版權(quán)說明:本文檔由用戶提供并上傳,收益歸屬內(nèi)容提供方,若內(nèi)容存在侵權(quán),請進行舉報或認領
文檔簡介
常用的網(wǎng)路管理工具
:以桃園區(qū)網(wǎng)中心為例中央大學電算中心楊素秋Email:報告大綱1.動機2.自動寄信(Sendmail.pm)3.IP管理資訊查詢(Rwhoisd)4.Abusecomplain的自動通告5.區(qū)網(wǎng)異常訊務的偵測與通告6.結(jié)語與展望1.動機持續(xù)的網(wǎng)路異常抱怨CopyrightInfringement(違反智慧財產(chǎn)權(quán))***Spam(廣告/色情信)PortScan(弱點port掃描)Virus,mailvirus(445/TCP,139/TCP,135/TCP,…)DoS攻擊(80/TCP,554/TCP)Passwordcracking22/TCP,4899/TCP1433/TCP,3306/TCPPhishing/Fraud1.動機(cont.)SecurityEducationEducateusersAnomalyDetection(Technique)Basedonservicelogmaillog,httplog,syslog,…BasedontrafficlogNetflowdata(router/sitchrouter)layer2packetcontent(snoopedbysnort/tcpdump)AutomaticAbuseNotification2.自動寄信(Sendmailperlmodule)Sendmail.pm的安裝安裝cd/usr/ports/mail/p5-Mail-Sendmailmakemakeinstallyang#pwd/usr/ports/mail/p5-Mail-Sendmailyang#make.Mail-Sendmail-0.79.tar.gz100%of15kB21kBps===>Extractingforp5-Mail-Sendmail-0.79===>Patchingforp5-Mail-Sendmail-0.79===>p5-Mail-Sendmail-0.79dependsonfile:/usr/local/bin/perl5.8.7-found===>Configuringforp5-Mail-Sendmail-0.79Checkingifyourkitiscomplete...Readthedocs,andhavefun...**********************************************************************===>Buildingforp5-Mail-Sendmail-0.79cpSendmail.pmblib/lib/Mail/Sendmail.pmManifyingblib/man3/Mail::Sendmail.32.自動寄信(cont.)Mail::sendmail自動寄信程式#!/usr/bin/perlusestrict;useMail::Sendmail;my$ip_addr="";my$email_mgr=',';my$boundary="===============================";print$ip_addr,"",$email_mgr,"\n";
my%mail=(smtp=>'localhost',To=>"$email_mgr",From=>'',subject=>"DetectSpammingfrom$ip_addr",'Content-Type'=>"text/plain;charset=\"Big5\"",);my$body.="$boundary\n";$body.="TheIPmachineoveryourcampuswiththeaddressof";$body.=$ip_addr;$body.="machinemaybeanOpenMailRelayOrSpamsender.\n";$body.="$boundary\n";$body.="Pleasehelpownerof";$body.="themachine\n";$body.="tocheckandfixitsOpenMailRelayProblemorPatch\n";$body.="Pleasereferthedetailtrafficlogon\n\n";$body.="\n";$body.="(user:guest&password:guest)\n";$body.="ManyThanks!\nFrom:SusnaYang\n\n\n";
$mail{body}=$body;
sendmail(%mail)||print"Errorsendingmail:$Mail::Sendmail::error\n";3.IP管理資訊查詢:RwhoisdIP管理資訊的建立(a)IP管理資訊來源通訊網(wǎng)頁Moe區(qū)網(wǎng)管理人()Moeabuse主機(l)Tyc區(qū)網(wǎng)管理人()NcuSnmgclub)連線學校的IP使用列表宿舍用戶IP列表Network-Name:中央大學IP-Network:/24Admin-Contact:吳維漢Address:中央大學:Tel:65136Updated-By:,,Created:2---Network-Name:中央大學IP-Network:/24Admin-Contact:陳鎰鋒Address:中央大學:Tel:65340Updated-By:,,,Created:2---Network-Name:中央大學IP-Network:/24Admin-Contact:陳鎰鋒Address:中央大學:Tel:65340宿舍用戶IP列表,19,,6,,37,,01,,97,,9,,,,6,,5,,2,,4,,59,,02,,4,,1,,5,,3,,9,,75,Network-Name:中央宿網(wǎng)IP-Network:Admin-Contact:Address:NCUDormUserUpdated-By:Created:2---Network-Name:中央宿網(wǎng)IP-Network:Admin-Contact:Address:NCUDormUserUpdated-By:Created:2---Network-Name:中央宿網(wǎng)IP-Network:Admin-Contact:Address:NCUDormUserUpdated-By:Created:2IP管理資訊查詢:Rwhoisd(cont.)(b)IPRoutingTable&ResponsiblemanagersSNMPipRouterMIB&Tyc_manager_listsnmpwalk-v1-ccommunity
