Bari mu ba ku labari mai daɗi game da yadda “ɓangarorin na uku” suka yi ƙoƙari su tsoma baki tare da aikin abokan cinikinmu, da kuma yadda aka magance wannan matsalar.
Yadda aka fara
An fara shi ne a safiyar ranar 31 ga Oktoba, ranar ƙarshe ga wata, lokacin da mutane da yawa ke matuƙar bukatar samun lokaci don warware matsalolin gaggawa da kuma muhimman batutuwa.
Daya daga cikin abokan tarayya, wanda ya rike da dama kama-da-wane inji na abokan ciniki da yake hidima a cikin gajimare, ya ruwaito cewa daga 9:10 zuwa 9:20 da dama Windows sabobin da ke gudana a kan rukunin yanar gizon mu na Ukrainian ba su yarda da haɗin kai zuwa sabis na samun damar nesa ba, masu amfani sun kasa. don shiga cikin kwamfutocinsu, amma bayan ƴan mintoci kaɗan matsalar kamar ta warware kanta.
Mun tada kididdiga kan yadda hanyoyin sadarwa ke aiki, amma ba mu sami wani tashin hankali ko gazawa ba. Mun duba kididdigar kan nauyin da ke kan albarkatun kwamfuta - babu abubuwan da ba su dace ba. Kuma menene hakan?
Sai kuma wani abokin tarayya, wanda ya karbi bakuncin fiye da sabar fiye da ɗari a cikin gajimare, ya ba da rahoton irin matsalolin da wasu abokan cinikin su suka lura, kuma ya zama cewa a gaba ɗaya ana iya samun damar sabobin (suna amsa daidai ga gwajin ping da sauran buƙatun), amma hanyar shiga nesa na sabis akan waɗannan sabobin ko dai yana karɓar sabbin hanyoyin haɗin gwiwa ko kuma ya ƙi su, kuma muna magana ne game da sabobin akan shafuka daban-daban, zirga-zirgar da ke zuwa daga tashoshin watsa bayanai daban-daban.
Bari mu kalli wannan zirga-zirga. Fakiti tare da buƙatar haɗi ya isa uwar garken:
xx:xx:xx.xxxxxx IP xxx.xxx.xxx.xxx.58355 > 192.168.xxx.xxx.3389: Flags [S], seq 467744439, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
Sabar tana karɓar wannan fakiti, amma ya ƙi haɗin:
xx:xx:xx.xxxxxx IP 192.168.xxx.xxx.3389 > xxx.xxx.xxx.xxx.58355: Flags [R.], seq 0, ack 467744440, win 0, length 0
Wannan yana nufin cewa a fili matsalar ba ta haifar da kowace matsala a cikin ayyukan abubuwan more rayuwa ba, amma ta hanyar wani abu dabam. Wataƙila duk masu amfani suna fuskantar matsala tare da lasisin tebur mai nisa? Wataƙila wasu nau'ikan malware sun sami damar shiga tsarin su, kuma a yau an kunna shi, kamar yadda yake da shekaru biyu da suka gabata. XData и Petya?
Yayin da muke warware shi, mun sami irin wannan buƙatun daga wasu abokan ciniki da abokan tarayya da yawa.
Menene ainihin ke faruwa akan waɗannan inji?
Rubutun taron suna cike da saƙon game da ƙoƙarin tantance kalmar sirri:
Yawanci, ana yin rajistar irin waɗannan yunƙurin akan duk sabar inda ake amfani da daidaitaccen tashar jiragen ruwa (3389) don sabis ɗin shiga nesa kuma ana ba da izinin shiga daga ko'ina. Intanet tana cike da bots waɗanda koyaushe suna bincika duk wuraren haɗin da ke akwai kuma suna ƙoƙarin tantance kalmar sirri (wannan shine dalilin da ya sa muke ba da shawarar yin amfani da kalmomin sirri masu rikitarwa maimakon “123”). Duk da haka, tsananin waɗannan yunƙurin a wannan rana ya yi yawa.
Yadda za a ci gaba?
