A shekara ta 2016, vDos ya zama sabis ɗin da ya fi shahara a duniya don oda harin DDoS
Idan kun yi imani da ka'idodin makirci, to, kamfanonin riga-kafi da kansu suna rarraba ƙwayoyin cuta, kuma DDoS sabis na kariya da kansu suka fara waɗannan hare-haren. Tabbas wannan almara ne...ko a'a?
Janairu 16, 2020 Kotun Gundumar Tarayya ta New Jersey Tucker Preston, 22, na Macon, Georgia, akan ƙidaya ɗaya na lalata kwamfutoci masu kariya ta hanyar watsa shiri, lamba ko umarni. Tucker shine wanda ya kafa BackConnect Security LLC, wanda ya ba da kariya daga hare-haren DDoS. Matashin dan kasuwan ya kasa jurewa jarabawar daukar fansa a kan abokan cinikinsa da ba za su iya jurewa ba.
Labarin bakin ciki na Tucker Preston ya fara ne a cikin 2014, lokacin da matashin dan gwanin kwamfuta, tare da abokinsa Marshal Webb, suka kafa kamfanin BackConnect Security LLC, wanda daga baya ya fito daga BackConnect, Inc. A watan Satumba 2016, wannan kamfani a lokacin aikin rufe sabis na vDos, wanda a lokacin ana ɗaukar sabis ɗin da ya fi shahara a duniya don odar hare-haren DDoS. Kamfanin na BackConnect ya yi zargin cewa an kai wa kansa hari ta hanyar vDos - kuma ya aiwatar da wani sabon abu "counterattack", yana kama adiresoshin IP na abokan gaba 255. (Satar BGP). Kai irin wannan harin don kare muradun mutum ya haifar da cece-kuce a cikin jami’an tsaron bayanan. Mutane da yawa sun ji cewa BackConnect ya wuce sama.
Ana yin tsaka-tsakin BGP mai sauƙi ta hanyar sanar da prefix na wani azaman naka. Uplinks/takwarorinsu sun yarda da shi, kuma ya fara yaduwa a cikin Intanet. Misali, a cikin 2017, ana zarginsa sakamakon gazawar software, Rostelecom (AS12389) Mastercard (AS26380), Visa da wasu sauran cibiyoyin kuɗi. BackConnect yayi aiki a cikin hanya ɗaya lokacin da aka kwashe adiresoshin IP daga mai masaukin Bulgarian Verdina.net.
BackConnect Shugaba Bryant Townsend a cikin wasiƙar NANOG don masu aikin cibiyar sadarwa. Ya ce ba a dauki matakin kai hari a wuraren adireshi na abokan gaba ba da wasa, amma a shirye suke su ba da amsa kan abin da suka aikata: “Ko da yake mun samu damar boye ayyukanmu, mun ga cewa hakan ba daidai ba ne. Na dauki lokaci mai yawa ina tunani game da wannan shawarar da kuma yadda za ta iya yin mummunan tasiri a kan kamfanin da ni a idanun wasu mutane, amma daga karshe na goyi bayansa."
Kamar yadda ya fito, wannan ba shine karo na farko da BackConnect yayi amfani da tsangwama na BGP ba, kuma kamfanin gabaɗaya yana da tarihin duhu. Ko da yake ya kamata a lura cewa ba a koyaushe ana amfani da interception na BGP don dalilai na ƙeta ba. Brian Krebs cewa shi da kansa yana amfani da sabis na Prolexic Communications (yanzu ɓangare na Akamai Technologies) don kariya ta DDoS. Ita ce ta gano yadda za a yi amfani da garkuwar BGP don kariya daga hare-haren DDoS.
Idan DDoS harin wanda aka azabtar ya tuntuɓi Prolexic don taimako, ƙarshen yana canja adireshin IP na abokin ciniki zuwa kansa, wanda ke ba shi damar tantancewa da tace zirga-zirgar shigowa.
Tunda BackConnect ya ba da sabis na kariya na DDoS, an gudanar da bincike don sanin wanene daga cikin ɓangarorin BGP za a iya la'akari da halal a cikin bukatun abokan cinikin su, kuma waɗanda suke da shakku. Wannan yana la'akari da tsawon lokacin kama adiresoshin wasu, yadda aka yi tallan prefix na mutum a matsayin nasu, ko akwai yarjejeniya da aka tabbatar da abokin ciniki, da dai sauransu. Tebur ya nuna cewa wasu ayyukan BackConnect suna da shakku sosai.
A bayyane yake, wasu daga cikin wadanda abin ya shafa sun shigar da kara a kan BackConnect. IN Ba a bayyana sunan kamfanin da kotu ta amince da wanda aka kashe ba. Ana kiran wanda aka azabtar a cikin takardar kamar yadda Wanda aka azabtar 1.
Kamar yadda aka ambata a sama, binciken ayyukan BackConnect ya fara ne bayan an yi kutse na sabis na vDos. Sannan masu gudanar da sabis, da kuma bayanan vDos, gami da masu amfani da rajista da kuma bayanan abokan cinikin da suka biya vDos don kai hare-haren DDoS.
Waɗannan bayanan sun nuna cewa an buɗe ɗaya daga cikin asusun akan gidan yanar gizon vDos zuwa adiresoshin imel da ke da alaƙa da yankin da aka yi rajista da sunan Tucker Preston. Wannan asusun ya ƙaddamar da hare-hare a kan ɗimbin hari, gami da hare-hare masu yawa kan cibiyoyin sadarwa mallakarsu (FSF).
A cikin 2016, wani tsohon FSF sysadmin ya ce ƙungiyoyin sa-kai a wani lokaci sun yi la'akari da haɗin gwiwa tare da BackConnect, kuma hare-haren sun fara kusan nan da nan bayan FSF ta ce za ta nemi wani kamfani don samar da kariya ta DDoS.
A cewar Ma'aikatar shari'a ta Amurka, akan wannan kirga, Tucker Preston na fuskantar daurin shekaru 10 a gidan yari da kuma tarar dala 250, wanda ya ninka adadin riba ko asara daga aikata laifin. Za a yanke hukuncin ne a ranar 000 ga Mayu, 7.
GlobalSign yana ba da mafita na PKI mai daidaitawa ga ƙungiyoyi masu girma dabam.
Karin bayani: +7 (499) 678 2210, [email kariya].
source: www.habr.com