收藏
下载资源

最新常用的网路工具ppt课件

上传人:cl****1 文档编号:568847776 上传时间:2024-07-27 格式:PPT 页数:57 大小:1.64MB
返回 下载 相关 举报
最新常用的网路工具ppt课件_第1页
第1页 / 共57页
最新常用的网路工具ppt课件_第2页
第2页 / 共57页
最新常用的网路工具ppt课件_第3页
第3页 / 共57页
最新常用的网路工具ppt课件_第4页
第4页 / 共57页
最新常用的网路工具ppt课件_第5页
第5页 / 共57页
点击查看更多>>
资源描述

《最新常用的网路工具ppt课件》由会员分享,可在线阅读,更多相关《最新常用的网路工具ppt课件(57页珍藏版)》请在金锄头文库上搜索。

1、常用的网路管理工具常用的网路管理工具報告大綱l1.動機l2.自動寄信(Sendmail.pm)l3.IP管理資訊查詢(Rwhoisd)l4.Abusecomplain的自動通告l5.區網異常訊務的偵測與通告l6.結語與展望2.自動寄信(cont.)lMail:sendmail自動寄信程式#!/usr/bin/perlusestrict;useMail:Sendmail;my$ip_addr=140.115.11.1;my$email_mgr=center7cc.ncu.edu.tw,yangayang.tyc.edu.tw;my$boundary=;print$ip_addr,$email_m

2、gr,n;my %mail =( smtp = localhost, To = $email_mgr, From = center7ayang.tyc.edu.tw, subject = Detect Spamming from $ip_addr , Content-Type = text/plain; charset=Big5, );my$body.=$boundaryn;$body.=TheIPmachineoveryourcampuswiththeaddressof;$body.=$ip_addr;$body.=machinemaybeanOpenMailRelayOrSpamsende

3、r.n;$body.=$boundaryn;$body.=Pleasehelpownerof;$body.=themachinen;$body.=tocheckandfixitsOpenMailRelayProblemorPatchn;$body.=Pleasereferthedetailtrafficlogonnn;$body.=http:/163.25.255.16/yang/Moe/index_ab_spamsrc.phpn;$body.=(user:guest&password:guest)n;$body.=ManyThanks!nFrom:SusnaYangnnn;$mailbody

4、 = $body;sendmail(%mail)|printErrorsendingmail:$Mail:Sendmail:errorn;3.IP管理資訊查詢:RwhoisdlIP管理資訊的建立(a)IP管理資訊來源l通訊網頁Moe區網管理人(http:/140.111.1.22/tanet/abuse.html)Moeabuse主機(http:/140.111.1.22/tanet/spam.html)Tyc區網管理人區網管理人(http:/noc5.tyc.edu.tw/disp.html)NcuSnmgclubhttps:/website.cc.ncu.edu.tw/sysmgr/ind

5、ex.php?section=member)連線學校的IP使用列表宿舍用戶IP列表Network-Name:中央大學IP-Network:140.115.26.0/24Admin-Contact:吳維漢Address:中央大學:Tel:65136Updated-By:weihanmath.ncu.edu.tw,92201057cc.ncu.edu.tw,Created:200605121041-Network-Name:中央大學IP-Network:140.115.30.0/24Admin-Contact:陳鎰鋒Address:中央大學:Tel:65340Updated-By:opphy.nc

6、u.edu.tw,92202042cc.ncu.edu.tw,92202047cc.ncu.edu.tw,Created:200605121041-Network-Name:中央大學IP-Network:140.115.31.0/24Admin-Contact:陳鎰鋒Address:中央大學:Tel:65340宿舍用戶IP列表93404036cc.ncu.edu.tw,140.115.210.219,93523006cc.ncu.edu.tw,140.115.227.46,93426019cc.ncu.edu.tw,140.115.220.137,93229012cc.ncu.edu.tw,1

7、40.115.231.201,u0140600cc.ncu.edu.tw,140.115.227.197,93322014cc.ncu.edu.tw,140.115.221.39,93223027cc.ncu.edu.tw,140.115.220.8,93521004cc.ncu.edu.tw,140.115.221.76,93521011cc.ncu.edu.tw,140.115.222.75,93428011cc.ncu.edu.tw,140.115.222.62,93221006cc.ncu.edu.tw,140.115.223.14,92323090cc.ncu.edu.tw,140.

