Ba asiri ba ne cewa Intanet yanayi ne mai tsananin ƙiyayya. Da zaran ka ɗaga uwar garken, nan take ana fuskantar hare-hare masu yawa da kuma dubawa da yawa. Misali
Tarpit tashar tarko ce da ake amfani da ita don rage haɗin gwiwa mai shigowa. Idan tsarin ɓangare na uku ya haɗa zuwa wannan tashar jiragen ruwa, ba za ku iya rufe haɗin da sauri ba. Dole ne ta ɓata albarkatun tsarinta kuma ta jira har sai lokacin haɗin gwiwa ya ƙare, ko kuma ta ƙare da hannu.
Mafi sau da yawa, ana amfani da kwalta don kariya. An fara samar da wannan dabarar ne domin kariya daga tsutsotsin kwamfuta. Kuma yanzu ana iya amfani da shi don lalata rayuwar masu satar bayanan sirri da masu bincike waɗanda ke tsunduma cikin bincikar duk adiresoshin IP a jere (misali akan Habré:
Daya daga cikin masu kula da tsarin mai suna Chris Wellons da alama ya gaji da kallon wannan abin kunya - kuma ya rubuta karamin shiri.
Shigar da kayan aiki:
$ make
$ ./endlessh &
$ ssh -p2222 localhost
Tafarkin da aka aiwatar da kyau zai ɗauki ƙarin albarkatu daga maharin fiye da daga gare ku. Amma ba ma batun albarkatun kasa ba ne. Marubuci
A cikin yanayin aiki, ana buƙatar shigar da uwar garken Ƙarshen a kan tashar jiragen ruwa na 22 da aka saba, inda hooligans ke bugawa da yawa. Madaidaitan shawarwarin tsaro koyaushe suna ba da shawarar motsa SSH zuwa tashar jiragen ruwa daban, wanda nan da nan yana rage girman rajistan ayyukan ta hanyar girma.
Chris Wellons ya ce shirin nasa yana amfani da sakin layi ɗaya na ƙayyadaddun bayanai SSH-
.
Wannan shi ne ainihin abin da shirin Endlessh yake yi: shi aika m rafi na bayanan da aka samar ba da gangan ba, wanda ya dace da RFC 4253, wato aika kafin tantancewa, kuma kowane layi yana farawa da SSH-
kuma bai wuce haruffa 255 ba, gami da yanayin ƙarshen layi. Gabaɗaya, komai yana daidai da ma'auni.
Ta hanyar tsoho, shirin yana jira daƙiƙa 10 tsakanin fakitin aika. Wannan yana hana abokin ciniki daga lokacin ƙarewa, don haka abokin ciniki zai kasance cikin tarko har abada.
Tun da an aika bayanan kafin a yi amfani da cryptography, shirin yana da sauƙi. Ba ya buƙatar aiwatar da kowane sifa kuma yana goyan bayan ka'idoji da yawa.
Marubucin ya yi ƙoƙari ya tabbatar da cewa mai amfani yana cinye mafi ƙarancin albarkatun kuma yana aiki gaba ɗaya ba tare da lura da na'urar ba. Ba kamar riga-kafi na zamani da sauran “tsarin tsaro ba,” bai kamata ya rage jinkirin kwamfutarka ba. Ya yi nasarar rage yawan zirga-zirgar ababen hawa da kuma amfani da ƙwaƙwalwar ajiya saboda ɗan ƙaramin dabarar aiwatar da software. Idan kawai ta ƙaddamar da wani tsari na daban akan sabon haɗin gwiwa, to masu kai hari za su iya ƙaddamar da harin DDoS ta buɗe hanyoyin haɗi da yawa don ƙyale albarkatun akan injin. Zaren guda ɗaya a kowace haɗin kuma ba shine mafi kyawun zaɓi ba, saboda kernel zai ɓata albarkatun sarrafa zaren.
