Upgrade to Pro — share decks privately, control downloads, hide ads and more …

ハニーポットの育てかた

Avatar for Kazuaki Morihisa Kazuaki Morihisa
September 29, 2018
Technology
0
1.3k

 ハニーポットの育てかた

2018年9月29日 第5回 ハニーポッター技術交流会
@morihi_soc #hanipo_tech
https://hanipo-tech.connpass.com/event/97575/
Avatar for Kazuaki Morihisa

Kazuaki Morihisa

September 29, 2018
Tweet

More Decks by Kazuaki Morihisa

See All by Kazuaki Morihisa
まだ見ぬ攻撃を求めて
Avatar for Kazuaki Morihisa morihi_soc
1
1k
ハニーポットのログを国別で傾向分析してみた
Avatar for Kazuaki Morihisa morihi_soc
1
2k
ハニーポットで見る攻撃の検知傾向 〜秘密のファイル〜
Avatar for Kazuaki Morihisa morihi_soc
2
1.9k
あの脆弱性は今 ~ハニーポットで追ってみた~
Avatar for Kazuaki Morihisa morihi_soc
5
3.1k
ハニーポット活用事例紹介
Avatar for Kazuaki Morihisa morihi_soc
0
1.3k
Satori 系ボットネット観察 Attack from Japan
Avatar for Kazuaki Morihisa morihi_soc
0
1.9k
ハニーポットと脆弱性スキャン
Avatar for Kazuaki Morihisa morihi_soc
2
1.3k
Drupalgeddon2 をハニーポットで観察してみた
Avatar for Kazuaki Morihisa morihi_soc
1
1.3k
ハニーポット開発でビビってしまった話
Avatar for Kazuaki Morihisa morihi_soc
4
1.5k

Other Decks in Technology

See All in Technology
All About Sansan – for New Global Engineers
Avatar for Sansan, Inc. sansan33
PRO
1
1.2k
セキュリティSaaS企業が実践するCursor運用ルールと知見 / How a Security SaaS Company Runs Cursor: Rules & Insights
Avatar for tetsuzawa tetsuzawa
1
3.2k
うちの会社の評判は?SNSの投稿分析にAIを使ってみた
Avatar for Kiyotaka Doumae doumae
0
620
Nonaka Sensei
Avatar for Yasunobu Kawaguchi kawaguti
PRO
3
470
ソフトウェアテストのAI活用_ver1.20
Avatar for fumisuke fumisuke
0
230
Introduction to Sansan Meishi Maker Development Engineer
Avatar for Sansan, Inc. sansan33
PRO
0
270
Amazon DevOps Guru のベースラインを整備して1ヶ月ほど運用してみた #jawsug_asa / Amazon DevOps Guru trial
Avatar for MasahiroKawahara masahirokawahara
3
220
Spring for GraphQLって実際どうなの?〜小規模スタートアップの事例紹介〜
Avatar for koga yushi kogayushi
0
170
型システムを知りたい人のための型検査器作成入門
Avatar for Yusuke Endoh mame
12
2.9k
20250612_GitHubを使いこなすためにソニーの開発現場が取り組んでいるプラクティス.pdf
Avatar for Yasuhiro Osaki osakiy8
1
350
Introduction to Sansan, inc / Sansan Global Development Center, Inc.
Avatar for Sansan, Inc. sansan33
PRO
0
2.6k
Tensix Core アーキテクチャ解説
Avatar for Tenstorrent Japan tenstorrent_japan
0
250

Featured

See All Featured
Art, The Web, and Tiny UX
Avatar for Lynn Fisher lynnandtonic
299
21k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
Avatar for Stéphanie Walter stephaniewalter
280
13k
Stop Working from a Prison Cell
Avatar for Chris Michel hatefulcrawdad
269
20k
Into the Great Unknown - MozCon
Avatar for Noah Learner thekraken
39
1.8k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
Avatar for Morgane Peng morganepeng
130
19k
Documentation Writing (for coders)
Avatar for Carmen Chung carmenintech
71
4.8k
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
Avatar for Michelle Schulp Hunt marktimemedia
30
2.4k
Building a Scalable Design System with Sketch
Avatar for Laura Van Doore lauravandoore
462
33k
No one is an island. Learnings from fostering a developers community.
Avatar for Antonio thoeni
21
3.3k
Gamification - CAS2011
Avatar for David Bonilla davidbonilla
81
5.3k
Fireside Chat
Avatar for paigeccino paigeccino
37
3.5k
Easily Structure & Communicate Ideas using Wireframe
Avatar for Afnizar Nur Ghifari afnizarnur
194
16k