21..1.1.11>$infilesnmpwalk-v1-ccommunity21..1.1.7>$infilesnmpwalk:fetchaSNMPsub-treedata需安裝net-snmp3.IP管理資訊查詢:Rwhoisd(cont.)(c)DataextractionWgetwebcontent/usr/local/bin/wget-O/netflow/spam/spam.html.1Extractthewanteddataentriesif(/([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+/){if($4eq“桃園區(qū)網(wǎng)-中央大學”){
printf(FNO"%s,%s\n",$1,$4);}}ConvertthetextfileCorrespondencetorwhoisddataschemesnmpwalk-v1-ccommunity21..1.1.11>$infileRFC1213-MIB::ipRouteMask.=IpAddress:RFC1213-MIB::ipRouteMask.=IpAddress:RFC1213-MIB::ipRouteMask.=IpAddress:RFC1213-MIB::ipRouteMask.=IpAddress:RFC1213-MIB::ipRouteMask.=IpAddress:RFC1213-MIB::ipRouteMask.=IpAddress:RFC1213-MIB::ipRouteMask.=IpAddress:RFC1213-MIB::ipRouteMask.=IpAddress:RFC1213-MIB::ipRouteMask.=IpAddress:RFC1213-MIB::ipRouteMask.=IpAddress:RFC1213-MIB::ipRouteMask.=IpAddress:RFC1213-MIB::ipRouteMask.=IpAddress:Interf_IP==Sub_network_IP::NetMask::Segments---------------------------------------------------------------------------------05==::()::1,4==::()::4,::()::1,95==::()::2,80==::(52)::1,::()::1,::()::1,::()::1,::()::2,::()::4,::()::4,::()::2,::()::1,::()::2,::()::1,97==::()::1,06==::()::1,5,,,165,,,165,,,165,,,165,,,165,,,169,,,329,,,329,,,329,,,329,,,329,,,329,,,329,,,329,,,32Tyc_manager檔37;中央大學(1);戴元任;;4227151~57504;4252561;桃園縣(320)中壢市中大路300號;37;元智大學;蔣國強;;4638800~325;;桃園縣(320)中壢市內(nèi)壢遠東路135號;1;中原大學;葉平;,;4563171~2910;2652999;桃園縣(320)中壢市普仁里二十二號;;中正理工學院;鄭大力;;3809331;3806737;桃園縣(335)大溪鎮(zhèn)員樹林中正理工學院;99;國防大學;鄭大力;;3809331;3806737;桃園縣(335)大溪鎮(zhèn)員樹林中正理工學院;45;國防大學;黃麗燕;;4890513;4890513;桃園縣(325)龍?zhí)多l(xiāng)中興路56號;3.IP管理資訊查詢:Rwhoisd(cont.)IP管理資訊查詢clientyang#telnet04321Trying0...Connectedtoyang.Escapecharacteris'^]'.%rwhoisV-1.5:003fff:00.tw(byNetworkSolutions,Inc.V-)
network:Auth-Area:/16network:Class-Name:networknetwork:Network-Name:中央大學network:IP-Network:/24network:Admin-Contact;I:許健平network:Address:中央大學:network:Tel:57504network:Updated-By:,network:Created:23.IP管理資訊查詢:Rwhoisd(cont.)