Professional Documents
Culture Documents
(ISAC)
(
99 6
29
........................................................ 1
...................................... 3
.................... 3
:............................... 4
................................... 5
............................................. 7
................................................ 8
............................................... 32
(34)().... 43
(34)().... 48
....................................................... 56
............................................ 56
............................................ 56
...................................... 57
2
3
Email ................................... 65
SMS ................................. 71
ii
I.
98 2 5
II.
III.:
()
()
(1)
z
(2)
z
0-1-2
(3)
z
: (1)
(2)
0-1-2 3-4
0-1-2 ()
3-4
:: (1)(2)
:
:
:
:
z :
: 25 () 13
:
1.
2. ( 012 34 ,
)
3.
4. 012
34
5.
()
6. :(1)(2)
(
)
1
3-4
( ICST A-SOC99
)
ICST 4
ICST 0
ICST 4 4
3
2 1
4 :
4
1.
2.
3.
: 4 (
2009 2 12 2009/2/12 2010/6/20
4 )
3
3
1.
2.
3.
198 x y
(1).
(2). 3
296 x y
(3)
3
2
2
1.
2.
3.
1: 99 x y SQL Injection
javascript
(2).(3).
2
2:98 9 12 web
(3).
2
1
1
1.
2.
3.
1: 99 x y
(2). 1
2: 99 x y
(1).(2).(3).
1
0 ()
0
z
:(A-SOC
miniSOC,)
()
6
0 :
z
: 0
(A-SOCminiSOC,)
1. 1
2.
(1) 012 72 (
)
(2) 34 36 (
)
:
(1) 012 72 012
(2) 34 36
TANet (
)
1
3-4
(12 )()
12 ()
I.
I.1
1. 1
1. IP ,
(1): 1-2
(2):
1
2.
3.
()
(:=12 )
(1)()
(2)()
Email: (:=12 )
Email
(1):
(2):
(3):
(4):
SMS (:=12 )
(1):
(2):
(3):
(4):
:
I.2
1. (12 )
2. 16
16
10
3. :
z
4
Email
12 Email
()
1.:
(1),
(2)(,
)(1)(2)
2.
:
()
(1)
(2)
Email (:=12 )
SMS (:=12 )
I.3
1.
()
1.(12 )
2.:
11
(1),
(2)(,)
(1)(2)
3.
:
():
(1)
Email: (:=12 )
Email
(1):
(2):
(3):
(4):
SMS (:=12 )
12
(12 )()
12 ()
13
I.
I.1
1. 1
1. IP ,
(1): 1-2
(2):
1
2
14
71
3.
(:=12 )
(1)()
(2)()
(3)()
Email: (:=12 )
Email
(1):
(2):
(3):
(4):
SMS (:=12 )
(1):
(2):
(3):
(4):
I.2
1. (12 )
15
2. 16
16
3. :
z 16
Email
12 Email
()
1.:
(1),
(2)(,
)(1)(2)
2.
:
()(:=12 )
(1)
(2)
Email (:=12 )
SMS (:=12 )
I.3
1.
()
16
1.(12 )
2.:
(1),
(2)(,)
(1)(2)
3.
:
()(:=12 )
(1)
Email: (:=12 )
Email
(1):
(2):
(3):
(4):
SMS (:=12 )
II.
II.0
1.12 71
2.34 35
:
17
1. 1 (+)
2. 12
Email: (:=12 )
(1) 1 Email
(2) 12 Email
SMS (:=12 )
II.1
1. 71
1.
2.
3. 12
:
,
Email: (:=12 )
Email
(1):
(2):
(3):
(4):
SMS (:=12 )
18
(34 )()
34 ()
19
I.
I.1
1. 1
1. IP ,
(1): 3-4
(2):
1
2.
()
20
3.
(1)
(2)
Email: (:=34 )
Email
(1):
(2):
(3):
(4):
SMS (:=34 )
(1):
(2):
(3):
(4):
34
34
I.2
1. 4
4
2.:
z
4 Email
12 Email
21
:
1.(34 )
2.
(1),
(2)(,)
(1)(2)
3.
()(,)
(1)( Email
)
4.
:
()
(1)
(2)
Email (:=34 )
SMS (:=34 )
I.3
1.
:
1.(34 )
2.
22
(1),
(2)(,)
(1)(2)
3.
34
()
(, )(1)
( Email )
4.
:
()
(1)
Email
Email
(1):
(2)
(3):
(4):
SMS (:=34 )
23
(34 )()
34 ()
24
I.
I.1
1. 1
1. IP ,
(1): 3-4
(2):
25
2.
35
3.
(1)
(2)
(3)
Email: (:=34 )
Email
(1):
(2):
(3):
(4):
SMS (:=34 )
(1):
(2):
(3):
(4):
34
34
I.2
26
1. 4
4
2.:
z 4 Email
12 Email
()
1.:
(1),
(2)(,
)(1)(2)
2.
():
()
(1)
(2)
Email (:=34 )
SMS (:=34 )
I.3
1.
()
27
1.:
(1),
(2)(,)
(1)(2)
2.