Transcript

  1. 2018೥9݄29೔ ୈ5ճ ϋχʔϙολʔٕज़ަྲྀձൃදࢿྉ ϋχʔϙοτͷҭ͔ͯͨ @morihi_soc

  2. ϋχʔϙοτͷҭ͔ͯͨ XIPBNJ w ৿ٱ࿨ত !NPSJIJ@TPD  w ຊۀ͸ωοτϫʔΫηΩϡϦςΟΤϯδχΞɾΞφϦετ w झຯͰϋχʔϙοτΛӡ༻͢Δϋχʔϙολʔ

    w ϒϩάˠIUUQTXXXNPSJIJTPDOFU w ϋχʔϙολʔٕज़ަྲྀձओ࠵ऀ w IUUQTIBOJQPUFDIDPOOQBTTDPN 2 ࠓ·Ͱʹ͓ੈ࿩ʹͳͬͨΠϕϯτ(Ұ෦) ɾ*5,FZT ݱ4FD$BQ  ɾωοτϫʔΫύέοτΛಡΉձ Ծ  ɾ/*4$αΠόʔϋϩ΢Οϯ ɾ*OUFSOFU8FFLɾ)BSEFOJOH ɾTTNKQɾ"*4FDɾ4UVEZ$PEF ɾULULηΩϡϦςΟษڧձ ɾ૯ؔ੢αΠόʔηΩϡϦςΟ-5େձ ɾ08"41/BHPZBɾ*P54FD+1 ग़൛ͨ͠ຊ΍ٕज़ಉਓࢽ NEW 2018೥8݄ˣ

  3. ϋχʔϙοτͷҭ͔ͯͨ ͓඼ॻ͖ w ϋχʔϙοτ͸͡Ί·ͨ͠ʙͦͷޙʙ w ָ͘͠ӡ༻͢Δํ๏ w QBTUFCJO w υϝΠϯΛׂΓ౰ͯΔ

    w ৵ೖݕ஌γεςϜ w ·ͱΊ 3

  4. ϋχʔϙοτͷҭ͔ͯͨ ϋχʔϙοτ͸͡Ί·ͨ͠ʙͦͷޙʙ w ϋχʔϙοτͷ؀ڥΛߏங͢Δ͜ͱΛઐ໳༻ޠͰ
 ʮϋχʔϙοτΛ২͑Δʯͱ͍͏ɻ w ϋχʔϙοτΛӡ༻͢Δਓϋχʔϙολʔ w ت͹͍͜͠ͱʹɺϋχʔϙοτΛӡ༻͢Δ
 ϋχʔϙολʔ͕૿Ճ܏޲ʹ͋Γ·͢ɻ

    w ϒϩά΍4/4ͳͲͰϋχʔϙοτͰಘͨϩάͷ
 ෼ੳ݁ՌͳͲΛެ։ͯ͘͠Ε͍ͯΔਓ΋͍Δɻ w ެ։͞Εͨ৘ใ͸ࢀߟʹͳΓ·͢ɻ
 ͋Γ͕ͱ͏͍͟͝·͢ 4

  5. ϋχʔϙοτͷҭ͔ͯͨ w ͜Μͳ೰ΈΛ͓࣋ͪͷํ͕͍Δ͔΋ʜ w ϋχʔϙοτΛ২͑ͯຬ଍ͨ͠ w ϩάऩू͕௙Βͳ͍ w ͋Δఔ౓ɺܾ·ͬͨ߈ܸ͔͠དྷͳ͍ w

