中文摘要

K n

~M T N o i t A U A a H K Q

A T s N C H k o i M

S A]_H w C]A F A i a B

~A z x U I s T A~b w

o e i w I o Y X]D C D n N O

m j W y t A U z t o I T M

R yòo C s H D y(Active Scanning)?M Q y(Passive

Scanning)aI i A Web S erver B FTP S erver?B

Mail Server?B DNS Server?B~t T SSL T A N o

I T s J w A i B p R A H Q o U A q C

t~i z L CVE(Common Vulnerabilities and Exposures)?z I w M

A z I T A Q y U A z I C t i H w

M S w i y A N H HTML e z

d C b t A s H x W A w e

M A A o x W U A q M z I

A t~]X w C

r G B w B j W y B A

-

-

i

Abstract

Internet services are becoming more popular and convenience as the information technology and network applications advance daily in the last few years. To ensure the quality and accessibility of Internet, the network security is an important concern. In order to maintain the reliability, continuity and its quality of Internet services, domain administrators must have access to the most updated information of every node within the network domain, so that they can take any precautionary steps or provide immediate solutions to decrease damages of network security incidents. The purpose of this thesis is to establish a Large-scale network security scanning system, which assists domain administrators in obtaining network nodes information efficiently, and analyzes the scanning data automatically. The research evaluate the targeted network nodes by using both Active Scanning and Passive Scanning methods; and collecting version information of Web Server, FTP Server, Mail Server, DNS Server, Operational System, and SSL. Furthermore, store those networks nodes information into the database for further analysis and comparison. Moreover, collecting the vulnerabilities of Internet service by using Common Vulnerabilities and Exposures (CVE) Information database, and then the vulnerabilities ratings of various Internet services can be obtained. The network security scanning system can be used to scan the targeted network domain periodically and consistently, and the scanning reports are available to domain administrators in HTML format. This research used Taiwan network domain for evaluation purpose, the study covers the most common used servers, obtained the version information and overall vulnerabilities rating of various server in this domain. At the same time, the recommendations for insuring network securities are provided. Keywords: Internet, Network Security, Large-scale scanning, Network Services

- ii -

x

s A A

A b A A

A

b o q D P A X h v x I A o H Q C

n P O G i A G N W Y A A H

A b g q L C g L G v I A]

[c W A g][y C~b f A]Q

P B f e f A h_Q N A

w A H o G C

b o n J P P n B B k s B B…μ_L

D A P A_q B C M y A o G~l L o

[R A~]n S O P M W A]A P U A o

D b C n O S O P x W M B z(CERT/CC)aU A]A F~B j O P B H s B u G B

Q S B z B H O U A A g Q C]

A A_A]o o h_Q P g A o G~

s l A A I C

A P a H H f f A A U A y M]e A

Q A H g m R a H C

L f t P

w j T z s

E Q~

-

iii -

K n (i)

Abstract (ii)

x (iii)

(v)

(vii)

(1)

1.1 ?e (1)

1.2 ?s I (1)

1.3 ?s P (4)

1.4 3c (5)

G s e P k (6)

2.1 ?s d P] (6)

2.2 ?s y (6)

2.3 ow d B J (7)

T j W w d t]p (13)

3.1 ?s z (13)

3.2 |w t]p D Q (17)

3.3 ±y G R]p (19)

3.4 ?s (20)

A w d (21)

4.1 ?d (21)

4.2 1 (21)

4.3 ?p R (22)

4.4 |w (45)

P s V (52)

5.1 ?s G P m (52)

5.2 μP (53)

5.3 ￥s V (53)

m (55)

- iv -

1-1 ?z I i (Vulnerabilities Reported) (3)

2-1 HOST ? (8)

2-2 Date (8)

2-3 Class C IP (9)

2-4 Service ? (9)

2-5 -I (10)

2-6 ?z I w (10)

3-1 3q T d C (13)

3-2 HTTP/1.1W d (14)

3-3 Xprobe ?~t O (17)

4.1 1 (22)

4-2 Web Server ap (23)

4-3 Microsoft IIS ¤ (24)

4-4 Apache ¤ (24)

4-5 Netscape ¤ (24)

4-6 Web Server aq p (24)

4-7 Microsoft IIS ¨t C q p (25)

4-8 Apache ¨t C q p (25)

4-9 Netscape ¨t C q p (25)

4-10 Web Server L q p (26)

4-11 Mail Server aq p (27)

4-12 Sendmail ¨t C (27)

4-13 Microsoft ESMTP MAIL Service v5.0 t C (28)

4-14 Microsoft Exchange v5.5 ¨t C (28)

4-15 Mail Server ap (28)

4-16 Sendmail ¨t C p (29)

4-17 Mail Server ¨L p (29)

4-18 FTP Server ap (30)

4-19 Microsoft IIS ¨t C (30)

4-20 Serv-U ¨t C (31)

4-21 Wu-FTP ¨t C (31)

- v -

4-22 FTP Server ap (31)

4-23 Microsoft IIS ¨t C p (32)

