広域インシデント情報共有および分析技術の開発
Contents
1. iodef ridserver binxcatalina bat stop Cyber Solutions Inc rights reserved 14 2 2 IODEF Wide AreaTracker e config ridgen conf lt gt SOURCE SRC ADDRESS 0000 IPEHL EU UL UE U DID D U LE U EMAIL L1 D DHL 7B OI Di 7E LO LE nin RID QUERY URIT j iodef ridserver services RI DQuerM RIDO OOO URL uuuiuulittuttultLtuttLutLutLL MAP FILE config map map disp map Uu uuuuulutltlutL itl DSTI ADDRESS QjRID 1 i HH DH DL B E D EU D U HE 7 HE HE 7E 7E UT D 959592 5 lt gt e config AlertRecever conf lt SNMPPORTI 162 SNMP Trap Ncotification ld EH E JU E Snort DATA DIR 0 0 DATABASE 0 00000000 0000 0000000000000 e daemon l 7E perl paths dNew pl tmp e WideAreaTracker bat tL E EB E E D Cyber Solutions Inc rights reserved 15 ias va me 2 2 1 Snort L L ED L1 00 0 0 Snot2. NS NEUES Period MS SQL Worm propa csrit cysols com 20 2005 05 13 14 25 39 12005 09 27 13 1 536 Met 2224 78 152 896 MS SQL Worm propa csrit cysols com 20 MS SQL Worm propa MS SQL Worm propa e IncidentType Select type 2005 06 01 19 37 18 2005 09 27 13 15 36 Alert 60 191 2 211 MS SQL Worm pro csrit cysols com 20 SQL Worm prapa csrit cysols com 20 MS SQL Worm propa csrit cysols com 20 csrit cysols com 20 csrit cysols com 20 csrit cysols com 20 csrit cysols com 20 csrit cysols com 20 csrit cysols com 20 csrit cysols com 20 csrit cysols com 20 e e lt 2 t5 e o M e 0000000000000 Observation Point Observation Point 00000 Incident Type Cyber Solutions Inc rights reserved 13 Incident Type ALL Alert Packet U L Analyze 0 0 0 000000000000000 0 Display AMD D C U D U L 002800000000000000000 y 2 IH D BO BD E BL BI GEB E E 2 1 IODEF RidServer e bin catalina bat start O Tomcat HTTP t EH E EL
3. D U H B LI I D LI D XC 0 000000000000000000 10 0000000000000 rotg telnet lt ADDRESS gt 4555 Trying 1 HOST ADDRESS gt Connected to HOST ADDRESS Escape character is T JAMES Remote Administration Tool 2 2 0 Please enter your login and password Login id Password Welcome root HELP for a list of commands adduser 00000 109 000000000 listusers adduser iodef iodef User iodef added Cyber Solutions Inc rights reserved 8 listusers Existing accounts 1 user iodef 2d 0000000000000000000 000000 IODEF 0 0 00000000 00000000000000000 XML DB I l L Un 1 6 IODEF Analyzer e Analyzer confio db properties IODEF 0000 DB JU D HOSTIP xindice 00000000000000000000 DBPORT 4081 5 8 db 0000 Collection JI D HU D H U HE B D U L iodef IODEF
4. Collection 000000000000 e Analyzer bat 000000 Cyber Solutions Inc rights reserved 9 1 6 1 Analysis Conditions 0000000000000 Incident Analysis 000000000 Analysis Conditions 000000 I Analysis Conditions 5 Period fram 2005 09 27 14 31 00 mn to 2005 08 27 14 31 00 m Analysis Type 005 attack all around the world Result View 0 gt Table View Map View Graph View Period Cyber Solutions Inc rights reserved 10 0000000000000 F 29 30 hau a Analysis Analysis Dos attack all around the world Widely operated attacks Dl Result View Degre of Observation 000000001000 Teble View Map View Graph View O00 0000000000 100000000000000000000 0 0000 0000000 The results of 005 attack all around the world 7 Table View Map View Graph View DoS Target Incident Name of Events Points Degree of Observation 195 204 1 132 ack csrit cysols com emhb cs 202 109 128 29 ack csritcysols corn ern2 cs 61 129 102 86 ack csrit cysols