8、115.221.159,u1601044cc.ncu.edu.tw,140.115.231.202,u1601035cc.ncu.edu.tw,140.115.216.34,92303056cc.ncu.edu.tw,140.115.234.11,93404040cc.ncu.edu.tw,140.115.208.25,93404033cc.ncu.edu.tw,140.115.208.23,u0062300cc.ncu.edu.tw,140.115.201.89,u0113900cc.ncu.edu.tw,140.115.202.175,Network-Name:中央宿網IP-Network

9、:140.115.232.3Admin-Contact:92524017cc.ncu.edu.twAddress:NCUDormUserUpdated-By:92524017cc.ncu.edu.twCreated:200405051149-Network-Name:中央宿網IP-Network:140.115.224.1Admin-Contact:u9046700cc.ncu.edu.twAddress:NCUDormUserUpdated-By:u9046700cc.ncu.edu.twCreated:200405051149-Network-Name:中央宿網IP-Network:140

10、.115.219.3Admin-Contact:u0078200cc.ncu.edu.twAddress:NCUDormUserUpdated-By:u0078200cc.ncu.edu.twCreated:200405051149IP管理資訊查詢:Rwhoisd(cont.)(b)IPRoutingTable&ResponsiblemanagerslSNMPipRouterMIB&Tyc_manager_listsnmpwalk-v1-ccommunity 203.72.244.221.1.3.6.1.2.1.4.21.1.11$infilesnmpwalk-v1-ccommunity 20

11、3.72.244.221.1.3.6.1.2.1.4.21.1.7$infilesnmpwalk:fetchaSNMPsub-treedatal需安裝net-snmp3.IP管理資訊查詢:Rwhoisd(cont.)(c)DataextractionlWgetwebcontent/usr/local/bin/wget http:/140.111.1.22/tanet/spam.html -O /netflow/spam/spam.html.1lExtractthewanteddataentriesif(/(0-9+.0-9+.0-9+.0-9+)(S+)s+(S+)s+(S+)s+(S+)s+

12、/)if($4eq“桃園區網-中央大學”)printf(FNO%s,%sn,$1,$4);lConvertthetextfileCorrespondencetorwhoisddataschemesnmpwalk -v1 -c community 203.72.244.221 .1.3.6.1.2.1.4.21.1.11 $infileRFC1213-MIB:ipRouteMask.210.60.223.0=IpAddress:255.255.255.0RFC1213-MIB:ipRouteMask.210.60.224.0=IpAddress:255.255.255.0RFC1213-MIB:

13、ipRouteMask.210.60.226.0=IpAddress:255.255.255.0RFC1213-MIB:ipRouteMask.210.60.227.0=IpAddress:255.255.255.0RFC1213-MIB:ipRouteMask.210.60.228.0=IpAddress:255.255.255.0RFC1213-MIB:ipRouteMask.210.60.229.0=IpAddress:255.255.255.0RFC1213-MIB:ipRouteMask.210.60.233.0=IpAddress:255.255.255.0RFC1213-MIB:

14、ipRouteMask.210.60.234.0=IpAddress:255.255.255.0RFC1213-MIB:ipRouteMask.210.60.235.0=IpAddress:255.255.255.0RFC1213-MIB:ipRouteMask.210.60.236.0=IpAddress:255.255.255.0RFC1213-MIB:ipRouteMask.210.60.239.0=IpAddress:255.255.255.0RFC1213-MIB:ipRouteMask.210.60.240.0=IpAddress:255.255.255.0RFC1213-MIB:

15、ipRouteNextHop.203.72.219.0=IpAddress:203.71.2.21RFC1213-MIB:ipRouteNextHop.203.72.220.0=IpAddress:203.71.2.21RFC1213-MIB:ipRouteNextHop.203.72.221.0=IpAddress:203.71.2.21RFC1213-MIB:ipRouteNextHop.203.72.226.0=IpAddress:203.72.244.221RFC1213-MIB:ipRouteNextHop.203.72.244.208=IpAddress:203.72.244.22

16、2RFC1213-MIB:ipRouteNextHop.210.59.40.0=IpAddress:203.71.2.133RFC1213-MIB:ipRouteNextHop.210.59.70.0=IpAddress:203.72.244.221RFC1213-MIB:ipRouteNextHop.210.60.239.0=IpAddress:203.71.2.37RFC1213-MIB:ipRouteNextHop.210.60.240.0=IpAddress:203.71.2.37RFC1213-MIB:ipRouteNextHop.210.70.26.0=IpAddress:203.

