Slide 1
Slide 1 text
201810݄10 ૯ؔαΠόʔηΩϡϦςΟ̡̩େձ(ୈ11ճ)ൃදࢿྉ
ϋχʔϙοτ׆༻ࣄྫհ
@morihi_soc
Slide 2
Slide 2 text
૯ؔαΠόʔηΩϡϦςΟ̡̩େձ(ୈ11ճ)
XIPBNJ
w ٱত !NPSJIJ@TPD
w ຊۀωοτϫʔΫηΩϡϦςΟΤϯδχΞɾΞφϦετ
w झຯͰϋχʔϙοτͷӡ༻Λ͢Δϋχʔϙολʔ
w ϒϩάˠIUUQTXXXNPSJIJTPDOFU
w ϋχʔϙολʔٕज़ަྲྀձओ࠵ऀ
w IUUQTIBOJQPUFDIDPOOQBTTDPN
2
ࠓ·Ͱʹ͓ੈʹͳͬͨΠϕϯτ(Ұ෦)
ɾ*5,FZT ݱ4FD$BQ
ɾωοτϫʔΫύέοτΛಡΉձ Ծ
ɾ/*4$αΠόʔϋϩΟϯ
ɾ*OUFSOFU8FFLɾ)BSEFOJOH
ɾTTNKQɾ"*4FDɾ4UVEZ$PEF
ɾULULηΩϡϦςΟษڧձ
ɾ૯ؔαΠόʔηΩϡϦςΟ-5େձ
ɾ08"41/BHPZBɾ*P54FD+1
ग़൛ͨ͠ຊٕज़ಉਓࢽ NEW 201810݄ˣ
Slide 3
Slide 3 text
૯ؔαΠόʔηΩϡϦςΟ̡̩େձ(ୈ11ճ)
ϋχʔϙοτ
w ϋχʔϙοτ )POFZQPU
ͱɺ͋͑ͯ߈ܸΛड͚Δ
͜ͱΛલఏͱͨ͠γεςϜͰ͢ɻ
w ϋχʔϙοτΛӡ༻͢Δਓͷ͜ͱˠϋχʔϙολʔ
w ϋχʔϙοτͰ༷ʑͳϩάΛऩूՄೳ
w ूΊͨϩάΛͲͷΑ͏ʹ׆༻͢Δ͔ϋχʔϙολʔ
࣍ୈ͚ͩΕͲɻɻɻ
3
ϩάͷ׆༻ͯ͠·͔͢?
Slide 4
Slide 4 text
૯ؔαΠόʔηΩϡϦςΟ̡̩େձ(ୈ11ճ)
·ͣ؆୯ʹͰ͖Δ͜ͱ͔Β
w 8FCαʔόͷηΩϡϦςΟ্ʹ׆༻͢Δɻ
w ۩ମతʹɺ߈ܸπʔϧ͔Βͷ௨৴Λڋ൱͢Δઃఆ
6TFS"HFOUΛ͏
ͷใݯʹ͢Δɻ
w αϯϓϧΛ͝༻ҙ͍ͨ͠·ͨ͠ɻ
w IPOFZQPUOHVTFSBHFOU (JU)VC
IUUQTHJUIVCDPNNPSJIJTBIPOFZQPUOHVTFSBHFOU
˞"QBDIFͷIUBDDFTTʹՃ͢Δͱ͙͢ʹ͑·͢
˞ࣗݾͰࣗ͝༝ʹͲ͏ͧ
4
Slide 5
Slide 5 text
૯ؔαΠόʔηΩϡϦςΟ̡̩େձ(ୈ11ճ)
ίϯηϓτ
w ϋχʔϙοτͷϩάΛݟͯɺʮίϨ߈ܸͩͳʯͱ
ࢥͬͨΒɺ6TFS"HFOUͷಛతͳ෦ΛՃ
͍ͯ͘͠Ϧετɻ
w ͳΔ͓ۚ͘ಛผͳγεςϜΛΘͳ͍ɻ
w େ͖͘छྨʹ͚ͯϦετԽͨ͠ɻ
w ݹ͍ϒϥβ04ͷ6TFS"HFOU
w ߈ܸπʔϧϘοτͷ6TFS"HFOU
5
Slide 6
Slide 6 text
૯ؔαΠόʔηΩϡϦςΟ̡̩େձ(ୈ11ճ)
߈ܸ௨৴αϯϓϧ
w 8PSE1SFTTͷϓϥάΠϯͷ੬ऑੑΛૂͬͨɺෆਖ਼
ͳϑΝΠϧΞοϓϩʔυͷࢼΈɻ
6
User-Agent ແ͠
Slide 7
Slide 7 text
૯ؔαΠόʔηΩϡϦςΟ̡̩େձ(ୈ11ճ)
߈ܸαϯϓϧͷޙ
w ੬ऑੑΛಥ͍ͨ߈ܸͰෆਖ਼ʹΞοϓϩʔυͨ͠
ϑΝΠϧʹର͢ΔΞΫηε
w ΞοϓϩʔμػೳΛ࣋ͬͨ8FC4IFMMͩͬͨˣ
7
Windows 98
ઈ໓ͨ͠ͱࢥ͏
Slide 8