:
()
(1)
Email (:=34 )
Email
(1):
(2):
(3):
(4):
SMS (:=34 )
II.
II.0
1.12 71
2.34 35
:
1. 1 (+)
28
2.34
Email: (:=34 )
(1) 1 Email
(2) 12 Email
SMS (:=34 )
II.1
1. 35
1.
2.
3.
:
():
(1)()
(2)()
Email: (:=34 )
Email
(1):
(2):
(3):
(4):
SMS (:=34 )
29
II.2
1. 4
4
2.:
z
4 Email
12 Email
():
1.
2.()(, )
(1)( Email
)
3.
():
()
(1)
()
(2)
Email (:=34 )
SMS (:=34 )
II.3
30
1.
():
1.
2.34
3.()(, )
(1)
4.( Email )
5.
Email: (:=34 )
Email
(1):
(2):
(3):
(4):
SMS (:=34 )
31
TANet
( ICST ,A-SOC ABUSE 99 )
1
3-4
(A-SOCG-SOC)
()
:
1.
2.
3.(:)
(1)
(2)
(3)
(4)
4. Email: ()
(1):
(2):
(3):
(4):
5. SMS ()
(1):
(2):
(3):
(4):
Email SMS
Email
32
34 1
(12 )()
12 ()
33
I.
I.1()
Email SMS 1
1. IP ,
(1): 1-2
(2):
1
2.
3.
:
()
(1)()
(2)()
Email: (:=12 )
Email
(1):
(2):
34
(3):
(4):
SMS (:=12 )
I.2()
1. (12 )
2. 16
16
3.:
z
16 Email
12 Email
()
1.:
(1),
(2)(,
)(1)(2)
2.
:
()
(1)
(2)
Email (:=12 )
SMS (:=12 )
I.3
35
1.(12 )
2.
()
1.:
(1),
(2)(,)
(1)(2)
2.
:
()
(1)
Email: (:=12 )
Email
(1):
(2):
(3):
(4):
SMS (:=12 )
36
(12 )()
12 ()
37
I.
I.1()
Email SMS 1
1. IP ,
(1): 1-2
(2):
1
2.
3.
38
:
()
(1)()
(2)()
(3)()
Email: (:=12 )
Email
(1):
(2):
(3):
(4):
SMS (:=12 )
I.2()
1. (12 )
2. 16
16
3.:
z
16 Email
12 Email
()
1.:
(1),
(2)(,
39
)(1)(2)
2.
:
()
(1)
(2)
Email (:=12 )
SMS (:=12 )
I.3()
1.(12 )
2.
()
1.:
(1),
(2)(,)
(1)(2)
2.
:
()
40
(1)
Email: (:=12 )
Email
(1):
(2):
(3):
(4):
SMS (:=12 )
II.
II.0
1.12 71
2.34 35
:
1. 1 (+)
2. 12
Email: (:=12 )
(1) 1 Email
(2) 12 Email
SMS (:=12 )
II.1
41
1. 71
1.()
2.
3. 12
:
,
Email: (:=12 )
Email
(1):
(2):
(3):
(4):
SMS (:=12 )
42
(34)()
34 ()
43
I.
I.1()
Email SMS 1
1. IP ,
(1): 3-4
(2):
1
2.
3.
44
:
()
(1)
(2)
Email: (:=34 )
Email
(1):
(2):
(3):
(4):
SMS (:=34 )
I.2
1. (34 )
2.() 4
() 4
3.:
z
4 Email
12 Email
45
1.
(1),
(2)(,)
(1)(2)
2.
()(, )
(1)( Email
)
3.
:
()
(1)
(2)
Email (:=34 )
SMS (:=34 )
I.3
1.
:
1.(34 )
2.
(1),
46
(2)(,)
(1)(2)
3.
34
()
(, )(1)
( Email )
4.
:
()
(1)
Email
(1):
(2)
(3):
(4):
SMS (:=34 )
47
(34)()
34 ()
48
I.
I.1()
Email SMS 1
1. IP ,
(1): 3-4
(2):
1
2.
49
3.
:
()
(:=34 )
(1)
(2)
(3)
Email: (:=34 )
Email
(1):
(2):
(3):
(4):
SMS (:=34 )
I.2()
1. 4
4
2.:
z 4 Email
12 Email
3.(34 )
():
50
1.
(1),
(2)(,)
(1)(2)
2.
:
()
(1)
(2)
Email (:=34 )
SMS (:=34 )
I.3
1.
2.(34 )
:
1.
(1),
(2)(,)
(1)(2)
2.
51
:
()(:=34 )
(1)
Email (:=34 )
Email
(1):
(2):
(3):
(4):
SMS (:=34 )
II.
II.0
1.12 71
2.34 35
:
1. 1 (+)
2. 34
Email: (:=34 )
(1) 1 Email
(2) 12 Email
SMS (:=34 )
52
II.1
1. 35
1.
2.
3.
:
():
(1)()
(2)()
Email: (:=34 )
Email
(1):
(2):
(3):
(4):
SMS (:=34 )
II.2
1. 4
4
2.:
z
4 Email
53
12 Email
():
1.