17、71.2.121RFC1213-MIB:ipRouteNextHop.210.70.27.0=IpAddress:203.71.2.121RFC1213-MIB:ipRouteNextHop.210.70.28.0=IpAddress:203.71.2.121snmpwalk -v1 -c community 203.72.244.221 .1.3.6.1.2.1.4.21.1.7 $infileInterf_IP=Sub_network_IP:NetMask:Segments-203.71.2.105=203.72.33.0:(255.255.255.0):1,203.71.2.74=203

18、.72.100.0:(255.255.252.0):4,203.72.104.0:(255.255.255.0):1,203.71.2.195=203.68.248.0:(255.255.254.0):2,192.83.196.180=10.11.1.0:(255.255.255.252):1,163.25.20.0:(255.255.255.0):1,163.25.120.0:(255.255.255.0):1,163.25.121.0:(255.255.255.0):1,163.25.122.0:(255.255.254.0):2,163.25.124.0:(255.255.252.0):

19、4,163.25.128.0:(255.255.252.0):4,163.25.132.0:(255.255.254.0):2,203.68.50.0:(255.255.255.0):1,203.72.226.0:(255.255.254.0):2,210.59.70.0:(255.255.255.0):1,203.71.2.197=210.60.236.0:(255.255.255.0):1,203.71.2.206=203.72.116.0:(255.255.255.0):1,203.71.2.45, 58.99.32.0, 255.255.240.0, 16 203.71.2.45, 5

20、8.99.48.0, 255.255.240.0, 16 203.71.2.45, 58.99.64.0, 255.255.240.0, 16 203.71.2.45, 58.99.80.0, 255.255.240.0, 16 203.71.2.45, 58.99.96.0, 255.255.240.0, 16 203.71.2.45, 58.99.112.0, 255.255.240.0, 16192.72.123.69, 59.104.0.0, 255.255.224.0, 32192.72.123.69, 59.104.32.0, 255.255.224.0, 32192.72.123

21、.69, 59.104.64.0, 255.255.224.0, 32192.72.123.69, 59.104.96.0, 255.255.224.0, 32192.72.123.69, 59.104.128.0, 255.255.224.0, 32192.72.123.69, 59.104.160.0, 255.255.224.0, 32192.72.123.69, 59.104.192.0, 255.255.224.0, 32192.72.123.69, 59.104.224.0, 255.255.224.0, 32192.72.123.69, 59.105.0.0, 255.255.2

22、24.0, 32Tyc_manager檔203.72.244.237;中央大學(1);戴元任;center24cc.ncu.edu.tw;422715157504;4252561;桃園縣(320)中壢市中大路300號;203.71.2.237;元智大學;蔣國強;abusesaturn.yzu.edu.tw;4638800325;桃園縣(320)中壢市內壢遠東路135號;203.71.2.61;中原大學;葉平;yehcycu.edu.tw,tjlcycu.edu.tw;45631712910;2652999;桃園縣(320)中壢市普仁里二十二號;203.71.2.5;中正理工學院;鄭大力;jen

23、gccit.edu.tw;3809331;3806737;桃園縣(335)大溪鎮員樹林中正理工學院;203.71.2.199;國防大學;鄭大力;jengccit.edu.tw;3809331;3806737;桃園縣(335)大溪鎮員樹林中正理工學院;203.71.2.145;國防大學;黃麗燕;yanndu.edu.tw;4890513;4890513;桃園縣(325)龍潭鄉中興路56號;Network-Name:中央大學(1)IP-Network:140.115.0.0/16Admin-Contact:戴元任Address:中央大學(1)Tel:422715157504Updated-By:c

24、enter24cc.ncu.edu.tw,ywchence.ncu.edu.twCreated:200606051537-Network-Name:中正理工學院IP-Network:140.132.0.0/16Admin-Contact:鄭大力Address:中正理工學院Tel:3809331Updated-By:jengccit.edu.twCreated:200606051537-Network-Name:中正理工學院IP-Network:140.132.128.0/24Admin-Contact:鄭大力Address:中正理工學院Tel:3809331Updated-By:jengcci

