\ub450 ping \uc774 \ub418\uc9c0 \uc54a\ub294 \uc2e4\uc81c \ub124\ud2b8\uc6cc\ud06c\uc5d0 \uc5f0\uacb0\ub418\uc9c0 \uc54a\uc740 IP \uc8fc\uc18c\uc774\ub2e4. \uc5b4\uc9f8\uc11c \uc774\ub7f0 \ud604\uc0c1\uc774 \uc77c\uc5b4\ub0a0\uae4c? \uc774\ub294 \uc55e\uc5d0\uc11c \uc124\uba85\ud55c TCP \uc758 3 Way-Handshake \uc6d0\ub9ac\ub97c \uc798 \uc0dd\uac01\ud574\ubcf4\uba74 \uc774\ud574\uac00 \ub420 \uac83\uc774\ub2e4.
\uc989, \ubb34\uc791\uc704\ub85c \uc0dd\uc131\ub41c IP \ub97c \uc18c\uc2a4\ub85c \ud55c SYN \ud328\ud0b7\uc744 \ubc1b\uc740 \uc11c\ubc84\ub294, \uc694\uccad\uc744 \ubc1b\uc740 \ubaa8\ub4e0 IP \ub85c SYN+ACK \ud328\ud0b7\uc744 \ubcf4\ub0b8\ub2e4. \uadf8\ub7f0\ub370, \uc815\uc791 \uc2e4\uc81c\ub85c \ud574\ub2f9 IP \ub97c \uc0ac\uc6a9\uc911\uc778 \ud638\uc2a4\ud2b8\ub294 SYN \ud328\ud0b7\uc744 \ubcf4\ub0b4\uc9c0\ub3c4 \uc54a\uc558\ub294\ub370, \uacf5\uaca9\uc744 \ubc1b\uc740 \uc11c\ubc84\ub85c\ubd80\ud130 \uc601\ubb38\ub3c4 \ubaa8\ub974\ub294 SYN+ACK \ub97c \ubc1b\uc558\uc73c\ubbc0\ub85c \uc774 \ud328\ud0b7\uc744 \ube44\uc815\uc0c1\uc801\uc778 \ud328\ud0b7\uc73c\ub85c \uac04\uc8fc\ud558\uace0 \ud574\ub2f9 \ud328\ud0b7\uc744 \ub9ac\uc14b(RST)\ud558\uc5ec \ucd08\uae30\ud654 \uc2dc\ud0a8\ub2e4.\u00a0
\uadf8 \ub9ac\uace0 \uc2e4\uc81c \uc874\uc7ac\ud558\uc9c0 \uc54a\ub294 IP \uc5d0 \ub300\ud574\uc11c \uc54c\uc544\ubcf4\uc790. \uacf5\uaca9\uc744 \ub2f9\ud55c \uc11c\ubc84\uac00 \ud574\ub2f9 IP\ub85c\ubd80\ud130 SYN \ud328\ud0b7\uc744 \ubc1b\uc558\ub2e4\uace0 \ud310\ub2e8(\uc2e4\uc81c\ub85c\ub294 \uc704\uc870\ub41c \ud328\ud0b7\uc774\uc9c0\ub9cc) \ud558\uc5ec SYN+ACK \ud328\ud0b7\uc744 \ubc1c\uc1a1 \ud6c4 ACK \ud328\ud0b7\uc744 \uacc4\uc18d \uae30\ub2e4\ub9ac\uc9c0\ub9cc \ud574\ub2f9 IP \ub294 \uc778\ud130\ub137\uc5d0 \uc5f0\uacb0\ub418\uc5b4 \uc788\uc9c0 \uc54a\uc73c\ubbc0\ub85c SYN+ACK \ud328\ud0b7\uc744 \ubc1b\uc744 \uc218\ub3c4 \uc5c6\uc744 \ubfd0\ub354\ub7ec \uc774\uc5d0 \ub300\ud55c \uc751\ub2f5\uc73c\ub85c ACK \ud328\ud0b7\uc744 \ubc1c\uc1a1\ud558\uc9c0 \uc54a\uc744 \uac83\uc784\uc740 \ubd88\uc744 \ubcf4\ub4ef \ubed4\ud55c \uac83\uc774\uace0, \uacb0\uad6d \uacf5\uaca9\uc744 \ubc1b\ub294 \uc11c\ubc84\ub294 \uc874\uc7ac\ud558\uc9c0\ub3c4 \uc54a\ub294 IP \ub85c\ubd80\ud130 ACK \ud328\ud0b7\uc744 \ubc1b\uc744 \uac83\ub9cc\uc744 \uae30\ub2e4\ub9ac\uba70 \ubc31\ub85c\uadf8\ud050\ub294 \uac00\ub4dd \ucc28\uac8c \ub418\ub294 \uac83\uc774\ub2e4. \uc774\uac83\uc774 \ubc31\ub85c\uadf8\ud050\uac00 \uac00\ub4dd \ucc28\uac8c \ub418\ub294 \uc774\uc720\uc774\uba70 \ubc31\ub85c\uadf8\ud050\ub97c \uac00\ub4dd \ucc44\uc6b0\ub294 IP\uac00 \ubaa8\ub450 \uc2e4\uc81c\ub85c\ub294 \uc874\uc7ac\ud558\uc9c0 \uc54a\ub294 IP \ub4e4\uc778 \uac83\uc774\ub2e4. \ub530\ub77c\uc11c \uacf5\uaca9\uc790\uc758 \uc785\uc7a5\uc5d0\uc11c\ub294 \uc778\ud130\ub137\uc0c1\uc5d0\uc11c \ub77c\uc6b0\ud305\uc774 \ub418\uc9c0 \uc54a\ub294 IP \ub97c \uc18c\uc2a4 IP \ub85c \ud558\uc5ec \uacf5\uaca9\ud558\ub294 \uac83\uc774 \uac00\uc7a5 \ud6a8\uacfc\uc801\uc77c \uac83\uc774\ub2e4. \uc989 \uc778\ud130\ub137\uc5d0 \uc5f0\uacb0\ub418\uc5b4 \uc788\ub294 IP \ub97c \uc18c\uc2a4 \uc8fc\uc18c\ub85c \ud558\uc5ec SYN Flooding \uacf5\uaca9\ud558\ub294 \uac83\uc740 \uc758\ubbf8\uac00 \uc5c6\ub2e4.\u00a0
(3) \uc2e4\uc81c \uacf5\uaca9\uc9c0 IP\ub97c \ucd94\uc801\ud558\ub294 \uac83\uc740 \uac70\uc758 \ubd88\uac00\ub2a5\ud558\ub2e4.
\ub300\ubd80\ubd84\uc758 DoS \uacf5\uaca9\uc774 \uadf8\ub7ec\ud558\ub4ef\uc774 SYN_Flooding \uacf5\uaca9\ub3c4 \uc18c\uc2a4IP\ub97c \uc18d\uc5ec\uc11c \ub4e4\uc5b4\uc624\uae30 \ub54c\ubb38\uc5d0 netstat \uc73c\ub85c \ubcf4\uc774\ub294 IP\ub97c \uc2e4\uc81c \uacf5\uaca9\uc9c0 IP \ub77c\uace0 \ud310\ub2e8\ud574\uc11c \ud574\ub2f9 IP\ub85c \uc5ed\uacf5\uaca9\uc744 \ud574\uc11c\ub294 \uc548 \ub41c\ub2e4. \uacf5\uaca9\uc744 \ub2f9\ud558\ub294 \ub9ac\ub205\uc2a4 \uc11c\ubc84\uc5d0\uc11c \uacf5\uaca9\uc9c0\ub97c \uc544\ub294 \ubc29\ubc95\uc740 \uc5c6\uc73c\uba70 \uc0c1\uc704 \ub77c\uc6b0\ud130\uc640 \ud574\ub2f9 \ub77c\uc6b0\ud130\uac00 \uc5f0\uacb0\ub418\uc5b4 \uc788\ub294 ISP \uc5c5\uccb4\uc640 \uae34\ubc00\ud558\uac8c \ud611\uc870\uac00 \ub418\uc5c8\uc744 \ub54c\ub77c\uc57c \uadf8\ub098\ub9c8 \ucd94\ucc99\uc774 \uac00\ub2a5\ud558\ub2e4.