4-24 Serv-U ¨t C p (32)

4-25 Wu-FTP ¨t C p (33)

4-26 FTP Server ¨L p (33)

4-27 SSL ¤ (34)

4-29 §~t p (37)

4-30 §~t p (37)

4-31 Windows Base ¤p (40)

4-32 Windows Base 2p (40)

4-33 UNIX Base ¤p (41)

4-34 UNIX Base 2p (41)

4-35 §~t L p (43)

4-36 §~t L p (43)

4-37 Web Server ?w (45)

4-38 Microsoft IIS ¨t C w (45)

4-39 Apache ¨t C w (46)

4-40 IIS/5.0 ?M Apache/1.3.x w (46)

4-41 Mail Server |w (47)

4-42 Sendmail ¨t C w (47)

4-43 FTP Server |w (48)

4-44 DNS |w (48)

4-45 §~t w (49)

- vi -

1-1 ￥y s D (2)

1-2 ￥x W s D (2)

1-3 ￥x W WWW Server 2p (3)

1-4 ¤J I p (4)

2-1 ?s y (7)

3-1 Web Server ±y (15)

3-2 Mail Server ±y (15)

3-3 FTP Server ±y (16)

3-4 DNS y (16)

4-1 |w d k (21)

4-2 Web Server ap (23)

4-3 ￥y Web Server p (26)

4-4 Mail Server ap (27)

4-5 FTP Server ap (30)

4-6 SSL |v p (34)

4-7 DNS ap (35)

4-8 §~t p (37)

4-9 Windows Base 2p (40)

4-10 UNIX Base 2p (41)

4-11 §~t L p (43)

4-12 BIND Bug (49)

-

vii -

1.1 ?

s A A

A A A

b A A A A s A

A

A a K Q A]a s A o C b J I

h X a A Q~t n z I A i T s

C q M B z/¨(CERT/CC)?d i A t

z I(Vulnerabilities)2p2000~1,090W[2001~2,437C o

t z I v W[A Q d]H X j C]H

~A F w p H A i]k C q D

Q J I a I C

a K Q A O z L f r i J I

]H W[C e j W(Internet Worm)·P V C O W

CodeRed(§O W B N X)aA b P V250,000x q F

t O W Nimda A Q Windows~t F B Outlook q l l M P V IIS A a A b P V W L100,000x q C o M f r w g A Q P V A O D

Q~t n z I A z L K Q A i J I P

a C

1.2 ?s

Network Wizards q p A I2002~1y s D w

- 1 -

d U x]p1-1?A]i1-2D x W s D T U

x C q o G i H X A x W a O y A b

k o i A A]H W h A l N O WWW Server?C1-3 ]k H x W T(TWNIC)?p A x W a WWW Server q

I2002~2w F54,952A P2001~A G W[F d

h WWW Server?A]A P o i K Y C

1-1 ￥y s D

G Network Wizards (https://www.doczj.com/doc/0918676854.html,.tw/)

1-2 ￥x W s D

G Network Wizards (https://www.doczj.com/doc/0918676854.html,.tw/)

- 2 -

1-3 ￥x W WWW Server 2p

G https://www.doczj.com/doc/0918676854.html,/

o F A H l N s b M I C M

W A a H h o i A X~A o A H~

t]Q o A H~b

C A h a CERT(Computer Emergency Response Team)

A p w DFN-CERT?

B CERT-kr?B D w AUSCERT?B H x W TWCERT?

C o c t d w B z p A[j w

C]CERT/CC p A q1995~2001~z I i d h

(a1-1)?A B I2001~F100,369J I D U A~

p T p1-4A i~J I W[t A]t

w O C

1-1 ?z I i (Vulnerabilities Reported)

~1995 1996 1997 1998 1999 2000 2001 Total q171 345 311 262 417 1,090 2,437 5033

G https://www.doczj.com/doc/0918676854.html,/

- 3 -

1-4 ¤J I p

G https://www.doczj.com/doc/0918676854.html,/

1.3 ?s

t A A A t a

A A

s A s

A a A t

b A A

A A A s

A b s b

A

1. ?s p v y s A T A o j[v C

- 4 -

2. ?j W y A T w y t C

3. ?I T w A W i R O A o x s

T p C

s H x W A j W I~t x A T A x W I T w A w P~t x U A w z I T A s z I w C Q w A P I i R p A Y i F x W a

w C d G]i p x W a w A C

s w z I o G A i g I T w R P p A o z I x W C

1.4 3c

A s s A

c s A s s s

t

A t s

s A A A

b A s

A s A s

- 5 -

s

2.1 ?s

a s A A s A

A b a A s A

t b A

A A A t

A s

t A A t A

WWW?B MAIL?B FTP?B DNS?B SSL T A

P z I w i A H w C

2.2 ?s

s t A t

A A A A

s

s[c A X s y(|p2-1)?A p U G

1. °w u B A(Service Fingerprinting)?B y s A Q

k U s I T C

2. ¤R u A W w d t[c A w t U

]q A H Q F C

3. ?c I T u C

4. ￥s H x W s A Q c n T u A U

- 6 -

I T l A G C

5. μP C w T Q M R A X M C

2-1 ?s y

2.3 o

A b

c

A

B J B W j W y w

j W I T t A I T]A~t

T A T A A T N H Web Server?B FTP Server?B Mail Server?B SSL DNS Server T D C w t MySQL[1]?A w[c p

- 7 -

2-1~2-4A H K N A H Q d M C U p

U G

Host G D n x s I T C

Class C IP G s y IP Address?C

Date G s y C

Service G x s I A n T C

2-1 HOST ?