25、t.edu.tw3.IP管理資訊查詢:Rwhoisd(cont.)lIP管理資訊查詢clientyang#telnet163.25.255.104321Trying163.25.255.10.Connectedtoyang.Escapecharacteris.%rwhoisV-1.5:003fff:00yang.tyc.edu.tw(byNetworkSolutions,Inc.V-1.5.9.3)140.115.1.1network:Auth-Area:163.25.0.0/16network:Class-Name:networknetwork:Network-Name:中央大學networ

26、k:IP-Network:140.115.1.0/24network:Admin-Contact;I:許健平network:Address:中央大學:network:Tel:57504network:Updated-By:center24cc.ncu.edu.tw,network:Created:2006060517093.IP管理資訊查詢:Rwhoisd(cont.)lRwhoisdirectoryservice的建置(a)安裝Rwhoisdltarxvfrwhoisd-1.5.9.3.tarlcdrwhoisd-1.5.9.3l./configureprefix=/usr/local/rw

27、hoisd-enable-ipv4lmakelmakeinstal3.IP管理資訊查詢:Rwhoisd(cont.)(b)產生/定義DataBase(Schema)lcd/usr/local/rwhoisdlmkdirnet-163.25.0.0lmkdirnet-163.25.0.0/datalmkdirnet-163.25.0.0/data/networkcpetc/rwhoisd/samples/rwhoisd.*/usr/local/rwhoisd/cpetc/rwhoisd/samples/net-10.0.0.0-8/*net-163.25.0.0/cpetc/rwhoisd/sa

28、mples/net-10.0.0.0-8/data/network/*net-163.25.0.0/data/network/3.IP管理資訊查詢:Rwhoisd(cont.)(c)設定databaseschema&soa檔lmore/usr/local/rwhoisd/net-163.25.0.0/schemaname:networkattributedef:net-163.25.0.0/attribute_defs/network.tmpldbdir:net-163.25.0.0/data/networkSchema-Version:20060601000000000-name:refer

29、ralattributedef:net-163.25.0.0/attribute_defs/referral.tmpldbdir:net-163.25.0.0/data/referralSchema-Version:20060601000000000yang#more/usr/local/rwhoisd/net-163.25.0.0/soaSerial-Number:20060608000000000Refresh-Interval:3600Increment-Interval:1800Retry-Interval:60Time-To-Live:86400Primary-Server::432

30、1Hostmaster:susan.tyc.edu.twdatabasesoa檔3.IP管理資訊查詢:Rwhoisd(cont.)(d)產生index&執行rwhoisdlSetup.sh#!/bin/sh#cleanuprwhoisdictionaryfilesfind.(-nameindex*-o-namelocal*-o-name*.txt.*)-print|xargsrm-f#reindexbothorganizationalandnetworkechoreindexingnetworkinformation/usr/local/rwhoisd/bin/rwhois_indexer-C

31、network-i-v-stxt#rwhoisddaemon/usr/local/rwhoisd/sbin/rwhoisd-c/usr/local/rwhoisd/etc/rwhoisd/samples/rwhoisd.conf&4.Abusecomplain的通告lTANetabuse處理程序Originalcomplainsendtoabusemoe.edu.twMOE網管人工分送各區網abusecontactlabusencu.edu.tw,abusenctu.edu.tw,.各區網管再分送連線學校abusecontactlabusecycu.edu.tw,abuseyzu.edu.tw

32、,連線學校網管再分送abuseIP使用者4.Abusecomplain的通告(cont.)l自動化分送abusecomplain的必要時效性l收到moe轉來的通告時,已經delayl區網若再delay,抱怨信已經滿天飛超大量的complainlMOE(600pieces/day)l區網(20pieces/day)重複地轉送信工作(枯燥)4.Abusecomplain的通告(cont.)l自動分送abusecomplain的工作模組Parsingabusencu.edu.tw信件檔Catalog,Fragment個別信件與存檔spam,mailproxy,unsolicitedmailAttac

