1day/¿øµ¥ÀÌ/ÇÏ·ç/ÀÏ¿ëÁ÷/È£½ºÆÃ/¼­¹öÈ£½ºÆÃ/ÀÚ·á½Ç/°­ÁÂ/Ä¿¹Â´ÏƼ
Be happy 1day
HOME
ȸ¿ø·Î±×ÀÎ
ID:
PW:

     0 ºÐ
     2 ºÐ
 
À¥È£½ºÆÃ
À¥È£½ºÆà ½Åû¹æ¹ý
¼­ºñ½ºÀÌ¿ë¾à°ü
½Åû¸®½ºÆ® *
ÀԱݸ®½ºÆ® *
°í°´Áö¿ø FAQ
¹®ÀÇÇϱâ
°í°´Áö¿ø
ÆÄÀÏÁú¶ó¼³Á¤(ftp)
pop3¶õ?
SMTP¶õ?
¾Æ¿ô·è¼¼Æùý
³×ÀÓ¼­¹ö
   1Â÷ : ns1.1day.co.kr
..........222.234.222.191
   2Â÷ : ns2.1day.co.kr
..........222.234.223.192
°èÁ¹øÈ£ ¾È³»
....¿ì¸®ÀºÇà(¿øµ¥ÀÌ)
....1005-902-808446
À̸ÞÀÏ ¹®ÀÇ
1day@1day.co.kr
ÀÚ·á½Ç/°­ÁÂ
HTML ű×
ÀÚ¹Ù½ºÅ©¸³Æ®°­ÁÂ
¸®´ª½º±âÃÊ°­ÁÂ
¸®´ª½ºÁß±Þ°­ÁÂ
 


À©µµ¿ì NT¼­¹ö ¹× IIS º¸¾È °ü¸®
 1day  | 2004¡¤02¡¤01 11:42 | HIT : 46,429 | VOTE : 16,232 |

À©µµ¿ì NT¼­¹ö ¹× IIS º¸¾È °ü¸®

2000. 8.

Á¤Çöö/CERTCC-KR

hcjung@{certcc,kisa}.or.kr

¥°. °³¿ä

À©µµ¿ì NT´Â À©µµ¿ì 95/98ÀÇ GUI¿Í °ÅÀÇ À¯»çÇÏ¿© ÀÏ¹Ý PC »ç¿ëÀÚ¿¡°Ô ´ë´ÜÈ÷ Ä£¼÷ÇÑ »ç¿ëÀÚ È¯°æÀ» Á¦°øÇϸç, ´Ù¾çÇÑ ÀÀ¿ëÇÁ·Î±×·¥µéÀÌ Á¦°øµÇ°í ÀÖ¾î Æí¸®ÇÏ´Ù. ¶ÇÇÑ ¼­¹ö±Þ ¿î¿µÃ¼Á¦·Î¼­ PC¿¡¼­µµ ¼³Ä¡°¡ °¡´ÉÇÏ¿© Àú·ÅÇÏ°Ô ¿î¿µÇÒ ¼ö ÀÖ´Â µî ¿©·¯ °¡Áö ÀÌÀ¯·Î ÀÎÇØ À©µµ¿ì NTÀÇ »ç¿ëÀÌ ´Ã¾î°¡°í ÀÖ´Ù. ÇÏÁö¸¸ ½Ã½ºÅÛ¿¡ ´ëÇÑ Àü¹®Áö½Ä¾øÀ̵µ NT °ü¸®°¡ °¡´ÉÇϱ⠶§¹®¿¡ ü°èÀûÀÎ º¸¾È´ëÃ¥À» »ý°¢ÇÏ°í NT¸¦ ¿î¿µÇÏ´Â °æ¿ì´Â Áö±ØÈ÷ µå¹°´Ù.

À©µµ¿ì NT´Â ÀüÇô º¸¾ÈÀÌ ÀÌ·ç¾îÁöÁö ¾ÊÀº ¼öÁØ¿¡¼­ºÎÅÍ ¸¹Àº Á¤ºÎ±â°ü¿¡¼­ ¿ä±¸ÇÏ´Â C2 ·¹º§±îÁö ´Ù¾çÇÑ º¸¾È¼öÁØÀ¸·Î ±¸ÃàÀÌ °¡´ÉÇÏ´Ù.

À©µµ¿ì NT´Â C2·¹º§ º¸¾È ¼­¹ö¸¦ ±¸ÃàÇÒ Á¤µµ·Î ¸¹Àº º¸¾È°ú °ü·ÃµÈ ¼­ºñ½ºµéÀ» Á¦°øÇÏ°í ÀÖÁö¸¸ ½ÇÁ¦ ´ëºÎºÐÀÇ NT¼­¹ö´Â ÀüÇô º¸¾ÈÀÌ ÀÌ·ç¾îÁöÁö ¾ÊÀº »óÅ¿¡¼­ ¿î¿µÀÌ µÇ°í ÀÖ´Ù. ÀÌ´Â À©µµ¿ì NT ¿î¿µÃ¼Á¦ÀÇ Æó¼â¼ºÀ¸·Î ÀÎÇØ NTº¸¾È¿¡ ´ëÇÑ Àü¹®°¡°¡ ºÎÁ·Çϸç, NTº¸¾È °ü·Ã ÀÚ·áµéÀÌ UNIX¿¡ ºñÇØ »ó´ëÀûÀ¸·Î ±ØÈ÷ ¹ÌºñÇÏ´Ù. ±×·¯³ª ÃÖ±Ù À©µµ¿ì ½Ã½ºÅÛÀÇ È°¿ëµµ°¡ ±Þ°ÝÇÏ°Ô Áõ°¡Çϸ鼭 ÀÌµé ½Ã½ºÅÛ¿¡ ´ëÇÑ °ø°Ýµµ ±Þ°ÝÈ÷ Áõ°¡ÇÏ°í ÀÖ´Ù.

´ÙÀ½ ±×¸²Àº ÇÑ ÇØÅ·´çÇÑ È¨ÆäÀÌÁö¸¦ ¸ð¾Æ ³õ´Â ±¹¿Ü º¸¾È°ü·Ã ÀÎÅÍ³Ý »çÀÌÆ®¿¡¼­ ÇØÅ·´çÇÑ À¥¼­¹öÀÇ ¿î¿µÃ¼Á¦º°·Î ºÐ·ùÇÑ °ÍÀÌ´Ù.

Yellow: NT, White: Linux, Orange: BSD, Green: Solaris, Purple: All Other
<Ãâó : http://www.attrition.org/mirror/attrition/os-graphs.html>

Áö³­ 1³âµ¿¾ÈÀÇ À¥¼­¹ö ÇØÅ·Åë°è¸¦ º¸´õ¶óµµ À©µµ¿ì NT À¥¼­¹ö¿¡ ´ëÇÑ ÇØÅ·»ç°í°¡ Àüü »ç°íÀÇ Àý¹ÝÀÌ»óÀ» Â÷ÁöÇÏ°í ÀÖÀ» Á¤µµ·Î NT°¡ ¸¹Àº °ø°ÝÀ» ¹Þ°í ÀÖ´Ù´Â °ÍÀ» ½±°Ô ¾Ë ¼ö ÀÖ´Ù. ±¹³»¿¡¼­´Â À©µµ¿ì NT´Â ´ëºÎºÐ À¥¼­¹ö ±¸ÃàÀ» À§ÇØ ¸¹ÀÌ ¿î¿ëµÇ°í Àִµ¥ º¸¾È¿¡ ƯÈ÷ ÁÖÀǸ¦ ±â¿ïÀÏ ÇÊ¿ä°¡ ÀÖ´Ù. ½ÇÁ¦ ÀÌ »çÀÌÆ®¿¡¼­´Â ±¹³» ȨÆäÀÌÁö°¡ ÇØÅ·´çÇÑ È­¸éµéµµ ¾î·ÆÁö ¾Ê°Ô º¼ ¼ö ÀÖ´Ù.

º» °í¿¡¼­´Â À©µµ¿ì NT ¼­¹ö ÀÚü¿¡¼­ °í·ÁÇؾßÇÒ º¸¾È¼³Á¤ Ç׸ñ, À¥¼­ºñ½º¸¦ À§ÇÑ IIS(Internet Information Service)¿¡¼­ °í·ÁÇؾßÇÒ º¸¾È¼³Á¤ Ç׸ñ, ¼­¹ö ¹× ÀÀ¿ëÇÁ·Î±×·¥ ÆÐÄ¡¸¦ À§ÇÑ ¼­ºñ½ºÆÑ°ú ÇÖÇȽº ¼³Ä¡¿¡ ´ëÇØ ¾Ë¾Æº¸µµ·Ï ÇÑ´Ù. ¸¶Áö¸·À¸·Î ÀÌ·¯ÇÑ º¸¾È¼³Á¤µéÀÌ ¾ÈÀüÇÏ°Ô ÀÌ·ç¾îÁ³´ÂÁö Á¡°ËÇÒ ¼ö ÀÖ´Â NT¿ë °ø°³µµ±¸µéÀ» ¼Ò°³Çϵµ·Ï ÇÑ´Ù.

À©µµ¿ì NT¸¦ ºñ·ÔÇؼ­ ¸ðµç ´Ü, º» °í¿¡¼­ ¼Ò°³µÇ´Â À©µµ¿ì NT ¼³Á¤Àº ÀϹÝÀûÀΠȯ°æ¿¡¼­ÀÇ ¼³Á¤À» ´Ù·ç°í ÀÖÀ¸¸ç, °¢ ¼³Ä¡È¯°æ¿¡ µû¶ó Â÷ÀÌ°¡ ÀÖÀ» ¼ö ÀÖÀ¸¹Ç·Î ÁÖÀÇÇÏ¿©¾ß ÇÑ´Ù.

¥±. À©µµ¿ì NT ¼­¹ö º¸¾È¼³Á¤

1. ·Î±×¿Â

°¡. ·Î±×¿Â½Ã ¸Þ½ÃÁö Ãâ·Â

¸ðµç »ç¿ëÀÚ´Â ·Î±×¿Â ÇϱâÀü¿¡ <CTRL+ALT+DEL> Å°¸¦ ´­·¯¾ß¸¸ ÇÑ´Ù. ÀÌ Å°¸¦ ´©¸£¸é °èÁ¤ Æнº¿öµå¸¦ ÀԷ¹ޱâ À§ÇÑ »ç¿ëÀÚ ÀÎÁõâ(·Î±×¿Â Á¤º¸)ÀÌ ¶á´Ù. À©µµ¿ì NT¿¡¼­´Â <CTRL+ALT+DEL>Å°¸¦ ´©¸£°í »ç¿ëÀÚ ÀÎÁõâÀÌ ¶ß±â Àü¿¡ ƯÁ¤ÇÑ Ä¸¼Ç(Á¦¸ñ)°ú ÅؽºÆ®¸¦ ¸Þ½ÃÁö ¹Ú½º¿¡ Ãâ·ÂÇÒ ¼ö ÀÖ´Ù. ÀϹÝÀûÀ¸·Î ÀÌ ¸Þ½ÃÁö ¹Ú½º´Â °ü¸®ÀÚ°¡ ¸ðµç »ç¿ëÀڵ鿡°Ô ÇÕ¹ýÀûÀÎ °æ°í ¸Þ½ÃÁö¸¦ Ãâ·ÂÇϵµ·Ï »ç¿ëÇÒ ¼ö Àִµ¥ »ç¿ëÀÚµéÀº ½Ã½ºÅÛ »ç¿ëÀ» À§Çؼ­ °ü¸®ÀÚ°¡ ¼³Á¤ÇÑ ¸Þ½ÃÁö¸¦ ÁÖÁöÇÑ ÈÄ "È®ÀÎ" ¹öÆ°À» ´©¸§À¸·Î½á Æнº¿öµå¸¦ ³ÖÀ» ¼ö ÀÖ´Â ·Î±×¿Â Á¤º¸ ´ëÈ­ ¹Ú½º°¡ ³ª¿Â´Ù.

ÀÌ ¸Þ½ÃÁö´Â ·¹Áö½ºÆ®¸® Å°¸¦ ÆíÁýÇÔÀ¸·Î½á °¡´ÉÇѵ¥ ·¹Áö½ºÆ®¸® ÆíÁý±â´Â "regedt32.exe" ¶Ç´Â "regedit.exe" ¸í·ÉÀ» ÅëÇØ ¿­ ¼ö ÀÖ´Ù.