Slide 8 text
૯ؔαΠόʔηΩϡϦςΟ̡̩େձ(ୈ11ճ)
ิ
ϒϥβγΣΞঢ়گ
8
Desktop & Console Browser Version (Partially Combined) Market Share Worldwide (9th Oct 2018)
http://gs.statcounter.com/
IE 8.0 ͕ 0.29%ଘࡏ
Slide 9
Slide 9 text
૯ؔαΠόʔηΩϡϦςΟ̡̩େձ(ୈ11ճ)
.JSBJ4BUPSJͳͲϘοτͷ6TFS"HFOU
w Ϙοτωοτͷछྨ࣌ظʹΑΓগͣͭ͠ҟͳΔɻ
w )BLBJʹࢸͬͯɺ04ίϚϯυؚΊ͍ͯΔɻ
w ଞʹɺ#BTIͷ੬ऑੑ $7&
6TFS"HFOUʹ04ίϚϯυ͕ೖΔࣄྫ͕͋Γɻ
9
Slide 10
Slide 10 text
૯ؔαΠόʔηΩϡϦςΟ̡̩େձ(ୈ11ճ)
Ϙοτ߈ܸରΛ૿͍ͯ͠Δ
10
Palo Alto Networks ͷϒϩά͔ΒҾ༻ˠ
https://researchcenter.paloaltonetworks.com/2018/09/unit42-multi-exploit-iotlinux-botnets-mirai-gafgyt-target-apache-struts-sonicwall/
←ScanNetSecurity ͔ΒҾ༻
http://www.security-next.com/097850
Slide 11
Slide 11 text
૯ؔαΠόʔηΩϡϦςΟ̡̩େձ(ୈ11ճ)
ઃఆͰҰଧਚʹ͢Δ
w Ϙοτ߈ܸπʔϧ܁Γฦ͠ར༻͞Εɺαʔό
߈ܸΛԿड͚Δɻ
w 6TFS"HFOUͰΞΫηεڋ൱͢Δ͜ͱͰɺಉҰͷ߈
ܸͷӨڹΛݮΒ͢͜ͱ͕Մೳɻ
w ϊʔΨʔυΑΓϚγɻಛʹݸਓͷαʔόɻ
w اۀͰ͋Εɺ*148"'ͳͲͷߴػೳͳηΩϡ
ϦςΟରࡦػثͰରࡦ͍ͯ͠Δͣ
11
Slide 12
Slide 12 text
૯ؔαΠόʔηΩϡϦςΟ̡̩େձ(ୈ11ճ)
6TFS"HFOUͰΞΫې͢Δͱ͖ͷҙ
w ਖ਼ৗͳ௨৴ͷޡःஅ
w ݕࡧαΠτͷΫϩʔϥ
w (PPHMFͷΫϩʔϥ͕༻͢Δ6TFS"HFOU
w IUUQTTVQQPSUHPPHMFDPNXFCNBTUFSTBOTXFS IM
KB
w ࣾดڥʹ͓͚Δݹ͍όʔδϣϯ
w ࣗ࡞πʔϧͷߋ৽Ε
12
ఆظతʹ 403 ͷεςʔλείʔυ
ͷϩάΛνΣοΫ͠Α͏
Slide 13
Slide 13 text
૯ؔαΠόʔηΩϡϦςΟ̡̩େձ(ୈ11ճ)
·ͱΊ
w ϋχʔϙοτͰऩूͨ͠ϩάͷ׆༻ํ๏ͱͯ͠ɺ
6TFS"HFOUΛݩʹΞΫηεڋ൱͢Δํ๏͕؆୯ɻ
w ݹ͍ϒϥβ04ɺ߈ܸπʔϧʹߜͬͯͲΜͲΜ
ڋ൱ϦετΛ૿͍ͯ͘͠ɻ
w ແ͍ΑΓϚγͳͷͰɺݸਓαʔόͱΓ͋͑ͣڋ൱
ઃఆΛͯ͠Έ͍͔͕ͯɻ
w ͨͩ͠ɺਖ਼ৗ௨৴Λޡःஅ͍ͯ͠ͳ͍͔ɺͨ·ʹ֬
ೝ͢Δඞཁ͋Γɻ
13
Slide 14
Slide 14 text
૯ؔαΠόʔηΩϡϦςΟ̡̩େձ(ୈ11ճ)
)BQQZ)POFZQPU
14
←20186݄9 ৽॓ޚԓ େԹࣨͰࡱӨ
৯২Ͱͳ͍ɻ
͓͠·͍