    Ͳ͏΍ͬͯ෼ੳ͢Ε͹͍͍͔Θ͔Βͳ͍ w ߈ܸख๏ͷௐ΂ํ͕Θ͔Βͳ͍ 5 ϋχʔϙοτ͸͡Ί·ͨ͠ʙͦͷޙʙ →ͦͯ͠์ஔ΁ɾɾɾ

  6. ϋχʔϙοτͷҭ͔ͯͨ ϋχʔϙοτ͸͡Ί·ͨ͠ʙͦͷޙʙ w ์ஔ͞ΕͨϋχʔϙοτΛઐ໳༻ޠͰ
 ʮϋχʔϙοτ͕ރΕΔʯͱ͍͏ɻ w ͔ͤͬ͘ϋχʔϙολʔʹͳͬͨͷͳΒɺ
 ָ͘͠ӡ༻͍ͨ͠Ͱ͢ΑͶɻ 6

  7. ϋχʔϙοτͷҭ͔ͯͨ ϋχʔϙοτΛָ͘͠ӡ༻͢Δํ๏ w ϩάΛऩू͢Δ্Ͱɺ΋ͬͱ΋ॏཁͩͱࢥ͏͜ͱ 7 ϋχʔϙοτͷଘࡏએݴ

  8. ϋχʔϙοτͷҭ͔ͯͨ ଘࡏએݴ w ΍Δ͜ͱ͸؆୯ɻϋχʔϙοτΛ২͑ͨϗετͷ
 *1ΞυϨε΍υϝΠϯ໊Λग़͚ͩ͢ɻ w ࠓճ͸ͭ঺հ͠·͢ɻ w QBTUFCJOʹͨΕࠐΉ w

    υϝΠϯΛҭͯΔ 8

  9. ϋχʔϙοτͷҭ͔ͯͨ ଘࡏએݴͦͷɿQBTUFCJO w QBTUFCJO͸ςΩετΛެ։Ͱ͖Δ8FCαΠτ w ࢖͍ํ͸ඇৗʹ؆୯ w Ϣʔβొ࿥͸ෆཁɻͨͩ͠ޙ͔ΒهࣄΛ࡟আͰ͖Δ Α͏ʹొ࿥͓͍ͯͨ͠ํ͕͍͍ɻ w

    ͱΓ͑͋͑ͣ*1ΞυϨεΛ
 ॻ͍͓͚ͯͩ͘Ͱ΋ޮՌ͋Γ 9 IUUQTQBTUFCJODPN

  10. ϋχʔϙοτͷҭ͔ͯͨ ϋχʔϙολʔͷใࠂྫ 10 Ҿ༻ݩɿAWS Security JAWS ܦࡁతʹϋχʔϙοτͷϩά෼ੳΛ͢ΔͨΊͷϕετϓϥΫςΟεʁ
 https://www.slideshare.net/MasamitsuMaehara/aws-security-jaws ஫໨

  11. ϋχʔϙοτͷҭ͔ͯͨ QBTUFCJOΛ࢖͏ͱ͖ͷ஫ҙ఺ w ςΩετΛެ։͢ΔͱɺΞΫηεͯ͘͠Δਓ͕݁ߏ ͍Δɻ ΫϩʔϦϯάͷ৔߹΋͋Δ 
 ˠςετͨ͠ͱ͖͸࣌ؒʹਓఔ౓Ӿཡ͞Εɺ ਓΞΫηε͠ʹ͖ͨɻ w

    ϩάऩूՄೳͳঢ়ଶͰॻ͖ࠐΜͩํ͕ྑ͍ w ϋχʔϙοτͷӡ༻Λऴྃͨ͠ͱ͖ͷͨΊʹ
 QBTUFCJOͷهࣄΛ࡟আͰ͖ΔΑ͏ʹ͓ͯ͘͜͠ͱɻ
 
 ˠϋχʔϙοτͷ*1ΞυϨε౳͕ɺࣗ෼ͷ؅ཧ͔Β ์Εͯ΋৘ใ͕࢒͍ͬͯΔͷ͸Α͘ͳ͍ɻ 11

  12. ϋχʔϙοτͷҭ͔ͯͨ ଘࡏએݴͦͷɿυϝΠϯΛҭͯΔ w ࣾձਓϋχʔϙολʔͳΒ͹ɺαʔόͷϨϯλϧͩ ͚Ͱͳ͘ɺυϝΠϯΛܖ໿ͯ͠ϋχʔϙοτͷ*1
 ΞυϨεʹඥ͚ͮͯӡ༻͍ͯ͠Δ͸ͣɻ w ͔ͤͬ͘ͳͷͰɺඥ͚ͮͨυϝΠϯΛҭͯͯΈΑ͏ɻ w جຊతͳߟ͑ํ͸4&0ͱಉ͡ɻ͔͠͠ϋχʔϙο