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrent VersionWinlogon¿¡¼­ LegalNoticeCaption°ú LegalNoticeText¶ó´Â µÎ °³ÀÇ ·¹Áö½ºÆ®¸® Å°¿¡ °¢°¢ °ü¸®ÀÚ°¡ ¿øÇÏ´Â Á¦¸ñ°ú ¸Þ½ÃÁö¸¦ ÀÔ·ÂÇÏ¸é µÈ´Ù.

ÀÌó·³ º¯µ¿µÈ ·¹Áö½ºÆ®¸® Å°ÀÇ ³»¿ëÀº ½Ã½ºÅÛÀ» Àç½ÃÀÛÇÑ ÈÄ ¹Ý¿µÀÌ µÈ´Ù.

³ª. ·Î±× ¿ÀÇÁ³ª ¿öÅ©½ºÅ×ÀÌ¼Ç Àá±è(Locking)

»ç¿ëÀÚµéÀº ½Ã½ºÅÛ¿¡¼­ ¾ó¸¶µ¿¾È ¶³¾îÁ® ÀÖÀ» °æ¿ì¿¡´Â ·Î±×¿ÀÇÁÇϰųª ¿öÅ©½ºÅ×ÀÌ¼Ç Àá±èÀ» ÇÏ¿©¾ß¸¸ ÇÑ´Ù. ·Î±×¿ÀÇÁ´Â ´Ù¸¥ »ç¶÷ÀÌ ¾î¶² °èÁ¤¿¡ ´ëÇÑ Æнº¿öµå¸¦ ¾Ë°í ÀÖÀ» ¶§ ·Î±×¿ÂÇÏ´Â °ÍÀ» Çã¶ôÇÏÁö¸¸ ¿öÅ©½ºÅ×ÀÌ¼Ç Àá±èÀº ¼³Á¤ÇÑ »ç¿ëÀÚ¿¡ ÀÇÇؼ­¸¸ ÇØÁö°¡ °¡´ÉÇÏ´Ù. ¿öÅ©½ºÅ×ÀÌ¼Ç Àá±èÀº ½ºÅ©¸° ¼¼À̹ö Æнº¿öµå¸¦ ÀÌ¿ëÇÏ¿© ÀÏÁ¤±â°£µ¿¾È »ç¿ëÇÏÁö ¾ÊÀ¸¸é ÀÚµ¿À¸·Î Àá±èÀÌ µÇµµ·Ï ¼³Á¤ÇÒ ¼ö ÀÖ´Ù.

2. »ç¿ëÀÚ °èÁ¤ °ü¸®

°¡. »ç¿ëÀÚ °èÁ¤ ¹× ±×·ì

ÀϹÝÀûÀ¸·Î »ç¿ëÀÚ °èÁ¤°ú Æнº¿öµå´Â ÄÄÇ»Å͸¦ »ç¿ëÇϱâ À§ÇØ ÇÊ¿äÇÏ´Ù. NT¿¡¼­´Â "°ü¸®µµ±¸ | µµ¸ÞÀÎ »ç¿ëÀÚ °ü¸®ÀÚ"¸¦ ÀÌ¿ëÇÏ¿© »ç¿ëÀÚ Ãß°¡, »èÁ¦, Á¤Áö µîÀÇ ÀÛ¾÷À» ÇÒ ¼ö ÀÖ´Ù. »ç¿ëÀÚ °ü¸®ÀÚ´Â Æнº¿öµå Á¤Ã¥À» ¼³Á¤ÇÏ°í »ç¿ëÀÚ °èÁ¤À» ±×·ìÀ¸·Î ¹­À» ¼öµµ ÀÖ´Ù. ¶ÇÇÑ °¢ »ç¿ëÀÚÀÇ ·Î±×¿Â ½Ã°£ ¹× ·Î±×¿Â ÇÒ ¼ö ÀÖ´Â ¿öÅ©½ºÅ×À̼ÇÀ» Á¤ÀÇ, °èÁ¤ »ç¿ë±â°£ Á¤ÀÇ, RAS(Remote Access Service) ±â´ÉÀ» »ç¿ëÇÒ °æ¿ì Call-back ±â´É µî ´ë´ÜÈ÷ ´Ù¾çÇÑ º¸¾È±â´ÉÀ» ±×·¡ÇÈȯ°æ¿¡¼­ Æí¸®ÇÏ°Ô ¼³Á¤ÇÒ ¼ö ÀÖ´Ù. »ç¿ëÀÚ ±ÇÇÑ Á¤Ã¥ÀÇ º¯È­´Â »ç¿ëÀÚ°¡ ´ÙÀ½¿¡ ·Î±×¿ÂÇÒ ¶§ Àû¿ëµÈ´Ù.

³ª. °ü¸®ÀÚ °èÁ¤ vs. »ç¿ëÀÚ °èÁ¤

ÀϹÝÀûÀ¸·Î °ü¸®ÀÚ¸¦ À§ÇÑ °èÁ¤°ú ÀÏ¹Ý »ç¿ëÀÚµéÀ» À§ÇÑ °èÁ¤À» ºÐ¸®ÇÏ¿© »ç¿ëÇÏ´Â °ÍÀÌ ¹Ù¶÷Á÷ÇÏ´Ù. ¸¸ÀÏ ±× »ç¶÷ÀÌ ½Ã½ºÅÛ °ü¸®ÀÚ¶ó¸é °ü¸®¾÷¹«¸¦ À§ÇÑ °èÁ¤°ú ÀϹݾ÷¹«¸¦ À§ÇÑ °èÁ¤ ½Ã½ºÅÛ¿¡ µÎ °³ÀÇ °èÁ¤À» °¡Áö´Â °ÍÀÌ ÁÁ´Ù. Çϳª´Â °ü¸®¾÷¹«¸¦ À§ÇÑ °ÍÀÌ°í, ´Ù¸¥ Çϳª´Â ÀϹÝÀûÀÎ ÀÏÀ» Çϱâ À§ÇÑ °ÍÀÌ´Ù. ¿¹¸¦µé¾î ÀϹݻç¿ëÀÚ ±ÇÇÑÀ¸·ÎºÎÅÍ È°¼ºÈ­µÈ ¹ÙÀÌ·¯½º¿¡ ºñÇØ °ü¸®ÀÚ ±ÇÇÑÀ» °¡Áø °èÁ¤À¸·ÎºÎÅÍ È°¼ºÈ­µÈ ¹ÙÀÌ·¯½º¶ó¸é ½Ã½ºÅÛ¿¡ ÈξÀ ¸¹Àº ÇÇÇظ¦ ÁÙ ¼ö ÀÖ´Ù.

¶ÇÇÑ °ü¸®ÀÚ °èÁ¤À¸·Î ¼³Á¤µÇ¾îÁ® ÀÖ´Â "Administrator" °èÁ¤À» ´Ù¸¥ À̸§À¸·Î ¹Ù²Ù´Â °Íµµ ÁÁÀº »ý°¢ÀÌ´Ù. ¶ÇÇÑ °ü¸®ÀÚ °èÁ¤À» ´Ù¸¥ À̸§À¸·Î ¹Ù²Ù°í "Administrator"¶ó´Â °¡Â¥ °èÁ¤À» ¸¸µé¾î ¾Æ¹«·± ±ÇÇѵµ ÁÖÁö ¾ÊÀ» ¼öµµ ÀÖ´Ù. ÀÌ·¯ÇÑ ¹æ¹ýÀº "¸ðÈ£ÇÔÀ» ÅëÇÑ º¸¾È(Security through obscurity)"ÀÇ ÇÑ ¿¹ÀÌ´Ù.

ÀÌ °­·ÂÇÑ °èÁ¤Àº ·Î±×¿Â½Ã ¸î¹øÀÌ°í ½ÇÆÐÇصµ Àý´ë Á¢¼ÓÀ» Â÷´ÜÇÏÁö ¾Ê±â ¶§¹®¿¡ ½Ã½ºÅÛÀ» °ø°ÝÇÏ·Á´Â »ç¶÷µéÀº ÀÌ °èÁ¤ÀÇ Æнº¿öµå À¯Ã߸¦ °è¼Ó ½ÃµµÇÒ ¼ö ÀÖ´Ù. °ü¸®ÀÚ °èÁ¤ÀÇ À̸§À» ¹Ù²ÞÀ¸·Î½á °ø°ÝÀÚ´Â Æнº¿öµå»Ó¸¸ ¾Æ´Ï¶ó °èÁ¤À̸§µµ À¯ÃßÇÏ¿©¾ßÇÏ´Â ¾î·Á¿òÀ» ÁÙ ¼ö ÀÖ´Ù. ¶Ç ÇϳªÀÇ ¹æ¹ýÀº ¾Æ·¡¿Í °°Àº ¸í·ÉÀ» ½ÇÇàÇÔÀ¸·Î½á °ø°ÝÀÚ°¡ burute force °ø°ÝÀ̳ª »çÀü°ø°ÝÀ» ÇÒ °æ¿ì °ü¸®ÀÚ °èÁ¤À» Àá±Û ¼ö ÀÖ´Ù.

passprop /adminlockout /* Å×½ºÆ® °á°ú ÀÌ·¯ÇÑ ¸í·ÉÀÌ ¾ø¾úÀ½??? */

ÀÌ´Â "»ç¿ëÀÚ °ü¸®ÀÚ | Á¤Ã¥ | °èÁ¤"¿¡¼­ °èÁ¤ Àá±ÝÀÌ ¼³Á¤µÇ¾î ÀÖÀ» °æ¿ì Àû¿ëµÈ´Ù.

´Ù. Guest °èÁ¤

ÀÌ¹Ì ¸¸µé¾îÁø "Guest" °èÁ¤À» ÅëÇØ ¾Æ¹«³ª ½Ã½ºÅÛ¿¡ Á¦ÇÑµÈ Á¢¼ÓÀ» Çã¿ëÇÑ´Ù.

ÀÌ °èÁ¤Àº À©µµ¿ì NT°¡ ¼³Ä¡µÉ ¶§ ÀÚµ¿À¸·Î »ý¼ºµÇ´Âµ¥ À©µµ¿ì NT 4¿¡¼­´Â µðÆúÆ®·Î disableµÇ¾î ÀÖ°í ±× ÀÌÀü ¹öÀü¿¡¼­´Â enableµÇ¾î ÀÖ´Ù. ÀÌ °èÁ¤Àº ¾î¶² ȯ°æ¿¡¼­´Â enableµÉ ÇÊ¿ä°¡ ÀÖ´Ù. °¡·É ÀÎÅÍ³Ý ¼­ºñ½º Á¦Ç°ÀÌ ±¸µ¿µÉ ¶§¶óµçÁö, IIS ¼­¹öµµ ¼³Ä¡µÉ ¶§ À͸í°èÁ¤À» »ý¼ºÇÑ´Ù. ¸¸ÀÏ ÀÌ °èÁ¤ÀÌ ÇÊ¿ä¿¡ ÀÇÇØ »èÁ¦ÇÏÁö ¸øÇÑ´Ù¸é ÀÌ °èÁ¤ÀÌ ÁÖ¿ä ÆÄÀÏ ½Ã½ºÅÛÀ̳ª ·¹Áö½ºÆ®¸® Å°µé¿¡ ´ëÇÑ ¾²±â ¹× »èÁ¦ ±ÇÇÑÀ» ±ÝÇÏ¿©¾ß¸¸ ÇÑ´Ù.

À̸¦ Á¡°ËÇϱâ À§ÇÑ °¡Àå ÁÁÀº ¹æ¹ýÀº ÀÌ °èÁ¤À¸·Î ·Î±×¿ÂÇؼ­ ½Ã½ºÅÛ¿¡ ¾î¶² ¼Õ»óÀ» ÀÔÈú ¼ö ÀÖ´ÂÁö Á÷Á¢ Å×½ºÆ®ÇØ º¸´Â °ÍÀÌ´Ù.

¶ó. Æнº¿öµå

°èÁ¤°ú Æнº¿öµå¸¦ ¾Ë°í ÀÖ´Â »ç¶÷À̶ó¸é ´©±¸³ª ½Ã½ºÅÛ¿¡ ·Î±×¿ÂÇÒ ¼ö ÀÖ´Ù. »ç¿ëÀÚµéÀº ÀڽŵéÀÇ Æнº¿öµå¸¦ º¸È£Çϱâ À§ÇØ ÁÖÀÇÇÏ¿©¾ß¸¸ ÇÑ´Ù. Æнº¿öµå ¼³Á¤½Ã ´ÙÀ½ÀÇ »çÇ×À» °í·ÁÇØ º¸ÀÚ.

