Subject: CERT, DNS, Mail, News, SPAM, ºô¸ô¨Ï¥Î¤H¤f
ºKn»¡©ú:
- CERT, DNS, Mail, News, SPAM, ºô¸ô¨Ï¥Î¤H¤f
- Denial-of-Services
- ¦U³æ¦ì System Administrator ªº³d¥ô«¤j
- TWNIC-CERT ¤Î±N¦¨¥ß
Path: netnews.NCTU.edu.tw!not-for-mail
From: cschen@cc.nctu.edu.tw
Newsgroups: tw.bbs.comp.network,tw.bbs.config,tw.bbs.comp.unix,tw.bbs.comp.www
Subject: CERT,DNS,Mail,News,SPAM,ºô¸ô¨Ï¥Î¤H¤f
Date: 8 Aug 1997 07:14:25 GMT
Organization: National Chiao Tung University, Hsinchu, Taiwan
Lines: 173
Message-ID: <5seh0h$64a$1@news2.nctu.edu.tw>
NNTP-Posting-Host: nctu.edu.tw
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 8bit
X-Trace: 871024466 6282 cschen@nctu.edu.tw 140.113.4.120
Keywords: CERT, DNS, Mail, NetNews, SPAM
Xref: netnews.NCTU.edu.tw tw.bbs.comp.network:65455 tw.bbs.config:12768 tw.bbs.comp.unix:60585 tw.bbs.comp.www:137779
CERT,DNS,Mail,News,SPAM,ºô¸ô¨Ï¥Î¤H¤f
====================================
CERT, DNS, Mail, Netnews, SPAM, ³o´XÓ¤À´²ªº topic.
-- ³o´X¶µ, ©¼¦¹¤§¶¡, ¦³¤°»òÃö«Y ?
-- ³o´XÓ, ¤S©Mºô»Úºô¸ô¨Ï¥Î¤H¤f, ¦³¤°»òÃö«Y ?
º¥ý, ©³¤U¦³¤@Ó¦Cªí
---------------------------
0. ºô¸ô¨Ï¥Î¤H¤f
- DNS µn¿ý
- ¬ÛÃöºô¸ô¨Ï¥Î¤H¤f²Îp (¤è¦¡, µ²ªG, ...)
1. SPAM => net-abuse
a. E-mail abuse
* ¹q¤l¶l¥ó¬µ¼u
* ¼s§i«H, "¦p¦óÁȤj¿ú",...
b. NetNews abuse
* UDP ( Usenet Death Penalty )
* ¼s§i post, "¦p¦óÁȤj¿ú", "·s¯¸¸ê°T", ...
2. Denial of Services
a. Mail °h«H ( Use unknown, Host unknown, ...)
b. DNS ( WWW-- AlterNIC vs InterNIC, ... )
3. CERT ( Computer Emergency Response Team )
a. System Cracking Events
b. «e¤@°}¤l - ¬_ªL¹y e-mail ¨Æ¥ó
c. Denial of Services
d. TWNIC-CERT §Y±N¦¨¥ß
-------------------------------------------------------------
³o¤@°}¤l¥H¨Ó, ¤w¸g¦³¤H¥Î "²Ä¤@¦¸ºô»Úºô¸ô¤j¾Ô" ( Internet War One ),
¨Ó§Î®e, ³Ìªñ¦b Usenet ¤Wµo¥Íªº¤@¨Çª¬ªp.
UUNet ¬O Internet ¤W, ¦ÑµPªººô¸ô service, ¥]¬A e-mail, Usenet µ¥ªº´£¨Ñ¤j¯¸.
³Ìªñ, ¦³³\¦hºô¯¸¦bºô¸ô¤W, µo°Ê©è¨î UUNet ªº°Ê§@, ¦]¬°¥LÌ»{¬° UUNet ¨S¿ìªk
¸Ñ¨M (or ¤£Ä@¿n·¥¸Ñ¨M), ¨ä¤U´å«È¤á ( ¥Dn¬O ibm.net, AT&T ... ) ©Òµo°Êªº
Usenet SPAM, ¨Ï¨C¤@¤Ñ¸g¥Ñ UUNet ¶Ç¥Xªº Usenet articles ¼É¼W, ¨ä¤¤µ´¤j¦h¼Æ
³£¬O SPAM articles.
³o¤@ªiªº SPAM, ¤w¸g§Î¦¨¤@Ó±M¦³¦Wµü,
UDP = Usenet Death Penalty ; »P TCP/IP ªº UDP µLÃö.
¬Æ¦Ü¦³¤H»{¬°, ³o¬O UUNet ³oÓ¸ó°ê¤½¥q, ¦bI«á·d°, n¾ã«±¤@¨Ç¸û¤pªº ISP,
¬Æ¦Ü¬O¤@¨Ç¸û¤pÀW¼eªº¦a°Ïºô¸ô¥Î¤áªº³±¿Ñ.
