Ƙididdiga na sa'o'i 24 bayan shigar da tukunyar zuma a kan kullin Tekun Dijital a Singapore
Ku Pew! Bari mu fara nan da nan da taswirar harin
Taswirar mu mai kyau tana nuna keɓaɓɓen ASNs waɗanda suka haɗa zuwa gidan saƙar zuma na Cowrie a cikin awanni 24. Yellow yayi daidai da haɗin SSH, kuma ja yayi daidai da Telnet. Irin waɗannan raye-rayen galibi suna burge kwamitin gudanarwar kamfanin, wanda zai iya taimakawa wajen samun ƙarin kuɗi don tsaro da albarkatu. Koyaya, taswirar tana da ɗan ƙima, wanda ke nuna a sarari yanayin yanki da yaɗuwar tushen harin akan mai masaukinmu a cikin sa'o'i 24 kacal. Tashin hankali baya nuna adadin zirga-zirga daga kowane tushe.
Menene taswirar Pew Pew?
Pew Pew Map Shin , yawanci mai rai da kyau sosai. Hanya ce mai kyau don siyar da samfuran ku, wanda Norse Corp ke amfani dashi. Kamfanin ya ƙare da kyau: ya juya cewa kyawawan raye-rayen shine kawai fa'idarsu, kuma sun yi amfani da bayanan ɓarna don bincike.
Anyi da Leafletjs
Ga waɗanda suke son tsara taswirar harin don babban allo a cikin cibiyar ayyuka (shugaban ku zai so shi), akwai ɗakin karatu. . Muna haɗa shi tare da plugin , Maxmind GeoIP sabis - .
WTF: Menene wannan tukunyar zuma ta Cowrie?
Honeypot wani tsari ne da aka sanya shi akan hanyar sadarwa ta musamman don yaudarar maharan. Haɗin kai zuwa tsarin yawanci ba bisa ka'ida ba ne kuma yana ba ku damar gano maharin ta amfani da cikakkun bayanai. Logs suna adana ba kawai bayanan haɗin kai na yau da kullun ba, har ma da bayanin zaman da ke bayyanawa dabaru, dabaru da hanyoyin (TTP) mai kutse.
halitta domin Bayanan haɗin SSH da Telnet. Ana sanya irin waɗannan wuraren ajiyar zuma a kan Intanet don bin diddigin kayan aiki, rubutun da rundunonin maharan.
Saƙona ga kamfanonin da suke tunanin ba za a kai musu hari ba: "Kuna kallo sosai."
- James Snook
Menene a cikin rajistan ayyukan?
Jimlar adadin haɗi
An sami maimaita ƙoƙarin haɗin gwiwa daga runduna da yawa. Wannan al'ada ce, tunda rubutun harin yana da cikakken jerin takaddun shaida kuma gwada haɗuwa da yawa. An saita Cowrie Honeypot don karɓar takamaiman sunan mai amfani da haɗin kalmar sirri. An saita wannan a ciki user.db fayil.
Geography na hare-hare
Yin amfani da bayanan geolocation Maxmind, na ƙidaya adadin haɗin kai daga kowace ƙasa. Brazil da China ne ke kan gaba da tazara mai fadi, kuma galibi ana yawan hayaniya daga na'urorin daukar hoto da ke fitowa daga wadannan kasashe.
Mai toshe hanyar sadarwa
Binciken ma'abota blocks na cibiyar sadarwa (ASN) na iya gano ƙungiyoyi tare da yawan masu kai hari. Tabbas, a irin waɗannan lokuta ya kamata ku tuna koyaushe cewa hare-hare da yawa suna fitowa daga runduna masu kamuwa da cuta. Yana da kyau a ɗauka cewa yawancin maharan ba su da wawanci don bincika hanyar sadarwa daga kwamfutar gida.
Bude tashoshin jiragen ruwa akan tsarin kai hari (bayanai daga Shodan.io)
Gudanar da jerin IP ta hanyar da kyau da sauri ya gano tsarin tare da bude tashoshin jiragen ruwa kuma menene wadannan tashoshin jiragen ruwa? Hoton da ke ƙasa yana nuna yawan buɗe tashoshin jiragen ruwa ta ƙasa da ƙungiya. Zai yiwu a gano tubalan tsarin da aka yi sulhu, amma a ciki kananan samfurin Babu wani abu mai ban mamaki da ake gani, sai ga adadi mai yawa 500 bude tashoshin jiragen ruwa a kasar Sin.
