간편하게 적용하는 이스캔 리눅스용 백신의 포스트캔 차단 기능 소개 – Block Portscan of eScan for Linux

내부망에 있는 하모니카(Hamonikr OS)와 CentOS 7을 이용해서 테스트를 진행하였으며,

포트스캔에 널리 사용되는 nmap을 이용하였습니다.

1. 맨 먼저 방화벽과 eScan의 Block Portscan 기능을 모두 OFF 했을 때 결과는 아래와 같습니다.

[root@centOS7 yoon]# nmap -T4 -A -v –Pn –script banner 192.168.0.44
Starting Nmap 7.80 ( https://nmap.org ) at 2020-03-19 12:16 KST
NSE: Loaded 46 scripts for scanning.
NSE: Script Pre-scanning.
Initiating NSE at 12:16
Completed NSE at 12:16, 0.00s elapsed
Initiating NSE at 12:16
Completed NSE at 12:16, 0.00s elapsed
Initiating ARP Ping Scan at 12:16
Scanning 192.168.0.44 [1 port]
Completed ARP Ping Scan at 12:16, 0.09s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 12:16
Completed Parallel DNS resolution of 1 host. at 12:16, 0.00s elapsed
Initiating SYN Stealth Scan at 12:16
Scanning 192.168.0.44 [1000 ports]
Discovered open port 139/tcp on 192.168.0.44
Discovered open port 445/tcp on 192.168.0.44
Discovered open port 3389/tcp on 192.168.0.44
Discovered open port 2222/tcp on 192.168.0.44

….. 

2. 방화벽을 켜고 이스캔 포트스캔 차단 기능은 껐을 때 결과는 아래와 같습니다.

[root@centOS7 yoon]# nmap -T4 -A -v –Pn –script banner 192.168.0.44
Starting Nmap 7.80 ( https://nmap.org ) at 2020-03-19 12:03 KST
NSE: Loaded 46 scripts for scanning.
NSE: Script Pre-scanning.
Initiating NSE at 12:03
Completed NSE at 12:03, 0.00s elapsed
Initiating NSE at 12:03
Completed NSE at 12:03, 0.00s elapsed
Initiating ARP Ping Scan at 12:03
Scanning 192.168.0.44 [1 port]
Completed ARP Ping Scan at 12:03, 0.06s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 12:03
Completed Parallel DNS resolution of 1 host. at 12:03, 0.00s elapsed
Initiating SYN Stealth Scan at 12:03
Scanning 192.168.0.44 [1000 ports]
Discovered open port 445/tcp on 192.168.0.44
Discovered open port 139/tcp on 192.168.0.44
Discovered open port 3389/tcp on 192.168.0.44
….

3. 다음은 방화벽을 켠 상태에서 포트스캔 차단 기능을 켰을 때의 결과입니다.

[root@centOS7 yoon]# nmap -T4-A -v –Pn –script banner 192.168.0.44
Starting Nmap 7.80 ( https://nmap.org ) at 2020-03-19 11:46 KST
NSE: Loaded 46 scripts for scanning.
NSE: Script Pre-scanning.
Initiating NSE at 11:46
Completed NSE at 11:46, 0.00s elapsed
Initiating NSE at 11:46
Completed NSE at 11:46, 0.00s elapsed
Initiating ARP Ping Scan at 11:46
Scanning 192.168.0.44 [1 port]
Completed ARP Ping Scan at 11:46, 0.04s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 11:46
Completed Parallel DNS resolution of 1 host. at 11:46, 0.00s elapsed
Initiating SYN Stealth Scan at 11:46
Scanning 192.168.0.44 [1000 ports]
Completed SYN Stealth Scan at 11:46, 36.21s elapsed (1000 total ports)
Initiating Service scan at 11:46
Initiating OS detection (try #1) against 192.168.0.44
Retrying OS detection (try #2) against 192.168.0.44
….

4. 마지막으로 방화벽을 끈 상태에서 이스캔의 포트스캔 차단 기능을 켰을 때의 결과입니다.

[root@centOS7 yoon]# nmap -T4 -A -v –Pn  –script banner 192.168.0.44
Starting Nmap 7.80 ( https://nmap.org ) at 2020-03-19 12:27 KST
NSE: Loaded 46 scripts for scanning.
NSE: Script Pre-scanning.
Initiating NSE at 12:27
Completed NSE at 12:27, 0.00s elapsed
Initiating NSE at 12:27
Completed NSE at 12:27, 0.00s elapsed
Initiating ARP Ping Scan at 12:27
Scanning 192.168.0.44 [1 port]
Completed ARP Ping Scan at 12:27, 0.13s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 12:27
Completed Parallel DNS resolution of 1 host. at 12:27, 0.00s elapsed
Initiating SYN Stealth Scan at 12:27
Scanning 192.168.0.44 [1000 ports]
SYN Stealth Scan Timing: About 27.55% done; ETC: 12:29 (0:01:22 remaining)
SYN Stealth Scan Timing: About 55.05% done; ETC: 12:29 (0:00:50 remaining)
Completed SYN Stealth Scan at 12:29, 109.83s elapsed (1000 total ports)
Initiating Service scan at 12:29
Initiating OS detection (try #1) against 192.168.0.44
Retrying OS detection (try #2) against 192.168.0.44
….

결론적으로, nmap으로 포트스캔을 했을 때 방화벽은 On/OFF 차이가 없었으며,

이스캔의 포트스캔 차단 기능을 통해 완벽하게 차단할 수 있었습니다. 

또한, 한글 개방형 OS인 하모니카에서도 잘 동작함을 확인할 수 있었습니다.