바로가기 메뉴
본문내용 바로가기
메인메뉴 바로가기



Customer Center

Notice · Security Issue · Account Guide · Global Traffic Test

HOME > Customer Center > Security Issue

보안이슈

netscreen 204 설정
2016.02.18

login: root

password:
### Login failed
login: root
password:
### Login failed
login: 0098042006000024
password:
!!! Lost Password Reset !!! You have initiated a command to reset the device to factory defaults, clearing all current configuration and settings. Would you like to continue? y/[n] y

!! Reconfirm Lost Password Reset !! If you continue, the entire configuration of the device will be erased. In addition, a permanent counter will be incremented to signify that this device has been reset. This is your last chance to cancel this command. If you proceed, the device will return to factory default configuration, which is: System IP: 192.168.1.1; username: netscreen, password: netscreen. Would you like to continue? y/[n] y
In reset ...


NetScreen NS-200 Boot Loader Version 3.0.0 (Checksum: B48FB1B8)
Copyright (c) 1997-2003 NetScreen Technologies, Inc.

Total physical memory: 128MB
Test - Pass
Initialization - Done

Model Number: NS-204

Hit any key to run loader
Hit any key to run loader
Hit any key to run loader
Hit any key to run loader

Loading default system image from on-board flash disk...

Ignore image authentication!

Start loading...
....................................................................
Done.

Juniper Networks, Inc
NS-200 System Software
Copyright, 1997-2004

Version 5.0.0r10.0
Init Heap (1556010/50a9bf0,32, 00000000/00000000)
GT64120 revision id: 0x12
Load NVRAM Information ... (5.0)Done
GT64120 revision id: 0x12
Memory Test: b7800000,40000 ....... Done
Install module init vectors
Verify ACL register default value (at hw reset) ... Done
Verify ACL register read/write ... Done
Verify ACL rule read/write ... Done
Verify ACL rule search ... Done
MD5("a") = 0cc175b9 c0f1b6a8 31c399e2 69772661
MD5("abc") = 90015098 3cd24fb0 d6963f7d 28e17f72
MD5("message digest") = f96b697d 7cb7938d 525a2f31 aaf161d0
Verify DES register read/write ... Done
Install modules (006e2000,01141fe4) ...
Initializing DI 1.1.0-ns
load dns table : dns table file do not exist.
*********************************************************
System time: 18 Jan 2007 15:09:54
If this is the initial device startup,
use the "set clock" command to set the system clock.
*********************************************************
system init done..
login: System change state to Active(1)

login:
login:
login: netscreen
password:
ns204->
ns204-> get config
Total Config size 1738:
set clock timezone 0
set vrouter trust-vr sharable
unset vrouter "trust-vr" auto-route-export
set auth-server "Local" id 0
set auth-server "Local" server-name "Local"
set auth default auth server "Local"
set admin name "netscreen"
set admin password "nKVUM2rwMUzPcrkG5sWIHdCtqkAibn"
set admin auth timeout 10
set admin auth server "Local"
set admin format dos
set zone "Trust" vrouter "trust-vr"
set zone "Untrust" vrouter "trust-vr"
set zone "DMZ" vrouter "trust-vr"
set zone "VLAN" vrouter "trust-vr"
set zone "Trust" tcp-rst
set zone "Untrust" block
unset zone "Untrust" tcp-rst
set zone "MGT" block
set zone "DMZ" tcp-rst
set zone "VLAN" block
--- more ---
set zone "VLAN" tcp-rst
set zone "Untrust" screen tear-drop
set zone "Untrust" screen syn-flood
set zone "Untrust" screen ping-death
set zone "Untrust" screen ip-filter-src
set zone "Untrust" screen land
set zone "V1-Untrust" screen tear-drop
set zone "V1-Untrust" screen syn-flood
set zone "V1-Untrust" screen ping-death
set zone "V1-Untrust" screen ip-filter-src
set zone "V1-Untrust" screen land
set interface "ethernet1" zone "Trust"
set interface "ethernet2" zone "DMZ"
set interface "ethernet3" zone "Untrust"
unset interface vlan1 ip
set interface ethernet1 ip 192.168.1.1/24
set interface ethernet1 nat
unset interface vlan1 bypass-others-ipsec
unset interface vlan1 bypass-non-ip
set interface ethernet1 ip manageable
set hostname ns204
set ike respond-bad-spi 1
--- more ---
set pki authority default scep mode "auto"
set pki x509 default cert-path partial
set ssh version v2
set config lock timeout 5
set snmp port listen 161
set snmp port trap 162
set vrouter "untrust-vr"
exit
set vrouter "trust-vr"
unset add-default-route
exit
ns204->
ns204->
ns204->
ns204-> get int