    τ͸ͦ͜·Ͱ౒ྗ͠ͳͯ͘ྑ͍ɻ 12

  13. ϋχʔϙοτͷҭ͔ͯͨ Ϙοτ͕ߟ͑ͯͦ͏ͳ͜ͱ w ݕࡧαΠτͰɺݕࡧͯ͠ग़ͯ͘Δ8FCαΠτ͸߈ܸ ͢ΔՁ஋͕͋Γͦ͏ɻ͔ͩΒ߈ܸ͢Δᶃ w ݕࡧͨ͠αΠτ͔ΒϦϯΫ͞ΕͨαΠτ΋ɺ߈ܸ͢ ΔՁ஋͕͋Γͦ͏ɻ͍ͭͰʹ߈ܸ͢Δᶄ w ߈ܸͷ༏ઌॱҐ͸ᶃᶄ

    w ϋχʔϙολʔͷࢹ఺Ͱߟ͑Δͱ w ᶃΛϋχʔϙοτͰӡ༻͢Δͷ͸େมɻ
 ͦ͜Ͱී௨ͷ8FCαΠτͱͯ͠ӡ༻͢Δɻ w ᶄΛϋχʔϙοτͱͯ͠ӡ༻͢Δͷ͸؆୯ɻ
 ᶃ͔ΒϦϯΫ͓͚͑ͯ͞͠͹ྑ͍ɻ 13

  14. ϋχʔϙοτͷҭ͔ͯͨ ೥ͷ࣮ફه 14 ձ৔ݶΓ NO PHOTO ձ৔ݶఆ

  15. ϋχʔϙοτͷҭ͔ͯͨ ೥ͷ࣮ફه 15 ձ৔ݶΓ NO PHOTO ձ৔ݶఆ

  16. ϋχʔϙοτͷҭ͔ͯͨ υϝΠϯΛҭͯΔͱ͖ͷ஫ҙ఺ w ௕͘ӡ༻͢Δ΄Ͳ߈ܸΛऩू͠΍͘͢ͳΔ͕ɺ
 ϋχʔϙοτͱݟഁΒΕͯ͠·͏Մೳੑ΋͋Δɻ w ϋχʔϙοτͷαʔό୅ۚʹՃ͑ͯɺυϝΠϯͷҡ ࣋අ͕͔͞Ήɻ w ΋͠΋ͷ͜ͱΛߟ͑ͯɺϋχʔϙοτ͕εύϜϝʔ

    ϧͷ౿Έ୆ʹ͞Εͳ͍Α͏ʹ%/4ͷTQGϨίʔυ ͰʮBMMʯΛࢦఆ͓ͯ͘͠ͱ҆৺Ͱ͖Δɻ 16 ʢࢀߟʣ SPF Ϩίʔυ຤ඌͷ ”~all” ͱ ”-all” ͷҧ͍ https://www.nisc.go.jp/conference/suishin/adviser/dai5/pdf/sankou.pdf

  17. ϋχʔϙοτͷҭ͔ͯͨ ϩά෼ੳͷ࿩ w QBTUFCJO΍υϝΠϯΛҭͯΔ͜ͱͰɺ߈ܸΛऩू͠ ΍͘͢ͳΓ·͢ɻ w ͦ͏͢Δͱɺࠓ·Ͱݟͨ͜ͱ΋ͳ͍߈ܸ΋ࠞͬͯ͟ ͖·͢ɻ w ͜͏͍͏ͱ͖͸ʮ৵ೖݕ஌γεςϜʯͷྗΛआΓΔ