W A

IP

IP VarChar

P

15

d G210.71.14.90 HostNam

e VarChar 100 D W

d G https://www.doczj.com/doc/0918676854.html,.tw Typ

e Int(Unsigned) D W k(￥H N)

1 edu 5 org

2 gov 6 mil

3 com 7 idv

4 net 8 other

OS_Version VarChar 100 ~t T

d G Sun Solaris 2.3-2.8 Date_ID Int(Unsigned) Servic

e O

d G

1(90.01.01)

2(90.01.16)

2-2 Date

W A

P 1(90.01.01)

Date_ID Int(Unsigned)

2(90.01.16)

Date Char 8 90.01.01

- 8 -

2-3 Class C IP

W A

11 IP

IP VarChar

d G210.71.14.90

2-4 Service ?

W A

IP VarChar 15 IP

d G210.71.14.90

Stype Int(Unsigned) A(￥H N)

1 WWW 4 SSL

2 FTP 5.DNS

3 MAIL

S_version VarChar 150 A T

d G Microsoft-IIS/5.0 Domain_ID Int(Unsigned) D W k(￥H N)

1 edu 5 org

2 gov 6 mil

3 com 7 idv

4 net 8 other Date_ID Int(Unsigned) Service O

d G

1(90.01.01)

2(90.01.16)

B J G B~t A w z I

j z I~t A o z I e

[H Q A i V v D k s q C]~t A w z

I T s J w A i H F w p C s z I w H A

d A D n q CVE[2]?w z I T C

- 9 -

z I A h A]A Buffer Overflow?B Design Error A B b

P s N N q S P A w o h A h[3][4]′X z I[A N z I A y v T k C b]

z I T A I p2-5G

2-5 -I

DoS _A(Denial of Service)?C

G Q t q i

A q A P q L k

A C t~p G h x q i A h y

DDoS(Distributed Denial of Service)?C

Gain Privilege o v C

G Q t A i o B~v

C o d]A t z(root?B administrator

supervisor)?v B v L v A

Q o v Q n R O C

Info Leak C

G o a C

Miscellaneous c N C

G L z I v T A]A Virus?B Worm C

W A N J w A q z I w

s C w[c p2-6G

2-6 ?z I w

W A

ID Int(Unsigned) z I s

A

10

Server VarChar

d G WWW B FTP B MAIL…

W

100

Vname VarChar

d G Sendmail mail.local

Vulnerabilities

- 10 -

CVE Int(Unsigned) CVE s

d G CVE-2000-0319 Description text z I y z

d G mail.local in Sendmail

8.10.x does not properly id…Platform VarChar 100 v T x A~t W

A

d G Sendmail 8.10x Impact text v T

d G Failur

e to Handle

Exceptional Conditions

I G_A

1

DoS Char

Gain Privilege Char 1 I G o v

Info Leak Char 1 I G

Miscellaneous Char 1 I G c N

B J T B j W y t]p

1. ?g y t D C

2. ?w d C

3. °w I A T p U G

(1). Web Server 3n T

(2). Mail Server 3n T

(3). FTP Server 3n T

(4). DNS Server 3n T

(5). SSL ?T

(6). ~t n T

-

11 -

4. ?W z T A B J w A N T g J w C

B J B z I T

U~t t o G w q A H s o G z I T A[H k C

B J B y G p P R w

N s I T s J w A z A H Q t d w C

- 12 -

t

3.1 ?s

(Internet Assigned Numbers Authority, [5])?X q T C[6]?w q q T T d A p3-1C s n

Q A A Web Server?B Mail Server?B FTP Server?B DNS Server M SSL q T d A o Web Server q T80(HTTP)?B Mail Server q T25(SMTP)?B FTP Server q T21(FTP)?B DNS Server q

T25(DOMAIN)￥H SSL(HTTPS)aq T443?C P A

P IP A b s y d C

3-1 3q T d C

d(°)

q T(Well Known Ports) 0 - 1023

w U q T (Registered Ports) 1024 – 49151

A p H q T(Dynamic or Private Ports) 49152 - 65535

G https://www.doczj.com/doc/0918676854.html,/

j W w d t s z A F T A

s H C Perl y t A I~t A

T A H F C H U s z G

3.1.1 Web Server T y

T(World Wide Web Consortium,[7])X Hypertext Transfer Protocol -- HTTP/1.1w q W d C s W d w q

(|p3-2)A D q T80s e X HEAD / HTTP/1.0D A

- 13 -