インターネットの片隅で〜mirai亜種のスキャン活動を可視化して流行を知る〜

3308671827907bad11d35a38dc4d2e5e?s=47 nhnmomonga
February 24, 2018
Programming
1
380

 インターネットの片隅で〜mirai亜種のスキャン活動を可視化して流行を知る〜

第三回ハニーポッター技術者交流会

3308671827907bad11d35a38dc4d2e5e?s=128

nhnmomonga

February 24, 2018
Tweet

More Decks by nhnmomonga

See All by nhnmomonga
3308671827907bad11d35a38dc4d2e5e?s=48 nhnmomonga
0
610

Other Decks in Programming

See All in Programming
A3fabd96e2ca4bee5b0333ff2a640f01?s=48 translucens
2
220
5c097a7b75c8802b073774faa7276503?s=48 optim
5
340
Fb1b9f3d7332a7a7e262b70013b5f7dd?s=48 mtsmfm
0
120
Fa54d97af93719f9aa82873de3acb3b3?s=48 decoc
1
450
A10e41b0a61d59f2258d7f6172c33479?s=48 kaityo256
0
420
D83b3739651001461f48763639b90b50?s=48 mazipan
4
940
A093c82d1ffb09f8a023c757ffa7419d?s=48 yuzujoe
2
190
38a509643276213e62730e92ef220405?s=48 masatakamiki
0
190
1763273018a6f71ffe4162dd57b60a56?s=48 maryang
0
400
2e7087b86608d4497c209eb9ba14d8f5?s=48 rosylilly
3
4.2k
A8341bc33e5d88f607328d5a82fa42e1?s=48 smartcamp
0
270
1a18bf1e50d7d2bdfe52a6c9fceec244?s=48 saiya_moebius
7
1.5k

Featured

See All Featured
6bb82b13cda86d3b821fa44100335ddf?s=48 thoeni
2
300
B83d5b590577969ee79a5ad845411a7d?s=48 ammeep
652
54k
F57e2136eb9895eb95ff5dc8a1c02677?s=48 zakiwarfel
87
3.2k
D36d2c1821af9249b69ff7f5ed60529b?s=48 tammielis
236
23k
Dafc4723e9a1c067796c0fec6f509774?s=48 lemiorhan
620
40k
462dad0dd24c568a32dcdb0ae895ae1b?s=48 rasmusluckow
314
18k
20bfe76b3d6105641f879fe45cfc9272?s=48 bkeepers
407
57k
Eb8975af8e49e19e3dd6b6b84a542e26?s=48 qrush
282
18k
A60068bce2e73de3a37ca9d2dbe36092?s=48 bryan
28
3.1k
78b475797a14c84799063c7cd073962f?s=48 holman
458
270k
7653c7c449918ff6542880a8c284f5e7?s=48 jponch
101
4.8k
Ded01cdab114abe4ec13511e4c25b9bb?s=48 andyhume
60
2.4k

Transcript

  1. Πϯλʔωοτͷ ย۱Ͱ @nhnmomonga ʙmiraiѥछͷεΩϟϯ׆ಈΛՄࢹԽͯ͠ྲྀߦΛ஌Δʙ

  2. ࣗݾ঺հ • @nhnmomongaʢʹ΄ΜΜ΋΋Μ͕ʣ • ୈ̎ճͰൃදͰ͖ͣࢿྉ্͚ͩ͛ͯ΋ΒͬͨਓͰ͢ • ʮϋχʔϙοτಉਓࢽͷ൓ڹͱऩࢧʯͬͯࢿྉ • ීஈ͸ίϯϐϡʔλʔϑΥϨϯδοΫΛ΍ͬͯ·͢ •

    ࣌ʑޡղ͞Ε·͕͢͜ΕΒ͸࢓ࣄͰ஌Γಘͨ৘ใͰ͸͋Γ·ͤΜʢػ ඍ৘ใͰ͸ͳ͍ʣ

  3. ຊ୊ • ͱ͋Δ೔IIJ͞Μͷϒϩάهࣄ[1]ΛಡΜͰ͍ͨ • miraiѥछʹײછ͍ͯ͠Δ೔ຊࠃ಺ͷϗετ͕૿͑ͯΔ • ʢࣗ෼ͷ؅ཧ͍ͯ͠ΔʣϋχʔϙοτͰ΋ಉ͡Α͏ͳ܏޲͕ग़Δʁ • Θ͟Θ͟ૂΘΕΔΑ͏ͳ͜ͱ͸͍ͯ͠ͳ͍ •