5. D 00000000 000000000000000 Cyber Solutions Inc rights reserved 2 0000 Ul e config packetiodefaggr conf lt gt lt gt lt gt lt gt lt gt 1 UO DU D 5 _ 0000000000000000000 QUEUE_DIR 0 0 TODEF XML TED D D D U U U UU LU ERROR DIR invalid 000000000 0 YODEF XML DE D HU DUMP DATA dumpdetaf cH HL DO O0 D D D D C DL D D L e 000000000 SENSOR 10000 120000000 e config contact xml ContactList2 O0 O0 000 0 0 Contacta 0 0000000000000 0000000000 J J Contact contacttype T 00000000 lt 970100000 Cyber Solutions Inc rights reserved Contact class Name RegistryH andle PostalAddress Email Telephone Fax Timezone Contact recursive lt ELEMENT Contact Name Description RegistryHandle PostalAddress Email Telephone Timezone Contact gt 5 Contact contactrole creator admin tech ir
6. com em 1 0 c 61 174 171 195 ack csrit cysols com em 1 0 c 219 147 217 84 ack csrit cysols com emb cs 218 90 161 156 IrcP ack csrit cysols com emb cs 219 129 239 37 ack csrit cysols com em 1 0 c 61 152 95 148 ack csrit cysols com em 1 0 c 218 75 231 165 csrit cysols com emb cs lalala 219 153 11 163 csrit cysols com em0 cs Cyber Solutions Inc rights reserved 11 ugs Map View 000000 AS5042 me AS15149 UN AS3832 AS AS3659 m dtp 884 AS5055 AS31 AS17624 0000 Graph View 0000060 77 Tw ot Eros ant ach eae verc Time Series Graph Dag MumEar 23 inzidenis Lay B a 1 zh 1 J 1 Uc CUALES 8155 2024 7 732 E 202 109 128 239 F 61 129 102 85 219 47 21754 E 218 90 11 195 E 219 129 239 37 168115255148 8218 75 231 165 B 3484533434 163 1 6 2 DB Manager ugupnpnpupmBiumadiliili H DB Management O D DD D D DB Manager Cyber Solutions Inc rights reserved 12 _ DB Manager Search Period Condition Observation Point from 2005 06 01 18 53 18 to 2005 09 27 13 15 36
7. 0 0 Snort Ad IMS 2005 09 28 17 45 12 Cyber Solutions I nc All rights reserved 16 uuuuuugugguguuuuuul Un Uni 1 UI Query RidServer 00000 sidaMIBaletgB nn nnn nnnnnnnnnnnn 0000000000 RID Query RidServer O O U U O LI Tracking Result Map E EL E L E LH Cyber Solutions Inc rights reserved 17 Tracking Result 27 File View X AS15140 m pona n AS15484 5 453659 AS5655 AS34 S uM EN AS17624 Cyber Solutions Inc rights reserved 18
8. 00000000 James James 000000 1 apps james SAR I confi g xml lt config H 1 I 000000000000000 0000000 ames servernames lt servername gt 0 501000 lt nsserver gt servers gt server JU Windows XP O O O O dnsserver audodiscovery false lt 0000000000000 0 0 emotemanager lt handler gt administrator accounts account 2 J ames James 000000 usr ocal iodef center Windows 0 00 runba gp 000000000 sMTP Unixi usr local iodef center bin run sh Using PHOENIX HOME usr local iodef center Using PHOENIX TMPDIR usr local iodef center temp Using JAVA HOME usr local java Running Phoenix Phoenix 4 0 1 James 2 2 0 Cyber Solutions Inc rights reserved 7 Remote Manager Service started plain 4555 Service started plain 110 SMTP Service started plain 25 NNTP Service Disabled Fetch POP Disabled FetchMail Disabled 3 0000000 4555 0000000000 tene 000000000 0000 Remote Manager Service BU
