PS119ÄÄÇ»Åͼö¸® ȨÆäÀÌÁö¿¡ ¿À½Å°ÍÀ» ȯ¿µÇÕ´Ï´Ù

 
 

 

 
   
  [ÆÁ]nmapÀ» »ç¿ëÇÏ¿© ¿ÀÇ Æ÷Æ® Á¶»ç
  ±Û¾´ÀÌ : ÄÄÇ»ÅÍÀü¼³     ³¯Â¥ : 12-06-06 14:05     Á¶È¸ : 3081    
-sT ÀϹÝÀûÀÎ TCP Æ÷Æ®½ºÄ³´×.
-sS À̸¥¹Ù 'half-open' ½ºÄµÀ¸·Î ÃßÀûÀÌ ¾î·Æ´Ù.
-sP ping À» ÀÌ¿ëÇÑ ÀϹÝÀûÀÎ ½ºÄµ. 
-sU UDP Æ÷Æ® ½ºÄ³´×.
-PO ´ë»ó È£½ºÆ®¿¡ ´ëÇÑ ping ÀÀ´äÀ» ¿äûÇÏÁö ¾ÊÀ½ .
log ±â·Ï°ú filtering À» ÇÇÇÒ ¼ö ÀÖ´Ù.
-PT ÀϹÝÀûÀÌ ICMP pingÀÌ ¾Æ´Ñ ACK ÆÐŶÀ¸·Î ping À» º¸³»°í
RST ÆÐŶÀ¸·Î ÀÀ´äÀ» ¹Þ´Â´Ù.
-PI ÀϹÝÀûÀÎ ICMP ping À¸·Î ¹æÈ­º®À̳ª ÇÊÅ͸µ¿¡ ÀÇÇØ °É·¯Áø´Ù.
-PB ping À» ÇÒ ¶§ ICMP ping °ú TCP pingÀ» µ¿½Ã¿¡ ÀÌ¿ëÇÑ´Ù.
-PS ping À» ÇÒ ¶§ ACK ÆÐŶ´ë½Å SYN ÆÐŶÀ» º¸³» ½ºÄµ.
-O ´ë»ó È£½ºÆ®ÀÇ OS ÆǺ°.
-p ´ë»ó È£½ºÆ®ÀÇ Æ¯Á¤ Æ÷Æ®¸¦ ½ºÄµÇϰųª, ½ºÄµÇÒ Æ÷Æ®ÀÇ ¹üÀ§¸¦ ÁöÁ¤.
ex) -p 1-1024 
-D  Decoy ±â´ÉÀ¸·Î ´ë»ó È£½ºÆ®¿¡°Ô ½ºÄµÀ» ½ÇÇàÇÑ È£½ºÆ®ÀÇ ÁÖ¼Ò¸¦ ¼ÓÀδÙ.
-F /etc/services ÆÄÀÏ ³»¿¡ ±â¼úµÈ Æ÷Æ®¸¸ ½ºÄµ.
-I TCP ÇÁ·Î¼¼¼­ÀÇ identd Á¤º¸¸¦ °¡Á®¿Â´Ù.
-n IP ÁÖ¼Ò¸¦ DNS È£½ºÆ®¸íÀ¸·Î ¹Ù²ÙÁö ¾Ê´Â´Ù. ¼Óµµ°¡ ºü¸£´Ù.
-R IP ÁÖ¼Ò¸¦ DNS È£½ºÆ®¸íÀ¸·Î ¹Ù²ã¼­ ½ºÄµ. ¼Óµµ°¡ ´À¸®´Ù.
-o ½ºÄµ °á°ú¸¦ ÅýºÆ® ÆÄÀÏ·Î ÀúÀå.
-i  ½ºÄµ ´ë»ó È£½ºÆ®ÀÇ Á¤º¸¸¦ ÁöÁ¤ÇÑ ÆÄÀÏ¿¡¼­ Àо ½ºÄµ.
-h µµ¿ò¸» º¸±â
 

À§ÀÇ ½ºÄµÅ¸ÀÔÀº ÀÚÁÖ ¾²ÀÌ´Â ³»¿ëÀÌ°í -h ¿É¼ÇÀ» ¾²°Å³ª man page¸¦ ÀÌ¿ëÇÏ¸é ¾ÆÁÖ »ó¼¼ÇÑ »ç¿ë¹æ¹ýÀ» º¸½Ç ¼ö ÀÖ½À´Ï´Ù.