- Æнº¿öµå´Â ÀÚÁÖ ¹Ù²Ù°í Àç»ç¿ëÀ» ÇÇÇÑ´Ù.
- »çÀü¿¡ ÀÖ´Â ´Ü¾î¿Í °°ÀÌ ´©±¸³ª À¯Ãß°¡´ÉÇÑ Æнº¿öµå¸¦ ±ÝÇÏ°í ¿µ¹®°ú ¼ýÀÚ¸¦ Á¶ÇÕÇÏ¿© »ç¿ëÇÑ´Ù.
- Á¾ÀÌ µî¿¡ ±â·ÏÇÏÁö ¾Ê´Â´Ù. º»ÀÎÀÌ ±â¾ïÇϱ⠽¬¿î Æнº¿öµå¸¦ ¼±ÅÃÇÑ´Ù.

Æнº¿öµå ±æÀÌ´Â 1ÀÚ¿¡¼­ 14ÀÚ±îÁö »ç¿ë°¡´ÉÇÏÁö¸¸ [ºó ¾ÏÈ£ Çã¿ë]À» ¼±ÅÃÇÒ °æ¿ì 0ÀÌ µÉ ¼öµµ ÀÖ´Ù. Æнº¿öµå´Â ÃÖ¼ÒÇÑ 9ÀÚ¸¦ ³Ñµµ·Ï ¼³Á¤ÇÏ´Â °ÍÀÌ ¾ÈÀüÇÏ´Ù. ¸¹Àº Å©·¢ °ø°ÝÀ¸·ÎºÎÅÍ 8ÀÚ ¶Ç´Â ±× ÀÌÇϸ¦ Æнº¿öµå¸¦ »ç¿ëÇÏ´Â °Í º¸´Ù ÈξÀ ¾ÈÀüÇÏ´Ù. ¶ÇÇÑ ¿µ¹®ÀÚ¿Í ¼ýÀÚÀÇ Á¶ÇÕ»Ó¸¸ ¾Æ´Ï¶ó !@#$%^&*()¿Í °°Àº ½ÉºíÀ» °°ÀÌ »ç¿ëÇÏ´Â °Íµµ Æнº¿öµå À¯Ã߸¦ ¾î·Æ°Ô ÇÑ´Ù.

´ÙÀ½ ±×¸²Àº "»ç¿ëÀÚ °ü¸®ÀÚ | °èÁ¤ Á¤Ã¥" È­¸éÀÌ´Ù. ¿©±â¿¡´Â Æнº¿öµå ÃÖ¼Ò ±æÀÌ, À߸øµÈ ·Î±×ÀÎ ½Ãµµ½Ã °èÁ¤ Àá±Ý, ÃÖ¼Ò/ÃÖ´ë ¾ÏÈ£»ç¿ë±â°£, ÀÌÀü¿¡ »ç¿ëÇÏ¿´´ø ¾ÏÈ£¿Í µ¿ÀÏÇÑÁöÀÇ °Ë»ç µîÀ» ¼³Á¤ÇÒ ¼ö ÀÖ´Ù.

3. ÆÄÀϽýºÅÛ º¸È£ ¹× ¹é¾÷

°¡. ÆÄÀÏ ¹× µð·ºÅ丮 º¸È£

NTFS ÆÄÀÏ ½Ã½ºÅÛÀº FAT ½Ã½ºÅÛ¿¡ ºñÇØ Á»´õ ¸¹Àº º¸¾È±â´ÉÀ» Á¦°øÇØ ÁÖ°í ÀÖ°í º¸¾ÈÀ» °í·ÁÇÏ¿© »ç¿ëÇÏ¿©¾ß¸¸ ÇÑ´Ù. À©µµ¿ì NTÀÇ NTFS ¹æ½Ä Æ÷¸ËÀº ¸ðµç ÆÄÀÏ°ú µð·ºÅ丮¿¡ ¼ÒÀ¯±Ç°ú »ç¿ë ±ÇÇÑÀ» Á¦°øÇØ ÁÙ ¼ö ÀÖÀ¸¸ç, Á¢±ÙÅëÁ¦¸ñ·Ï(Access Control List)¸¦ Á¦°øÇØ ÁÙ ¼ö ÀÖ´Ù. µû¶ó¼­ º¸¾ÈÀ» °¨¾ÈÇÑ´Ù¸é FAT ÆÄÀϽýºÅÛÀÇ »ç¿ëº¸´Ù´Â NTFSÀÇ »ç¿ëÀ» ±ÇÀåÇÒ ¼ö Àִµ¥, ±âÁ¸¿¡ FAT ÆÄÀϽýºÅÛÀ» »ç¿ëÇÏ´Ù°¡ NTFS·Î º¯È¯Çϱâ À§Çؼ­´Â "convert.exe" ¸í·ÉÀ» »ç¿ëÇÒ ¼ö ÀÖ´Ù. ÇÏÁö¸¸ FAT ÆÄÀϽýºÅÛÀ¸·Î ¿î¿µÁß¿¡ º¯È¯ÇÒ °æ¿ì´Â µðÆúÆ® ACLÀÌ Àû¿ëµÇÁö ¾ÊÀ¸¹Ç·Î °¡´ÉÇÑ Ãʱ⠼³Ä¡½Ã NTFS ÆÄÀϽýºÅÛÀ» ¼±ÅÃÇÏ´Â °ÍÀÌ º¸´Ù ¾ÈÀüÇÏ´Ù.

À©µµ¿ì NT´Â Ãʱâ ÀÎÆ®¶ó³ÝÀ» ±â¹ÝÀ¸·Î Á¦À۵Ǿú±â ¶§¹®¿¡ óÀ½ »ç¿ëÀÚ ±ÇÇÑÀ» ¼³Á¤ÇÒ ¶§´Â µðÆúÆ®·Î ¸ðµç »ç¿ëÀÚ¸¦ ÁöĪÇÏ´Â ±×·ìÀÎ Everone ±×·ì¿¡ ¸ðµç ±ÇÇÑÀ» ºÎ¿© ÇÏ´Â ¹æ½ÄÀÇ ½Ã½ºÅÛ º¸¾È ¼³Á¤ÀÌ ÀÌ·ç¾îÁø´Ù. ÇÏÁö¸¸ ÀÎÅͳݿ¡ ÄÄÇ»ÅÍ°¡ Á¢¼ÓÇÏ°í ÀÖ´Ù¸é ÀÌ·¯ÇÑ º¸¾È¼³Á¤Àº ¸Å¿ì Å« ¹®Á¦°¡ µÈ´Ù. µµ¸ÞÀÎ Guest ·Î±×¿ÂÀÌ Çã¿ëµÇ¾î ÀÖ´Ù¸é ÀÌ·± ¼³Á¤À¸·Î ÄÄÇ»Å͸¦ »ç¿ëÇÏ´Â °ÍÀº Àü ¼¼°è ´©±¸µç ÀÚ½ÅÀÇ ÄÄÇ»ÅÍ¿¡ Á¢±ÙÇÏ¿© ¸¶À½´ë·Î °øÀ¯ÀÚ¿øÀ» »ç¿ëÇÒ ¼ö ÀÖµµ·Ï ÇØ ³õ´Â À§Çèõ¸¸ÇÑ ¼³Á¤ÀÌ´Ù.

³ª. ºÒÇÊ¿äÇÑ ODBC/OLE-DB µ¥ÀÌÅÍ ¼Ò½º¿Í µå¸®À̺ê Á¦°Å

¾î¶² »ùÇà ¿¡Çø®ÄÉÀ̼ÇÀº »ùÇà µ¥ÀÌÅͺ£À̽º¸¦ À§Çؼ­ ODBC µ¥ÀÌÅÍ ¼Ò½º¸¦ ¼³Ä¡Çϰųª ºÒÇÊ¿äÇÑ ODBC/OLE-DB µ¥ÀÌÅͺ£À̽º µå¶óÀ̺긦 ¼³Ä¡ÇÑ´Ù. ºÒÇÊ¿äÇÑ µ¥ÀÌÅÍ ¼Ò½º³ª µå¶óÀ̹ö´Â ODBC µ¥ÀÌÅÍ ¼Ò½º °ü¸®ÀÚ µµ±¸¸¦ ÀÌ¿ëÇؼ­ Á¦°ÅÇÏ´Â °ÍÀÌ ¾ÈÀüÇÏ´Ù.

´Ù. ¹é¾÷

Çϵå¿þ¾î °íÀåÀ̳ª °ü¸®ÀÚÀÇ ½Ç¼ö ¶Ç´Â ¹ÙÀÌ·¯½º¿Í °°Àº ¾Ç¼º ÇÁ·Î±×·¥À¸·ÎºÎÅÍ µ¥ÀÌÅ͸¦ º¸È£Çϱâ À§Çؼ­´Â Á¤±âÀûÀ¸·Î ¹é¾÷À» ¹Þ¾Æ¾ß¸¸ ÇÑ´Ù.

º¸ÆíÀûÀ¸·Î »ç¿ëµÇ´Â ¹é¾÷Àåºñ´Â DAT·Î ÀÌ°ÍÀº ´ë¿ë·®ÀÇ ÆÄÀÏÀ» ¾ÈÁ¤ÇÏ°Ô º¸°üÇÒ ¼ö ÀÖ´Â ÀåÁ¡ÀÌ ÀÖÁö¸¸ ¹é¾÷ ½Ã°£ÀÌ ¸Å¿ì ¿À·¡ °É¸°´Ù. À©µµ¿ì NTÀÇ ¹é¾÷ ¸í·É¾î´Â ntbackupÀÌ´Ù.

¹é¾÷ ±ÇÇÑÀº administrator¿Í backup operator¿¡°Ô Á¦ÇѵǾî ÀÖ´Ù.

µð½ºÅ© ¹é¾÷°ú ÇÔ²² ½Ã½ºÅÛ È¯°æ¼³Á¤ ÆÄÀϵéÀ» ¹é¾÷ÇÏ¿© º¹±¸µð½ºÅ©¸¦ ¸¸µé¾î ³õ´Â °Íµµ À¯»ç½Ã¸¦ ´ëºñÇÏ¿© Áß¿äÇÑ ÀÛ¾÷À̶ó ÇÒ ¼ö ÀÖ´Ù. º¹±¸ µð½ºÅ©´Â "rdis /s" ¸í·ÉÀ» ½ÇÇàÇÔÀ¸·Î½á »ý¼º °¡´ÉÇÏ´Ù.

4. Á¢±Ù ÅëÁ¦

°¡. ¼­¹ö Á¢±ÙÅëÁ¦

°¢ ³×Æ®¿öÅ© Ä«µå¿¡ ¾î¶² Æ÷Æ®¸¦ Çã¿ëÇÒ °ÍÀÎÁö¸¦ Á¤ÀÇÇÏ¿© TCP/IP ÇÊÅ͸µÀ» Çϵµ·Ï ¼³Á¤ÇÑ´Ù. "Á¦¾îÆÇ | ³×Æ®¿öÅ© | ÇÁ·ÎÅäÄÝ | TCP/IP | °í±Þ | º¸¾È»ç¿ë(±¸¼º)" À¸·Î À̵¿Çؼ­ ´ÙÀ½°ú °°ÀÌ Á¤ÀÇÇÑ´Ù.

- 80/TCP Çã¿ë
- 443/TCP Çã¿ë(¸¸ÀÏ SSLÀ» »ç¿ëÇÒ °æ¿ì)
- UDP Æ÷Æ® Â÷´Ü
- IP ÇÁ·ÎÅäÄÝ 6(TCP) Çã¿ë

±× °á°ú ¿ÜºÎ¿¡¼­ Æ÷Æ®½ºÄµ °á°ú ´Ù¸¥ 80¹ø ¼­ºñ½º°¡ Á¦°øµÇ°í ÀÖÁö ¾ÊÀ½À» È®ÀÎÇÒ ¼ö ÀÖ´Ù. À̶§ ´Ù¸¥ ½Ã½ºÅÛ°ú ÆÄÀÏ °øÀ¯ µîÀÇ ÇÒ ¼ö ¾ø°Ô µÇÁö¸¸ À©µµ¿ì NT´Â ¸¹Àº ¾ÖÇø®ÄÉÀ̼ÇÀÌ ÀÚü¿¡¼­ ±¸µ¿°¡´ÉÇÏ°í À¥¹®¼­ ÀÛ¼º¿¡µµ ¾î·Á¿òÀÌ ¾øÀ¸¹Ç·Î º¸¾ÈÀ» À§ÇØ ÀÌ Á¤µµÀÇ ºÒÆíÇÔÂëÀº °¨¼öÇÒ ¼ö ÀÖÁö ¾ÊÀ»±î?