(c)設定databaseschema&soa檔more/usr/local/rwhoisd/net-/schemaname:networkattributedef:net-/attribute_defs/network.tmpldbdir:net-/data/networkSchema-Version:200000---name:referralattributedef:net-/attribute_defs/referral.tmpldbdir:net-/data/referralSchema-Version:200000yang#more/usr/local/rwhoisd/net-/soaSerial-Number:200000Refresh-Interval:3600Increment-Interval:1800Retry-Interval:60Time-To-Live:86400Primary-Server::4321Hostmaster:.twdatabasesoa檔3.IP管理資訊查詢:Rwhoisd(cont.)(d)產(chǎn)生index&執(zhí)行rwhoisdSetup.sh#!/bin/sh######cleanuprwhoisdictionaryfilesfind.\(-nameindex\*-o-namelocal*-o-name\*.txt.\*\)-print|\xargsrm-f######reindexbothorganizationalandnetworkecho'reindexingnetworkinformation'/usr/local/rwhoisd/bin/rwhois_indexer-Cnetwork-i-v-stxt######rwhoisddaemon/usr/local/rwhoisd/sbin/rwhoisd-c/usr/local/rwhoisd/etc/rwhoisd/samples/rwhoisd.conf&4.Abusecomplain的通告TANetabuse處理程序OriginalcomplainsendtoMOE網(wǎng)管人工分送各區(qū)網(wǎng)abusecontact,,...各區(qū)網(wǎng)管再分送連線學校abusecontact,,…連線學校網(wǎng)管再分送abuseIP使用者4.Abusecomplain的通告(cont.)自動化分送abusecomplain的必要時效性收到moe轉(zhuǎn)來的通告時,已經(jīng)delay區(qū)網(wǎng)若再delay,抱怨信已經(jīng)滿天飛超大量的complainMOE(>600pieces/day)區(qū)網(wǎng)(>20pieces/day)重複地轉(zhuǎn)送信工作(枯燥)4.Abusecomplain的通告(cont.)自動分送abusecomplain的工作模組Parsing信件檔Catalog,Fragment個別信件與存檔spam,mailproxy,unsolicitedmailAttack,portscan,DoSInfringement,copyright,fraud,phishExtract抱怨的IPsourceaddress遠端查詢rwhoisd管理資訊轉(zhuǎn)寄抱怨信thecontactperson4.Abusecomplain的通告(cont.)system("/bin/cp/var/mail/yang$sessdir/yang_$hour$min");system("/bin/mv/var/mail/yang$sessdir/yang");###$c:switchofeachmailitem###openINF,"cat$sessdir/yang|";$q=0;while(<INF>){###//StartofaEmail//###
if((/^From\s(.*@.*)\s/)||(/^From\s/)){$q++;$outmail_pre=sprintf("%s/%d",$sessdir,$q);close($outmail_pre);sleep1;$outmail=sprintf("%s/%d",$sessdir,$q);open(MAIN,">$outmail");$new_mail=0;$fraud_cause[$q]==0;$inf_cause[$q]=0;$spam_cause[$q]=0;$scan_cause[$q]=0;$check_sw=0;}4.Abusecomplain的通告(cont.)if($new_mail==0&&($inf_cause[$q]==0&&$fraud_cause[$q]==0&&$spam_cause[$q]==0&&$scan_cause[$q]==0)){if($check_sw==0){if(/(Fraud|FRAUD|fraud|PHISH|Phish|phish|scam|<B6>B<C4>F)/){$fraud_cause[$q]++;print$q,"",$fraud_cause[$q],"Fraud\n";$cause[$q]="Fraud/Phish";$check_sw=1;next;}elsif(/(Infringe|infringe|P2P|unauthor|Unauthor)/){$inf_cause[$q]++;print$q,"",$inf_cause[$q],"Infringer\n";$cause[$q]="Infringement";$check_sw=1;….4.Abusecomplain的通告(cont.)elsif((/(SpamCop|Spam\b|spam\b).