A - Active, I - Inactive, U - Up, D - Down, R - Ready

Interfaces in vsys Root:
Name IP Address Zone MAC VLAN State VSD
eth1 192.168.1.1/24 Trust 0014.f641.f350 - D -
eth2 0.0.0.0/0 DMZ 0014.f641.f355 - D -
eth3 0.0.0.0/0 Untrust 0014.f641.f356 - D -
eth4 0.0.0.0/0 HA 0014.f641.f357 - D -
vlan1 0.0.0.0/0 VLAN 0014.f641.f35f 1 D -
ns204-> get int
ns204-> get interface

A - Active, I - Inactive, U - Up, D - Down, R - Ready

Interfaces in vsys Root:
Name IP Address Zone MAC VLAN State VSD
eth1 192.168.1.1/24 Trust 0014.f641.f350 - D -
eth2 0.0.0.0/0 DMZ 0014.f641.f355 - D -
eth3 0.0.0.0/0 Untrust 0014.f641.f356 - D -
eth4 0.0.0.0/0 HA 0014.f641.f357 - D -
vlan1 0.0.0.0/0 VLAN 0014.f641.f35f 1 D -
ns204->
ns204->
ns204-> get sys
sys_clock show sys clock info
syslog show syslog information
system show system info
ns204-> get syst
ns204-> get system
Product Name: NS204
Serial Number: 0098042006000024, Control Number: 00000000
Hardware Version: 0110(0)-(12), FPGA checksum: 00000000, VLAN1 IP (0.0.0.0)
Software Version: 5.0.0r10.0, Type: Firewall+VPN
Base Mac: 0014.f641.f350
File Name: ns200.5.0.0r10.0, Checksum: 43b877ac


Date 01/18/2007 15:28:44, Daylight Saving Time enabled
The Network Time Protocol is Disabled
Up 0 hours 18 minutes 53 seconds Since 18 Jan 2007 15:09:51
Total Device Resets: 1, Last Device Reset at: 01/18/2007 15:09:06

System in NAT/route mode.

Use interface IP, Config Port: 80
User Name: netscreen

Interface ethernet1:
number 0, if_info 0, if_index 0, mode nat
link down, phy-link down
vsys Root, zone Trust, vr trust-vr
--- more ---
dhcp client disabled
PPPoE disabled
*ip 192.168.1.1/24 mac 0014.f641.f350
*manage ip 192.168.1.1, mac 0014.f641.f350
route-deny disable
Interface ethernet2:
number 5, if_info 10280, if_index 0, mode nat
link down, phy-link down
vsys Root, zone DMZ, vr trust-vr
dhcp client disabled
PPPoE disabled
*ip 0.0.0.0/0 mac 0014.f641.f355
*manage ip 0.0.0.0, mac 0014.f641.f355
Interface ethernet3:
number 6, if_info 12336, if_index 0, mode route
link down, phy-link down
vsys Root, zone Untrust, vr trust-vr
dhcp client disabled
PPPoE disabled
*ip 0.0.0.0/0 mac 0014.f641.f356
*manage ip 0.0.0.0, mac 0014.f641.f356
Interface ethernet4:
--- more ---
number 7, if_info 14392, if_index 0, mode nat
link down, phy-link down
vsys Root, zone HA, vr trust-vr
*ip 0.0.0.0/0 mac 0014.f641.f357
ns204->
ns204->
ns204-> get int