\uadf8\ub7ec\ub098 \uc0ac\uc2e4\uc0c1 \ud611\uc870\uac00 \uc774\ub8e8\uc5b4\uc838\ub3c4 \ucd94\ucc99\ud558\uae30\ub780 \ub9e4\uc6b0 \uc5b4\ub824\uc6b4\ub370, \ub9cc\uc57d \ub77c\uc6b0\ud305 \uacbd\ub85c\uac00 20\uac1c\uc774\uc0c1 \ub418\ub294 \uacf3\uc5d0\uc11c \uacf5\uaca9\ud55c\ub2e4\uba74 20\uac1c \ub77c\uc6b0\ud130\ub97c \uad00\ub9ac\ud558\ub294 \ubaa8\ub4e0 \uad00\ub9ac\uc790\uc640 \ub3d9\uc2dc\uc5d0 \ud611\uc870\uac00 \uc774\ub8e8\uc5b4\uc838\uc57c\ud558\uace0 \uacf5\uaca9\uc774 \uc2e4\uc81c \uc774\ub8e8\uc5b4\uc9c0\uace0 \uc788\ub294 \ub2f9\uc2dc\uc5d0 \ucd94\ucc99\uc774 \ub418\uc5b4\uc57c \ud558\ubbc0\ub85c \ub9e4\uc6b0 \uc5b4\ub835\ub2e4\uace0 \ud560 \uc218 \uc788\ub2e4. \uacb0\ub860\uc801\uc73c\ub85c \uacf5\uaca9\uc9c0 IP \ub97c \ucd94\ucc99\ud558\ub294 \uac83\uc740 \ubd88\uac00\ub2a5\ud558\ub2e4\uace0 \ud560 \uc218 \uc788\ub2e4.\u00a0
\uadf8\ub9ac\uace0, \ucc38\uace0\uc801\uc73c\ub85c \uc2dc\uc2a4\ud15c\uc5d0\uc11c \uc704\uc870\ub41c \ud328\ud0b7\uc744 \uc0dd\uc131\ud558\ub294 \uac83\uc740 \uc624\uc9c1 root \ub9cc\uc774 \uac00\ub2a5\ud558\ubbc0\ub85c \uacf5\uaca9\uc790\ub294 \uacf5\uaca9\uc9c0 \uc2dc\uc2a4\ud15c\uc758 root \uc18c\uc720\ub85c SYN Flooding \uacf5\uaca9\uc744 \ud558\ub294 \uac83\uc774\ub77c\ub294 \uc0ac\uc2e4\uc744 \ucc38\uace0\ud558\uae30 \ubc14\ub780\ub2e4.\u00a0
(4) Virtul-Sever \ucee4\ub110 \ud328\uce58\ub97c \ud558\ub294 \ubc29\ubc95\ub3c4 \uc788\ub2e4.