    ͍Θ͹Πϯλʔωοτͷย۱ʹ͋Δ • SHDOANʹ͸ਖ਼֬ʹัଊ͞ΕͨΓ͞Εͳ͔ͬͨΓ… • ϩάΠϯͯ͠ͳ͍͔Β͓ۚΛ෷͏ͱͲ͏ͳΔ͔Θ͔Βͳ͍ [1]೔ຊࠃ಺ʹ͓͚Δ Mirai ѥछͷײછঢ়گ (2017೥12݄) | https://sect.iij.ad.jp/d/2018/01/091843.html

  4. ݕূ • ಉϒϩάʹΑΔͱɺʮmiraiѥछͷεΩϟϯ׆ಈʹεΩϟϯͷύέο τͷॳظγʔέϯεφϯόʔ͕ѼઌIPͱಉ͡ʯͱͯ͠؍ଌ • ಉ͜͡ͱΛϋχʔϙοτͰ΋ͯ͠ൺֱ͢Δ • ͲΕ͚ͩʢmiraiѥछʹײછ͍ͯ͠Δͱࢥ͖͠ʣࠃ಺ͷϗετ͔Β εΩϟϯΛड͚͍ͯΔ͔ݟͯΈ͍ͨ •

    ϋχʔϙοτΛҰ୆͔͠ӡ༻͍ͯ͠ͳͯ͘΋ɺʢͪΌΜͱʣྲྀߦ ʹࠨӈ͞ΕΔͷ͔ʁ

  5. ݕূํ๏ • tsharkͰύέοτΩϟϓνϟΛͱΔ • ʢ͓ۚ͸ͳ͍ͷͰʣखݩʹpcapϑΝΠϧΛμ΢ϯϩʔυ • pcapϑΝΠϧΛtsharkΛ࢖ͬͯcsvϑΝΠϧ͢Δ • LogstashͰElasticsearchʹͿͪࠐΉ •

    KibanaͰDashboard࡞Δ • ํ๏ͷৄࡉ͸ϒϩάʹͯ • http://onthesoup.hatenablog.com/entry/2018/02/11/061500

  6. DEMO

  7. ݁Ռ • ͜͜·Ͱ΍ͬͯɺΑ͘ߟ͑ͨΒ܏޲͕ಉ͔͡·Ͱ͸IIJ͞Μ͕2݄෼ͷ ෼ੳ݁ՌΛग़ͯ͘͠Εͳ͍ͱΘ͔Βͳ͍͜ͱ͕Θ͔ͬͨʢসʣ • Ͳͷ͘Β͍ࠃ಺ϗετ͔ΒεΩϟϯ͕͋Δ͔͸Θ͔͚ͬͨͲ • ϓϥεʹߟ͑Δͱࠓͷঢ়گ͕Θ͔ͬͨʢͱ͍͏͜ͱʹ͍ͯͩ͘͠͞ʣ • ౰ॳ໨తͷୡ੒͸དྷ݄IIJ͞Μ͕2݄෼ͷϒϩάΛॻ͍ͯ͘ΕΔ͔Ͳ

    ͏͔ʹ͔͔͍ͬͯΔ…ʂ • ΋͜͠ͷ৔ʹؔ܎ऀ͍Βͬ͠ΌͬͨΒͳΜͱ͔͓ئ͍͠·͢

  8. ͓Ͷ͕͍ • DemoΛݟͯͩ͘͞ΔͱΘ͔ͬͨͱࢥ͍·͕͢ɺࠃ಺ϗετ͔Βͷε Ωϟϯ͸݁ߏଘࡏ͍ͯ͠·͢ • ࣗ୐΍࣮͝ՈʹؼͬͨΒҰ౓ϧʔλʔ΍IPΧϝϥΛ఺ݕ͍ͯͩ͘͠͞ • ઃஔͨ͠Β೥୯ҐͰͦͷ··ͬͯී௨ͷ͝ՈఉͳΒΑ͋͘Δ͸ͣ • ڈ೥຤͔Βࠓ೥ʹ͔͚ͯࠃ಺Ͱྲྀߦ֦ͨ͠ࢄ׆ಈʹར༻͞Ε͍ͯΔͱ

    ݴΘΕ͍ͯΔ੬ऑੑ͸2014೥ʹެ։͞Εͨ੬ऑੑʢCVE-2014-8361ʣ • ࣮͝ՈʹؼΔػձͬͯҰ೥ͰԿճ͋Γ·͔͢ʁ • Miraiѥछ͚ͩ͡Όͳ͘CoinMiner΋ྲྀߦ͍ͬͯ·͢ ͓͠·͍