The document discusses various types of cyber attacks including denial of service attacks, man-in-the-middle attacks, password cracking attacks, and social engineering attacks. Specific attack methods covered include TCP SYN floods, Smurf attacks, password brute force, and dictionary attacks. Defense strategies proposed include ingress filtering, disk quotas, firewalls, and intrusion detection systems.

1. C01-202
c)¸Ø¦”±

2. ©1j
c)¸ØYaª~fY

3. ï[c)¸ØYaª
• B
• œRz
• Â
• H[ž€
• µÈ
• _”…;B

4. c)¸ØfY
• ÿ_Øe´
• NxØeûUd4eØÌ,Ml6*
• F*

5. • ˆ4b
• 8œ?
• A7ªo

6. ©2j
c)¸Øóè~tû

7. c)¸Øóè-ô̸Ø
• ô̸Ø8]§kæÁæéз뙆
ý¿ÐL·
• lYô̸Ø,
– ý (Masquerade)
– g(Replay)
– ù·(Message Modification)
– œ(Denial of Service)

8. c)¸Øóè-—̸Ø
• —̸Ø8]§k(¢,)_{Ã*Y
À_Æd (J(JÁI«™†·f
• lY—̸Ø,
– ÿÓ(Eavesdropping)
– ·Ã±(Traffic Analysis)

9. c)¸Øtû
1ØŽ«
8
Xǽ 2fz§:
3®ÃPž
7m˜
6†Nx 4_{‹ÉÆ
5dÆ

10. ©3j
c)¸ØÙ,¿#7Á

11. lc)¸ØÙ,-œÙ
• œÙ¸Ø
– TCP SYN (SYN flood)
– Smurf ¸Ø
– Ping of Death
– LAND Attack
– Teardrop ¸Ø

12. lc)¸ØÙ,-FûÌ
• eØ7m
• @% (Worm)
• ÝõûÌ

13. lc)¸ØÙ,-Iü
• ¹Ÿ=§:
• WÁ¸Ø
• ¹ÞÚ® (Session Hijacking)
• Ô¸Ø (Replay Attack)
• àP (Buffer Overflow)
• ÿÓ (SniffingeEavesdropping)
• _tˆû (Social Engineering)
• دÁ (SQL Injection)

14. ©3jc)¸ØÙ,¿#7Á
œÙ¸Ø

15. œÙ¸Ø (1/2)
• œÙ¸Ø DoS (Deny of Service)
– J8;c)ûUUÞ(¾³dˆ#œd
–1)d jűc)ûU´Ðk´ë
·¦X›¯£Ð¼*jY
xdÀ@}Ž
òW«Y
ÂÔd:Q4—¸ØYôÚÐc
gÌ,ˆ#dø碵Ml¹jcgY
ÒdÇ—œ¯.d¹”jôÚÐcgi
ÐkJ¬ûÌÌ,ˆ#Y7.K1¿ÓûU
…ÚdÌ,d6f

16. œÙ¸Ø (2/2)
• lY¸ØÙÌ
– Smurf
– TCP DoS: Land ¸ØeTeardrop¸ØeTCP SYN
¸Ø
– UDP Flood DoS
– ICMP DoS

17. ±s̜ٸØ
• ±s̜ٸØH‰DDoS
– ®±sY¸ØÙÌdL¥c)jDï
DoS¸ØYôڝÛï¸Ød¯õÛœ«
*[}Ž
t]ç¸ØYfzd¿ÓÁÙ
ûU#7d ¬çÌ,Mld6f

18. DDoS ¸Øj¡
]§(1Ç
DaemonûÌ client
daemon
¸Øk
client daemon
daemon
a”ôÚ
daemon
client ICMP
Echoreply
Packets
daemon
Internet ôÚ

