Ƙungiyar masu bincike daga Vrije Universiteit Amsterdam da ETH Zurich sun haɓaka fasahar kai hari ta hanyar sadarwa (Network Cache ATtack), wanda ke ba da izini, ta amfani da hanyoyin nazarin bayanai ta hanyar tashoshi na ɓangare na uku, don ƙayyade maɓallan da mai amfani ya danna yayin aiki a cikin zaman SSH. Matsalar tana bayyana ne kawai akan sabobin da ke amfani da fasaha (Hanyar damar ƙwaƙwalwar ajiyar kai tsaye) da (Data-Direct I/O).
Intel , cewa harin yana da wahalar aiwatarwa a aikace, tun da yake yana buƙatar samun damar maharin zuwa cibiyar sadarwar gida, yanayi mara kyau da kuma tsara tsarin sadarwa ta hanyar amfani da fasahar RDMA da DDIO, waɗanda galibi ana amfani da su a cikin keɓantattun hanyoyin sadarwa, alal misali, inda kwamfuta gungu suna aiki. An ƙididdige batun ƙarami (CVSS 2.6, ) kuma an ba da shawara don kada a kunna DDIO da RDMA a cikin cibiyoyin sadarwa na gida inda ba a samar da iyakar tsaro ba kuma an ba da izinin haɗin kai na abokan ciniki marasa aminci. An yi amfani da DDIO a cikin masu sarrafa uwar garken Intel tun 2012 (Intel Xeon E5, E7 da SP). Tsarin da ya danganci na'urori masu sarrafawa daga AMD da sauran masana'antun ba matsalar ta shafe su ba, tunda ba sa goyan bayan adana bayanan da aka canjawa wuri akan hanyar sadarwa a cikin cache na CPU.
Hanyar da aka yi amfani da ita don harin ya yi kama da rauni "", wanda ke ba ku damar canza abubuwan da ke cikin rago ɗaya a cikin RAM ta hanyar sarrafa fakitin cibiyar sadarwa a cikin tsarin tare da RDMA. Sabuwar matsalar ita ce sakamakon aiki don rage jinkiri lokacin amfani da tsarin DDIO, wanda ke tabbatar da hulɗar kai tsaye na katin cibiyar sadarwa da sauran na'urori masu alaƙa tare da cache na processor (a cikin aiwatar da fakitin katin sadarwar, ana adana bayanai a cikin cache kuma ana adana bayanan a cikin cache da sauran na'urori na gefe. an dawo dasu daga cache, ba tare da samun damar ƙwaƙwalwar ajiya ba).
Godiya ga DDIO, cache ɗin mai sarrafawa kuma ya haɗa da bayanan da aka samar yayin ayyukan cibiyar sadarwa mara kyau. Harin na NetCAT ya dogara ne akan gaskiyar cewa katunan cibiyar sadarwa suna yin ajiyar bayanai, kuma saurin sarrafa fakiti a cikin hanyoyin sadarwar gida na zamani ya isa ya yi tasiri ga cika cache da sanin kasancewar ko rashin bayanai a cikin cache ta hanyar nazarin jinkiri yayin bayanai. canja wuri.
Lokacin amfani da zaman ma'amala, kamar ta hanyar SSH, ana aika fakitin cibiyar sadarwa nan da nan bayan an danna maɓallin, watau. jinkiri tsakanin fakitin yana da alaƙa da jinkiri tsakanin maɓallai. Yin amfani da hanyoyin bincike na ƙididdiga da la'akari da cewa jinkiri tsakanin maɓallan maɓalli yawanci ya dogara ne akan matsayin maɓalli akan madannai, yana yiwuwa a sake ƙirƙirar bayanan da aka shigar tare da takamaiman yuwuwar. Misali, yawancin mutane sukan rubuta "s" bayan "a" da sauri fiye da "g" bayan "s".
Bayanan da aka adana a cikin cache ɗin na'ura kuma yana ba mutum damar yin hukunci daidai lokacin fakitin da katin cibiyar sadarwa ya aika lokacin sarrafa haɗin gwiwa kamar SSH. Ta hanyar samar da wasu zirga-zirgar ababen hawa, mai hari zai iya tantance lokacin da sabbin bayanai suka bayyana a cikin ma'ajin da ke da alaƙa da takamaiman aiki a cikin tsarin. Don nazarin abubuwan da ke cikin cache, ana amfani da hanyar , wanda ya ƙunshi ɗimbin cache tare da saitin ƙima da auna lokacin isa gare su lokacin da aka sake yawan jama'a don tantance canje-canje.
Yana yiwuwa za a iya amfani da dabarar da aka tsara don tantance ba kawai maɓalli ba, har ma da sauran nau'ikan bayanan sirri da aka adana a cikin cache na CPU. Ana iya yuwuwar kai harin koda RDMA nakasasshe ne, amma ba tare da RDMA tasirinsa yana raguwa kuma aiwatarwa yana da wahala sosai. Hakanan yana yiwuwa a yi amfani da DDIO don tsara tashar sadarwa ta ɓoye da ake amfani da ita don canja wurin bayanai bayan an lalata uwar garken, ketare tsarin tsaro.
source: budenet.ru