\uc774 \ucee4\ub110 \ud328\uce58\ub97c \ud558\uc600\uc744 \uacbd\uc6b0\uc5d0\ub294 \uba87 \uac00\uc9c0 DoS \uacf5\uaca9\uc744 \ucc28\ub2e8\ud560 \uc218 \uc788\ub2e4. VirtualServer\ub780 \ub9d0 \uadf8\ub300\ub85c \ub85c\ub4dc \ubc38\ub79c\uc2f1\ub4f1\uc758 \ud074\ub7ec\uc2a4\ud130\ub9c1 \uc2dc\uc2a4\ud15c\uc744 \uad6c\uc131\ud560 \ub54c \ud544\uc694\ud55c \ucee4\ub110 \ud328\uce58\ub85c\uc11c \ud328\uce58\ub97c \ud55c \ud6c4 sysctl -a|grep .vs. \ub85c \ud655\uc778\ud574 \ubcf4\uba74 \uba87 \uac00\uc9c0 \uc124\uc815\uc774 \ucd94\uac00\ub41c \uac83\uc744 \ud655\uc778\ud560 \uc218 \uc788\ub2e4.\u00a0
\uc774 \ubc29\ubc95\uc5d0 \ub300\ud55c \ubcf4\ub2e4 \uc790\uc138\ud55c \uc548\ub0b4\ub294\u00a0http:\/\/www.linuxvirtualserver.org\/defense.html<\/a>\ub97c \ucc38\uace0\ud558\uae30 \ubc14\ub780\ub2e4.\u00a0
(5) \ub77c\uc6b0\ud130\ub098 \ubc29\ud654\ubcbd\uc5d0\uc11c \ucc28\ub2e8 \uac00\ub2a5\ud558\ub2e4.
\ub77c\uc6b0\ud130\ub4f1 \ub124\ud2b8\uc6cc\ud06c \uc7a5\ube44\ub85c \uc720\uba85\ud55c CISCO \uc5d0\uc11c\ub294 TCP SYN_Flooding \uacf5\uaca9\uc744 \ucc28\ub2e8\ud558\uae30 \uc704\ud574 TCP Intercept \ub77c\ub294 \uc194\ub8e8\uc158\uc744 \uc81c\uc548\ud588\ub2e4. TCP Intercept \ub294 \ub450 \uac00\uc9c0 \ubc29\uc2dd\uc73c\ub85c \uad6c\ud604\uac00\ub2a5\ud55c\ub370 , \uccab\ubc88\uc9f8 \ubc29\uc2dd\uc740 \u201c\uc778\ud130\uc149\ud2b8 \ubaa8\ub4dc\u201d \ub77c \ud558\uc5ec \ub9d0 \uadf8\ub300\ub85c \ub77c\uc6b0\ud130\ub85c \ub4e4\uc5b4\uc624\ub294 SYN \ud328\ud0b7 \uc694\uccad\uc744 \uadf8\ub300\ub85c \uc11c\ubc84\uc5d0 \ub118\uaca8\uc8fc\uc9c0 \uc54a\uace0 \ub77c\uc6b0\ud130\uc5d0\uc11c \uc77c\ub2e8 \uac00\ub85c\ucc44\uc5b4(Intercept \ud558\uc5ec) \uc11c\ubc84\ub97c \ub300\uc2e0\ud558\uc5ec SYN \ud328\ud0b7\uc744 \uc694\uccad\ud55c \ud074\ub77c\uc774\uc5b8\ud2b8\uc640 \uc5f0\uacb0\uc744 \ub9fa\uace0, \uc5f0\uacb0\uc774 \uc815\uc0c1\uc801\uc73c\ub85c \uc774\ub8e8\uc5b4\uc9c0\uba74 \uc774\ubc88\uc5d0\ub294 \ud074\ub77c\uc774\uc5b8\ud2b8\ub97c \ub300\uc2e0\ud558\uc5ec \uc11c\ubc84\uc640 \uc5f0\uacb0\uc744 \ub9fa\uc740 \ub2e4\uc74c \ub450 \uc5f0\uacb0\uc744 \ud22c\uba85\ud558\uac8c \ud3ec\uc6cc\ub529\ud558\uc5ec \uc5f0\uacb0\uc2dc\ucf1c\uc8fc\ub294 \ubc29\uc2dd\uc774\ub2e4. \ub530\ub77c\uc11c \uc874\uc7ac\ud558\uc9c0 \uc54a\ub294 IP \ub85c\ubd80\ud130 \uc624\ub294 SYN \uc694\uccad\uc740 \uc11c\ubc84\uc5d0 \ub3c4\ub2ec\ud558\uc9c0 \ubabb\ud558\uac8c \ub418\ub294 \uac83\uc774\ub2e4. \ub450\ubc88\uc9f8 \ubc29\uc2dd\uc740 \u201c\uc640\uce58(watch) \ubaa8\ub4dc\u201d \ub77c \ud558\uc5ec \u201c\uc778\ud130\uc149\ud2b8 \ubaa8\ub4dc\u201d\uc640\ub294 \ub2ec\ub9ac \ub77c\uc6b0\ud130\ub97c \ud1b5\uacfc\ud558\ub294 SYN\ud328\ud0b7\uc744 \uadf8\ub300\ub85c \ud1b5\uacfc\uc2dc\ud0a4\uace0 \uc77c\uc815 \uc2dc\uac04\ub3d9\uc548 \uc5f0\uacb0\uc774 \uc774\ub8e8\uc5b4\uc9c0\uc9c0 \uc54a\uc73c\uba74 \ub77c\uc6b0\ud130\uac00 \uc911\uac04\uc5d0\uc11c SYN \ud328\ud0b7\uc744 \ucc28\ub2e8\ud558\ub294 \ubc29\uc2dd\uc774\ub2e4. \uba87\uba87 \ubc29\ud654\ubcbd\uc5d0\uc11c\ub3c4 \uc704\uc758 \ub450 \uac00\uc9c0 \ubc29\uc2dd\uc73c\ub85c SYN Flooding \uc744 \ucc28\ub2e8\ud558\uace0 \uc788\ub2e4. \uc2e4\uc81c\ub85c tcp intercept \ub97c \uc124\uc815\ud558\uc5ec \ud14c\uc2a4\ud2b8 \uacb0\uacfc \uc11c\ubc84 \ub808\ubca8\uc5d0\ub294 \uc804\ud600 \uc2a4\ud478\ud551\ub41c SYN \ud328\ud0b7\uc774 \ubcf4\ub0b4\uc9c0\uc9c0 \uc54a\uc544 SYN_Flooding \uacf5\uaca9\uc744 \ucc28\ub2e8\ud558\uae30 \uc704\ud55c \uac00\uc7a5 \ud655\uc2e4\ud55c \ubc29\ubc95\uc774\uae30\ub294 \ud588\uc9c0\ub9cc \uc544\uc27d\uac8c\ub3c4 \ub77c\uc6b0\ud130\uc758 CPU, Memory \ubd80\ud558\uac00 \ub108\ubb34 \ub192\uc544\uc9c0\ub294 \ub2e8\uc810\uc774 \uc788\uc5c8\ub2e4. \uc774 \uc124\uc815\uc5d0 \ub300\ud574 \uad81\uae08\ud558\uc2e0 \ubd84\uc740\u00a0http:\/\/www.cisco.com\/<\/a>\uc811\uc18d\ud6c4 \"tcp intercept\" \ub85c \uac80\uc0c9\ud574 \ubcf4\uae30 \ubc14\ub780\ub2e4. \uc774 \uc124\uc815\uc744 \ud588\uc744 \uacbd\uc6b0\uc5d0\ub294 \ubaa8\ub4e0 \ud328\ud0b7\uc5d0 \ub300\ud574 \uc778\ud130\uc149\ud2b8\ub97c \ud558\ubbc0\ub85c \ud2b8\ub798\ud53d\uc774 \ub9ce\uc744 \uacbd\uc6b0\uc5d0\ub294 \ub77c\uc6b0\ud130\uac00 \ub2e4\uc6b4\ub418\ub294 \uacbd\uc6b0\ub3c4 \uc788\uc73c\ub2c8 \uc124\uc815\uc2dc \uac01\ubcc4\ud788 \uc8fc\uc758\ud558\uae30 \ubc14\ub780\ub2e4.