[root@linux80 /root]# nmap -O 172.16.2.154
Starting nmap V. 2.54BETA1 by fyodor@insecure.org ( www.insecure.org/nmap/ )
WARNING: OS didn't match until the 2 try
Interesting ports on (172.16.2.154):
(The 1524 ports scanned but not shown below are in state: closed)
Port State Service
80/tcp open http
TCP Sequence Prediction: Class=trivial time dependency
Difficulty=11 (Easy)
Remote operating system guess: Windows NT4 / Win95 / Win98
Nmap run completed -- 1 IP address (1 host up) scanned in 4 seconds

³ª. ÀÎÅͳÝÀ» ÅëÇÑ NetBios Á¢±Ù

NetBIOS(Network Basic Input/Output System)´Â IBM PC¸¦ À§ÇÑ ³×Æ®¿öÅ© ÀÎÅÍÆäÀ̽º ü°è·Î ³×ÀÓ, ¼¼¼Ç, µ¥ÀÌÅͱ׷¥ÀÇ ¼¼°¡Áö ¼­ºñ½º¸¦ Á¦°øÇÏ°í ÀÖ´Ù. ÆÄÀϽýºÅÛÀ̳ª ÇÁ¸°Æ®¸¦ °øÀ¯Çϱâ À§Çؼ­µµ NetBIOS°¡ ÇÊ¿äÇÏ´Ù. À©µµ¿ì NT ½Ã½ºÅÛÀÌ ÀÎÅͳݿ¡ Á÷Á¢¿¬°áµÇ¾î ÀÖÀ» °æ¿ì °ø°ÝÀÚ°¡ ½±°Ô ÆÄÀϽýºÅÛÀ» »ç¿ëÇÒ ¼ö ÀÖÀ¸¹Ç·Î NetBIOS ¿¡ ´ëÇÑ Á¢±ÙÅëÁ¦°¡ ÇÊ¿äÇÏ´Ù. ´ÙÀ½ÀÇ µÎ°¡Áö ¹æ¹ýÀ» °í·ÁÇØ º¼ ¼ö ÀÖ´Ù.

ù°, ¶ó¿ìÅͳª ħÀÔÂ÷´Ü½ºÅÛ¿¡¼­ Á¢±ÙÅëÁ¦ ÇÑ´Ù.

¿ÜºÎ¿¡¼­ À©µµ¿ì NT ½Ã½ºÅÛÀ¸·ÎÀÇ ¸ðµç NetBIOS Æ®·¡ÇÈÀ» Â÷´ÜÇϱâ À§ÇÏ¿© 135/UDP, 137/UDP(NetBIOS name), 138/UDP(NetBIOS datagram), 139/TCP(NetBIOS session) Æ÷Æ®·ÎÀÇ Á¢¼ÓÀ» Â÷´ÜÇÑ´Ù.

À©µµ¿ì NT¼­¹ö ÇÑ ´ë¿¡ ´ëÇؼ­¸¸ Á¢±ÙÅëÁ¦¸¦ Çϱâ À§Çؼ­´Â À§¿¡¼­ »ìÆ캻 "¼­¹ö Á¢±ÙÅëÁ¦"¸¦ ÀÌ¿ëÇÒ ¼öµµ ÀÖÁö¸¸ ³»ºÎ ³×Æ®¿öÅ© ³»¿¡ ¸¹Àº À©µµ¿ì ½Ã½ºÅÛÀÌ Á¸ÀçÇÏ°í ÀÖÀ¸¹Ç·Î ¿ÜºÎ¿¡¼­ ³»ºÎ À©µµ¿ì ½Ã½ºÅ۵鿡 ´ëÇÑ Á¢±ÙÀ» ÀÏ°ýÀûÀ¸·Î Àû¿ëÇϱâ À§Çؼ­´Â ¶ó¿ìÅͳª ħÀÔÂ÷´Ü½Ã½ºÅÛ¿¡¼­ ÅëÁ¦ÇÒ ÇÊ¿ä°¡ ÀÖ´Ù. ´ÙÀ½Àº ½Ã½ºÄÚ ¶ó¿ìÅÍÀÇ °æ¿ì ´ÙÀ½°ú °°ÀÌ ¼³Á¤ÇÒ ¼ö ÀÖ´Ù.

interface xy
ip access-group 101 in
access-list 101 deny udp any host NT_IP_ADDRESS eq 135
access-list 101 deny udp any host NT_IP_ADDRESS eq 137
access-list 101 deny udp any host NT_IP_ADDRESS eq 138
access-list 101 deny tcp any host NT_IP_ADDRESS eq 139

ÇÏÁö¸¸, ³×Æ®¿öÅ© ÀüüÀÇ Á¢±ÙÅëÁ¦ Á¤Ã¥À» ¼¼¿ï ¶§ ÀÌó·³ NT ¼­¹ö¿¡ ´ëÇÑ NetBIOS Æ®·¡Çȸ¸À» Â÷´ÜÇÏ°í ³ª¸ÓÁö Æ®·¡ÇÈÀ» Çã¿ëÇÏ´Â °Íº¸´Ù´Â ¹Ýµå½Ã ÇÊ¿äÇÑ ¼­ºñ½º¸¸ Çã¿ëÇÏ°í ³ª¸ÓÁö´Â ¸ðµÎ Â÷´ÜÇÏ´Â Á¤Ã¥(Deny unless it is expressly allowed)ÀÌ ¹Ù¶÷Á÷ÇÏ´Ù. ¹°·Ð ÀÌ °æ¿ì¿¡µµ NetBIOS Æ®·¡ÇÈÀ» Çã¿ëÇؼ­´Â ¾ÊµÈ´Ù.

µÑ°, ³×Æ®¿öÅ© Á¦¾îÆÇÀ» ÀÌ¿ëÇÏ¿© TCP/IP¿Í NetBIOS °£ÀÇ ¹ÙÀεù(binding) Á¦°ÅÇÑ´Ù. ¹ÙÀεùÀÌ Á¦°ÅµÇ¸é TCP/IP¸¦ °ÅÄ¡°Ô µÇ´Â ÆÄÀÏ °øÀ¯¼­ºñ½º´Â Á¦°øµÇÁö ¾Ê°í ´ç¿¬È÷ ÀÎÅͳݿ¡¼­ÀÇ °øÀ¯ÀÚ¿ø¿¡ ´ëÇÑ Á¢±Ù½Ãµµµµ ºÒ°¡´ÉÇÏ°Ô µÈ´Ù. ÀÌ·¯ÇÑ NetBIOS ¼­ºñ½º´Â ¶ó¿ìÅ͸¦ °ÅÄ¡Áö ¾ÊÀº ³»ºÎ ³×Æ®¿öÅ©¿¡¼­´Â ¿©ÀüÈ÷ °¡´ÉÇÏ´Ù.

°³ÀÎÀûÀ¸·Î ÀÌµé µÎ °¡Áö ¹æ¹ý Áß ¿ÜºÎ ³×Æ®¿öÅ©¿Í ¿¬°áµÇ´Â °ÔÀÌÆ®¿þÀÌ Áï, ¶ó¿ìÅͳª ħÀÔÂ÷´Ü½Ã½ºÅÛ¿¡¼­ ¸ðµç NetBIOS Æ®·¡ÇÈÀ» ¿øõÀûÀ¸·Î Â÷´ÜÇÏ´Â °ÍÀÌ Á»´õ ¾ÈÀüÇÏ°í ³»ºÎ ³×Æ®¿öÅ©¿¡¼­ °øÀ¯ÀÚ¿øÀ» »ç¿ëÇϴµ¥µµ º°´Ù¸¥ Á¦¾à»çÇ×ÀÌ ¾ø¾î ±Ç°íÇÒ ¸¸ÇÏ´Ù°í »ý°¢µÈ´Ù.

´Ù. ·¹Áö½ºÆ®¸® º¸È£

À©µµ¿ì NT¿¡ ÀÇÇØ »ç¿ëµÇ´Â ¸ðµç ÃʱâÈ­¿Í ȯ°æ¼³Á¤ Á¤º¸´Â ·¹Áö½ºÆ®¸®¿¡ ÀúÀåµÇ¾î ÀÖ´Ù. ÀϹÝÀûÀ¸·Î ·¹Áö½ºÆ®¸®ÀÇ Å¶°ªÀº Á¦¾îÆÇ°ú °°Àº °ü¸® µµ±¸µéÀ» ÅëÇؼ­ °£Á¢ÀûÀ¸·Î º¯°æµÇ¾î Áø´Ù. ÀÌ ¹æ¹ýÀ» ±ÇÀåÇÏ°í ÀÖÁö¸¸ ·¹Áö½ºÆ®¸® ÆíÁý±â¸¦ ÀÌ¿ëÇÏ¿© Á÷Á¢ÀûÀ¸·Î ¹Ù²Ü ¼öµµ ÀÖ´Ù. ·¹Áö½ºÆ®¸® ÆíÁý±â´Â ¿ø°ÝÁ¢¼ÓÀ¸·Îµµ ±× Å°¸¦ ¹Ù²Ü ¼ö Àִµ¥ ÀÌ´Â ´ë´ÜÈ÷ À§ÇèÇÑ °ÍÀ¸·Î ³×Æ®¿öÅ©¸¦ ÅëÇÑ ·¹Áö½ºÆ®¸® Á¢¼ÓÀ» Â÷´ÜÇÏ´Â °ÍÀÌ ¹Ù¶÷Á÷ÇÏ´Ù. ´ÙÀ½°ú °°ÀÌ ·¹Áö½ºÆ®¸® Å°¸¦ »ý¼ºÇÔÀ¸·Î½á ¿ø°Ý¿¡¼­ ·¹Áö½ºÆ®¸® Á¢¼ÓÀ» Á¦ÇÑÇÒ ¼ö ÀÖ´Ù.

HKEY_LOCAL_MACHINESystemCurrentcontrolSetControlSecurePipeServerswinreg

µðÆúÆ® À©µµ¿ì NT ¿öÅ©½ºÅ×ÀÌ¼Ç ¼³Ä¡´Â ÀÌ Å°¸¦ Á¤ÀÇÇÏ°í ÀÖÁö ¾Ê´Âµ¥ ÀÌ´Â ·¹Áö½ºÆ®¸®¿¡ ´ëÇÑ ¿ø°ÝÁ¢¼ÓÀ» Á¦ÇÑÇÏÁö ¾Ê´Â °ÍÀÌ´Ù. À©µµ¿ì NT ¼­¹ö´Â ¿ÀÁ÷ °ü¸®ÀÚ¸¸ ¿ø°Ý¿¡¼­ ·¹Áö½ºÆ®¸®¿¡ Á¢¼ÓÀ» Çã¿ëÇÏ°í ÀÖ´Ù.

·¹Áö½ºÆ®¸® ÆíÁý±â¸¦ »ç¿ëÇÒ ¶§´Â ½Ã½ºÅÛ¿¡ ´ëÇÑ Á¤È®ÇÑ ÀÌÇظ¦ ÇÏ°í ÀÖ¾î¾ß Çϸç, À߸ø ·¹Áö½ºÆ®¸® Å°°¡ ¹Ù²î¸é ½Ã½ºÅÛÀ» »ç¿ëÇÒ ¼ö ¾øÀ» ¼öµµ ÀÖÀ¸¹Ç·Î ÁÖÀÇÇؾ߸¸ ÇÑ´Ù.

¹é¾÷ À¯Æ¿¸®Æ¼´Â ÆÄÀÏ°ú µð·ºÅ丮»Ó¸¸ ¾Æ´Ï¶ó ·¹Áö½ºÆ®¸®µµ ¹é¾÷ÇÒ ¼ö ÀÖÀ¸¹Ç·Î ÁÖ±âÀûÀÎ ¹é¾÷ÀÌ ÇÊ¿äÇÏ´Ù.

5. °¨»ç

°¨»çÁ¤Ã¥À» ¼³Á¤¿¡´Â µð½ºÅ© °ø°£, CPU »ç¿ë·® µî ¸¹Àº ½Ã½ºÅÛ ÀÚ¿øÀ» ÇÊ¿ä·Î ÇϹǷΠÀÌ·¯ÇÑ °¨»ç¿¡ ¼Ò¿äµÇ´Â ºñ¿ë°ú °¨»ç·Î ÀÎÇØ ¹ß»ýµÇ´Â À̵æÀ» ºñ±³ÇÏ¿© ÀûÁ¤ÇÏ°Ô ¼³Á¤ÇÏ¿©¾ß ÇÒ °ÍÀÌ´Ù.

