ʻO ka Domain Name System (DNS) ua like ia me kahi puke kelepona e unuhi i nā inoa hoʻohana e like me "ussc.ru" i nā helu IP. No ka mea aia ka hana DNS ma kahi kokoke i nā kau kamaʻilio āpau, me ka ʻole o ka protocol. No laila, ʻo ka logging DNS kahi kumu waiwai o ka ʻikepili no ka loea palekana ʻike, e ʻae iā lākou e ʻike i nā anomalies a i ʻole ka loaʻa ʻana o ka ʻikepili hou e pili ana i ka ʻōnaehana i hoʻokolokolo ʻia.
I ka makahiki 2004, hāʻawi ʻo Florian Weimer i kahi ʻano logging i kapa ʻia ʻo Passive DNS, kahi e hiki ai iā ʻoe ke hoʻihoʻi i ka mōʻaukala o nā hoʻololi ʻikepili DNS me ka hiki ke kuhikuhi a huli, hiki ke hāʻawi i ke komo i ka ʻikepili aʻe:
- inoa domain
- ʻO ka helu IP o ka inoa kikowaena i noi ʻia
- Ka lā a me ka manawa o ka pane
- ʻAno pane
- a pēlā aku nō.
Hōʻiliʻili ʻia ka ʻikepili no Passive DNS mai nā kikowaena DNS recursive e nā modules i kūkulu ʻia a i ʻole ke keakea ʻana i nā pane mai nā kikowaena DNS kuleana no ka ʻāpana.
Kiʻi 1. Passive DNS (i lawe ʻia mai ka pūnaewele )
ʻO ka hiʻohiʻona o Passive DNS ʻaʻole pono e hoʻopaʻa inoa i ka IP address o ka mea kūʻai aku, e kōkua ana i ka pale ʻana i ka pilikino o ka mea hoʻohana.
I kēia manawa, nui nā lawelawe e hāʻawi i ke komo i ka ʻikepili Passive DNS:
ʻO ka hui
Palekana Farsight
Hua'ōlelo Virus
Riskiq
Palekana
alahele palekana
Cisco
Loaʻa
I noi
ʻAʻole koi inoa
Ua noa ke kakau inoa
I noi
ʻAʻole koi inoa
I noi
API
I kēia manawa
I kēia manawa
I kēia manawa
I kēia manawa
I kēia manawa
I kēia manawa
Aia ka mea kūʻai aku
I kēia manawa
I kēia manawa
I kēia manawa
No
No
No
Hoʻomaka o ka hōʻiliʻili ʻikepili
2010 makahiki
2013 makahiki
2009 makahiki
Hōʻike wale i nā mahina 3 hope loa
2008 makahiki
2006 makahiki
Papa 1. Nā lawelawe me ke komo ʻana i ka ʻikepili Passive DNS
E hoʻohana i nā hihia no ka Passive DNS
Ke hoʻohana nei i ka Passive DNS, hiki iā ʻoe ke kūkulu i nā pilina ma waena o nā inoa kikowaena, nā kikowaena NS a me nā helu IP. ʻAe kēia iā ʻoe e kūkulu i nā palapala ʻāina o nā ʻōnaehana e aʻo ʻia a nānā i nā loli i kēlā palapala ʻāina mai ka ʻike mua ʻana a hiki i kēia manawa.
ʻO ka Passive DNS ka mea maʻalahi ke ʻike i nā anomalies i ke kaʻa. No ka laʻana, ʻo ka nānā ʻana i nā loli i nā ʻāpana NS a me nā moʻolelo o ke ʻano A a me AAAA hiki iā ʻoe ke ʻike i nā pūnaewele ʻino me ka hoʻohana ʻana i ke ala wikiwiki, i hoʻolālā ʻia e hūnā iā C&C mai ka ʻike ʻana a me ka pale ʻana. No ka mea, ʻaʻole e hoʻololi pinepine nā inoa kikowaena kūpono (koe naʻe nā mea i hoʻohana ʻia no ka hoʻohālikelike ʻana i ka ukana) i kā lākou mau IP address, a ʻo ka hapa nui o nā ʻāpana kūpono ʻaʻole hiki ke hoʻololi i kā lākou mau kikowaena NS.
ʻO ka DNS passive, ʻokoʻa me ka helu pololei ʻana o nā subdomains me ka hoʻohana ʻana i nā puke wehewehe ʻōlelo, hiki iā ʻoe ke ʻimi i nā inoa kikowaena exotic loa, no ka laʻana, "222qmxacaiqaaaaazibq4aaidhmbqaaa0undefined7140c0.p.hoff.ru". Hiki i kekahi manawa ke ʻae iā ʻoe e ʻike i nā wahi hoʻāʻo (a nāwaliwali) o ka pūnaewele, nā mea hoʻomohala, a pēlā aku.
Ke nānā nei i kahi loulou mai kahi leka uila me ka hoʻohana ʻana i ka Passive DNS
I kēia manawa, ʻo ka spam kekahi o nā ala nui e komo ai ka mea hoʻouka i ka kamepiula o ka mea i pepehi ʻia a ʻaihue paha i ka ʻike huna. E hoʻāʻo kākou e nānā i ka loulou mai ia leka uila me ka hoʻohana ʻana i ka Passive DNS e loiloi i ka pono o kēia ʻano.