¦³³\¦h, ¹ï¥~ÀW¼e¤ñ¸û¤£°÷ªº°ê®a©Î¦a°Ï, ¬Æ¦Ü«ÅºÙ, Usenet/Netnews ¦b¥L̨º
¤@Ãä, ¤w¸g¨S¿ìªk¥Î (Usenet => dead services ).
¬°¤°»ò³o¼Ë»¡ ?
¥ý¬Ý¤@¨Ç²³æªº²Îp¼Æ¦r. ®Ú¾Ú¤@¨Ç¦³¦Wªººô¯¸²Îp ( §Ú̦³¤H°µ¶Ü ?).
²{¦b, Usenet ¤W, cancel articles ¼Æ¶q, ¤w¸g¦û©Ò¦³¬y³q¶qªº 1/3 ( ¤T¤À¤§¤@).
¤]´N¬O»¡, ¦pªG°²³]¬Y¤@¤Ñ, ¬Y Usenet site ¦¬¨ì 30 ¸U Usenet articles, ¨ä¤¤
-- 30 ¸U, ¥u¬O¤j²¤Á|¨Ò.
a. 10 ¸U«Ê, ¬O SPAM articles ( ¼s§i«H, "¦p¦óÁȤj¿ú", "·s¯¸¸ê°T" ...)
b. ¦A¨Ó 10 ¸U«Êªº SPAM cancel articles. ( ¹ï¤W±ªº SPAM articles )
c. ³Ñ¤U 10 ¸U«Ê, ¥¿±`ªº Usenet °T®§.
°ê¤º, tw.bbs.* ªñ¨Ó¤]½¯©µ¤@ªÑ, "¦p¦óÁȤj¿ú", "·s¯¸¸ê°T", ³oÃþ©U§£¸ê°Tªº¬n·,
¬Û«H³\¦h¤H, ¤]±`±`·|¦¬¨ì¤@¨Ç²ö¦W¨ä§®ªº e-mail ¼s§i«H. «Ü¦h¤H, ¹ï HiNet,
SEEDNet, ... µ¥ ISP «Ü·P«_, ¬°¤°»ò·|Åý³o¨Ç¶Ã¤C¤K¾DªºªF¦è, ¨ì³B¶Ç.
-- ì¨Ó, ³o¤@¨Ç³£¬O¥þ²y©Êªº´¶¹M²{¶H :( !
©Ò¥H, ¦pªG³oºØ²{¹³, ¤w¬O°ê»Ú©ÊªºªF¦è, ¨º§Ú̯à¸m¨¨Æ¥~¶Ü ?
¨ä¹ê, «Ü¤Ý¸Þªº»¡, tw.* ¥Ø«e¦b, ¦b Usenet ¤W, ¦b³\¦h¦a¤è, ¬y¶Ç¼Æ¶q«Ü¤j,
¨Ï°ê¤º«Ü¦hºô¯¸, À½¨ top 1000 Usenet site. ¬Æ¦ÜÁÙÀ½¶i top 50.
®Ú¾ÚÆ[¬d, ¦³³\¦h±¡ªp, ¨ä¹ê´N¬O¤W±´yzªº¼g·Ó.
-- SPAM + Cancel + Normal articles.
Áö¤£¤@©w¬O, ¤T¤À¤Ñ¤U, ¦ý¬O¤]¤w¸g¬Û·íÄY«.
¨ä¦¸, ¨ì©³§Ṵ́ꤺªººô¯¸, ¦³¨S¦³¯S§O¦b³B²z³o¤@¨Ç°ÝÃDªº¨ãÅé³W½d.
©Î³\, °£¤F¦~ÄÖ (or ºô¸ô¨Ï¥Î¦~ÄÖ)¦³§O¥~, ¯un½Í®t§O, ¥i¯à´N¬O§Ú̪ººô¸ô¨t²Î
ºÞ²zªÌ, ¤£¬O "«áª¾«áı", ´N¬O "¤£ª¾¤£Ä±" ªÌ¦h. ´«¥y¸Ü»¡, ¦ü¥G, ¤]¨S¦³¦h¤Ö¤H,
¯u¥¿¦bÃö¤ß, ³oÃþ¨Æ°Èªºµo®i, ¥H¤Î¦p¦ó¨Ó¦]À³³o¤@§½¶ÕªºÅܤÆ. ¦
* * * * * *
³Ìªñ, À°¦£³B²z¤@Ó¯QÀs case, ¬OÄÝ©ó DNS/Mail ªº¸ó°ê¨Æ¥ó. ¼w°êªº¬Y³æ¦ì CERT
¦¨û, ±H¨Ó¤@«Ê e-mail, n¨D¨ó§U check/¸Ñ¨M, ¤@Ó e-mail ¤j¶q°h«Hªº°ÝÃD.