Shi ya sa Chris Wellons ya zaɓi zaɓi mafi nauyi don Ƙarshe: uwar garken zaren guda ɗaya poll(2)
, inda abokan cinikin da ke cikin tarkon ke cinye kusan babu ƙarin albarkatu, ba tare da ƙidaya abin soket a cikin kwaya ba da kuma wani 78 bytes don bin diddigin a cikin Ƙarshen. Don guje wa keɓance karɓa da aika buffers ga kowane abokin ciniki, Endlessh yana buɗe soket ɗin shiga kai tsaye kuma yana fassara fakitin TCP kai tsaye, yana ƙetare kusan dukkanin tsarin TCP/IP. Ba a buƙatar buffer mai shigowa kwata-kwata, saboda ba mu da sha'awar bayanan mai shigowa.
Marubucin ya ce a lokacin shirin nasa
import asyncio
import random
async def handler(_reader, writer):
try:
while True:
await asyncio.sleep(10)
writer.write(b'%xrn' % random.randint(0, 2**32))
await writer.drain()
except ConnectionResetError:
pass
async def main():
server = await asyncio.start_server(handler, '0.0.0.0', 2222)
async with server:
await server.serve_forever()
asyncio.run(main())
Asyncio yana da kyau don rubuta tarpits. Misali, wannan ƙugiya za ta daskare Firefox, Chrome, ko kowane abokin ciniki da ke ƙoƙarin haɗi zuwa sabar HTTP ɗin ku na sa'o'i da yawa:
import asyncio
import random
async def handler(_reader, writer):
writer.write(b'HTTP/1.1 200 OKrn')
try:
while True:
await asyncio.sleep(5)
header = random.randint(0, 2**32)
value = random.randint(0, 2**32)
writer.write(b'X-%x: %xrn' % (header, value))
await writer.drain()
except ConnectionResetError:
pass
async def main():
server = await asyncio.start_server(handler, '0.0.0.0', 8080)
async with server:
await server.serve_forever()
asyncio.run(main())
Tarpit babban kayan aiki ne don azabtar da masu cin zarafi na kan layi. Gaskiya ne, akwai wasu haɗari, akasin haka, na jawo hankalin su ga dabi'un da ba a saba ba na wani uwar garken. Wani
Makamai:
Python, Tsaron Bayani, Software, Gudanar da tsarin
Tags:
SSH, mara iyaka, tarpit, tarpit, tarko, asycio
Tarkon (tarpit) don haɗin SSH masu shigowa
Ba asiri ba ne cewa Intanet yanayi ne mai tsananin ƙiyayya. Da zaran ka ɗaga uwar garken, nan take ana fuskantar hare-hare masu yawa da kuma dubawa da yawa. Misali
Tarpit tashar tarko ce da ake amfani da ita don rage haɗin gwiwa mai shigowa. Idan tsarin ɓangare na uku ya haɗa zuwa wannan tashar jiragen ruwa, ba za ku iya rufe haɗin da sauri ba. Dole ne ta ɓata albarkatun tsarinta kuma ta jira har sai lokacin haɗin gwiwa ya ƙare, ko kuma ta ƙare da hannu.
Mafi sau da yawa, ana amfani da kwalta don kariya. An fara samar da wannan dabarar ne domin kariya daga tsutsotsin kwamfuta. Kuma yanzu ana iya amfani da shi don lalata rayuwar masu satar bayanan sirri da masu bincike waɗanda ke tsunduma cikin bincikar duk adiresoshin IP a jere (misali akan Habré:
Daya daga cikin masu kula da tsarin mai suna Chris Wellons da alama ya gaji da kallon wannan abin kunya - kuma ya rubuta karamin shiri.
Shigar da kayan aiki:
$ make
$ ./endlessh &
$ ssh -p2222 localhost
Tafarkin da aka aiwatar da kyau zai ɗauki ƙarin albarkatu daga maharin fiye da daga gare ku. Amma ba ma batun albarkatun kasa ba ne. Marubuci
A cikin yanayin aiki, ana buƙatar shigar da uwar garken Ƙarshen a kan tashar jiragen ruwa na 22 da aka saba, inda hooligans ke bugawa da yawa. Madaidaitan shawarwarin tsaro koyaushe suna ba da shawarar motsa SSH zuwa tashar jiragen ruwa daban, wanda nan da nan yana rage girman rajistan ayyukan ta hanyar girma.