*([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)/)&&$c==0){print"rule_4_SP1\n";print$&,"\n";$_=$&;if(/([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)/){$ip_addr=$1;if($notified{$ip_addr}<1){$notified[$ip_addr]++;print$ip_addr,"\n";printf("%d%s%10s|Spam\n",$q,$ip_addr,$cause[$q]);printf(FNO"%d%s%10s|Spam\n",$q,$ip_addr,$cause[$q]);printf(FN_MON"%d%s%10s|Spam\n",$q,$ip_addr,$cause[$q]);$qq++;$c++;next;}}4.Abusecomplain的通告(cont.)ayang#more/home/qos/Spam/spam_06===========================AbuseComplaimMail[06-01]---------------------------330Spamming-----105Spamming|Spam119Spamming|Spam1333Spamming|Spam21Spamming|Spam2231Spamming|Spam===========================AbuseComplaimMail[06-02]---------------------------27Infringement2708Infringement2869Infringement2997Infringement4.Abusecomplain的通告(cont.)ayang#more/netflow/spam/0620/fl_spam-----159Infringement21Infringement31Infringement483Infringement54Infringement659Infringement724Infringement899Infringement9Spamming4.Abusecomplain的通告(cont.)安裝Net::RwhoisperlmoduletarxvfNet-Rwhois-0.09.tarcd/usr/local/src/Net-Rwhois-0.09
perlMakemakemakeinstallManifyingblib/man3/Net::Rwhois::Transfer.3Installing/usr/local/lib/perl5/site_perl/5.6.1/Net/Rwhois.pmInstalling/usr/local/lib/perl5/site_perl/5.6.1/Net/Rwhois/ResultSet.pmInstalling/usr/local/lib/perl5/site_perl/5.6.1/Net/Rwhois/Connection.pmInstalling/usr/local/lib/perl5/site_perl/5.6.1/Net/Rwhois/WhoisQuery.pmAbusecomplain的通告(cont.)subrwhois(){my($ip_addr)=@_;my$unit;my$school;my$email_mgr;
require5.003;useNet::Rwhois;$client=newNet::Rwhois(Host=>".tw",Port=>4321);$client->open();$result_set=$client->execute_query(Query_String=>$ip_addr,Limit=>60);@results=$result_set->get_objects();$buf=$client->results_to_string(@results);return$buf;}Abusecomplain的通告(cont.)$fn_in=sprintf("%s/fl_no",$indir);open(FD0,"cat$fn_in|");while(<FD0>){if(/(\d+)\s+(\S+)/){$fn=$1;$ip=$2;print$fn,":",$ip,"\n";
$buf1=rwhois($ip);
($tmp1,$unit)=split("network-name:",$buf1);($school,$tmp2)=split("ip-network:",$unit);($tmp3,$manager)=split("updated-by:",$tmp2);($email_tmp,$tmp4)=split("created:",$manager);($email_mgr_1,$tmp5)=split("updated:",$email_tmp);chomp($school);chomp($email_mgr_1);$email_mgr=$email_mgr_1.",center7\@.tw";$date1="$mon$mday";
&mail_tyc($ip,$email_mgr,$date1,$fn);}#end_if}#end_whileclose(FD0);submail_tyc(){my($ip_addr,$email_mgr,$date1,$fn)=@_;usestrict;useMail::Sendmail;my%mail=(smtp=>'localhost',To=>"$email_mgr",From=>'',subject=>"Scan/Spam/InfrinfementComplaintabout$ip_addr",'Content-Type'=>"text/plain;charset=\"Big5\"",);my$body.="$boundary\n";$body.="Scan/Spam/InfrinfementComplaintaboutIP:";$body.=$ip_addr;$body.="Thesystemthatmighthadbeeninfectedbyhacker,\n";$body.="Pleasehelptheownercheck&fixthesystem.\n";$body.="ManyThanks!\nFrom:SusnaYang\n";
$body.=`/bin/cat/netflow/spam/$date1/$fn`;$body.="$boundary\n";
$mail{body}=$body;