¸gÀˬd¥Ø«e¸Ó°ê¤º³æ¦ì DNS ¨t²Îªº³]©w, ¥[¤W°ê¤º¥Ø«eªº³s½uª¬ºA, »P±qºÞ²zªÌªº
¸gÅç¥h±ÀÂ_, À³¸Ó¬OÄÝ©ó, ¸Ó³æ¦ìºÞ²zªÌ, ¹ï©ó¬ÛÃö¨t²Î³]©w, »{ÃѤ£²M, ¥[¤W²Ê¤ß,
¥´¦r¿ù»~ ( IP address ¤Ö¥´¤@Ó 1 ), ¤~·|§Î¦¨ªº¿ù»~, ¼w°êªººô¯¸, ¥u¬O¾D¨ì
µL¦k¤§¨a.
¤w¥¿¦¡¥N¬°¦^ÂÐ, ¨Ã½Ð¬ÛÃö³æ¦ì, ³qª¾³oÓºô¯¸, §ï¥¿³oÓ¿ù»~³]©w, ÁקK³oÓºô¸ô
¯QÀs¨Æ¥ó, Ä~Äò¤U¥h.
³B²z¹L«á, ¤ß²z¤£§K¦³¨Ç·P´n. §Ú̪º Internet services °µ±o¦p¦ó, ¥ý¤£ºÞ¥~¤H
«ç»ò¬Ý, ¦ý¬OÀôÅU§Ṵ́ꤺÀô¹Ò, ¦³«Ý¥[±jªº¦a¤èÁÙ¬O«Ü¦h.
-- ¤×¨ä, ¬O³æ¦ì¨t²ÎºÞ²zªÌ¥»¨, ¹ïºô¸ô¨t²Îªº»{ª¾»PºÞ²z§@ªk.
©³¤U, µy¬°¦h°µ»¡©ú:
==================
¨Æ¥óªº°_¦], ¬O¼w°êªº¬Y¤@Óºô¯¸, «e¤@°}¤l, ¸g±`¦¬¨ì¤@¨Ç³]©w¤£¹ïªº°h«H.
¸gÀ˵ø¨ä¤¤ªº header ¤º®e, µo²{³£¬O·Ç³Æ, ±Hµ¹»OÆW¬Y¤@ºô¯¸ªºªF¦è. ¦]¬°,
¸Ó»OÆWºô¯¸ªº "DNS ³]©w¦³»~" (or ¬G·N ?), ¦]¦¹, ¤£Â_¦³ "쥻À³¸Ó, ¥Øªº¦a
¬O»OÆWºô¯¸ªº e-mail", «o¦]³\¦h DNS server/resolver ¦³ round-robin ¥\¯à.
¸g±`¤@¸ô±N e-mail ¥á¨ì¼w°ê¥h, ·íµM³o¤@¨Ç e-mail, ³Ì«á³£¬O¬dµL¦¹¤H, ³Q°h¦^,
¦P®É¦b¸Ó¨t²Î, ¯d¤U error °T®§; ¤é¿n¤ë²Ö, ¼Æ¶q¤Ó¦h, ¤~¤Þ°_¼w°êºô¯¸ªºª`·N.
Âà¦Ó¦V¥L̪º CERT, report ³oÓ°ÝÃD, ½Ð¨D¨ó§U½Õ¬d.
¤]³\¦³¤H·|»¡, "User unknown " or "Host unknown" ³oÃþªºªF¦è, ¦³¤°»ò¦n©_©Ç.
³oºØªF¦è, ³\¦hºô¯¸, ¤@¤Ñ¥i¯à·|´X¤Q«Ê, ´X¦Ê«Ê, or more ..., ³o¤@¨Ç¦Ñ¥~, ¬O
¤£¬O, ¦Y¹¡¶º¼µµÛ, ¨S¨Æ±¡·F ?
-- ¬Û«H°ê¤º«Ü¦hºô¯¸ºÞ²zªÌ, ®Ú¥»´N³z¹L e-mail filter, ±N³o¤@Ãþ message ¹LÂo±¼.
¦h¼Æ, §¹¥þ³£¤£¬Ý.
´£¤@Ó¦Wµü, "Denial of Services", ³o¤£ºâ¬O¤@Ó·sªF¦è.
-- ¹ï°ê¤ººô¤Í¦Ó¨¥, ©Î³\¦h¼Æ¤H¥i¯àÁ٫ܯ¥Í.