    ͱָ͘͠ͳΓ·͢ɻ 17

  18. ϋχʔϙοτͷҭ͔ͯͨ ৵ೖݕ஌γεςϜ w ৵ೖݕ஌γεςϜ*%4 *OUSVTJPO%FUFDUJPO4ZTUFN ͸ɺ߈ܸͷಛ௃Λγάωνϟͱͯ͠ఆ͓͖ٛͯ͠ɺ ؂ࢹର৅ͷωοτϫʔΫʹྲྀΕΔ௨৴ͱҰகͨ͠ͱ ͖ʹΞϥʔτΛग़͢γεςϜɻ w Φʔϓϯιʔειϑτ΢ΣΞͩͱ4OPSU͕༗໊

    w 51PUΛӡ༻͍ͯ͠Δਓ͸4VSJDBUB͕͓ೃછΈ 18 Snort https://snort.org/ Suricata https://suricata-ids.org/

  19. ϋχʔϙοτͷҭ͔ͯͨ ໨ͰݟͯΘ͔Γ΍͘͢ w *%4͸ૉ੖Β͍͠ɻ߈ܸΛݟ͚ͭͯ͘ΕΔɻ w ͔͠͠ɺΞϥʔτ͸ਓؒͷ໨ʹ༏͘͠ͳ͍ ɻ w *%4ͷΞϥʔτΛՄࢹԽ͢ΔγεςϜ͕ཉ͍͠ɻ 19

    * ͨͩ͠ύέοτ޷͖ͳਓ͸আ͘ɻ

  20. ϋχʔϙοτͷҭ͔ͯͨ 4OPSCZ w 4OPSU΍4VSJDBUBͷϩάΛՄࢹԽͯ͘͠ΕΔγες ϜͰ͸4OPSCZ͕Φεεϝɻ 20 Snorby https://github.com/Snorby/snorby

  21. ϋχʔϙοτͷҭ͔ͯͨ 4OPSCZʹ͓͚Δϩάͷݟ͑ํ 21

  22. ϋχʔϙοτͷҭ͔ͯͨ ͨͱ͑͹ɺ͜Μͳ؂ࢹ؀ڥ͸͍͔͕ w ߈ܸΛड͚Δ w ϋχʔϙοτ 808)POFZQPU  w ߈ܸΛ؂ࢹ͢Δ

    w *%4 4OPSU  w 4OPSUͷϩάΛసૹ͢Δ w #BSOZBSE w ߈ܸͷϩάΛՄࢹԽ͢Δ w 4OPSCZ 22 Snorby ͸ɺ௚઀ Snort ͷϩά ΛݟΕͳ͍ɻͦ͜ͰBarnyard2 Ͱ Snort ͷϩάΛ Snorby ༻ͷ σʔλϕʔε΁సૹΛ͢Δɻ Snorby ͸σʔλϕʔεͷϩά ΛՄࢹԽͯ͠ɺϒϥ΢β͔Β ϩάΛ֬ೝ͢Δ͜ͱ͕Ͱ͖Δɻ

  23. ϋχʔϙοτͷҭ͔ͯͨ ؂ࢹ؀ڥུ֓ਤ 23

  24. ϋχʔϙοτͷҭ͔ͯͨ σϞ ձ৔ݶఆ 24

  25. ϋχʔϙοτͷҭ͔ͯͨ ·ͱΊ w ϋχʔϙοτΛ͸͡Ίͨਓ͸ϩάऩूͱϩά෼ੳʹ ࠔΔ͔΋͠Εͳ͍ɻ w ϋχʔϙοτͷଘࡏએݴ͸େ੾ɻ w QBTUFCJOΛ࢖ͬͨΓɺϋχʔϙοτʹׂΓ౰͍ͯͯ ΔυϝΠϯΛҭͯΔͱ߈ܸΛूΊ΍͍͢ɻ

    w ϋχʔϙοτͱ*%4ΛฒߦՔಈͤ͞Δ͜ͱͰɺҧͬ ͨϩάͷݟ͑ํ͕Ͱ͖Δɻ w ඟᰈɺࣗ෼ͷ޷͖ͳελΠϧͰָ͠Ί͹͍͍ͱࢥ͏ɻ 25

  26. ϋχʔϙοτͷҭ͔ͯͨ )BQQZ)POFZQPU 26 ←2018೥6݄9೔ ৽॓ޚԓ େԹࣨͰࡱӨ ৯஬২෺Ͱ͸ͳ͍ɻ ͓͠·͍