´ÙÀ½Àº ÀϹÝÀûÀÎ º¸¾È À§Çù°ú À̵éÀ» ÃßÀûÇϱâ À§ÇÑ °¨»çÁ¤Ã¥ ¼³Á¤ÀÇ ¿¹ÀÌ´Ù.

À§Çù
°¨»çÇ׸ñ
¿Ï·á/½ÇÆÐ
ºñ°í
ÀÓÀÇÀÇ Æнº¿öµå À¯Ãß °ø°Ý ·Î±×¿Â ¹× ·Î±×¿ÀÇÁ ½ÇÆÐ
ÈÉÄ£ Æнº¿öµå·Î ħÀÔ ·Î±×¿Â ¹× ·Î±×¿ÀÇÁ ¿Ï·á ½ÇÁ¦ »ç¿ëÀÚ¿Í °¡Â¥ »ç¿ëÀÚ°¡ ±¸ºÐµÇÁö ¾ÊÀ¸¹Ç·Î ÈÞÀÏÀ̳ª ÀÏ°ú½Ã°£ ÀÌÈÄ µî ºñÁ¤»óÀûÀÎ ½Ã°£´ë¿¡ Á¢¼ÓÇÑ ·Î±×¸¦ ŽÁö
»ç¿ëÀÚÀÇ °ü¸®ÀÚ ±ÇÇÑ ³²¿ë »ç¿ëÀÚ ±ÇÇÑ »ç¿ë ¿Ï·á »ç¿ëÀÚ³ª ±×·ì°ü¸®, º¸¾ÈÁ¤Ã¥º¯°æ, ½Ã½ºÅÛ Àç½ÃÀÛ/ÁßÁö, ½Ã½ºÅÛ À̺¥Æ®¸¦ À§ÇØ »ç¿ë
¹ÙÀÌ·¯½º ħÀÔ ÆÄÀÏ ¹× °³Ã¼ ¾×¼¼½º ¿Ï·á/½ÇÆÐ .exe, .dll È®ÀåÀÚ¸¦ °¡Áø ÆÄÀϵî°ú °°Àº ÇÁ·Î±×·¥¿¡ ´ëÇÑ ¾²±â¸¦ ±â·Ï
¹Î°¨ÇÑ ÆÄÀÏ¿¡ ´ëÇÑ ºÎÀûÀýÇÑ Á¢±Ù ÆÄÀÏ ¹× °³Ã¼ ¾×¼¼½º ¿Ï·á/½ÇÆÐ ÀÌ ¼³Á¤°ú ´õºÒ¾î ÆÄÀÏ°ü¸®ÀÚ(winfile)¿¡¼­ Àǽɽº·¯¿î »ç¿ëÀÚ³ª °ü¸®ÀÚ¿¡ ÀÇÇÑ ¹Î°¨ÇÑ ÆÄÀÏÀÇ Àб⠾²±â¿¡ ´ëÇÑ °¨»ç°¡ ¼³Á¤µÇ¾î ÀÖ¾î¾ßÇÔ
ÇÁ¸°ÅÍ¿¡ ´ëÇÑ ºÎÀûÀýÇÑ Á¢±Ù ÆÄÀÏ ¹× °³Ã¼ ¾×¼¼½º ¿Ï·á/½ÇÆÐ ÀÌ ¼³Á¤°ú ´õºÒ¾î ÇÁ¸°ÅÍ°ü¸®ÀÚ¿¡¼­ Àǽɽº·¯¿î »ç¿ëÀÚ³ª °ü¸®ÀÚ¿¡ ÀÇÇÑ ÇÁ¸°ÅÍ Á¢¼Ó¿¡ ´ëÇÑ °¨»ç°¡ ¼³Á¤µÇ¾î ÀÖ¾î¾ßÇÔ


¾Æ·¡ ±×¸²Àº "°ü¸®µµ±¸ | »ç¿ëÀÚ °ü¸®ÀÚ | Á¤Ã¥ | °¨»ç"ÀÇ °¨»çÁ¤Ã¥ ¼³Á¤ È­¸éÀÌ´Ù.

À̺¥Æ® ·Î±×´Â ±âº»ÀûÀ¸·Î guest¿¡°Ôµµ ½Ã½ºÅÛ ·Î±×¿Í ÀÀ¿ëÇÁ·Î±×·¥ ·Î±×¸¦ º¼ ¼ö ÀÖµµ·Ï ¼³Á¤µÇ¾î ÀÖÁö¸¸ º¸¾È ·Î±×´Â ¿­¶÷ÀÌ ±ÝÁöµÇ¾î ÀÖ´Ù. °¨»çÁ¤Ã¥¿¡ ÀÇÇØ »ý¼ºµÈ ·Î±×´Â "°ü¸®µµ±¸ | À̺¥Æ® Ç¥½Ã±â"¸¦ ÅëÇؼ­ È®ÀÎÇÒ ¼ö ÀÖ´Ù.

¥². IIS º¸¾È ¼³Á¤

1. ÃÖ¼ÒÇÑÀÇ ÀÎÅÍ³Ý ¼­ºñ½º Á¦°ø

°ø°Ý°¡´É¼ºÀ» ÃÖ¼ÒÈ­Çϱâ À§Çؼ­´Â ¼­¹ö¿¡¼­ Á¦°øµÇ´Â ¼­ºñ½º¸¦ ÃÖ¼ÒÈ­ÇÏ¿©¾ß¸¸ ÇÑ´Ù. "Á¦¾îÆÇ | ¼­ºñ½º"¸¦ ÀÌ¿ëÇÏ¿© »ç¿ëÇÏÁö ¾Ê´Â ¼­ºñ½ºµéÀ» ÁßÁö½ÃÅ°´Â °ÍÀÌ ¹Ù¶÷Á÷ÇÏ´Ù. ´ÙÀ½Àº IIS¸¦ »ç¿ëÇϱâ À§ÇØ ÇÊ¿äÇÑ ¼­ºñ½ºµéÀÌ´Ù.

¡¤Event Log
¡¤License Logging Service
¡¤Windows NTLM Security Support Provider
¡¤Remote Procedure Call (RPC) Service
¡¤Windows NT Server or Windows NT Workstation
¡¤IIS Admin Service
¡¤MSDTC
¡¤World Wide Web Publishing Service
¡¤Protected Storage

ÀϹÝÀûÀ¸·Î ´ÙÀ½ÀÇ ¼­ºñ½ºµéÀº ºÒÇÊ¿äÇÑ ¼­ºñ½ºµéÀε¥ ¹Ýµå½Ã ÇÊ¿äÇÏÁö ¾ÊÀº °æ¿ì¿¡´Â ÁßÁö½ÃÅ°´Â °ÍÀÌ ¾ÈÀüÇÏ´Ù.

¡¤Alerter
¡¤ClipBook Server
¡¤Computer Browser
¡¤DHCP Client
¡¤Messenger
¡¤NetBIOS Interface
¡¤NetLogon
¡¤Network DDE & Network DDE DSDM
¡¤Scheduler
¡¤Server Service
¡¤Simple TCP/IP Services
¡¤Spooler
¡¤TCP/IP NetBIOS Helper
¡¤WINS Client (TCP/IP)
¡¤Workstation Service

´ÙÀ½ ±×¸²Àº ¼­ºñ½º ¼³Á¤ È­¸éÀÌ´Ù.

ÀÌ ´ëÈ­ »óÀÚ¸¦ »ç¿ëÇÏ¿© ÄÄÇ»ÅÍ¿¡¼­ »ç¿ëÇÒ ¼ö ÀÖ´Â °¢ ¼­ºñ½º¸¦ ½ÃÀÛÇϰųª, ¸ØÃ߰ųª, Àá±ñ ¸ØÃ߰ųª, °è¼ÓÇÒ ¼ö ÀÖÀ¸¸ç, ½ÃÀÛ ¸Å°³ º¯¼ö¸¦ ÇØ´ç ¼­ºñ½º¿¡ Àü´ÞÇÒ ¼öµµ ÀÖ´Ù.

2. IIS ·Î±×

IIS´Â È¿À²À» ±Ø´ëÈ­Çϱâ À§ÇÑ Æ©´×À» À§ÇØ »ç¿ëµÇ±âµµ ÇÏÁö¸¸ °ø°Ý»ç½ÇÀ» ŽÁöÇϴµ¥µµ ¸¹Àº µµ¿òÀ» ÁØ´Ù.

IIS¿¡ Æ÷ÇÔµÈ °¢ ¼­ºñ½º´Â ¼­¹ö¿¡ ¾×¼¼½ºÇÑ »ç¿ëÀÚ¿Í ¾×¼¼½ºÇÑ Á¤º¸¿¡ °üÇÑ ³»¿ëÀ» ·Î±×Çϵµ·Ï ±¸¼ºÇÒ ¼ö ÀÖ´Ù. ÀÌ µ¥ÀÌÅÍ·Î »çÀÌÆ®ÀÇ ¼¼ºÎ »çÇ× Á¶Á¤, »çÀÌÆ®¿¡ Á¤±âÀûÀ¸·Î ¾×¼¼½ºÇÏ´Â ´Ù¼öÀÇ »ç¿ëÀÚ¿¡ ´ëÇÑ °èȹ, ³»¿ëÀÇ ¾×¼¼½º, º¸¾È °¨»ç µîÀ» ÇÒ ¼ö ÀÖ´Ù.

IIS ·Î±×´Â ÅؽºÆ® ÆÄÀÏÀ̳ª ODBC(Open Database Connectivity) µ¥ÀÌÅͺ£À̽º·Î ±â·ÏÇÒ ¼ö Àִµ¥ IIS¼³Ä¡½Ã default ·Î±ë¹æ½ÄÀº ÅؽºÆ® ÆÄÀÏ Çü½ÄÀÌ´Ù. ÅؽºÆ® ÆÄÀÏ·Î ·Î±ëÇÏ´Â °ÍÀº ¼Óµµ¸é¿¡¼­ Á» ´õ ºü¸£¸ç, ODBC µ¥ÀÌÅͺ£À̽º´Â µ¥ÀÌÅÍ °Ë»çÇϴµ¥ Á» ´õ À¯¿¬¼ºÀ» Á¦°øÇÏ´Â ÀåÁ¡À» °¡Áö°í ÀÖ´Ù.

IIS¿¡¼­ Á¦°øµÇ´Â ¼­ºñ½ºµé¿¡ ´ëÇÑ °ü¸®´Â "Micorosoft ÀÎÅÍ³Ý ¼­¹ö | ÀÎÅÍ³Ý ¼­ºñ½º °ü¸®ÀÚ"¿¡¼­ Á¦°øµÇ¸ç, °¢Á¾ Ȩµð·ºÅ丮, ·Î±ë¼³Á¤, Á¢±ÙÅëÁ¦ µîÀ» Á¤ÀÇÇÒ ¼ö ÀÖ´Ù.

·Î±ëÀº [¸ÅÀÏ], [¸ÅÁÖ], [¸Å´Þ] ¿É¼Ç Áß Çϳª°¡ ÀÛµ¿Çϸé inyymmdd(¿¬, ¿ù, ÀÏ)ÇüÅ·ΠÀúÀåµÈ´Ù. Default·Î C:WINNTSystem32LogFiles µð·ºÅ丮 ¾Æ·¡¿¡ ÀúÀåµÈ´Ù.

»ý¼ºµÈ ·Î±×ÀÇ °¢ Çʵå´Â ´ÙÀ½ÀÇ ³»¿ëÀ» °¡Áö°í ÀÖ´Ù.

Ŭ¶óÀ̾ðÆ®ÀÇ IP ÁÖ¼Ò
Ŭ¶óÀ̾ðÆ®ÀÇ »ç¿ëÀÚ À̸§
³¯Â¥
½Ã°£
¼­ºñ½º
ÄÄÇ»ÅÍ À̸§
¼­¹öÀÇ IP ÁÖ¼Ò
°æ°ú ½Ã°£
¼ö½ÅµÈ ¹ÙÀÌÆ®
Àü¼ÛµÈ ¹ÙÀÌÆ®
¼­ºñ½º »óÅ ÄÚµå
Windows NT »óÅ ÄÚµå
ÀÛ¾÷ À̸§ ÀÛ¾÷ ¸ñÇ¥

¾Æ·¡´Â ½ÇÁ¦ NT¼­¹ö¿¡ ´ëÇÑ ³×Æ®¿öÅ© ½ºÄµ°ø°ÝÀ» ÇÏ¿´À» ¶§ À¥·Î±×¿¡ ³²Àº Á¤º¸ÀÌ´Ù.