sendmail(%mail)||print"Errorsendingmail:$Mail::Sendmail::error\n";}5.區(qū)網(wǎng)異常訊務的偵測與通告FloodingDetectionSystem,FDS網(wǎng)路訊務量測能提供良好的網(wǎng)路監(jiān)測能偵測網(wǎng)路安全問題協(xié)助診斷/解決網(wǎng)路問題協(xié)助網(wǎng)路的規(guī)劃與擴充網(wǎng)路異常訊務偵測FlowFloodingDoSattack,PortScan,Sshcracking,SpamICMP/UDPPacketFloodingSource_socket Destination_Socket{Src_IPsrc_port/TCP}{dest_IPdest_port/TCP}ConnectionRequestAcceptConnectionsend/recvdataCloseconnection5.區(qū)網(wǎng)異常訊務的偵測與通告(cont.)openIN,"<$infile";while(<INF>){if(/(\S+)\s+(\S+)\s+(\d+)\s+(\d+)+\s+(\S+)\s+(\S+)\s+(\S+)/){$src_ip=$1;$dst_ip=$2;$src_p=$4;$dst_p=$5;$proto=$3;$pkts=$7;$bytes=$6/1000;if($pkts>0){$pkt_size=$bytes/$pkts;}##//@sitem=split(/\./,$src_ip);@ditem=split(/\./,$dst_ip);if($proto!=6){next;}if($pkt_size>0.060){next;}$evil_flow=$src_ip.">#.#.#.#.(".$dst_p.")";elsif($pkt_size<0.060&&$pkt_size>0.046){${"6".flow}{$evil_flow}++;${"6".sum_pkt}{$evil_flow}+=$pkts;${"6".sum_byte}{$evil_flow}+=$bytes;}}#end_while5.區(qū)網(wǎng)異常訊務的偵測與通告(cont.)5.區(qū)網(wǎng)異常訊務的偵測與通告(cont.)5.區(qū)網(wǎng)異常訊務的偵測與通告(cont.)submail_tyc(){my($ip_addr,$email_mgr,$date1)=@_;usestrict;
useMail::Sendmail;print$ip_addr,"",$email_mgr,"\n";my%mail=(smtp=>'localhost',To=>"$email_mgr",From=>'',subject=>"DetectSpammingHost$ip_addrfromYourCampus",'Content-Type'=>"text/plain;charset=\"Big5\"",);my$body.="$boundary\n";$body.="TheIPmachineoveryourcampuswiththeaddressof";$body.=$ip_addr;$body.="machinemaybeanOpenMailRelayOrSpamsender.\n";$body.="\nSRC_IP>#.#.#.#.(Serv_port)Flowspk_si
溫馨提示
- 1. 本站所有資源如無特殊說明,都需要本地電腦安裝OFFICE2007和PDF閱讀器。圖紙軟件為CAD,CAXA,PROE,UG,SolidWorks等.壓縮文件請下載最新的WinRAR軟件解壓。
- 2. 本站的文檔不包含任何第三方提供的附件圖紙等,如果需要附件,請聯(lián)系上傳者。文件的所有權(quán)益歸上傳用戶所有。
- 3. 本站RAR壓縮包中若帶圖紙,網(wǎng)頁內(nèi)容里面會有圖紙預覽,若沒有圖紙預覽就沒有圖紙。
- 4. 未經(jīng)權(quán)益所有人同意不得將文件中的內(nèi)容挪作商業(yè)或盈利用途。
- 5. 人人文庫網(wǎng)僅提供信息存儲空間,僅對用戶上傳內(nèi)容的表現(xiàn)方式做保護處理,對用戶上傳分享的文檔內(nèi)容本身不做任何修改或編輯,并不能對任何下載內(nèi)容負責。
- 6. 下載文件中如有侵權(quán)或不適當內(nèi)容,請與我們聯(lián)系,我們立即糾正。
- 7. 本站不保證下載資源的準確性、安全性和完整性, 同時也不承擔用戶因使用這些下載資源對自己和他人造成任何形式的傷害或損失。
最新文檔
- 獸醫(yī)環(huán)境適應性與應激管理考核試卷
- 2024年五金材料庫存管理合同3篇
- 智能轉(zhuǎn)盤分揀機課程設計
- 2024年版商業(yè)地產(chǎn)項目整體轉(zhuǎn)讓合同范本3篇
- 電子測量儀器的抗干擾技術(shù)考核試卷
- 玉米淀粉在動物飼料添加劑中的應用考核試卷
- 小班公開課領域課程設計
- 無人便利店課程設計
- 《基于結(jié)構(gòu)光視覺的板材壓平矯直建模與方法研究》
- 《古為今用的現(xiàn)代包裝設計》
- 中國類風濕關(guān)節(jié)炎診療指南(2024版)解讀
- 中班藝術(shù)活動冬天的樹
- 2024秋國開電大《辦公室管理》形考任務1-5參考答案
- 讀書分享《非暴力溝通》課件(圖文)
- 裝卸工安全培訓課件
- 中成藥學完整版本
- 醫(yī)療器械注冊專員培訓
- 2024-2025學年度廣東省春季高考英語模擬試卷(解析版) - 副本
- 《非洲民間故事》知識考試題庫附答案(含各題型)
- 廣東省廣州市2023-2024學年三年級上學期英語期中試卷(含答案)
- DB11T 1282-2022 數(shù)據(jù)中心節(jié)能設計規(guī)范
評論
0/150
提交評論