2.()(, )
(1)( Email
)
3.
():
()
(1)
()
(2)
Email (:=34 )
SMS (:=34 )
II.3
1.
():
1.
2.34
3.()(, )
54
(1)
4.( Email )
5.
Email: (:=34 )
Email
(1):
(2):
(3):
(4):
SMS (:=34 )
55
3~6
:
(1)(G-ISAC)/
(G-ISAC)
(G-ISAC)
(A-ISAC)
(2)
56
1
:
:
:(1)(2)
(
)
(I).: : ()(
,):
(,)
(II).: (1) (2)
I.
57
: ()
(1),
(2) ()
(3)
(4)
58
2 :
3 :
59
(1)INT()
(2) DEF()
60
(1)(2)(3)
(1)
1 -
2 -
3 -
4 -
(2)
0
1 -
2 -
3 -
4 -
(3)
1 -
2 -
3 -
61
4 -
1()
62
7 ?
1.2 72
3.4 24
II.
(1)
(2)
()
63
II.1
II.2
(1).(2)OS
.(3)OSservice
patch.(4) service port.(5)
sql injection (6).
64
2 Email
E-Mail
(:I)(:II)
(:III)(:IV)
:A. B. C.
D.
Email Email
I.
:(:AISAC-23)()
:
[]
: 2010-03-02 13:50:46
: AISAC-23
: []
: 1
:
: IP 210.240.212.239 2010/03/01 01:00 ~ 01:04
: nsqc
:
: 07-123-4567
3.4 72
1.2 36
,!
---------------------------------------
www.cert.tanet.edu.tw
07-5250211
65
07-5250212
E-Mailboyi@cert.org.tw
II.
:AISAC-23)()
: 2010-03-02 13:50:46
: AISAC-23
: []
: 1
:
: IP 210.240.212.239 2010/03/01 01:00 ~ 01:04
: nsqc
:
: 07-123-4567
3.4 72
1.2 36
,!
www.cert.tanet.edu.tw
07-5250211
07-5250212
E-Mailboyi@cert.org.tw
A. E-Mail
()()
66
:(1)(2)(3)
(4)
(1)ICST()(2)A-SOC
A1: ()():AISAC-23)()
:AISAC-23) ()
:AISAC-23
ICST-INT-2010-0122
2010-06-2322:11:53
2010-06-23
IP 163.16.10.4 2010/06/23
1.
IP TCP Port 22 2.
TCP Port 22 3.
Windows
4.
5. 6.
7.
Windows Windows XP/2003 Internet Firewall/Windows
Firewall Windows 2000 TCP/IP Linux iptables
http://www.microsoft.com/taiwan/security/protect/
:
http://www.microsoft.com/taiwan/security/protect/firewall.asp
http://www.microsoft.com/windowsxp/using/security/internet/sp2_wfint
ro.mspx
http://www.microsoft.com/windowsxp/using/networking/learnmore/icf.ms
px
http://www.microsoft.com/technet/security/current.aspx
67
B. E-Mail
()()()
(1 2 3 4 )
() ()()
[]
B1: () ()
:AISAC-23)(2 )
[]
: 2010-03-02 13:50:46
: AISAC-23
: []
: 2
:
: IP 210.240.212.239 2010/03/01 01:00 ~ 01:04
:
:
: 07-1234567
3.4 72
1.2 36
,!
C. E-Mail
() () ()()
(1 2 3 4 )
() ()()
C1:
(:AISAC-18)(2 )()()
68
[
18]
[][18]
: 2010-06-28 04:38:03
: AISAC-18
: []
: 2
:
: IP 210.240.212.239 2010/03/01 01:00 ~
01:04
:
:
: 07-1234567
D. E-Mail
(1)()(1 )(2)( 12 )( )
3()(1)(2)(3)
(1)()(1 )
()(1 )
D1:
( AISAC-6)()(1 )
[]
[] [AISAC-6]
: 2010-06-25 15:33:19
: AISAC-6
69
: []
: 1
:
: IP 210.240.212.239 2010/03/01 01:00 ~
01:04
(2) ()
()( )
()()
D2:
( AISAC-6)( )
[]
: 2010-3-2 13:50:46
: AISAC-6
: 1
:
: IP 210.240.212.239 2010/03/01 01:00 ~
01:04
70
3 SMS
SMS
SMS :
SMS
SMS :
SMS :
I.:
II.
I.:
1
:
:
[][]:[],
[],[],[],:[|]
1: [1]
[1][]:[
],[ ],[(07)12345678#62321],[11],
:[]
2: [2]
[2][]:[
],[ ],[(07)12345678#62321],[12],
:[]
71
3: [3]
[3][]:[
],[ ],[(07)12345678#62321],[12],
:[]
4: [4]
[4][]:[
],[ ],[(07)12345678#62321],[12],
:[]
2
: ()
:
()[][][] ,
: ICST() ASOC
1: ICST()INT()
() [][]
[24],
2: ICST()DEF()
() [][ ]
[25],
II.:
:
: 3.4 []
72
() [],[(Time)]
1
1:
() [] 2010-04-08
23:05:55 1
73