8¿ù 24ÀÏ 14½Ã 56ºÐ°æ ºñÁ¤»óÀûÀ¸·Î ¸¹Àº Á¢¼Ó¿äûÀÌ ¿Ô¾úÀ¸¸ç, ÀÌ°ÍÀº Á¤»óÀûÀÎ À¥¼­¹ö Á¢¼ÓÀÌ ¾Æ´ÔÀ» ½±°Ô ¾Ë ¼ö ÀÖ´Ù.

172.16.2.34, -, 00-08-24, 14:56:20, W3SVC, Á¤º¸, 172.16.2.154, 30, 17, 198, 200, 0, HEAD, /Default.htm, -,

172.16.2.34, -, 00-08-24, 14:56:20, W3SVC, Á¤º¸, 172.16.2.154, 10, 21, 101, 400, 123, GET, /*.idc, -,

172.16.2.34, -, 00-08-24, 14:56:20, W3SVC, Á¤º¸, 172.16.2.154, 0, 931, 203, 500, 122, GET, /default.asp

172.16.2.34, -, 00-08-24, 14:56:20, W3SVC, Á¤º¸, 172.16.2.154, 50, 32, 163, 200, 0, GET, /msadc/msadcs.dll, hr=80070057,CSoapStub::HttpExtensionProc,,

172.16.2.34, -, 00-08-24, 14:56:20, W3SVC, Á¤º¸, 172.16.2.154, 0, 41, 273, 403, 5, GET, /scripts/iisadmin/bdir.htr, -,

172.16.2.34, -, 00-08-24, 14:56:20, W3SVC, Á¤º¸, 172.16.2.154, 0, 46, 127, 404, 3, GET, /iissamples/issamples/query.idq, -,

172.16.2.34, -, 00-08-24, 14:56:20, W3SVC, Á¤º¸, 172.16.2.154, 0, 46, 127, 404, 3, GET, /iissamples/issamples/fastq.idq, -,

172.16.2.34, -, 00-08-24, 14:56:20, W3SVC, Á¤º¸, 172.16.2.154, 0, 50, 127, 404, 3, GET, /iissamples/exair/search/search.idq, -,

172.16.2.34, -, 00-08-24, 14:56:20, W3SVC, Á¤º¸, 172.16.2.154, 0, 50, 127, 404, 3, GET, /iissamples/exair/search/query.idq, -,

172.16.2.34, -, 00-08-24, 14:56:20, W3SVC, Á¤º¸, 172.16.2.154, 0, 39, 127, 404, 3, GET, /prxdocs/misc/prxrch.idq, -,

172.16.2.34, -, 00-08-24, 14:56:20, W3SVC, Á¤º¸, 172.16.2.154, 0, 143, 127, 404, 3, GET, /iissamples/issamples/oop/qfullhit.htw, CiWebHitsFile=/iissamples/issamples/oop/qfullhit.htw&CiRestriction=none&CiHiliteType=Full,

172.16.2.34, -, 00-08-24, 14:56:20, W3SVC, Á¤º¸, 172.16.2.154, 0, 143, 127, 404, 3, GET, /iissamples/issamples/oop/qsumrhit.htw, CiWebHitsFile=/iissamples/issamples/oop/qsumrhit.htw&CiRestriction=none&CiHiliteType=Full,

172.16.2.34, -, 00-08-24, 14:56:20, W3SVC, Á¤º¸, 172.16.2.154, 0, 51, 273, 403, 5, GET, /scripts/samples/search/qfullhit.htw, -,

172.16.2.34, -, 00-08-24, 14:56:20, W3SVC, Á¤º¸, 172.16.2.154, 0, 51, 273, 403, 5, GET, /scripts/samples/search/qsumrhit.htw, -,

Ç¥ÁØ Çü½Ä(Microsoft Professional Internet Services Çü½Ä)ÀÇ ·Î±×¸¦ NCSA(National Center for Supercomputing Applications) Common Log File Çü½ÄÀ¸·Î º¯È¯ÀÌ °¡´ÉÇѵ¥ Convlog.exe ¸í·É¾î¸¦ ÀÌ¿ëÇÒ ¼ö ÀÖ´Ù.

convlog -s[f|g|w] -t [emwac | ncsa[:GMTOffset] | none]

-o [output directory] -f [temp file directory] -h LogFilename

-d<m:[cachesize]>

3. »ùÇà ¿¡Çø®ÄÉÀÌ¼Ç Á¦°Å

»ùÇà ¿¡Çø®ÄÉÀ̼ÇÀº µðÆúÆ®·Î ¼³Ä¡µÇÁö ¾ÊÀ¸³ª ¿É¼ÇÆÑ ¼³Ä¡½Ã ¼³Ä¡µÇ¾î ÀÖ´Ù¸é Á¦°ÅÇÏ´Â °ÍÀÌ ¾ÈÀüÇÏ´Ù. ´ÙÀ½Àº »ùÇà ÆÄÀϵéÀÇ À§Ä¡ÀÌ´Ù.

Á¾·ù
À§Ä¡
IIS c:inetpubiissamples
IIS SDK c:inetpubiissamplessdk
Admin Scripts c:inetpubAdminScripts
Data access c:Program FilesCommon FilesmsadcSamples

4. RDS Á¦°Å

ÁÖÀÇ :

ÀÌ Ãë¾àÁ¡Àº ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»ç¿¡¼­ Á¦°øµÇ°í ÀÖ´Â "Microsoft Internet Information Server 4.0 Security Checklist"¸¦ ºñ·ÔÇÑ IIS º¸¾È°ú °ü·ÃµÈ ´Ù¼öÀÇ ¹®¼­¿¡¼­ ¹Ýµå½Ã º¸¾È¼³Á¤ÇÏ¿©¾ßÇÒ Ãë¾àÁ¡À¸·Î ¾ê±âµÇ°í ÀÖ´Ù.

RDS´Â MDAC(Microsoft Data Access Componets)ÀÇ ÇÑ ÄÄÆ÷³ÍÆ®·Î RDS(Remote Data Services)°¡ À߸ø ¼³Á¤µÇ¾î ÀÖÀ» °æ¿ì ¼­ºñ½º°ÅºÎ °ø°ÝÀ̳ª ¿ø°Ý¿¡¼­ °ü¸®ÀÚ ±ÇÇÑÀ¸·Î ÀÓÀÇÀÇ ¸í·ÉÀ» ½ÇÇàÇÒ ¼ö ÀÖ´Â Ãë¾àÁ¡ÀÌ ÀÖ´Ù.

IIS¿Í MDAC°¡ ºÎÁÖÀÇÇÏ°Ô ¼³Ä¡µÉ °æ¿ì ÀÌ Ãë¾àÁ¡ÀÌ ¹ß»ýµÉ ¼ö Àִµ¥ IIS¿Í MDAC 1.5´Â À©µµ¿ì NT 4 ¿É¼ÇÆÑ¿¡¼­ µðÆúÆ®·Î ¼³Ä¡µÇ¾î Áø´Ù. ´ëºÎºÐÀÇ Ãë¾àÁ¡µéÀÌ ¼­ºñ½ºÆÑÀ̳ª ÇÖ ÇȽº·Î °áÇÔÀÌ Á¦°ÅµÇÁö¸¸ ÀÌ Ãë¾àÁ¡À» Á¦°ÅÇϱâ À§Çؼ­´Â °ü¸®ÀÚ°¡ ¼öµ¿À¸·Î ·¹Áö½ºÆ®¸® Å°¸¦ Á¶ÀÛÇØ¾ß Çϸç ÀϹÝÀûÀÎ ÆÐŶ ÇÊÅ͸µ ÆÄÀ̾î¿ù·Îµµ °ø°ÝÂ÷´ÜÀÌ ºÒ°¡´ÉÇϱ⠶§¹®¿¡ °ü¸®ÀÚµéÀÇ ÁÖÀǸ¦ ¿äÇÏ°í ÀÖ´Ù. RDS·ÎºÎÅÍÀÇ °ø°ÝÀ» Â÷´ÜÇϱâ À§Çؼ­´Â MDACÀÇ ¹öÀüº°·Î ¼³Á¤À» ´Þ¸®ÇÏ¿© ¿î¿µÇϰųª RDS°¡ ºÒÇÊ¿äÇÒ °æ¿ì Â÷´ÜÇÏ´Â °ÍÀÌ ¾ÈÀüÇÏ´Ù.

RDS¸¦ Á¦°ÅÇϱâ À§Çؼ­´Â MDACÀÇ ¹öÀü¿¡ »ó°ü¾øÀÌ ´ÙÀ½ÀÇ Á¶Ä¡¸¦ ÃëÇÒ ¼ö ÀÖ´Ù.

ù°, µðÆúÆ® À¥ »çÀÌÆ®·ÎºÎÅÍ /msadc °¡»ó µð·ºÅ丮¸¦ Á¦°ÅÇÑ´Ù.

"Microsoft ÀÎÅÍ³Ý ¼­¹ö | ÀÎÅÍ³Ý ¼­ºñ½º °ü¸®ÀÚ | WWW ¼­ºñ½º µî·ÏÁ¤º¸"¿¡¼­ "µð·ºÅ丮" Ç׸ñ Áß Msadc¸¦ Á¦°ÅÇÑ´Ù.

µÑ°, ´ÙÀ½ÀÇ ·¹Áö½ºÆ®¸® Å°¸¦ Á¦°ÅÇÑ´Ù.

HKEY_LOCAL_MACHINE SYSTEM CurrentControlSet Services W3SVCParameters ADCLaunch RDSServer.DataFactory

HKEY_LOCAL_MACHINE SYSTEM CurrentControlSet Services W3SVCParameters ADCLaunch AdvancedDataFactory

HKEY_LOCAL_MACHINE SYSTEM CurrentControlSet Services W3SVCParameters ADCLaunch VbBusObj.VbBusObjCls

¼Â°, msadcs.dll ÆÄÀÏÀ» Á¦°ÅÇÑ´Ù.

msadcs.dllÀº RDS ÀÎÅÍÆäÀ̽º¸¦ Á¦°øÇØÁÖ´Â DLLÀÌ´Ù.

³Ý°, msadc µð·ºÅ丮¸¦ »èÁ¦ÇÑ´Ù.

C:Program FilesCommon FilesSystemMsadc ¾Æ·¡ ¼­ºêµð·ºÅ丮¿Í ÆÄÀϵéÀ» »èÁ¦ÇÑ´Ù.

ÀÌ ¹æ¹ýµéÀº ´ë´ÜÈ÷ ¹«½ÄÇÑ(?) ¹æ¹ýÀÌÁö¸¸ °¡Àå È®½ÇÇÑ ¹æ¹ýÀÌ´Ù. ÀÌ Áß Çϳª¸¸ ¼öÇàÇÏ´õ¶óµµ RDS ±â´ÉÀ» Á¦°ÅÇÒ ¼ö ÀÖ´Ù.

ÀÌ Ãë¾àÁ¡¿¡ ´ëÇÑ °ø°Ýµµ±¸µéÀº ÀÎÅÍ³Ý»ó¿¡ ÀÌ¹Ì °ø°³µÇ¾î ÀÖÀ¸¸ç ¸¹Àº IIS ¼­¹öµéÀÌ ÀÌ·Î ÀÎÇØ °ø°ÝÀ» ¹Þ°í ÀÖ´Ù. ¼­ºñ½ºÆÑ, ÇÖÇȽº ¼³Ä¡¸¸À¸·Î ÇØ°áµÇÁö ¾Ê´Â Ãë¾àÁ¡ÀÎ ¸¸Å­ ´ë´ÜÈ÷ À§ÇèÇÑ Ãë¾àÁ¡ÀÌ´Ù. Á»´õ ÀÚ¼¼ÇÑ º¸¾È´ëÃ¥¿¡ ´ëÇÑ ¼³¸íÀº ¸¶ÀÌÅ©·Î ¼ÒÇÁÆ®ÀÇ °ø½Ä »çÀÌÆ®¸¦ Âü°íÇϱ⠹ٶõ´Ù.

http://www.microsoft.com/technet/security/bulletin/fq99-025.asp

ÀÌ Ãë¾àÁ¡¿¡ ´ëÇÑ ½ºÄµ ¹× °ø°ÝÀÌ ºó¹øÇÑ ¸¸Å­ IIS ·Î±×¸¦ Á¤±âÀûÀ¸·Î °Ë»çÇؼ­ °ø°ÝÈçÀûÀ» ŽÁöÇÏ´Â °Íµµ ÇÊ¿äÇÏ´Ù.

