Vincent Canfield, mai gudanarwa na imel da mai siyarwar baƙi cock.li, ya gano cewa an ƙara duk hanyar sadarwar IP ɗin sa kai tsaye zuwa jerin UCEPROTECT DNSBL don bincika tashar jiragen ruwa daga injunan kama-da-wane. An haɗa subnet ɗin Vincent a cikin jerin matakai na 3, wanda ake yin toshewa ta hanyar lambobi masu cin gashin kansu kuma suna rufe dukkan rukunin gidajen yanar gizo waɗanda aka kunna masu gano spam akai-akai kuma don adireshi daban-daban. Sakamakon haka, mai bada M247 ya kashe tallan ɗayan cibiyoyin sadarwarsa a cikin BGP, yana dakatar da sabis yadda yakamata.
Matsalar ita ce, sabar UCEPROTECT na bogi, waɗanda suke yin kamar a buɗe suke kuma suna rikodin ƙoƙarin aika wasiku ta kansu, kai tsaye suna shigar da adireshi a cikin jerin toshe bisa duk wani aiki na cibiyar sadarwa, ba tare da bincika haɗin yanar gizon ba. Hakanan ana amfani da irin wannan hanyar toshewa ta aikin Spamhaus.
Don shiga cikin jerin toshewa, ya isa a aika fakitin TCP SYN guda ɗaya, wanda maharan za su iya amfani da su. Musamman, tun da ba a buƙatar tabbatarwa ta hanyoyi biyu na haɗin TCP, yana yiwuwa a yi amfani da spoofing don aika fakitin da ke nuna adireshin IP na karya da kuma fara shigarwa cikin jerin toshe duk wani mai watsa shiri. Lokacin kwaikwayon ayyuka daga adiresoshin da yawa, yana yiwuwa a haɓaka toshewa zuwa mataki na 2 da mataki na 3, waɗanda ke yin toshewa ta hanyar hanyar sadarwa ta yanar gizo da lambobi masu cin gashin kansu.
An ƙirƙiri lissafin matakin 3 asali don yaƙar masu samarwa waɗanda ke ƙarfafa ayyukan abokin ciniki ƙeta kuma ba sa amsa korafe-korafe (misali, rukunin yanar gizon da aka ƙirƙira musamman don ɗaukar abun ciki na haram ko hidimar masu saɓo). Kwanaki kaɗan da suka gabata, UCEPROTECT ta canza ƙa'idodin shiga cikin jerin matakan 2 da matakin 3, wanda ya haifar da ƙarin tacewa da haɓaka girman lissafin. Misali, adadin shigarwar da ke cikin jerin matakan 3 ya karu daga tsarin 28 zuwa 843 masu cin gashin kansu.
Don magance UCEPROTECT, an gabatar da ra'ayin don amfani da adiresoshin da ba su da tushe yayin binciken da ke nuna IPs daga kewayon masu tallafawa UCEPROTECT. Sakamakon haka, UCEPROTECT ya shigar da adiresoshin masu daukar nauyinsa da sauran mutane da yawa marasa laifi a cikin ma'ajin ta, wanda ya haifar da matsala ta hanyar aikawa da imel. An kuma haɗa hanyar sadarwar Sucuri CDN a cikin jerin toshewa.
source: budenet.ru