Me he mea lā he hale ikaika, kūʻokoʻa a hiki ʻole ke luku ʻia ka Pūnaewele. Ma ke kumumanaʻo, ikaika ka pūnaewele e ola ai i kahi pahū nuklea. ʻO ka ʻoiaʻiʻo, hiki i ka Pūnaewele ke hoʻokuʻu i hoʻokahi router liʻiliʻi. ʻO nā mea āpau no ka mea ʻo ka Pūnaewele he puʻu o nā kūʻē, nā nāwaliwali, nā hewa a me nā wikiō e pili ana i nā pōpoki. ʻO ka iwi kuamoʻo o ka Pūnaewele, BGP, piha i nā pilikia. Kamahaʻo nō kona hanu ʻana. Ma waho aʻe o nā hewa i ka Pūnaewele ponoʻī, ua haki ʻia e nā mea āpau: nā mea hoʻolako pūnaewele nui, nā hui, nā mokuʻāina a me nā hoʻouka kaua DDoS. He aha kāu e hana ai a pehea e ola ai me ia?
ʻIke i ka pane Alexey Uchakin () ʻo ia ke alakaʻi o kahi hui o nā ʻenekini pūnaewele ma IQ Option. ʻO kāna hana nui ka hiki ke loaʻa i ka paepae no nā mea hoʻohana. Ma ka transcript o ka hōʻike a Alexey ma E kamaʻilio e pili ana i ka BGP, DDOS attacks, Internet switch, provider errors, decentralization and cases when a little router sent the Internet to sleep. I ka hopena - ʻelua mau ʻōlelo aʻoaʻo pehea e ola ai i kēia mau mea āpau.
ʻO ka lā i haki ka Pūnaewele
E haʻi wau i kekahi mau hanana i haki ʻia ka pilina o ka Pūnaewele. E lawa kēia no ke kiʻi piha.
"Ahaia AS7007". ʻO ka manawa mua i haʻihaʻi ai ka Pūnaewele ma ʻApelila 1997. Aia kahi pahu i loko o ka polokalamu o hoʻokahi router mai ka ʻōnaehana autonomous 7007. I kekahi manawa, ua hoʻolaha ka mea alalai i kāna papa ʻaina kūloko i kona mau hoalauna a hoʻouna i ka hapalua o ka pūnaewele i loko o kahi lua ʻeleʻele.
"Pakistan kū'ē iā YouTube". I ka makahiki 2008, ua hoʻoholo ka poʻe koa mai Pakistan e pāpā iā YouTube. Ua hana maikaʻi lākou a waiho ʻia ka hapalua o ka honua me ka ʻole o nā pōpoki.
"Hopu o VISA, MasterCard a me Symantec prefix e Rostelecom". Ma 2017, hoʻomaka hewa ʻo Rostelecom e hoʻolaha i nā prefixes VISA, MasterCard a me Symantec. ʻO ka hopena, ua hoʻokele ʻia ke kālā kālā ma nā ala i hoʻomalu ʻia e ka mea hāʻawi. ʻAʻole i lōʻihi ka leak, akā he mea leʻaleʻa no nā ʻoihana kālā.
Google me Iapana. I ʻAukake 2017, hoʻomaka ʻo Google e hoʻolaha i nā prefix o nā mea hoʻolako Kepani nui ʻo NTT a me KDDI i kekahi o kāna mau uplinks. Ua hoʻouna ʻia ke kaʻa i Google ma ke ʻano he kaʻahele, ma ke kuhi hewa paha. No ka mea ʻaʻole ʻo Google he mea hoʻolako a ʻaʻole ʻae i ka hele ʻana o ka transit, ua waiho ʻia kahi hapa nui o Iapana me ka ʻole o ka Pūnaewele.
"Ua hopu ʻo DV LINK i nā prefix o Google, Apple, Facebook, Microsoft". Eia kekahi ma 2017, ua hoʻomaka ka mea hoʻolako Lūkini DV LINK no kekahi kumu e hoʻolaha i nā pūnaewele o Google, Apple, Facebook, Microsoft a me kekahi mau mea pāʻani nui.
"Ua hopu ka eNet mai USA i ka AWS Route53 a me MyEtherwallet prefixes". Ma 2018, ua hoʻolaha ka mea hoʻolako Ohio a i ʻole kekahi o kāna mau mea kūʻai aku i ka Amazon Route53 a me MyEtherwallet crypto wallet networks. Ua kūleʻa ka hoʻouka ʻana: ʻoiai ʻo ka palapala hōʻailona i hoʻopaʻa inoa ʻia, kahi ʻōlelo aʻo i ʻike ʻia i ka mea hoʻohana i ke komo ʻana i ka pūnaewele MyEtherwallet, ua hao ʻia nā ʻeke he nui a ua ʻaihue ʻia kekahi hapa o ka cryptocurrency.