¦Ñ¥~, «Ü«È®ðªº¼g e-mail ¹L¨Ó, ½Ð¨D¨ó§U½Õ¬d, ¬°¤°»ò·|¦³¤j¶q°h«H. ¥i¯à¦³
´XÓì¦]:
---------------------------------------------------------------
1. °ò©ó°ê»Ú§»ö, ¥ý§«á§L.
2. ¦³¤@¨ÇªF¦è, ¤@®É¹ê¦b¨S¿ìªk, §¹¥þ§Ë²M·¡, «ç»ò·|§Î¦¨³oºØ¿ù»~.
3. ¬YºØµ{«×, ÃhºÃ, ©Î³\»OÆWºô¯¸, ¦³¤H·d°. µo°Ê Denial-of-Service,
·Qײz, ¬Æ¦Ü¾ã«±¥L̪ººô¯¸, ¦Ü¤Ö¬O®ö¶O¥L̪º³¡¥÷ºô¸ôÀW¼e»Pºô¯¸
ªº¥i¥Î CPU cycles. ( ²{¦b¦³³\¦h¸ó°ê¤½¥q, ¸ó°ê·~°È, ...)
------------------------------------------------------------------
* * * * * * *
¤@Ó³æ¦ìªº System Administrator ¨ì©³, ¥Dn¦bt³dþ¤@¨Ç¨Æ±¡ ?
»OÆWºô¸ô, Internet BBS ¯¸µo¹F, SysOp ³o¤@Ó¦Wµü, ¦b³\¦h¦a¤è, «Ü±`³Q¤Þ¥Îªº.
¦ý¬O»¡¯uªº, System Operator ¸ò System Administrator, ©Òt³dªº¨Æ°È, ¬O¦³«Ü
¦h¤£¦P.
Operator: ¥Dnt³d routine ªº¨Æ°È, Åý¨t²Î¦b¤@©wªº rules ¤U, ºû«ù¹B§@.
-- ¬Ý¾÷©Ð¤ô¹q, «Ø±b¸¹, ¸Ñ¨M¤@¯ë¨Ï¥ÎªÌªº, ¨t²Î¨Ï¥Îªº¤p°ÝÃD, ...
Administrator: ¦P¼Ët¦³Åý¨t²Îéwªº¥ô°È, ¦ý¬O¨äµÛ²´«ÂI, ¦b©ón¯à°t¦X
ºô¸ô¤jÀô¹Ò§ïÅÜ, ÀH®É·Ç³Æ¹ï¨t²Î, ¶i¦æ¥²nªº½Õ¾ã.
-- ¨t²Î³W¹º, «Ø¸m, performance tuning, trace °ÝÃD (¬Ý syslog). ¸ò¥~¬É
³æ¦ì communication, ...
´N¬YºØµ{«×¦Ó¨¥, »Ýn°µ¤ñ¸û¦hªº R&D (Research & Development) ªº¤u§@.
»OÆWºô¸ôÀô¹Òµo®i, °£¤FµwÅé§ë¸ê, ¤£¸¨¤H«á¥~, ³oÂIµy¦n¥~, ¨ä¥L¤è±, ÁÙ¦³«Ü¦h
¦a¤è, «D±`¦³«Ý¥[±j.
¥Ø«e´N¦³¤@ӫܤjªºÁô¼~.
´N¬O, «Ü¦h³æ¦ìªººÞ²zªÌ, ÁÙ¥u¬O¦b°µ system operator ªº¤u§@. ¬Æ¦Ü¦Û¤v³£
¥´¤ß²´ùØ, ¤]³o¼Ë»{¬°.
"¤W±«ç»ò¥æ«Ý, §Ú´N«ç»ò°µ".
¦pªG, »OÆWªººô¸ô³æ¦ìªººÞ²zªÌ, ¤j¦h¼Æ¬O³o¼Ëªº¼Ð·Ç, »OÆWªººô¸ôµo®i, ÁÙ¦³
¦h¤Ö«e´º ? §Ú̯à°÷¦b Internet ¤W¸ò¦U°ê¹¸ª§¶Ü ? ¦Ñ¹ê»¡, §Ú¤£ª¾¹D.
* * * * * *
³Ì«á, ¹w°µ¤@Ó¼s§i, ¾ÚÁA¸Ñ, §ÚÌ°ê®a¯Åªº CERT, ·Ç³Æ±¾¦b TWNIC ¤U, ¤w¸g¶i¤J
¤@ÓÄw³Æ©Êªº¶¥¬q, ¦A¹L¤@¬q®É¤é, À³¸Ó´N·|¥¿¦¡¦¨¥ß.
--
Joe.C.S.Chen, cschen@ns.NCTU.edu.tw | http://dnsrd.nctu.edu.tw