Ba da shawarar cewa abokan ciniki suna ciyar da lokaci mai yawa don canza saituna don ɗimbin adadin masu amfani da ƙarshen don canzawa zuwa tashar jiragen ruwa daban? Ba kyakkyawan ra'ayi ba, abokan ciniki ba za su yi farin ciki ba. Ba da shawarar ba da izinin shiga ta hanyar VPN kawai? A cikin sauri da firgita, haɓaka haɗin IPSec ga waɗanda ba su da tashe su - watakila irin wannan farin cikin ba ya murmushi ga abokan ciniki. Ko da yake, dole ne in ce, wannan abu ne na ibada a kowane hali, koyaushe muna ba da shawarar ɓoye uwar garken a cikin hanyar sadarwa mai zaman kansa kuma a shirye don taimakawa tare da saitunan, kuma ga waɗanda suke son gano shi da kansu, muna raba umarnin. don kafa IPSec/L2TP a cikin gajimare mu a cikin site-to-site ko hanya yanayin -warrior, kuma idan kowa yana so ya kafa sabis na VPN akan sabar Windows na kansu, koyaushe suna shirye don raba shawarwari kan yadda ake saitawa. daidaitaccen RAS ko OpenVPN. Amma, komai yadda muka kasance da sanyi, wannan ba shine lokaci mafi kyau don gudanar da aikin ilimi tsakanin abokan ciniki ba, tun da muna buƙatar gyara matsalar da sauri tare da danniya kadan ga masu amfani.
Maganin da muka aiwatar shine kamar haka. Mun kafa wani bincike na wucewar zirga-zirga ta hanyar da za a saka idanu duk ƙoƙarin kafa haɗin TCP zuwa tashar jiragen ruwa 3389 kuma zaɓi daga cikin adireshin da, a cikin daƙiƙa 150, ƙoƙarin kafa haɗin gwiwa tare da sabobin fiye da 16 daban-daban akan hanyar sadarwar mu. - Waɗannan su ne tushen harin (Tabbas, idan ɗaya daga cikin abokan ciniki ko abokan tarayya yana da ainihin buƙata don kafa haɗin gwiwa tare da sabar da yawa daga tushe ɗaya, koyaushe zaka iya ƙara irin waɗannan hanyoyin zuwa "jerin farar fata." Haka kuma, idan a daya C network na wadannan dakikoki 150, an gano fiye da adireshi 32, yana da ma'ana a toshe duk hanyar sadarwar, an sanya blocking na tsawon kwanaki 3, kuma idan a wannan lokacin ba a kai hari daga wani tushe ba. Ana cire wannan tushen ta atomatik daga “black list.” Ana sabunta jerin hanyoyin da aka katange kowane sakan 300.
Ana samun wannan jeri a wannan adireshin: , za ku iya gina ACL ɗin ku bisa ga shi.
Mun shirya don raba lambar tushe na irin wannan tsarin; babu wani abu mai rikitarwa a cikinsa (waɗannan rubutun sauƙi ne da yawa waɗanda aka haɗa a zahiri kamar sa'o'i biyu akan gwiwa), kuma a lokaci guda ana iya daidaita shi kuma ba a amfani da shi ba. kawai don kariya daga irin wannan harin, amma kuma don ganowa da toshe duk wani yunƙuri na duba hanyar sadarwar:
Bugu da ƙari, mun yi wasu canje-canje ga saitunan tsarin sa ido, wanda a yanzu ya fi sa ido sosai kan yadda ƙungiyoyin sarrafawa na sabar sabar a cikin gajimarenmu suka yi ƙoƙari na kafa haɗin RDP: idan amsa ba ta biyo baya ba a cikin na biyu, wannan dalili ne na kula.
Maganin ya juya ya zama mai tasiri sosai: babu ƙarin gunaguni daga abokan ciniki da abokan tarayya, kuma daga tsarin sa ido. Ana ƙara sabbin adireshi da dukkan hanyoyin sadarwa a kai a kai cikin jerin baƙaƙe, wanda ke nuna cewa harin ya ci gaba, amma ba ya shafar aikin abokan cinikinmu.
Akwai aminci a lambobi
A yau mun sami labarin cewa sauran masu aiki sun ci karo da irin wannan matsala. Wani har yanzu ya yi imanin cewa Microsoft ya yi wasu canje-canje ga lambar sabis ɗin shiga nesa (idan kun tuna, mun yi zargin abu ɗaya a ranar farko, amma mun ƙi wannan sigar cikin sauri) kuma ya yi alkawarin yin duk mai yiwuwa don nemo mafita cikin sauri. . Wasu mutane suna yin watsi da matsalar kawai kuma suna ba abokan ciniki shawarar su kare kansu da kansu (canza tashar haɗi, ɓoye uwar garken a cikin hanyar sadarwa mai zaman kansa, da sauransu). Kuma a rana ta farko, ba wai kawai mun magance wannan matsala ba, har ma mun samar da wasu ginshiƙai don ƙarin tsarin gano barazanar duniya da muke shirin haɓakawa.
Godiya ta musamman ga abokan hulda da abokan hulda wadanda ba su yi shiru ba kuma ba su zauna a bakin kogi suna jiran gawar makiya ta sha ruwa tare da ita wata rana ba, amma nan da nan suka ja hankalinmu kan matsalar, wadda ta ba mu damar kawar da ita. shi a rana guda.
source: www.habr.com