You are on page 1of 32

.

indd 1

2013/5/22 05:01:56

HC0025.indd 2-1

2013/4/8 07:22:49


Conficker
1200

Support Intelligence

"Conflicker"

Conficker

SRI

HC0025.indd 2-3

2013/4/8 07:22:49

[]

[]

DDoS

TechOrangeWired

2011

250

2008

botnet

004

HC0025.indd 4-5

005

2013/4/8 07:22:51

[]

2008

Conficker1,200

ConfickerConficker

Mark Bowden
Black Hawk Down
1993

006

HC0025.indd 6-7

007

2013/4/8 07:22:51

[]

2010

98
103

008

HC0025.indd 8-9

2013

HSBC
PayPal

009

2013/4/8 07:22:51

[]

2010Stuxnet

Stuxnet

010

HC0025.indd 10-11

011

2013/4/8 07:22:51

[]

[]

HC0025.indd 12-13

014

01""
02MS08-067
03
04
05X
06
07
08
09
10
11

017
042
061
081
105
119
141
159
183
211
235

2013/4/8 07:22:52

T.J. T.J. Campana

John Crain
IP ICANNI nternational
Corporation for Assigned Names and Numbers
ICANN

Andre DiMino
Shadowserver.
com
Conficker

Rodney Joffe
Neustar

Conficker

014

HC0025.indd 14-15

Chris Lee

Conficker

"" Andre Dre Ludwig


Neustar

Ramses Martinez
Ver iSign
VeriSign13

Phil Porras
SRI
Conficker

Hassen Saidi

SRIConficker

015

2013/4/8 07:22:53

Paul Twomney
Conficker
ICANN

Paul Vixie

01
""

Rick Wesson
Support IntelligenceAlices Registry

Conficker

016

HC0025.indd 16-17

2013/4/8 07:22:53

[01] ""

SRI

19

17:52:00 . . .Win2K-f . . . 201.212.167.29


(Net.AR): PRIMA S.A , BUENOS AIRES,
BUENOS AIRES, AR. (DSL) . . .

1,700

SRI

20081120Melo Park

137IP

33

3635

SRI

recognition#

1969

SRI

32

018

019

HC0025.indd 18-19

2013/4/8 07:22:53

[01] ""

IP

128IPSRIIP

65,536IP

/1665,536

large context or contact surface

1984

1980Solaris

020

HC0025.indd 20-21

021

2013/4/8 07:22:53

[01] ""

Richard Kemmerer

1990

sandnet

IRC

IRCIRC

UNIX5

5020

SRI

SRI

IRC

022

HC0025.indd 22-23

023

2013/4/8 07:22:53

[01] ""

Joseph Weizenbaum1976

Computer Power and Human Reason

IPRPC

024

HC0025.indd 24-25

025

2013/4/8 07:22:53

[01] ""

Babel

SRI

1966

ARPA
Advanced Research Projects Agency

ARPA

Katie HafnerMatthew
LyonWhere Wizards Stay Up
Late
J.C. LickliderBob TaylorLarry
Roberts

ARPA

Tower of

026

HC0025.indd 26-27

027

2013/4/8 07:22:54

[01] ""

ARPANET

1970

ARPANET

Interface Message

Processors, IMPsWesley Clark

subnet
IMP

1970IMP
ARPANET

SDS940
UCLASDS Sigma-7196910

028

HC0025.indd 28-29

ALOHANET

IMP
sub-subnet
network of networks
Vint Cerf
Bob Kahn1974
TCPTransmission Control Protocol

029

2013/4/8 07:22:54

[01] ""

Bar-Ilan University

IP1998
SRIICANNInternational Corporation for Assigned
Names and Numbers

ICANNMarina Del Rey

yahoo.comnytimes.com

root serverABCM

030

HC0025.indd 30-31

Internet Service Providers, ISPs


Douglas
Hofstadter

Global I.

031

2013/4/8 07:22:54

[01] ""

032

HC0025.indd 32-33

033

2013/4/8 07:22:54

[01] ""

luminiferous ehter

pwned

ownedop
SRI

virus worm

malware

honeynet

Vinod Yegneswaran

IP

get poppedget

445

034

HC0025.indd 34-35

035

2013/4/8 07:22:54

[01] ""

botnet

botnetbotrobot

darknet226slash

eight256

256
Conficker

IP

SRI

036

HC0025.indd 36-37

037

2013/4/8 07:22:54

[01] ""

DDoS

Google

038

HC0025.indd 38-39

039

2013/4/8 07:22:54

[01] ""

Eureka

Y2K

13

13

f.root-servers.net

mirrored

TCP/IP

040

HC0025.indd 40-41

TCP/IPDNS, Domain Name


ServerDNS

041

2013/4/8 07:22:54


www.
google.comTCP/IP
COMcommand
TCP/IPDNS

TCP/IP
DNS

02
MS08-067

f.root-servers.net
50

HC0025.indd 42-43

2013/4/8 07:22:55

[02] MS08-067

T.J.

SRI

iDefense

F-Secure

Erector Set

Concker

T.J.

1970MS-DOS

20
1974

Popular Electronics

T.J.

Redmond

044

HC0025.indd 44-45

MITSMicro Instrumentation and Telemetry Systems


Altair 8080

Altair 8080

045

2013/4/8 07:22:55

[02] MS08-067

BASIC

1975

Altair 8080MS-DOS

MITS

Windows

MS-DOS

Altair

IBM

Microsoft-Disc Operating SystemMS-DOS

IBM

1980

GUI

IBM

Interface Manager

MITS

L i s a
128K
1980
1990Windows 3.0

20

046

HC0025.indd 46-47

047

2013/4/8 07:22:55

[02] MS08-067

T.J.

1985

T.J.

2010

FBI

95
2001XP2007Vista2009Windows 7

048

HC0025.indd 48-49

1990

T.J.IT

1980

049

2013/4/8 07:22:55

[02] MS08-067

T.J.

prepackaged exploits

T.J.

T.J.

port mirror

2001

Black & Decker

911

T.J.

050

HC0025.indd 50-51

051

2013/4/8 07:22:55

[02] MS08-067

phishing

445

65,353

TCP25

TCPUDP

2008937

445

445

929

Gimmiv23

445RPCRemote
Procedure Call

GimmivTrojan

RPC

RPCkernel

Gimmiv

T.J.

052

HC0025.indd 52-53

Internet Explorer

053

2013/4/8 07:22:55

[02] MS08-067

RPCInternet Explorer

pwned

buffer

445

445

buffer overflow

73

network
services

73

141

73

054

HC0025.indd 54-55

73

RPC

RPC

055

2013/4/8 07:22:55

[02] MS08-067

2000XP

2003

445

T.J.

out of band
MS08-067200867

T.J.MS08-067

T.J.20081023MS08-067

technetsecurity

056

HC0025.indd 56-57

057

2013/4/8 07:22:55

[02] MS08-067

entropy

MS08-067

Gimmiv
Gimmiv

SunbletEric Sites

MS08-06728SRI

T.J.

058

HC0025.indd 58-59

059

2013/4/8 07:22:56

03

HC0025.indd 60-61

2013/4/8 07:22:56