Kiʻi 2. leka uila Spam
ʻO ka loulou mai kēia leka i alakaʻi i ka pūnaewele magnit-boss.rocks, nāna i hāʻawi e hōʻiliʻili i nā bonus a loaʻa kālā:
Kiʻi 3. Hoʻokipa ʻia ka ʻaoʻao ma ka domain magnit-boss.rocks
No ka noiʻi ʻana i kēia pūnaewele i hoʻohana ʻia , ka mea i loaʻa iā 3 mau mea kūʻai aku i mākaukau ma , и .
ʻO ka mea mua, e ʻike mākou i ka mōʻaukala holoʻokoʻa o kēia inoa inoa, no kēia mea mākou e hoʻohana ai i ke kauoha:
pt-client pdns --query magnit-boss.rocks
Na kēia kauoha e hoʻihoʻi i ka ʻike e pili ana i nā hoʻoholo DNS āpau e pili ana i kēia inoa inoa.
Kiʻi 4. Pane mai ka Riskiq API
E lawe mai i ka pane mai ka API i kahi ʻano ʻike maka:
Kiʻi 5. Nā helu a pau mai ka pane
No ka noiʻi hou aku, lawe mākou i nā IP address i hoʻoholo ʻia ai kēia inoa domain i ka manawa i loaʻa ai ka leka ma 01.08.2019/92.119.113.112/85.143.219.65, ʻo ia mau IP address nā helu ma lalo nei XNUMX a me XNUMX.
Ke hoʻohana nei i ke kauoha:
pt-client pdns --query
hiki iā ʻoe ke loaʻa nā inoa inoa āpau i pili me nā helu IP i hāʻawi ʻia.
ʻO ka IP address 92.119.113.112 he 42 mau inoa kikowaena kūʻokoʻa i hoʻoholo i kēia IP address, ma waena o ia mau inoa:
- magnet-boss.club
- igrovie-automaty.me
- pro-x-audit.xyz
- zep3-www.xyz
- a pēlā aku
ʻO ka IP address 85.143.219.65 he 44 mau inoa kikowaena kūʻokoʻa i hoʻoholo i kēia helu IP, ma waena o ia mau inoa:
- cvv2.name (pūnaewele no ke kūʻai ʻana i ka ʻikepili kāleka hōʻaiʻē)
- emaills.world
- www.mailru.space
- a pēlā aku
ʻO ka pilina me kēia mau inoa inoa e alakaʻi i ka phishing, akā ke manaʻoʻiʻo nei mākou i ka poʻe lokomaikaʻi, no laila e hoʻāʻo mākou e kiʻi i kahi bonus o 332 rubles? Ma hope o ke kaomi ʻana i ka pihi "YES", noi ka pūnaewele iā mākou e hoʻololi i 501.72 rubles mai ke kāleka e wehe i ka moʻokāki a hoʻouna iā mākou i ka pūnaewele as-torpay.info e hoʻokomo i ka ʻikepili.
Kiʻi 6. ʻO ka ʻaoʻao nui o ka pūnaewele ac-pay2day.net
Me he kahua kānāwai, aia kahi palapala https, a hāʻawi ka ʻaoʻao nui e hoʻopili i kēia ʻōnaehana uku i kāu pūnaewele, akā, auwe, ʻaʻole hana nā loulou āpau e hoʻopili. Hoʻoholo kēia inoa kikowaena i ka helu IP 1 wale nō - 190.115.19.74. Loaʻa iā ia he 1475 mau inoa kikowaena kūʻokoʻa e hoʻoholo i kēia helu IP, me nā inoa e like me:
- ac-pay2day.net
- ac-payfit.com
- as-manypay.com
- fletkass.net
- as-magicpay.com
- a pēlā aku
E like me kā mākou e ʻike ai, ʻae ʻo Passive DNS iā ʻoe e hōʻiliʻili i ka ʻikepili e pili ana i ke kumu waiwai ma lalo o ke aʻo ʻana a me ke kūkulu ʻana i kahi ʻano imprint e hiki ai iā ʻoe ke wehe i ka papahana holoʻokoʻa no ka ʻaihue ʻana i ka ʻikepili pilikino, mai kona loaʻa ʻana a hiki i kahi o ke kūʻai aku.
Kiʻi 7. Palapala ʻāina o ka ʻōnaehana e aʻo ʻia nei
ʻAʻole like nā mea a pau e like me kā mākou makemake. No ka laʻana, hiki ke haki i kēlā mau noiʻi ma CloudFlare a i ʻole nā lawelawe like. A ʻo ka maikaʻi o ka ʻikepili i hōʻiliʻili ʻia e hilinaʻi nui ʻia i ka helu o nā nīnau DNS e hele ana i ka module no ka hōʻiliʻili ʻana i ka ʻikepili Passive DNS. Eia naʻe, ʻo Passive DNS kahi kumu o ka ʻike hou aku no ka mea noiʻi.
Mea kākau: Kauka o ka Ural Center for Security Systems
Source: www.habr.com