(6) Windows NT\/2000 \uacc4\uc5f4\uc5d0\uc11c\ub294 Registry\uac12\uc744 \uc218\uc815\ud568\uc73c\ub85c\uc368 \ud29c\ub2dd\uc774 \uac00\ub2a5\ud558\ub2e4.
\uc774 \uac12\uc5d0 \ub300\ud55c \ud29c\ub2dd\uc740 Microsoft \uc758 technical page \ub098\u00a0
http:\/\/packetstorm.securify.com\/groups\/rhino9\/synflood.doc<\/a>\ub97c \ub2e4\uc6b4\ub85c\ub4dc \ubc1b\uc544 \ucc38\uace0\ud558\uae30 \ubc14\ub780\ub2e4.
AIX\ub098 Solaris\ub4f1 \ub2e4\ub978 UNIX \uacc4\uc5f4\uc5d0 \ub300\ud55c \ud29c\ub2dd\uc740\u00a0
http:\/\/www.cymru.com\/~robt\/Docs\/Articles\/ip-stack-tuning.html<\/a>\ub97c \ucc38\uace0\ud558\uae30 \ubc14\ub780\ub2e4.
(7) CRON \uc744 \uc774\uc6a9\ud574 SYN_Flooding \uacf5\uaca9\uc744 \uac10\uc9c0\ud55c\ub2e4.
\uc544 \ubb34\ub9ac \ud29c\ub2dd\uc744 \uc798 \ud588\ub2e4 \ud558\ub354\ub77c\ub3c4 \uc9d1\uc911\uc801\uc73c\ub85c SYN Flooding \uacf5\uaca9\uc744 \ubc1b\uc744 \ub54c\ub294 \ub124\ud2b8\uc6cc\ud06c\ub098 \uc11c\ube44\uc2a4 \ub370\ubaac\uc774 \uc774\uc0c1 \uc791\ub3d9\ud560 \uc218\ub3c4 \uc788\ub2e4. \uadf8\ub798\uc11c \uc774\uc0c1 \ud604\uc0c1\uc774 \ub098\ud0c0\ub098\uae30 \uc804\uc5d0 \uc77c\uc815 \uc2dc\uac04\ub9c8\ub2e4 \uc2dc\uc2a4\ud15c\uc5d0 \ub85c\uadf8\uc778\ud558\uc5ec netstat \uc73c\ub85c \ud655\uc778\ud560 \uc218 \uc788\uaca0\uc9c0\ub9cc \uc5b8\uc81c \uacf5\uaca9\uc774 \ub4e4\uc5b4\uc62c \uc904 \uc54c\uace0 \uc9c0\ucf1c\ubcf4\uace0 \uc788\uaca0\ub294\uac00? \uadf8\ub798\uc11c \ud544\uc790\ub294 SYN Flooding \uc744 \uac10\uc9c0\ud558\uae30 \uc704\ud574 \ub2e4\uc74c\uacfc \uac19\uc774 \uac04\ub2e8\ud55c \uc2a4\ud06c\ub9bd\ud2b8\ub97c \uc9dc\uc11c \uacf5\uaca9\uc774 \ud655\uc778\ub418\uba74 \uba54\uc77c\ub85c \ud1b5\ubcf4\ub418\ub3c4\ub85d \ud558\uc5ec \uc0ac\uc6a9\uc911\uc774\ub2e4.