19. TCP SYN (SYN flood) (1/2)
• ¸Øa#j
– J;Âi4X›(TCP)m¹ÞÃ@ê¾@g£
te(three way handshake)Yx›ÚSþ£f
HOST
HOST
A
B
Send SYN Receive SYN
(seq=x)
seq=x) (seq=x)
seq=x)
Send SYN
Receive SYN (seq=y,
seq=y,
(seq=y,
seq=y, ACK=x+1)
ACK=x+1)
Receive ACK
Receive ACK
(ack=y+1)
ack=y+1)
(ack=y+1)
ack=y+1)

20. TCP SYN (SYN flood) (2/2)
• ¸ØÙÌj
– æÁ¸ØfzÔS¹HÞÿY8UgYSYN
f
– a¸ØYûU6Z J×QACK«ÐYSYN
r
Àõ•dQ×QÁÙYACK«ÐÐt@C‚
Ûœ‘Eðf
– ûU6ª‰×”QACK«Ðdþ4{•9
rÀYSYN
þÌ,Žˆ#I44kYËf

21. Smurf ¸Ø (1/2)
• a#j
– ICMP(Internet Control Message Protocol)
ø1Ôc)Âi‹1qy¬Ã¹dø:Ùc)¾
LYeØJIÞ«Ðf
– :ÙÙÌ
• ÁôÚgÂÔICMP echo request packet.
• ðôÚ×QÛd·l6«ÐICMP echo reply packet.
• ·lµH@ûJ_SH“ping”vÿ8:Ó
– ªädøûÌ8;IP ProtocolÂÔ}Žping
message
Internetj¢µ(Úœd¿Ó}Ž
Reply message¿Óc)t·Y#7f

22. Smurf ¸Ø (2/2)
• Smurf Dos Y¸ØÙÌj
– }Ž*[ÿ¿YICMP echo Request
– Zÿ¿Y
Ô?ggdÍ?gg6
«}ŽYicmp«Ð
fzeØf¿Ó»
µ4pYICMP echo reply
«ç¸ØY
fzf
– Í7jping -s 30000 192.168.30.255
• µGÙÌHÞó}YÖdÔøf—H‰ ó}è
smurf ¸Øf

23. Ping of Death
• a#
– ˜Ping of Death™J¾_ïÔ@}Y ping Ë
(ICMP echo request) dø¿ÓàP
(Overflow)d1þ¬çÌ,Ml6*Ð…Úf

24. LAND Attack
• ¸Øk; IP ý Y¦”L·CZÔY
dZI8U~fY IP gi·ÓJfzÚ
œY IP gdø¿Z8U~fz¹Ÿ=p·
‰Suf
• äG¸ØøÿT,*8ûUÐc)£ê…Ú
Ì,Ml6*
From : 60.44.35.11:23
TO: 64.44.35.11:23
fzڜ
8U~fYYIPß´ 60.44.35.11
¸Øk
8U~fYY¹Ÿ=´ Port 23 Open Crash
211.3.56.22

25. Teardrop ¸Øa#
• a#j;IP
Y
x†¸Øf
• ¸ØÙ,j
– ïÔS¾$9£@Y
êlQfzeØdµ
S
êl
^Y ÌYE=dµ4{µ
Óa8YIP
Ûd¬çc)ôÚ¬:
}ƒd¿ÓûU…Ú$e
Ml˜êl .l˜êl

26. œÙ~±s̜ٸØYÁ
• þJ4Дê4Y
• ¯)_œj£Ä
@éœÐ¼Ingress
Filtering

27. døÜ8U”¥#ÐJfzJ
broadcastY
• Ä Ä#æ
e]§»Ð]§k#ûU
• ¼?ãX(Disk Quota)

28. 
• ÄFjûU
• –?»-Ä LMæ

29. ©3jc)¸ØÙ,¿#7Á
FûÌ

30. eØ7m
• Þ”YeØûÌ(FûÌ)
– B•mYûÌ(¯$›‹1hï*(½jÚ‚ªo)
• Gó
– šÚèeæéèe6«èe$~1èePiè
–
G7m
• ¯ÙÌ
– T[¯$›ÐûÌd7: .exe, .dll, .htm, .vbs, .js
• ÂÈÄ°
– e‰eFTPec)yLeInternet c+íŽ
• fY
– NxØe›SôÚe#7c)e*¸Ø