A - Active, I - Inactive, U - Up, D - Down, R - Ready

Interfaces in vsys Root:
Name IP Address Zone MAC VLAN State VSD
eth1 192.168.1.1/24 Trust 0014.f641.f350 - D -
eth2 0.0.0.0/0 DMZ 0014.f641.f355 - D -
eth3 0.0.0.0/0 Untrust 0014.f641.f356 - D -
eth4 0.0.0.0/0 HA 0014.f641.f357 - D -
vlan1 0.0.0.0/0 VLAN 0014.f641.f35f 1 D -
ns204-> unset int eth1 ip
ns204->
ns204-> sa
Save System Configuration ...
Done
ns204-> get int

A - Active, I - Inactive, U - Up, D - Down, R - Ready

Interfaces in vsys Root:
Name IP Address Zone MAC VLAN State VSD
eth1 0.0.0.0/0 Trust 0014.f641.f350 - D -
eth2 0.0.0.0/0 DMZ 0014.f641.f355 - D -
eth3 0.0.0.0/0 Untrust 0014.f641.f356 - D -
eth4 0.0.0.0/0 HA 0014.f641.f357 - D -
vlan1 0.0.0.0/0 VLAN 0014.f641.f35f 1 D -
ns204-> set int eth1 zone v1-trust
ns204-> set int eth2 zone v1-dmz
ns204-> set int eth3 zone v1-untrust
Changed to pure l2 mode
ns204->
ns204-> get sys
Product Name: NS204
Serial Number: 0098042006000024, Control Number: 00000000
Hardware Version: 0110(0)-(12), FPGA checksum: 00000000, VLAN1 IP (0.0.0.0)
Software Version: 5.0.0r10.0, Type: Firewall+VPN
Base Mac: 0014.f641.f350
File Name: ns200.5.0.0r10.0, Checksum: 43b877ac


Date 01/18/2007 15:31:17, Daylight Saving Time enabled
The Network Time Protocol is Disabled
Up 0 hours 21 minutes 26 seconds Since 18 Jan 2007 15:09:51
Total Device Resets: 1, Last Device Reset at: 01/18/2007 15:09:06

System in transparent mode.

Use interface IP, Config Port: 80
User Name: netscreen

Interface ethernet1:
number 0, if_info 0, if_index 0, mode xparent, port vlan 1
link down, phy-link down
vsys Root, zone V1-Trust, vr trust-vr
--- more ---
*ip 0.0.0.0/0 mac 0014.f641.f350
Interface ethernet2:
number 5, if_info 10280, if_index 0, mode xparent, port vlan 1
link down, phy-link down
vsys Root, zone V1-DMZ, vr trust-vr
*ip 0.0.0.0/0 mac 0014.f641.f355
Interface ethernet3:
number 6, if_info 12336, if_index 0, mode xparent, port vlan 1
link down, phy-link down
vsys Root, zone V1-Untrust, vr trust-vr
*ip 0.0.0.0/0 mac 0014.f641.f356
Interface ethernet4:
number 7, if_info 14392, if_index 0, mode nat
link down, phy-link down
vsys Root, zone HA, vr trust-vr
*ip 0.0.0.0/0 mac 0014.f641.f357
ns204-> ^
ns204->
ns204->
ns204->
ns204-> get int

A - Active, I - Inactive, U - Up, D - Down, R - Ready

Interfaces in vsys Root:
Name IP Address Zone MAC VLAN State VSD
eth1 0.0.0.0/0 V1-Trust 0014.f641.f350 - D -
eth2 0.0.0.0/0 V1-DMZ 0014.f641.f355 - D -
eth3 0.0.0.0/0 V1-Untrust 0014.f641.f356 - D -
eth4 0.0.0.0/0 HA 0014.f641.f357 - D -
vlan1 0.0.0.0/0 VLAN 0014.f641.f35f 1 D -
ns204-> set int vlan1 ip 221.143.43.57 255.255.255.224
ns204->
ns204-> sa
Save System Configuration ...
Done
ns204-> set route int vlan1 ?
^------unknown keyword int
ns204-> set route 0.0.0.0/0 int vlan1 gateway 221.143.43.33
ns204->
ns204-> sa
Save System Configuration ...
Done
ns204->
ns204-> ping 221.143.43.33
Type escape sequence to abort