9. INFORMATION TECHNOLOGY PROMOTION AGENCY JAPAN 20040 0 0 10941 OOOO 2005 10 3174760 TEE EE 1 1 SIDAIODEF RECEIVERZARCHIVER 1 L2 SIDALIODEF GENERATOR u uu uluya 2 1 5 MANVALAUTHORING uay lu a 4 TODEF SEN DER uu u u a 4 1 5 IODEFERECEIVERTJARCHINER u u c 5 1 6 ZER u ul uum 9 2 1 RIDSERVERuu uu uuu 14 2 2 TODEF WIDEAREATRAGCKER u u u u u u ya pem ex u En u luu uuu us 15 1 1 1 Sida IODEF Receiver Archiver e PostgreSQL Data Server 8 0 1000000 e config AlertReceiver conf SNMPPORTT 162 SNMP Trap Notification 000000000 Snort DATA DIR data 0 O DATABASE 5 true 00000000 2810000000000 e config db properties HOSTIP PostgpresQL t duuututiutu t 543208 0 0 0 0 0 U PostgresQL 0 E IU L DATABASE sidaAlertDB 0000000000 DB USER sida 0000000000 DB HEB D DI U ll PASSWORD I Lj H U HO ELO ELO 7E 7 BE 7E 7 u 955 e SimpleAlertReceiverArchiver bat 1 D DJ LH Cyber S
10. ef ap sender X ML Ema Sender C xml xindice 1 0 iodef_senerator 1 5 Receiver Archiver e xindice l XINDICE O L XINDICE_HOME startup O L XINDICE HOME bin xindiceadmin shutdown c db e xindice xindice XML Document Document 10000000 Collection 0 000000000000000000000 iedef Collecion JI D U D LI U D Cyber Solutions Inc rights reserved 5 xindice Native XML Database Collection IncidentID To deo _ IncidentID db Colletiongp 0000000000000000 00 95000 db odef Collection XINDICE HOME bin xindiceadmin ac c db n iodef Created db iodef e cenfig db propertiesr 0 IODEF Receiver Archiver XML Mailet 2800000000000 HOSTIP xindicerj 0 0000000000000000000 DBPORT 4060 DB l uU LH HH HH BH CE HL UU HUU EE DATABASE Q do O00 00 Collection 000000000000000 COLLECTIONII iodeff IODEF Collection Cyber Solutions Inc rights reserved 6 e J ava Apache Mail Enterprise Server 000000000 000000000000000000
11. olutions Inc rights reserved 1 C EWINMDOWSEsystem32Ycmdaexe Simple lertReceiver rchiver bat xml xindice 1 0 iodef zenerator SimpleAlertReceiver rchiver bat C anl xindice l def generator C Y Program Files bii EST 191 5 cp cvsol alertreceiver jarilib pg 4 215 jdbc2 jar com cvsols receiver ap Simple l ertArchis m Will ENO the 4 io PM size limit when sending SMMPv 1 and SMMPv packets m co sols m pc ol tienFactorw dblnitialize nasi o nFacto dblnitialize dblnitialize dblnitialize ER n tory 0 tion m 158 0 252 lt en a oding EUC P Po rt 5432 InitPec 10 27 59 col z vut tne ct ionFactory dbInitialize Satt ine DB er DBTYPE 1 2 Sida IODEF Generator e daemon ASPATHS JD H B DE DD UH B E HD H 7E E E D UE OE EE I perl paths dNew pl tmp e config db properties Sida Receiver Archiver 000000000000000 e config sidaiodefgen conf 00000000000000 SOURCE QUEUE_DIRII queue O 0 ERROR DIR invalid UD H HH D 00 IODEF XML 1 U U
12. t cc REQUIRED contacttype person organization ZREQUIRED restriction 9oattvals restriction 4 MPLIED e 1000000 Sidal ODEF Generator bat Packetl ODEF Generator bat 1 3 Manual authoring e config iodeftrans conf lt gt lt gt lt gt lt gt SMTP SERVER I I D EL DO BH D DB DL OL UL UL 000000000000 SENDER ADDERSS 000 000000000 RECIPIENT ADDRESSED 00 COMPLETED DIR completed 0 O0 O0 O O IODEF XML 000000 104 receiver 0 000000000000 ManualAuthoring bat 1 4 IODEF Sender e config iodeftrans conf lt gt lt gt lt gt Cyber Solutions Inc rights reserved SMTP SERVER I D LO D D HH ELO DUO DO DO D HE DE D DE UO 7 D D L SENDER ADDERSS 000 000000000 RECIPIENT ADDRESSED DO D COMPLETED DIR O O O IODEF XML 1 HU DU U a hhi i Ti e iodef_receiver 00000000000 IODEFSender bat C YWINDOWSYEsystem32 Ecmdexe L xml xindice 1 0 iodef generator IODEFSender bat C xml xindice 1 0 iodef gnerator C Y Program Files Wlava idk1 5 0 04YbinYZiava cp iodef generator jar lib mail jar lib activation jar iod
Download Pdf Manuals
Related Search