31. @% (Worm)
• ~7m¢ló'YF
ûÌd(J(”êT
ôûÌ1”Ù
¡
‰
• @%6ƒ8eØ
UeL·ûU£›Ð¬
çûUÌ,6*f

32. Ýõû̧W
• WÝõûÌ
– a¤$~zÝõefH˜ûÌf
– ¯Internetjd“$~zÝõ”·8S,ûÌ£[p¯
I}c)jh1YÐûÌ•d£
^Yø›
SÒYeØûUYûÌd¿ÓÒYûUØ
.ƒe—NxŸôÚ#7YFYÃLÇ›ûÌf
– Client (›SL) / Server (—›SL) Vôf
– ?I$D
• ý
• =8Y¯‰
• ”¢?Ÿdp(”ô
QIüց
• d6‘ÒÐÒL=

33. Ýõû̱
• ÝõûÌ8U
– ûU—]§J¡”]
– F4k£YØ%
– B8)”üYûÌeÄ —·@Yû́
– —c)@%
Q
• Ýõóè
– ÃLÇ›è/Nxè/ŸµÏ}è/WÁÂÔè/FTPè
• ôÂgÙÌ
– e‰qæéh1/À@*8ûUÐÐûÌ
®Ã—G”
• ôfY
– ›SôÚeØÿ_e*¸Øe#7c)

34. FûÌYÁ
• Ä #m´
• Ä Ýõû̧:œ
• –?»-#m´eÝõû̧:œYØ«

35. ©3jc)¸ØÙ,¿#7Á
¹Ÿ=§:

36. ¹Ÿ=§:
• TCP/IP X›d6 65536 H¹Ÿ=d*‰Á.
¹ŸYLÃ
– TCP ~ UDP port
• ¹Ÿ=§:Yôf®¯õ»
fzeØûU
Ôš¼Y¹Ÿ=d†þ±IÞd6,c)
ø¿4JnõSG*8ûU.
A Port Scan B
Port 1000,2000,3000....
¸Ø

37. ¹Ÿ=§:YÁ
• þ”ê4YÐûÌ
• 4)_œÀ_›Sö
e#æ
eþ##
œ£›À_›SÚS
• 4IDSÆ9¹Ÿ=§:z
• EðЯ*8ûUÐJÐûÌYÆ9¾î
(banner)
• ºtл-‰»ÄŒY*8ûUeÐûÌe
·ÃX›

38. ©3jc)¸ØÙ,¿#7Á
WÁ¸Ø

39. WÁ¸Ø
• vbN (Brute-force attack)
– À@”Ù“
»¢G¥,¿©Y¥QM
½‰ßY¸ØÙ,
• ¿J¸Ø (Dictionary-Based attack)
– ;lYWÁq¿d”Ù®·
¥SQN
WÁ‰ß
y¬!!
A y¬!! B
nîeWÁ

40. WÁ¸ØYÁ
• £›SHvxYWÁaÆþµHaÆ«
^
½hY£›:
– ¼
OÌWÁ»
– ¼WÁðõ—»
– ¼WÁð—4‚»
– ¼WÁy¬A›»

41. ©3jc)¸ØÙ,¿#7Á
¹ÞÚ®

42. ¹ÞÚ®Ya#
• Session Hijacking•ÖH‰˜¹ÞÚ® ™
• ¸Øa#j
– …]§k¯4kî]ôÚ(Ó…½©dC
†¹ÞÚ®d+¥,4k'ôÚœY¹Þ•Ùd
]§kYeØ_þ¥,4k~ÃLôÚ†¹d
]§kÀ_4a¥,4kÔÞÞÆÀ_Y
‚Uf
• Kra”õ1998Ë11ÜÜ3YHuntd ”Þ
“daemon9”Ü3Yjuggernautdid6Session
Hijacking