 

¸î°¡Áö »ç¿ë ¿¹¸¦ ÅëÇØ nmapÀ» È°¿ëÇØ º¸½ÃÁÒ.



[root@gyn root]# nmap -sP xxx.xxx.xxx.xxx
Starting nmap V. 2.54BETA30 ( www.insecure.org/nmap/ )
Host gyn (xxx.xxx.xxx.xxx) appears to be up.

Nmap run completed -- 1 IP address (1 host up) scanned in 0 seconds

 


-sP ¿É¼ÇÀ¸·Î ´ë»óÈ£½ºÆ®°¡ »ì¾Æ ÀÖÀ½À» ¾Ë¾Æ³Â½À´Ï´Ù. ÀÌÁ¨ ƯÁ¤ Æ÷Æ®(80)¸¦ °Ë»öÇØ º¸°Ú½À´Ï´Ù.


[root@ home]# nmap -sP -PT80 xxx.xxx.xxx.xxx
TCP probe port is 80
Starting nmap V. 2.54BETA7 ( www.insecure.org/nmap/ )
Host (xxx.xxx.xxx.xxx) appears to be up.
Nmap run completed -- 1 IP address (1 host up) scanned in 1 second

 


ÁöÁ¤µÈ Æ÷Æ®°¡ ¾Æ´Ï¶ó ´ë»óÈ£½ºÆ®ÀÇ ¿­¸° Æ÷Æ®¸¦ ¸ðµÎ °Ë»öÇØ º¾´Ï´Ù.


[root@ home]# nmap -sT xxx.xxx.xxx.xxx
Starting nmap V. 2.54BETA7 ( www.insecure.org/nmap/ )
Interesting ports on (xxx.xxx.xxx.xxx):
(The 1526 ports scanned but not shown below are in state: closed)
Port State Service
22/tcp open ssh
53/tcp open domain
80/tcp open http
Nmap run completed -- 1 IP address (1 host up) scanned in 5 seconds

 


´ë»ó È£½ºÆ®ÀÇ ¿­¸° Æ÷Æ®¸¦ ¾Ë¼ö´Â ÀÖÁö¸¸ ·Î±×°¡ ³²À¸¹Ç·Î À§ÇèÇÕ´Ï´Ù.
½ºÅÚ½º ½ºÄµÀ¸·Î °¨½Ã¸¦ ÇÇÇØ¾ß °ÚÁö¿ä.


[root@webserver log]# nmap -sS xxx.xxx.xxx.xxx
Starting nmap V. 2.54BETA7 ( www.insecure.org/nmap/ )
Interesting ports on (xxx.xxx.xxx.xxx):
(The 1526 ports scanned but not shown below are in state: closed)
Port State Service
22/tcp open ssh
53/tcp open domain
80/tcp open http
Nmap run completed -- 1 IP address (1 host up) scanned in 5 seconds
 


UDP port ½ºÄµÀÔ´Ï´Ù. ½Ã°£ÀÌ ¸¹ÀÌ °É¸± ¼öµµ ÀÖ½À´Ï´Ù.



[root@gyn root]# nmap -sU localhost
Starting nmap V. 2.54BETA30 ( www.insecure.org/nmap/ )
Interesting ports on gyn (127.0.0.1):
(The 1450 ports scanned but not shown below are in state: closed)
Port State Service
53/udp open domain
699/udp open unknown
Nmap run completed -- 1 IP address (1 host up) scanned in 3 seconds

 


À̹ø¿¡´Â -O ¿É¼ÇÀ¸·Î ¿î¿µÃ¼Á¦¸¦ ¾Ë¾Æº¸°Ú½À´Ï´Ù.



[root@webserver /root]# nmap -sS -O xxx.xxx.xxx.xxx
Starting nmap V. 2.54BETA7 ( www.insecure.org/nmap/ )
Interesting ports on db (xxx.xxx.xxx.xxx):
(The 1530 ports scanned but not shown below are in state: closed)
Port State Service
22/tcp open ssh
113/tcp open auth
3306/tcp open mysql

TCP Sequence Prediction: Class=random positive increments
Difficulty=2158992 (Good luck!)
Remote operating system guess: Linux 2.1.122 - 2.2.16

Nmap run completed -- 1 IP address (1 host up) scanned in 2 seconds