33、k,portscan,DoSInfringement,copyright,fraud,phishExtract抱怨的IPsourceaddress遠端查詢rwhoisd管理資訊轉寄抱怨信thecontactperson4.Abusecomplain的通告(cont.)system(/bin/cp/var/mail/yang$sessdir/yang_$hour$min);system(/bin/mv/var/mail/yang$sessdir/yang);#$c:switchofeachmailitem#openINF,cat$sessdir/yang|;$q=0;while()#/Start

34、ofaEmail/#if (/Froms(.*.*)s/) | (/Froms/) $q+;$outmail_pre=sprintf(%s/%d,$sessdir,$q);close($outmail_pre);sleep1;$outmail=sprintf(%s/%d,$sessdir,$q);open(MAIN,$outmail);$new_mail=0;$fraud_cause$q=0;$inf_cause$q=0;$spam_cause$q=0;$scan_cause$q=0;$check_sw=0;4.Abusecomplain的通告(cont.)if($new_mail=0&($i

35、nf_cause$q=0&$fraud_cause$q=0&$spam_cause$q=0&$scan_cause$q=0)if($check_sw=0)if(/(Fraud|FRAUD|fraud|PHISH|Phish|phish|scam|BF)/)$fraud_cause$q+;print$q,$fraud_cause$q,Fraudn;$cause$q=Fraud/Phish;$check_sw=1;next;elsif(/(Infringe|infringe|P2P|unauthor|Unauthor)/)$inf_cause$q+;print$q,$inf_cause$q,Inf

36、ringern;$cause$q=Infringement;$check_sw=1;.4.Abusecomplain的通告(cont.)elsif(/(SpamCop|Spamb|spamb).*(0-9+.0-9+.0-9+.0-9+)/)&$c=0)printrule_4_SP1n;print$&,n;$_=$&;if(/(0-9+.0-9+.0-9+.0-9+)/)$ip_addr=$1;if($notified$ip_addr susan.tyc.edu.tw, Port = 4321 );$client-open();$result_set=$client-execute_query

37、(Query_String=$ip_addr,Limit=60);results=$result_set-get_objects();$buf=$client-results_to_string(results);return$buf;Abusecomplain的通告(cont.)$fn_in=sprintf(%s/fl_no,$indir);open(FD0,cat$fn_in|);while()if(/(d+)s+(S+)/)$fn=$1;$ip=$2;print$fn,:,$ip,n;$buf1= rwhois($ip);($tmp1,$unit)=split(network-name:

38、,$buf1);($school,$tmp2)=split(ip-network:,$unit);($tmp3,$manager)=split(updated-by:,$tmp2);($email_tmp,$tmp4)=split(created:,$manager);($email_mgr_1,$tmp5)=split(updated:,$email_tmp);chomp($school);chomp($email_mgr_1);$email_mgr=$email_mgr_1.,center7ayang.tyc.edu.tw;$date1=$mon$mday;&mail_tyc($ip,$e

39、mail_mgr,$date1,$fn); #end_if#end_whileclose(FD0);submail_tyc()my($ip_addr,$email_mgr,$date1,$fn)=_;usestrict;useMail:Sendmail;my%mail=(smtp=localhost,To=$email_mgr,From=center7ayang.tyc.edu.tw,subject=Scan/Spam/InfrinfementComplaintabout$ip_addr,Content-Type=text/plain;charset=Big5,);my$body.=$boun

40、daryn;$body.=Scan/Spam/InfrinfementComplaintaboutIP:;$body.=$ip_addr;$body.=Thesystemthatmighthadbeeninfectedbyhacker,n;$body.=Pleasehelptheownercheck&fixthesystem.n;$body.=ManyThanks!nFrom:SusnaYangn;$body.=/bin/cat /netflow/spam/$date1/$fn ;$body.=$boundaryn;$mailbody = $body;sendmail(%mail)|print

41、Errorsendingmail:$Mail:Sendmail:errorn;5.區網異常訊務的偵測與通告lFloodingDetectionSystem,FDS網路訊務量測l能提供良好的網路監測l能偵測網路安全問題l協助診斷/解決網路問題l協助網路的規劃與擴充網路異常訊務偵測lFlowFloodingDoSattack,PortScan,Sshcracking,SpamlICMP/UDPPacketFloodingSource_socketDestination_SocketSrc_IPsrc_port/TCPdest_IPdest_port/TCPConnectionRequestAcce