43. f

44. Session Hijacking YÁ
• D4Þd6ëLÌ…Ç(mutual
authentication)

45. YX›7½IPSECeSSH
dø­·ÃœYÄŒ.
ÃLôÚ
IPSEC / SSH
Ú®Ó

46. A B
¸Ø0»

47. ©3jc)¸ØÙ,¿#7Á
Ô¸Ø (Replay Attack)

48. Ô¸Ø (Replay Attack)
• a#j
– ¸ØkõÿÓc)d_(¾}Y·ÃPÙÂÔ
Y¯ÇÃd˜© Ôµ…¯ÇÃøÿ½TH
$ލ–LY4kdø:QÀ_ûUY]§f
Yf
• Áj
– –L£›®0õÞÖÛœS
– ®ÆP£ÇYÄŒÌX›

49. ©3jc)¸ØÙ,¿#7Á
àP(Buffer Overflow)

50. àP (Buffer Overflow)
• £¯ûÌ•Ô
SY¾³ï
Í7:
#include stdio.h
ìt@4Ԑ
#include string.h
ˆ#YØŽÛd void func(char *p)
func(char
16¿ÓÔWY {
char buffer1[10];
buffer1[10];
àPYK strcpy(buffer1,
strcpy(buffer1, p);
1f printf(buffer1);
printf(buffer1); }
Int main (int argc, char *argv[])
main(int argc, *argv [])
{
func(
func(“I am the law in the network”);
network”
return 0; }

51. àP˜ÄŒB¤
• Póè
– I®(local buffer overflow)
– ÃL(remote buffer overflow)
• ÄŒB¤
– ‘c)ÿ_Ø
– †*̸Ø
• #7Á
– –?»-~Ä LMæ(patches)
– ’5Ä ~4J¾»
Ьƴ

52. ©3jc)¸ØÙ,¿#7Á
ÿÓ

53. ÿÓ
• ÿÓJl—4Y—̸Ø,
– Ú
(èV±«™
– N÷WÌØ
• SnifferBÛ6ZTÄc)£›Ó‡Úˆ#
|Ì(Promiscuous Mode), p1J”‚
Y@é
• ªÐÁj
– 4switch _þ hub
– 4ÄŒYX›ÐJ

54. ©3jc)¸ØÙ,¿#7Á
_tˆû

55. _tˆû
• _tˆûJ;¢¦”ÌÓ
ld_{ûUÀ_YÃf
7½:
– 0 ‰eM#[pÐ
[pdÚú_WÁf
• ªÐ+
– v†8pˆÃÄŒºf

56. ©3jc)¸ØÙ,¿#7Á
دÁ(SQL Injection)

57. دÁ(SQL Injection) (1/2)
• دÁ (SQL Injection)
• a#j
– ¯`3ÐûÌÛdÚÞÁ4kYi]|Y
@é~ˆ#d©ZI¥ÓSQL8ÿdÂÔ
SQLserverBdð4ki]˜Ø•^ÞT,
ÁØ«ûUÞ$ÿÈYLîÐvÿÛd©
+4kÞÚ6ÁØ«ûUh:8ÿdþ¿Ó]
§Ôm8Y0f

58. دÁ(SQL Injection) (2/2)
• B¤Íj
– cgûUjApacheeIISeDominoeNetscape
– ûÌÁj ASPePHPeJSP
– Ø«jMS-SQLeMySQLeOracleeSybasee
DB2
• SQL Injection¿ÓYš”
– À@SQL InjectionÁ*Ø«dø-#e»Ð
ðØ«YØd¿ÓØr
ÐJ”M½i½
Á*Ø«Y4kƉûUM#kdÿ”
ސ¿ÓIü»

59. YNxd7½®_Ø«Y
›SÆf

60. دÁ˜ªÐÁ
• @éc+4kYinputØ
– c+ûÌpd6S,Lp8@é4ki]SQL§,
• Ø«YÆ£›
– ’5+c+YØ«4kÞ@µYØ«Æ
•

61. ø@é4shell command
– ’5ûUBQ4ki]Yshell command
• úZˆ#ÊH return code¿error codesYi
– @µy¬Ã¹6s£@µûUØd+¡ÞÚu