1999-10-24 20:38:12 - POST /msadc/msadcs.dll ...

´ÙÀ½ÀÇ ¸í·ÉÀ» ÀÌ¿ëÇÏ¿© ÀÚµ¿À¸·Î ãÀ» ¼öµµ ÀÖ´Ù.

find /i "msadcs" logfile.log

5. ÀԷ°ª Á¡°Ë

¸¹Àº À¥»çÀÌÆ®¿¡¼­ »ç¿ëÀÚµéÀÌ ´Ù¸¥ Äڵ带 È£ÃâÇϰųª ÁúÀǾî(SQL)¸¦ Á÷Á¢ »ç¿ëÇϱâ À§ÇØ ÀԷ°ªÀ» ¹Þ´Â´Ù. ÀϹÝÀûÀ¸·Î »ç¿ëÀÚµéÀÇ ÀÔ·ÂÀÌ À¯È¿ÇÏ°í ¾ÇÀÇÀûÀÌÁö ¾ÊÀº ÀÔ·ÂÀ̶ó°í °£ÁÖÇÏ´Â °æ¿ì°¡ ¸¹´Ù. ÇÏÁö¸¸ ½ÇÁ¦ ¾ÇÀÇÀûÀÎ ÀԷ°ªÀ» ³ÖÀ½À¸·Î½á ¼­¹ö¿¡ ºÒ¹ýÀûÀ¸·Î Á¢±ÙÇϰųª ÇÇÇظ¦ ÀÔÈ÷´Â °æ¿ì°¡ ´ë´ÜÈ÷ ¸¹´Ù. µû¶ó¼­ »ç¿ëÀÚµéÀÇ <FORM> ÀÔ·ÂÀ» ´Ù¸¥ ÇÁ·Î¼¼½º¿¡°Ô Àü´ÞÇØÁÖ±â Àü¿¡ ÆÄÀϽýºÅÛÀ̳ª µ¥ÀÌÅͺ£À̽º µîÀÇ ÀÚ¿øÀ» ºÒ¹ýÀûÀ¸·Î »ç¿ëÇÏÁö ¾Ê´ÂÁö Á¡°ËÇؾ߸¸ ÇÑ´Ù.
»ç¿ëÀÚ ÀÔ·ÂÀ» Á¡°ËÇϱâ À§ÇØ JScript ³ª VBScript¸¦ »ç¿ëÇÒ ¼ö ÀÖ´Ù.

´ÙÀ½ ¹®ÀåÀº "0-9a-zA-Z ±×¸®°í _"ÀÌ ¾Æ´Ñ ¹®ÀÚµéÀ» Á¦°ÅÇØ ÁØ´Ù.

Set reg = New RegExp
reg.Pattern = "W+"
strUnTainted = reg.Replace(strTainted, "")

´ÙÀ½ ¹®ÀåÀº '|' ¿¬»êÀÚ(ÀϹÝÀûÀ¸·Î ¸í·É¾î ¼öÇà ¿¬»êÀÚ) ÀÌÈÄÀÇ ¹®ÀåÀ» ÀüºÎ Á¦°ÅÇÑ´Ù.

Set reg = New RegExp
reg.Pattern = "^(.+)|(.+)" ' Any character from the start of the string to a '|'
strUnTainted = reg.Replace(strTainted,"$1")

¶ÇÇÑ »ç¿ëÀÚÀÇ ÀÔ·ÂÇÑ ÆÄÀÏ¸í¿¡ µû¶ó ƯÁ¤ ÆÄÀÏÀ» ¿­°Å³ª »ý¼ºÇÏÁö ¾Êµµ·Ï ÇÏ¿©¾ß¸¸ ÇÑ´Ù. »ç¿ëÀÚ°¡ ½Ã¸®¾ó Æ÷Æ®¸¦ ¿­°Å³ª ÇÁ¸°Æ®¸¦ ¿­·Á°í ½ÃµµÇÒ ¼öµµ ÀÖ´Ù. ´ÙÀ½Àº ºñÁ¤»óÀûÀÎ ÆÄÀÏÀ̸§À» Á¦°ÅÇÏ´Â JScript ÄÚµåÀÌ´Ù.

var strOut = strIn.replace(/(AUX|PRN|NUL|COMd|LPTd)+s*$/i,"");

6. »óÀ§Æнº ÁßÁö

»óÀ§Æнº '..'ÀÇ »ç¿ëÀ» ÁßÁö½ÃŲ´Ù. µðÆúÆ®·Î ÀÌ ¿É¼ÇÀº enable µÇ¾î Àִµ¥ À¥»çÀÌÆ®ÀÇ root µð·ºÅ丮·Î °¡¼­ ¿À¸¥ÂÊ ¹öÆ°À» Ŭ¸¯ÇÏ¿© "µî·ÏÁ¤º¸ | Ȩµð·ºÅ丮 | ȯ°æ¼³Á¤ | App ¿É¼Ç"¿¡¼­ "Enable Parent Paths"¸¦ üũÇÏÁö ¾Ê´Â´Ù.

7. #exec ¸í·É½© È£Ãâ ÁßÁö

¸í·É¾î°¡ À¥¼­¹ö¿¡¼­ ÀÓÀÇÀÇ ¸í·ÉÀ» È£ÃâÇϵµ·Ï »ç¿ëµÉ ¼öµµ ÀÖ´Ù. IIS´Â µðÆúÆ®·Î ÀÌ°ÍÀÌ ÁßÁöµÇ¾î ÀÖÀ¸¸ç À̸¦ °¡´ÉÇÏ°Ô ÇÏ´Â ·¹Áö½ºÆ®¸® Å°°¡ '0'·Î ¼ÂÆõǾî ÀÖ´Â °ÍÀ» È®ÀÎÇÒ ¼ö ÀÖ´Ù.

HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesW3SVCParametersSSIEnableCmdDirective

¥³. ¼­ºñ½ºÆÑ(Service Pack)°ú ÇÖÇȽº(Hot Fix)

¼­ºñ½ºÆÑÀº À©µµ¿ì NT¸¦ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®¿¡¼­ Ãâ½ÃÇÏ°í ³­ µÚ À©µµ¿ì NT¿Í °ü·ÃµÈ ÀÀ¿ëÇÁ·Î±×·¥, ¼­ºñ½º, ½ÇÇàÆÄÀÏ µî ¿©·¯ ¼öÁ¤ ÆÄÀϵéÀ» ¸ð¾Æ ³õÀº ÇÁ·Î±×·¥ÀÌ´Ù. ¼­ºñ½ºÆÑÀº ÇÊ¿ä¿¡ µû¶ó Àϳ⿡ ¸î¹ø¾¿ ¹ßÇ¥µÈ´Ù.

ÇöÀç±îÁö ¹ßÇ¥µÈ °¡Àå ÃÖ½ÅÀÇ ¼­ºñ½ºÆÑÀº SP6aÀ¸·Î ´ÙÀ½ÀÇ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ® »çÀÌÆ®¿¡¼­ ±¸ÇÒ ¼ö ÀÖ´Ù.

http://www.microsoft.com/ntserver/nts/downloads/recommended/SP6/allSP6.asp

ÇÖÇȽº´Â Áï½Ã ±³Á¤µÇ¾î¾ß¸¸ ÇÏ´Â ÁÖ¿äÇÑ Ãë¾àÁ¡(ÁÖ·Î º¸¾È°ú °ü·ÃµÈ)À» ÆÐÄ¡Çϱâ À§Çؼ­ ¹èÆ÷µÇ´Â ÇÁ·Î±×·¥ÀÌ´Ù. ÇÖÇȽº´Â °¢°¢ÀÇ ¼­ºñ½ºÆÑÀÌ ¹ßÇ¥µÈ ÈÄ Æ¯È­µÇ¾î¼­ ¹ßÇ¥µÈ´Ù.

ÇÑ°¡Áö ÁÖÀÇÇÒ °ÍÀº °£È¤ ¼­·Î ´Ù¸¥ ÇÖÇȽº°¡ µ¿ÀÏÇÑ ÆÄÀÏÀ» º¯°æÇÏ´Â °æ¿ì°¡ ÀÖÀ¸¹Ç·Î ÇÖÇȽº ¼³Ä¡½Ã ¸ÕÀú ¹èÆ÷µÈ °ÍÀ» ¸ÕÀú ¼³Ä¡ÇÏ´Â °ÍÀÌ ¾ÈÀüÇÏ´Ù. ¿¹¸¦µé¾î SP5 ¹èÆ÷ÆÇ ÀÌÈÄ¿¡ IGMP-fix¿Í Spoof-fix ÇÖÇȽº°¡ ¹èÆ÷µÇ¾ú´Âµ¥ µÎ ÇÖÇȽº ¸ðµÎ tcpip.sys¸¦ Æ÷ÇÔÇÏ°í ÀÖ´Ù. tcpip.sys ÆÄÀÏÀº IGMP-fix¿¡¼­´Â 99³â 8¿ù 14ÀÏÂ¥ÀÌ°í Spoof-fix¿¡¼­´Â 99³â 9¿ù 17ÀÏÂ¥ÀÌ°í Á»´õ ÆÄÀÏ»çÀÌÁî°¡ Å©´Ù. ÀÌ °æ¿ì IGMP ÇÖÇȽº¸¦ ¸ÕÀú ¼³Ä¡ÇÏ°í Spoof ÇÖ ÇȽº¸¦ ³ªÁß¿¡ ¼³Ä¡ÇÏ¿©¾ß¸¸ ÇÑ´Ù.

ÇÖÇȽº´Â ±¹°¡º°, NT¹öÁ¯º°·Î Á¦°øµÈ´Ù.

ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/xxx/yyy/zzz
xxx : ±¹°¡, yyy : NT ¹öÀü, zzz : Hot Fix µð·ºÅ丮

°ü¸®ÀÚ°¡ ¼­ºñ½ºÆÑ°ú ÇÖÇȽº¸¦ °³º°ÀûÀ¸·Î ¼³Ä¡ÇÒ °æ¿ì ¼³Ä¡ ¼ø¼­µµ °í·ÁÇØ¾ß ÇÏ°í ¸Å¹ø ½Ã½ºÅÛÀ» Àç ºÎÆÃÇÏ¿©¾ß¸¸ ÇϹǷΠ´ë´ÜÈ÷ ºÒÆíÇÏ°í ½Ã°£ÀÌ ¸¹ÀÌ ¼Ò¿äµÉ ¼ö ÀÖ´Ù.
¾Æ·¡ ½ºÅ©¸³Æ®´Â ¼­ºñ½ºÆÑ 6a ¼³Ä¡ ¹× ÇÖÇȽº ¼³Ä¡¸¦ ÀÚµ¿È­ÇÒ ¼ö ÀÖ´Â °ÍÀÌ´Ù.
(Ãâó : http://www.securityfocus.com/data/tools/sp6script.zip)

@echo off

REM Created by: "Davis, Rob" <rdavis@lucentncg.com>
REM Last modified by Security Focus on 02/17/00
REM Obtain service pack 6a and desired hot-fixes.
REM - Please test before applying
REM Not all of the hot-fixes are required on every machine.
REM Comment out or delete the hot-fixes you won't use.