Chris Wellons ya ce shirin nasa yana amfani da sakin layi ɗaya na ƙayyadaddun bayanai SSH-
.
Wannan shi ne ainihin abin da shirin Endlessh yake yi: shi aika m rafi na bayanan da aka samar ba da gangan ba, wanda ya dace da RFC 4253, wato aika kafin tantancewa, kuma kowane layi yana farawa da SSH-
kuma bai wuce haruffa 255 ba, gami da yanayin ƙarshen layi. Gabaɗaya, komai yana daidai da ma'auni.
Ta hanyar tsoho, shirin yana jira daƙiƙa 10 tsakanin fakitin aika. Wannan yana hana abokin ciniki daga lokacin ƙarewa, don haka abokin ciniki zai kasance cikin tarko har abada.
Tun da an aika bayanan kafin a yi amfani da cryptography, shirin yana da sauƙi. Ba ya buƙatar aiwatar da kowane sifa kuma yana goyan bayan ka'idoji da yawa.
Marubucin ya yi ƙoƙari ya tabbatar da cewa mai amfani yana cinye mafi ƙarancin albarkatun kuma yana aiki gaba ɗaya ba tare da lura da na'urar ba. Ba kamar riga-kafi na zamani da sauran “tsarin tsaro ba,” bai kamata ya rage jinkirin kwamfutarka ba. Ya yi nasarar rage yawan zirga-zirgar ababen hawa da kuma amfani da ƙwaƙwalwar ajiya saboda ɗan ƙaramin dabarar aiwatar da software. Idan kawai ta ƙaddamar da wani tsari na daban akan sabon haɗin gwiwa, to masu kai hari za su iya ƙaddamar da harin DDoS ta buɗe hanyoyin haɗi da yawa don ƙyale albarkatun akan injin. Zaren guda ɗaya a kowace haɗin kuma ba shine mafi kyawun zaɓi ba, saboda kernel zai ɓata albarkatun sarrafa zaren.
Shi ya sa Chris Wellons ya zaɓi zaɓi mafi nauyi don Ƙarshe: uwar garken zaren guda ɗaya poll(2)
, inda abokan cinikin da ke cikin tarkon ke cinye kusan babu ƙarin albarkatu, ba tare da ƙidaya abin soket a cikin kwaya ba da kuma wani 78 bytes don bin diddigin a cikin Ƙarshen. Don guje wa keɓance karɓa da aika buffers ga kowane abokin ciniki, Endlessh yana buɗe soket ɗin shiga kai tsaye kuma yana fassara fakitin TCP kai tsaye, yana ƙetare kusan dukkanin tsarin TCP/IP. Ba a buƙatar buffer mai shigowa kwata-kwata, saboda ba mu da sha'awar bayanan mai shigowa.
Marubucin ya ce a lokacin shirin nasa
import asyncio
import random
async def handler(_reader, writer):
try:
while True:
await asyncio.sleep(10)
writer.write(b'%xrn' % random.randint(0, 2**32))
await writer.drain()
except ConnectionResetError:
pass
async def main():
server = await asyncio.start_server(handler, '0.0.0.0', 2222)
async with server:
await server.serve_forever()
asyncio.run(main())
Asyncio yana da kyau don rubuta tarpits. Misali, wannan ƙugiya za ta daskare Firefox, Chrome, ko kowane abokin ciniki da ke ƙoƙarin haɗi zuwa sabar HTTP ɗin ku na sa'o'i da yawa:
import asyncio
import random
async def handler(_reader, writer):
writer.write(b'HTTP/1.1 200 OKrn')
try:
while True:
await asyncio.sleep(5)
header = random.randint(0, 2**32)
value = random.randint(0, 2**32)
writer.write(b'X-%x: %xrn' % (header, value))
await writer.drain()
except ConnectionResetError:
pass
async def main():
server = await asyncio.start_server(handler, '0.0.0.0', 8080)
async with server:
await server.serve_forever()
asyncio.run(main())
Tarpit babban kayan aiki ne don azabtar da masu cin zarafi na kan layi. Gaskiya ne, akwai wasu haɗari, akasin haka, na jawo hankalin su ga dabi'un da ba a saba ba na wani uwar garken. Wani
source: www.habr.com