Upgrade to Pro — share decks privately, control downloads, hide ads and more …

インターネットの片隅で〜mirai亜種のスキャン活動を可視化して流行を知る〜

3308671827907bad11d35a38dc4d2e5e?s=47 nhnmomonga
February 24, 2018
Programming
1
420

 インターネットの片隅で〜mirai亜種のスキャン活動を可視化して流行を知る〜

第三回ハニーポッター技術者交流会

3308671827907bad11d35a38dc4d2e5e?s=128

nhnmomonga

February 24, 2018
Tweet

More Decks by nhnmomonga

See All by nhnmomonga
3308671827907bad11d35a38dc4d2e5e?s=48 nhnmomonga
0
660

Other Decks in Programming

See All in Programming
2b67c3578e104daca8c6609e5be43d8d?s=48 balconia
0
140
Ad5601748cd8d88144c57dfe0c814fef?s=48 takahoyo
4
480
1a73ecdb082f212bf8d81eb9a3a53e29?s=48 chybie
0
440
96c5ee40f4e52d2862c6d2b181ecbab0?s=48 suzuito
0
390
744f1c2c6cbea2ff5104b0ac512936bd?s=48 hpgrahsl
0
110
7437b838338581b08ca72340b05475b9?s=48 abt
0
220
2c0947c6a28e7f771ebd9859ecf54e5c?s=48 shinyorke
0
110
82aa6e293e94bf37796f4ae50f583f6c?s=48 veronikapj
2
130
8d7983d03db1fb756ccdbcbf7b760f98?s=48 yamada1826
0
200
35c967f46d1a70f36be363da373f2491?s=48 myshmeh_
0
1.1k
271fad8d53cd1f12f2b4b6d38e3d7bd3?s=48 uzulla
24
7.7k
41c9dedd1b4c53ace82e040bb09334fe?s=48 tamago3keran
0
120

Featured

See All Featured
91cefdf141106fa10674aae74ce05890?s=48 yeseniaperezcruz
304
32k
0bce06bd06ee7a2c4f5500f25dcf7f18?s=48 paulrobertlloyd
74
1.6k
B47b288784fda77a94aeb234ca743c24?s=48 keavy
110
15k
5f50f94346fbcb23706f0707169317a4?s=48 aarron
261
36k
F383c6a4dc55e331bbe2987b622cee6b?s=48 stephaniewalter
263
11k
0c6fd6a08d0f898159cda7cafcacf07f?s=48 afnizarnur
180
14k
D36d2c1821af9249b69ff7f5ed60529b?s=48 tammielis
239
23k
F716e5f737fcfb03f2cf8d1a184f1dbe?s=48 nonsquared
83
3.6k
8081b26e05bb4354f7d65ffc34cbbd67?s=48 chriscoyier
687
180k
E4f5d494ebdc9e7cce1aecf3ce3e8bc1?s=48 shpigford
167
19k
E43f8dfd01057f8304f5f8fb9a294d7d?s=48 jeffersonlam
333
16k
Ded01cdab114abe4ec13511e4c25b9bb?s=48 andyhume
66
4.1k

Transcript

  1. Πϯλʔωοτͷ ย۱Ͱ @nhnmomonga ʙmiraiѥछͷεΩϟϯ׆ಈΛՄࢹԽͯ͠ྲྀߦΛ஌Δʙ

  2. ࣗݾ঺հ • @nhnmomongaʢʹ΄ΜΜ΋΋Μ͕ʣ • ୈ̎ճͰൃදͰ͖ͣࢿྉ্͚ͩ͛ͯ΋ΒͬͨਓͰ͢ • ʮϋχʔϙοτಉਓࢽͷ൓ڹͱऩࢧʯͬͯࢿྉ • ීஈ͸ίϯϐϡʔλʔϑΥϨϯδοΫΛ΍ͬͯ·͢ •

    ࣌ʑޡղ͞Ε·͕͢͜ΕΒ͸࢓ࣄͰ஌Γಘͨ৘ใͰ͸͋Γ·ͤΜʢػ ඍ৘ใͰ͸ͳ͍ʣ

  3. ຊ୊ • ͱ͋Δ೔IIJ͞Μͷϒϩάهࣄ[1]ΛಡΜͰ͍ͨ • miraiѥछʹײછ͍ͯ͠Δ೔ຊࠃ಺ͷϗετ͕૿͑ͯΔ • ʢࣗ෼ͷ؅ཧ͍ͯ͠ΔʣϋχʔϙοτͰ΋ಉ͡Α͏ͳ܏޲͕ग़Δʁ • Θ͟Θ͟ૂΘΕΔΑ͏ͳ͜ͱ͸͍ͯ͠ͳ͍ •