REM uncompress hot-fixes and service pack 6a into required directories
REM note - use /x switch to uncompress without installing

echo -----------------
REM ** SP6a
REM SP switches
REM -u -- unattended
REM -f -- force other apps to close at shutdown
REM -n -- do not backup files for uninstall
REM -o -- overwrite OEM files without prompting
REM -q -- quiet - no user interaction
REM -z -- no automatic reboot after installation
echo Installing Service Pack 6a (this may take a few minutes...)
.sp6updateupdate.exe /q /z /o /n
echo -----------------
echo SP6a installed - now installing hotfixes ...
REM Hotfix switches
REM -y -- perform uninstall (requires -m and -q)
REM -f -- force other apps to close at shutdown
REM -n -- do not create uninstall directory
REM -z -- no automatic reboot after installation
REM -q -- quiet - no user interaction
REM -m -- unattended (different from SP)
REM -l -- list installed hotfixes
echo -----------------
REM ** spooler-fix
echo Installing spooler-fix
spooler-fixhotfix.exe /m /q /z
echo -----------------
REM ** rasman-fix
echo Installing rasman-fix
.rasman-fixfixrasi
echo -----------------
REM ** new srvsvc.dll
echo Installing patched srvsvc.dll
.srvsvchotfix.exe /m /q /z
echo -----------------
REM ** ISN fix
Echo Installing ISN fix
.isnfixhotfix.exe /m /q /z
echo -----------------
REM ** LPC fix
Echo Installing LPC fix
.lpcfixhotfix.exe /m /q /z
REM This one is for Terminal Server only
REM UnREM if appropriate
REM echo -----------------
REM ** Rdisk fix
REM Echo Installing Rdisk fix
REM .rdiskfixhotfix.exe /m /q /z
echo -----------------
REM ** RTF fix
Echo Installing RTF fix
.rtffixhotfix.exe /m /q /z
echo -----------------
REM ** Recycle fix
Echo Installing RTF fix
.recyclehotfix.exe /m /q /z
echo Patches Completed (reboot machine before patches will take effect)
echo on

¥´. NT °ø°³ º¸¾È µµ±¸

À©µµ¿ì NT ³»ºÎÀÇ È¯°æ¼³Á¤°ú ¼­ºñ½ºÆÑ ¹× ÇÖÇȽº ¼³Ä¡·Î ½Ã½ºÅÛÀ» ¾ÈÀüÇÏ°Ô ¼³Ä¡ÇÑ ÈÄ ÀÌ·¯ÇÑ ¼³Á¤ÀÌ Á¤¸» ¾ÈÀüÇÑÁö¸¦ Á¡°ËÇØ º¼ ÇÊ¿ä°¡ ÀÖÀ» °ÍÀÌ´Ù.
º» Àý¿¡¼­´Â À©µµ¿ì NTÀÇ º¸¾ÈÃë¾àÁ¡À» Á¡°ËÇÒ ¼ö ÀÖ´Â ¸î °³ÀÇ °ø°³ Á¡°Ë µµ±¸¸¦ ¼Ò°³Çϱâ·Î ÇÑ´Ù.

°¡. Cerberus' Internet Scanner (http://www.cerberus-infosec.co.uk)

ÀÌ ÅøÀº ¿µ±¹ÀÇ Cerberus Information Security »ç¿¡¼­ °³¹ßµÈ °ÍÀ¸·Î ±âÁ¸ÀÇ NT Info Scanner¸¦ ¼öÁ¤ º¸¿ÏÇÑ °ÍÀÌ´Ù. ±âº»ÀûÀ¸·Î WWW, SQL, ftp, various NT checks, SMTP, POP3, DNS, finger µî 12°³ÀÇ Á¡°Ë ¸ðµâ·Î ±¸¼ºµÇ¾î ÀÖÀ¸¸ç ¼¼ºÎÀûÀ¸·Î ¾à 300¿©°³ÀÇ Á¡°ËÇ׸ñÀ» Æ÷ÇÔÇÑ´Ù. ƯÈ÷, ÀÌ ÅøÀÌ NT Info Scanner¸¦ È®ÀåÇÑ µµ±¸·Î½á IIS À¥¼­¹ö Ãë¾àÁ¡°ú °ü·ÃµÈ Á¡°ËÇ׸ñÀÌ Ç³ºÎÇÏ´Ù. 12°³ÀÇ Á¡°Ë¸ðµâµéÀº dll ÇüÅ·ΠÁ¦°øµÇ°í Á¡°ËÇ׸ñÀÇ ¾÷µ¥ÀÌÆ®´Â ÀÚµ¿¾÷µ¥ÀÌÆ® ±â´ÉÀ» ÀÌ¿ëÇÏ¿© dll ÆÄÀÏÀ» ±³Ã¼ÇÏ¸é µÈ´Ù.

¼³Ä¡È¯°æÀº À©µµ¿ì NT, À©µµ¿ì 2000¿¡¼­ °¡´ÉÇÏ°í, ±ò²ûÇÑ À¥±â¹Ý GUI ȯ°æÀ¸·Î »ç¿ëÀÌ ´ë´ÜÈ÷ Æí¸®ÇÏ´Ù.

Á¡°Ë°á°úµµ HTML ÇüÅ·ΠÁ¦°øµÇ°í ¹ß°ßµÈ Ãë¾àÁ¡¿¡ ´ëÇÑ ¼³¸íÀº ÇÏÀÌÆÛ¸µÅ©¸¦ ÅëÇØ °ü·Ã¹®¼­¸¦ ¿¬°áÇØ ÁÖ°í ÀÖ´Ù.

³ª. L0pht Crack (http://www.l0pht.com/l0phtcrack/)

L0pht CrackÀº NT »ç¿ëÀÚ Æнº¿öµå¸¦ Å©·¢ÇÏ´Â ÇÁ·Î±×·¥ÀÌ´Ù.

¸ÕÀú, Æнº¿öµå¿¡ ´ëÇÑ °ø°ÝÀº 3´Ü°è¸¦ ÅëÇؼ­ ÀÌ·ç¾îÁö´Âµ¥, ¸ÕÀú ´Ü¾î»çÀü¿¡ µî·ÏµÈ ´Ü¾î¿Í ºñ±³ÇÏ´Â »çÀü°ø°Ý(Dictionary Attack)À» ¼öÇàÇÏ°í »çÀü¿¡ µî·ÏµÈ ´Ü¾î¿¡¼­ º¯ÇüµÈ ´Ü¾î¿Í ºñ±³ÇÏ´Â Hybrid °ø°ÝÀ» ¼öÇàÇÏ°í ¸¶Áö¸·À¸·Î ÀÓÀÇÀÇ ¹®ÀÚ¸¦ Á¶ÇÕÇÏ¿© °ø°ÝÇÏ´Â Brute Force °ø°ÝÀ» ¼öÇàÇÏ°Ô µÈ´Ù.

ÀÌ ÅøÀ» ÀÌ¿ëÇؼ­ ¾î´À ÇÑ È¸»çÀÇ Æнº¿öµå¸¦ Á¡°ËÇØ º» °á°ú 10ºÐ À̳»¿¡ 18%ÀÇ Æнº¿öµå°¡ Å©·¢µÇ¾úÀ¸¸ç, 48½Ã°£À̳»¿¡ 98%ÀÇ Æнº¿öµå°¡ Å©·¢µÇ¾ú´Ù°í ÇÑ´Ù.

ÀÌ ÅøÀ» ÀÌ¿ëÇÏ¿© NT »ç¿ëÀÚµéÀÇ Æнº¿öµå¸¦ ÁÖ±âÀûÀ¸·Î Á¡°ËÇÏ¿© ¿ø°Ý¿¡¼­ÀÇ Æнº¿öµå À¯Ãß°ø°Ý¿¡ ´ëºñÇÏ°í ±â°üÀÇ Æнº¿öµå Á¤Ã¥¿¡ À§¹ÝµÇ´Â Æнº¿öµå¸¦ »ç¿ëÇÏ´Â »ç¿ëÀÚ¿¡°Ô ÁÖÀǸ¦ ÁÙ ÇÊ¿ä°¡ ÀÖ´Ù.

´Ù. Legion (http://packetstorm.securify.com)

LegionÀº À©µµ¿ìÁî ½Ã½ºÅÛ ÆÄÀÏ °øÀ¯»óŸ¦ Á¡°ËÇÏ´Â µµ±¸·Î½á NT»Ó¸¸ ¾Æ´Ï¶ó À©µµ¿ì ½Ã½ºÅÛ ÀüüÀÇ °øÀ¯»óŸ¦ Á¡°ËÇÏ¿© ºÒÇÊ¿äÇÑ °øÀ¯¸¦ Á¦°ÅÇÏ°í °øÀ¯°¡ ÇÊ¿äÇÒ °æ¿ì ¹Ýµå½Ã Æнº¿öµå¸¦ ¼³Á¤ÇÒ ÇÊ¿ä°¡ ÀÖ´Ù. ÃÖ±Ù À©µµ¿ìÁî ½Ã½ºÅÛÀÇ º¸È£µÇÁö ¾ÊÀº ³×Æ®¿öÅ© °øÀ¯¸¦ ÀÌ¿ëÇÑ ÀÎÅÍ³Ý ¿úÀÌ È®»êµÇ°í ÀÖ´Ù. network.vbs, 911 ¿ú µîÀº ³×Æ®¿öÅ© °øÀ¯¿¡ ºÒ¹ýÀûÀ¸·Î Á¢±ÙÇÑ ÈÄ ¿ª½Ã °øÀ¯ ÆÄÀϽýºÅÛ¿¡ ´ëÇÑ º¸¾ÈÀÌ ÀÌ·ç¾îÁöÁö ¾ÊÀº ´Ù¸¥ ½Ã½ºÅÛ¿¡ ħÀÔÇÏ¿© DDoS Åø°ú °°Àº ÇØÅ·µµ±¸¸¦ ¼³Ä¡Çϱ⵵ ÇÑ´Ù.


[Âü°í ¹®Çå]

Securing Windows NT Installation,
http://www.microsoft.com/ntserver/security/exec/overview/Secure_NTInstall.asp

Microsoft Internet Information Server 4.0 Security Checklist,
http://www.microsoft.com/technet/security/iischk.asp

Securing NT,
http://www.ntbugtraq.org/focus/microsoft/nt/ntsecure_gs.html

Securing IIS,
http://www.ntbugtraq.org/focus/ms/iis/iissecure.html

Windows NT Security Features and Future Direction,
http://www.microsoft.com/ntserver/security/techdetails/prodarch/CoopersLybrand.asp

Microsoft Security Program: Rrequently Asked Questions:

Microsoft Security Bulletin(MS99-025)
http://www.microsoft.com/technet/security/bulletin/fq99-025.asp

Defending against RDS attacks,
http://www.wiretrip.net/rfp/p/doc.asp?id=29&iface=2

À©µµ¿ì»ç¿ëÀÚ±×·ì,
http://windows.designweb.org/
CIS, http://www.cerberus-infosec.co.uk/
L0phtCrack, http://www.l0pht.com/

Legion,
http://packetstorm.securify.com/
http://www.microsoft.com/security/
http://www.microsoft.com/technet/
http://www.securityfocus.com/
http://www.ntfaq.com/
http://www.ntfaq.co.kr/






Ãâó : cert
     
15   MySQL ¿¡·¯Äڵ庰 ¿¡·¯¸Þ¼¼Áö ÀÔ´Ï´Ù.  1day 05¡¤08¡¤16 472810
14   ÀÎÅͳÝÀÇ »Ñ¸® TCP/IP ³×Æ®¿öÅ© ¹Ù·Î¾Ë±â  1day 04¡¤02¡¤12 37998
13   ·¹µåÇÞ ½Ã½ºÅÛ ÃÖ½ÅÀ¸·Î À¯ÁöÇÏ±â  1day 04¡¤02¡¤03 36018
12   Sendmail ¸ÞÀϼ­¹öÀÇ ½ºÆÔ¸±·¹ÀÌ ´ëÀÀ¹æ¹ý  1day 04¡¤02¡¤01 40402
11   Ä§ÇØ»ç°í ´ëÀÀ¹æ¹ý ¹× ÀýÂ÷  1day 04¡¤02¡¤01 36703
10   ³×Æ®¿öÅ© ½º´ÏÇÎ ±â¼ú ¹× ¹æÁö´ëÃ¥  1day 04¡¤02¡¤01 45737
  À©µµ¿ì NT¼­¹ö ¹× IIS º¸¾È °ü¸®  1day 04¡¤02¡¤01 46429
8   Solaris Network Kernel Tunning for Security  1day 04¡¤01¡¤31 40572
7   ¾ÈÀüÇÑ À¯´Ð½º ÇÁ·Î±×·¡¹ÖÀ» À§ÇÑ Áöħ¼­ V.0.7  1day 04¡¤01¡¤30 39806
6   Abnormal IP Packets  1day 04¡¤01¡¤28 41969
5   DNS ¾ÈÀü¿î¿ë°¡ÀÌµå  1day 04¡¤01¡¤20 52697
4   MTX ¿ú¹ÙÀÌ·¯½º ºÐ¼® º¸°í¼­  1day 04¡¤01¡¤17 38607
3   IP FragmentationÀ» ÀÌ¿ëÇÑ °ø°Ý±â¼úµé  1day 04¡¤01¡¤14 39656
2   ¸®´ª½º ½Ã½ºÅÛ °ü¸®ÀÚ¸¦ À§ÇÑ º¸¾È Áöħ¥°  1day 04¡¤01¡¤14 38852
1   ¿î¿µÃ¼Á¦¿Í Ä¿³Î Â÷¿ø¿¡¼­ÀÇ Æ©´× ¹× º¸..  1day 04¡¤01¡¤11 36301
1
Copyright 1999-2025 Zeroboard / skin by GGAMBO
Copyright (c) 2003~2004 by 1day all rights reserved.