Sending 5, 100-byte ICMP Echos to 221.143.43.33, timeout is 1 seconds
ip 221.143.43.33 is unreachable in vr trust-vr

Success Rate is 0 percent.
ns204-> ethernet3 interface change state to Up

ns204->
ns204-> ping 221.143.43.33
Type escape sequence to abort

Sending 5, 100-byte ICMP Echos to 221.143.43.33, timeout is 1 seconds
!!!!!
Success Rate is 100 percent (5/5), round-trip time min/avg/max=1/4/16 ms
ns204->
ns204->
ns204-> get config | in manage
set interface vlan1 ip manageable
ns204->
ns204->
ns204-> set int eth3 manage ping
ns204-> set int eth3 manage web
ns204-> set int eth3 manage telnet
ns204-> sa
Save System Configuration ...
Done
ns204-> set int vlan1 manage ping
ns204-> set int vlan1 man
manage interface manageability
manage-ip interface management ip address
ns204-> ping 221.143.43.33
Type escape sequence to abort

Sending 5, 100-byte ICMP Echos to 221.143.43.33, timeout is 1 seconds
!!!!!
Success Rate is 100 percent (5/5), round-trip time min/avg/max=2/2/2 ms
ns204-> ping 221.143.43.48
Type escape sequence to abort

Sending 5, 100-byte ICMP Echos to 221.143.43.48, timeout is 1 seconds
!!!!!
Success Rate is 100 percent (5/5), round-trip time min/avg/max=1/1/3 ms
ns204-> tra
ns204-> trace-route 221.143.43.48
Type escape sequence to escape

Send ICMP echos to 221.143.43.48, timeout is 2 seconds, maximum hops are 32
1 1ms 2ms 1ms 221.143.43.48
Trace complete
ns204->
ns204->
ns204-> get int

A - Active, I - Inactive, U - Up, D - Down, R - Ready

Interfaces in vsys Root:
Name IP Address Zone MAC VLAN State VSD
eth1 0.0.0.0/0 V1-Trust 0014.f641.f350 - D -
eth2 0.0.0.0/0 V1-DMZ 0014.f641.f355 - D -
eth3 0.0.0.0/0 V1-Untrust 0014.f641.f356 - U -
eth4 0.0.0.0/0 HA 0014.f641.f357 - D -
vlan1 221.143.43.57/27 VLAN 0014.f641.f35f 1 U -
ns204-> ping 168.126.63.1
Type escape sequence to abort

Sending 5, 100-byte ICMP Echos to 168.126.63.1, timeout is 1 seconds
!!!!!
Success Rate is 100 percent (5/5), round-trip time min/avg/max=3/3/3 ms
ns204-> set int v1-untrust manage ping
ns204-> set int v1-untrust manage web
ns204-> ethernet3 interface change state to Down
ethernet3 interface change state to Up

ns204->
ns204-> set int v1-untrust manage telnet
ns204-> sa
Save System Configuration ...
Done
ns204-> set pol from v1-untrust to v1-trust any any any permit log
policy id = 1
ns204-> set pol from v1-trust to v1-untrust any any any permit log
policy id = 2
ns204-> sa
Save System Configuration ...
Done
ns204->
ns204-> get int

A - Active, I - Inactive, U - Up, D - Down, R - Ready

Interfaces in vsys Root:
Name IP Address Zone MAC VLAN State VSD
eth1 0.0.0.0/0 V1-Trust 0014.f641.f350 - D -
eth2 0.0.0.0/0 V1-DMZ 0014.f641.f355 - D -
eth3 0.0.0.0/0 V1-Untrust 0014.f641.f356 - U -
eth4 0.0.0.0/0 HA 0014.f641.f357 - D -
vlan1 221.143.43.57/27 VLAN 0014.f641.f35f 1 U -
ns204-> Save System Configuration ...
Done
Save System Configuration ...
Done
Save System Configuration ...
Done
Save System Configuration ...
Done
Save System Configuration ...
Done
ns204-> exit
login:

이호스트데이터센터(http://www.greenidc.co.kr)

이호스트데이터센터(http://www.ehostidc.co.kr)
첨부파일