    ͍Θ͹Πϯλʔωοτͷย۱ʹ͋Δ • SHDOANʹ͸ਖ਼֬ʹัଊ͞ΕͨΓ͞Εͳ͔ͬͨΓ… • ϩάΠϯͯ͠ͳ͍͔Β͓ۚΛ෷͏ͱͲ͏ͳΔ͔Θ͔Βͳ͍ [1]೔ຊࠃ಺ʹ͓͚Δ Mirai ѥछͷײછঢ়گ (2017೥12݄) | https://sect.iij.ad.jp/d/2018/01/091843.html

  4. ݕূ • ಉϒϩάʹΑΔͱɺʮmiraiѥछͷεΩϟϯ׆ಈʹεΩϟϯͷύέο τͷॳظγʔέϯεφϯόʔ͕ѼઌIPͱಉ͡ʯͱͯ͠؍ଌ • ಉ͜͡ͱΛϋχʔϙοτͰ΋ͯ͠ൺֱ͢Δ • ͲΕ͚ͩʢmiraiѥछʹײછ͍ͯ͠Δͱࢥ͖͠ʣࠃ಺ͷϗετ͔Β εΩϟϯΛड͚͍ͯΔ͔ݟͯΈ͍ͨ •

    ϋχʔϙοτΛҰ୆͔͠ӡ༻͍ͯ͠ͳͯ͘΋ɺʢͪΌΜͱʣྲྀߦ ʹࠨӈ͞ΕΔͷ͔ʁ

  5. ݕূํ๏ • tsharkͰύέοτΩϟϓνϟΛͱΔ • ʢ͓ۚ͸ͳ͍ͷͰʣखݩʹpcapϑΝΠϧΛμ΢ϯϩʔυ • pcapϑΝΠϧΛtsharkΛ࢖ͬͯcsvϑΝΠϧ͢Δ • LogstashͰElasticsearchʹͿͪࠐΉ •

    KibanaͰDashboard࡞Δ • ํ๏ͷৄࡉ͸ϒϩάʹͯ • http://onthesoup.hatenablog.com/entry/2018/02/11/061500

  6. DEMO

  7. ݁Ռ • ͜͜·Ͱ΍ͬͯɺΑ͘ߟ͑ͨΒ܏޲͕ಉ͔͡·Ͱ͸IIJ͞Μ͕2݄෼ͷ ෼ੳ݁ՌΛग़ͯ͘͠Εͳ͍ͱΘ͔Βͳ͍͜ͱ͕Θ͔ͬͨʢসʣ • Ͳͷ͘Β͍ࠃ಺ϗετ͔ΒεΩϟϯ͕͋Δ͔͸Θ͔͚ͬͨͲ • ϓϥεʹߟ͑Δͱࠓͷঢ়گ͕Θ͔ͬͨʢͱ͍͏͜ͱʹ͍ͯͩ͘͠͞ʣ • ౰ॳ໨తͷୡ੒͸དྷ݄IIJ͞Μ͕2݄෼ͷϒϩάΛॻ͍ͯ͘ΕΔ͔Ͳ

    ͏͔ʹ͔͔͍ͬͯΔ…ʂ • ΋͜͠ͷ৔ʹؔ܎ऀ͍Βͬ͠ΌͬͨΒͳΜͱ͔͓ئ͍͠·͢

  8. ͓Ͷ͕͍ • DemoΛݟͯͩ͘͞ΔͱΘ͔ͬͨͱࢥ͍·͕͢ɺࠃ಺ϗετ͔Βͷε Ωϟϯ͸݁ߏଘࡏ͍ͯ͠·͢ • ࣗ୐΍࣮͝ՈʹؼͬͨΒҰ౓ϧʔλʔ΍IPΧϝϥΛ఺ݕ͍ͯͩ͘͠͞ • ઃஔͨ͠Β೥୯ҐͰͦͷ··ͬͯී௨ͷ͝ՈఉͳΒΑ͋͘Δ͸ͣ • ڈ೥຤͔Βࠓ೥ʹ͔͚ͯࠃ಺Ͱྲྀߦ֦ͨ͠ࢄ׆ಈʹར༻͞Ε͍ͯΔͱ

    ݴΘΕ͍ͯΔ੬ऑੑ͸2014೥ʹެ։͞Εͨ੬ऑੑʢCVE-2014-8361ʣ • ࣮͝ՈʹؼΔػձͬͯҰ೥ͰԿճ͋Γ·͔͢ʁ • Miraiѥछ͚ͩ͡Όͳ͘CoinMiner΋ྲྀߦ͍ͬͯ·͢ ͓͠·͍