Wani abu mai ban sha'awa shine babban adadin tsarin a Brazil wanda ke da ba a bude 22, 23 ko sauran tashoshin jiragen ruwa, a cewar Censys da Shodan. A bayyane waɗannan hanyoyin haɗi ne daga kwamfutocin masu amfani da ƙarshen.
Bots? Ba lallai ba ne
data na tashar jiragen ruwa 22 da 23 sun nuna wani bakon abu a ranar. Na ɗauka cewa mafi yawan sikanin bincike da harin kalmar sirri sun fito daga bots. Rubutun ya bazu a kan bude tashoshin jiragen ruwa, yana tunanin kalmomin shiga, kuma ya kwafi kansa daga sabon tsarin kuma yana ci gaba da yadawa ta amfani da wannan hanya.
Amma a nan za ku iya ganin cewa ƙananan runduna masu duba telnet ne kawai ke da tashar jiragen ruwa 23 a buɗe zuwa waje. Wannan yana nufin cewa tsarin ko dai an lalata shi ta wata hanya, ko kuma maharan suna gudanar da rubutun da hannu.
Haɗin gida
Wani binciken mai ban sha'awa shine yawan adadin masu amfani da gida a cikin samfurin. Ta amfani duban baya Na gano haɗin 105 daga takamaiman kwamfutocin gida. Don haɗin gida da yawa, sake dubawa na DNS yana nuna sunan mai masauki tare da kalmomin dsl, gida, USB, fiber, da sauransu.
Koyi ku Bincika: Haɓaka Tushen zumar ku
Kwanan nan na rubuta ɗan gajeren koyawa kan yadda ake . Kamar yadda aka riga aka ambata, a cikin yanayinmu mun yi amfani da Digital Ocean VPS a Singapore. Domin 24 hours na bincike, farashin ya kasance a zahiri 'yan cents, kuma lokacin tattara tsarin shine minti 30.
Maimakon gudanar da Cowrie akan intanit da kama duk hayaniya, za ku iya amfana daga saƙar zuma a cibiyar sadarwar ku. saita sanarwa akai-akai idan an aika buƙatun zuwa wasu tashoshin jiragen ruwa. Wannan ko dai mai kai hari ne a cikin hanyar sadarwar, ko ma'aikaci mai son sani, ko sikanin rauni.
binciken
Bayan duba ayyukan maharan cikin sa'o'i XNUMX, ya bayyana a fili cewa ba zai yiwu a iya gano tushen kai hare-hare a kowace kungiya, kasa, ko ma tsarin aiki ba.
Faɗin rarraba maɓuɓɓuka yana nuna cewa hayaniyar na'urar tana dawwama kuma ba ta da alaƙa da takamaiman tushe. Duk wanda ke aiki akan Intanet dole ne ya tabbatar da cewa tsarin su matakan tsaro da yawa. Magani na gama gari da inganci don SSH sabis ɗin zai matsa zuwa babban tashar jiragen ruwa bazuwar. Wannan baya kawar da buƙatar tsauraran kariyar kalmar sirri da sa ido, amma aƙalla yana tabbatar da cewa ba a toshe rajistan ayyukan ta hanyar dubawa akai-akai. Babban haɗin tashar tashar jiragen ruwa yana iya kasancewa ana kai hari, wanda zai iya zama sha'awar ku.
Sau da yawa buɗaɗɗen tashoshin telnet suna kan masu amfani da hanyoyin sadarwa ko wasu na'urori, don haka ba za a iya motsa su cikin sauƙi zuwa babban tashar jiragen ruwa ba. и ita ce hanya daya tilo da za a tabbatar da cewa wadannan ayyuka sun lalace ko an kashe su. Idan zai yiwu, kada ku yi amfani da Telnet kwata-kwata; wannan yarjejeniya ba ta rufaffen asiri ba. Idan kuna buƙatar shi kuma ba za ku iya yin ba tare da shi ba, to a hankali saka idanu kuma ku yi amfani da kalmomin shiga masu ƙarfi.
source: www.habr.com