42、ptConnectionsend/recvdataCloseconnection5.區網異常訊務的偵測與通告(cont.)openIN,$infile;while()if(/(S+)s+(S+)s+(d+)s+(d+)+s+(S+)s+(S+)s+(S+)/)$src_ip=$1;$dst_ip=$2;$src_p=$4;$dst_p=$5;$proto=$3;$pkts=$7;$bytes=$6/1000;if($pkts0)$pkt_size=$bytes/$pkts;#/sitem=split(/./,$src_ip);ditem=split(/./,$dst_ip);if($proto

43、!=6)next;if($pkt_size0.060)next;$evil_flow=$src_ip.#.#.#.#.(.$dst_p.);elsif($pkt_size0.046)$6.flow$evil_flow+;$6.sum_pkt$evil_flow+=$pkts;$6.sum_byte$evil_flow+=$bytes;#end_while5.區網異常訊務的偵測與通告(cont.)5.區網異常訊務的偵測與通告(cont.)5.區網異常訊務的偵測與通告(cont.)submail_tyc()my($ip_addr,$email_mgr,$date1)=_;usestrict;use

44、 Mail:Sendmail;print$ip_addr,$email_mgr,n;my%mail=(smtp=localhost,To=$email_mgr,From=center7ayang.tyc.edu.tw,subject=DetectSpammingHost$ip_addrfromYourCampus,Content-Type=text/plain;charset=Big5,);my$body.=$boundaryn;$body.=TheIPmachineoveryourcampuswiththeaddressof;$body.=$ip_addr;$body.=machinemay

45、beanOpenMailRelayOrSpamsender.n;$body.=nSRC_IP#.#.#.#.(Serv_port)Flowspk_size(KB)PktsTotal(MB)n;$body.=/usr/bin/grep$ip_addr/home/qos/Game/$date1/mail_mean_10;$mailbody = $body; sendmail(%mail) | print Error sending mail: $Mail:Sendmail:errorn; 5.區網異常訊務的偵測與通告(cont.)偵測到網路主機210.60.236.8可能已經為病毒所感染,請協助用

46、戶修補或重灌系統後再上網.=詳細PortScan訊務參考如下網頁:http:/163.25.255.16/yang/Moe/PortScan/index_abuse_port.phphttp:/163.25.255.16/yang/Moe/index_tcp.phpuser:guest&password:guestManyThanks!From:susnayangDate:0620Month-Day=SRC_IP#.#.#.#.(Serv_port)Flowspk_size(KB)PktsTotal(MB)210.60.236.8#.#.#.#.(445)224400.048225781.08

47、4210.60.236.8#.#.#.#.(1433)63600.04863880.307210.60.236.8#.#.#.#.(445)300520.048300521.442210.60.236.8#.#.#.#.(1433)86460.04886460.415210.60.236.8#.#.#.#.(445)295650.048295661.419210.60.236.8#.#.#.#.(1433)87970.04887970.422210.60.236.8#.#.#.#.(445)292540.048292541.4046.結語與展望l網路安全問題仍嚴重IDS,Firewall,an

48、ti-virus較普及Viruscodes經多元途徑擴散l弱點,Virusmail,toxicweb,spyware,Irc,P2PlAbusecomplain的自動轉送及時,有效率,節省人力6.結語與展望(cont.)l自動轉送abuse使用的網路工具RwhoisddirectoryservicePerlmodule的使用lMail-Sendmail.pmlNet-Rwhois.pmPerlprogramslDataextraction(IP,abuse_type)lAbusenoticesubroutineNet:RwhoisMail:Sendmail6.結語與展望(cont.)lFloodingDetectionSystem,FDS使用區網Routercached的NetFlowdataFeature-based網路訊務的偵測l能提供良好的網路監測l能偵測網路異常,協助診斷/解決安全問題區網異常訊務的自動通告l量測的具體訊務數據SourceIP,Flow,Packet,Duration(hours)l及時通知abusecontactpersonThank You !

展开阅读全文
相关资源
正为您匹配相似的精品文档
相关搜索

最新文档


当前位置:首页 > 建筑/环境 > 施工组织

电脑版 |金锄头文库版权所有
经营许可证:蜀ICP备13022795号 | 川公网安备 51140202000112号