Tawagar masu bincike daga Jami'ar Peking, Jami'ar Tsinghua da Jami'ar Texas a Dallas sabon nau'in harin DoS - RangeAmp, dangane da amfani da taken HTTP don tsara haɓaka zirga-zirga ta hanyar cibiyoyin sadarwar abun ciki (CDN). Ma'anar hanyar ita ce, saboda yadda ake sarrafa masu rubutun Range a cikin CDN da yawa, mai hari zai iya buƙatar byte ɗaya daga babban fayil ta CDN, amma CDN zai zazzage dukkan fayil ɗin ko mafi girma block na bayanai daga uwar garken manufa da za a sanya a cikin cache. Matsayin haɓaka zirga-zirga a lokacin irin wannan harin, dangane da CDN, ya tashi daga 724 zuwa sau 43330, wanda za'a iya amfani da shi don wuce gona da iri na CDN tare da zirga-zirga mai shigowa ko rage ƙarfin tashar sadarwa ta ƙarshe zuwa wurin wanda aka azabtar.
Mai taken Range yana ba abokin ciniki ikon tantance kewayon matsayi a cikin fayil ɗin da yakamata a sauke maimakon mayar da fayil ɗin gabaɗaya. Misali, abokin ciniki zai iya ƙayyade "Range: bytes=0-1023" kuma uwar garken zai aika kawai 1024 bytes na bayanai. Ana buƙatar wannan fasalin lokacin zazzage manyan fayiloli - mai amfani zai iya dakatar da zazzagewar sannan ya ci gaba daga wurin da aka katse. Lokacin ƙayyade "bytes = 0-0", ma'auni yana ba da umarni don ba da byte na farko a cikin fayil, "bytes = -1" - na ƙarshe, "bytes = 1-" - farawa daga 1 byte har zuwa ƙarshen fayil ɗin. Yana yiwuwa a aika da jeri da yawa a cikin kai ɗaya, misali "Range: bytes=0-1023,8192-10240".
Bugu da ƙari, an ba da shawarar zaɓin hari na biyu, da nufin haɓaka nauyin hanyar sadarwa yayin tura zirga-zirga ta wani CDN, wanda ake amfani da shi azaman wakili (misali, lokacin da Cloudflare ke aiki azaman gaba (FCDN), kuma Akamai yana aiki azaman baya ( BCDN). Hanyar tana kama da harin farko, amma ana cikin gida a cikin cibiyoyin sadarwar CDN kuma yana ba da damar haɓaka zirga-zirgar zirga-zirga lokacin shiga ta wasu CDNs, ƙara nauyi akan abubuwan more rayuwa da rage ingancin sabis.
Manufar ita ce maharin yana aika buƙatun Range na jeri da yawa zuwa CDN, kamar "bytes=0-,0-,0-...", "bytes=1-,0-,0-..." ko "bytes=-1024,0-,0-...". Buƙatun sun ƙunshi babban adadin “0-” jeri, yana nuna cewa an dawo da fayil ɗin daga matsayi sifili zuwa ƙarshe. Saboda rashin aiwatar da fa'idar kewayon ba daidai ba, lokacin da CDN ta farko ta shiga na biyu, ana aika cikakken fayil don kowane kewayon "0-" (ba a haɗa jeri ba, amma an daidaita su a jere), idan akwai kwafi da tsaka-tsakin jeri a ciki. bukatar da maharin ya aiko da farko. Matsayin haɓaka zirga-zirga a cikin irin wannan harin yana daga 53 zuwa 7432 sau.
A lokacin binciken, an yi nazarin halayen 13 CDNs -
Akamai, Alibaba Cloud, Azure, CDN77, CDNsun, Cloudflare, CloudFront, Fastly, G-Core Labs, Huawei Cloud, KeyCDN, StackPath da Tencent Cloud. Duk CDN ɗin da aka bincika sun ba da izinin nau'in harin farko akan uwar garken ƙarshe. Bambanci na biyu na harin CDN ya shafi ayyuka 6, wanda hudu zasu iya zama gaba a cikin harin (CDN77, CDNsun, Cloudflare da StackPath) da uku a matsayin baya (Akamai, Azure da StackPath). Ana samun babbar riba a cikin Akamai da StackPath, wanda ke ba da damar tantance jeri sama da dubu 10 a cikin taken Range. An sanar da masu CDN game da raunin kusan watanni 7 da suka gabata, kuma a lokacin da aka bayyana bayanin a bainar jama'a, 12 daga cikin 13 CDNs sun gyara matsalolin da aka gano ko kuma sun bayyana shirye-shiryen gyara su (Sabis ɗin StackPath kawai bai amsa ba).
source: budenet.ru