#!\/usr\/bin\/perl
$TASK = `netstat -na|grep SYN_RECV`;
$HOSTNAME = `\/bin\/hostname`;
$TO_MAIL = 'antihong@tt.co.kr<\/a>';\u00a0
$SUBJECT = \"$HOSTNAME SYN_FLOODING \uacf5\uaca9 \uac10\uc9c0\";
$MAIL_PROGRAM = \"\/usr\/sbin\/sendmail\";
if ($TASK){
$TASK_CONFIRM = `netstat -na|grep SYN_RECV|wc -l`;
if($TASK_CONFIRM > 20){
`\/etc\/rc.d\/init.d\/httpd stop`;
`\/etc\/rc.d\/init.d\/httpd start`;
$HTTP_DONE =\"httpd was Refreshed!!\\n\";
}
open(MAIL, \"|$MAIL_PROGRAM -t\");
print MAIL \"To: $TO_MAIL \\n\";
print MAIL \"Subject: $SUBJECT \\n\\n\";
print MAIL \"$HOSTNAME Server is Attacked by SYN_Flooding!!!\\n\";
print MAIL \"SYN_Flooding Process Number :$TASK_CONFIRM \\n\";
print MAIL \"$HTTP_DONE\\n\";
print MAIL \"$TASK \\n\";
close(MAIL);
}
\uc704 \ud30c\uc77c\uc758 \ub0b4\uc6a9\uc911 $TO_MAIL \uc740 \uacf5\uaca9 \uac10\uc9c0\uc2dc \ud1b5\ubcf4\ub420 \uba54\uc77c \uc8fc\uc18c\uc774\ubbc0\ub85c \uc790\uc2e0\uc758 e-mail \uc8fc\uc18c\ub85c \ubcc0\uacbd\ud558\uace0, \ubd88\uc644\uc804\ud55c SYN \ud328\ud0b7\uc774 20\uac1c \uc774\uc0c1\uc77c \uacbd\uc6b0 ($TASK_CONFIRM > 20)
`\/etc\/rc.d\/init.d\/httpd stop`; \uacfc `\/etc\/rc.d\/init.d\/httpd start`; \uc73c\ub85c \uc6f9\ub370\ubaac\uc744 \uba48\ucd94\uc5c8\ub2e4\uac00 \uc2dc\uc791\ud558\ub3c4\ub85d \uc124\uc815\ud558\uc600\ub294\ub370, \uc774\ub294 \uc790\uc2e0\uc758 \uc124\uc815\uc5d0 \ub9de\uac8c \uc801\uc808\ud788 \uc218\uc815\ud558\ub3c4\ub85d \ud55c\ub2e4.
\ubb3c\ub860 SYN Flooding \uacf5\uaca9\uc774 \ud2b9\uc815 \ud3ec\ud2b8\uc5d0 \ub300\ud574\uc11c\ub9cc \uac00\ub2a5\ud55c \uac83\uc740 \uc544\ub2c8\uc9c0\ub9cc \uac70\uc758 80\ubc88 \ud3ec\ud2b8\uc5d0 \ub300\ud574 \uc9d1\uc911\uc801\uc73c\ub85c \uc774\ub8e8\uc5b4\uc9c0\uace0 \uc788\uc73c\ubbc0\ub85c \uc6f9\ub370\ubaac\uc744 \uc608\ub85c \uc124\uc815\ud55c \uac83 \ubfd0\uc774\ub2e4.\u00a0
\uc704 \ud30c\uc77c\uc758 \ub0b4\uc6a9\uc744 \/etc\/cron.5min\/ \uc774\ub77c\ub294 \ub514\ub809\ud1a0\ub9ac\uc5d0 \ub450\uace0 \uc2e4\ud589\ud560 \uc218 \uc788\ub3c4\ub85d 700 \uc73c\ub85c \uc124\uc815\ud574 \ub454\ub2e4. \uadf8\ub9ac\uace0 \/etc\/crontab \ud30c\uc77c\uc744 \uc5f4\uc5b4 \uc544\ub798 \ub0b4\uc6a9\uc744 \ucd94\uac00\ud558\uba74 5\ubd84\ub9c8\ub2e4 SYN_Flooding \uc5ec\ubd80\ub97c \uccb4\ud06c\ud558\uc5ec \uacf5\uaca9\uc774 \ud655\uc778\uc2dc \uc9c0\uc815\ub41c \uba54\uc77c \uc8fc\uc18c\ub85c \ud1b5\ubcf4\ud574 \uc900\ub2e4..
59\/5 * * * * root run-parts \/etc\/cron.5min\/<\/pre>\n\n\n\n