Ua ʻoi aku ma mua o 2017 mau hanana like ma 14 wale nō! Ua hoʻokaʻawale ʻia ka pūnaewele, no laila ʻaʻole nā mea āpau a ʻaʻole nā mea āpau e wāwahi. Akā he mau kaukani mau hanana, pili i ka protocol BGP e mana ana i ka Pūnaewele.
BGP a me kona mau pilikia
Pūnaewele BGP - Kūlana Kūlana Kūlana palena, i wehewehe mua ʻia i ka makahiki 1989 e nā ʻenekini ʻelua mai IBM a me Cisco Systems ma ʻekolu "napkins" - nā pepa A4. ʻO kēia mau mea noho mau ma ke keʻena nui o Cisco Systems ma Kapalakiko ma ke ʻano he relic o ka honua pūnaewele.
Hoʻokumu ʻia ka protocol ma ka launa pū ʻana o nā ʻōnaehana autonomous - Pūnaehana Autonomous a i ʻole AS no ka pōkole. ʻO kahi ʻōnaehana kūʻokoʻa he ID wale nō kahi i hāʻawi ʻia ai nā pūnaewele IP ma ka papa inoa lehulehu. Hiki i kahi alalai me kēia ID ke hoʻolaha i kēia mau pūnaewele i ka honua. No laila, hiki ke hōʻike ʻia kekahi ala ma ka Pūnaewele ma ke ʻano he vector, i kapa ʻia AS Alanui. Aia ka vector i nā helu o nā ʻōnaehana autonomous e pono e hele e hiki i ka pūnaewele huakaʻi.
No ka laʻana, aia kahi pūnaewele o nā ʻōnaehana autonomous. Pono ʻoe e kiʻi mai ka ʻōnaehana AS65001 i ka ʻōnaehana AS65003. Hōʻike ʻia ke ala mai kahi ʻōnaehana e AS Path ma ke kiʻikuhi. Loaʻa iā ia nā ʻōnaehana autonomous ʻelua: 65002 a me 65003. No kēlā me kēia helu wahi e loaʻa ai kahi vector AS Path, aia nā helu o nā ʻōnaehana autonomous e pono ai mākou e hele.
No laila he aha nā pilikia me BGP?
ʻO ka BGP kahi protocol hilinaʻi
ʻO ka protocol BGP kahi hilinaʻi. ʻO ia hoʻi, hilinaʻi mākou i ko mākou hoalauna ma ke ʻano maʻamau. He hiʻohiʻona kēia o nā protocols i kūkulu ʻia i ka wanaʻao o ka Pūnaewele. E noʻonoʻo kākou i ke ʻano o ka "hilinaʻi".
ʻAʻohe hōʻoia hoa noho. ʻO ka mea maʻamau, aia MD5, akā ʻo MD5 i 2019 wale nō ...
ʻAʻohe kānana. Loaʻa iā BGP nā kānana a ua wehewehe ʻia lākou, akā ʻaʻole hoʻohana a hoʻohana hewa ʻia. E wehewehe au i ke kumu ma hope.
He mea maʻalahi loa ka hoʻonohonoho ʻana i kahi kaiāulu. ʻO ka hoʻonohonoho ʻana i kahi kaiāulu ma ka protocol BGP ma kahi kokoke i nā mea alalai ʻelua mau laina o ka config.
ʻAʻole pono nā kuleana hoʻokele BGP. ʻAʻole pono ʻoe e lawe i nā hoʻokolohua e hōʻoia i kāu mau pono. ʻAʻohe mea nāna e lawe i kāu kuleana no ka hoʻonohonoho ʻana i ka BGP i ka wā ʻona.
ʻElua pilikia nui
ʻO nā hijacks prefix. ʻO ka prefix hijacking ka hoʻolaha ʻana i kahi pūnaewele ʻaʻole iā ʻoe, e like me ka hihia me MyEtherwallet. Lawe mākou i kekahi mau prefix, ʻae me ka mea hāʻawi a hacked paha, a ma o ia mea mākou e hoʻolaha ai i kēia mau pūnaewele.
Leke ala. ʻOi aku ka paʻakikī o nā leaks. He hoʻololi ka Leak i ke ala AS. ʻO ka mea maikaʻi loa, ʻoi aku ka lōʻihi o ka hoʻololi ʻana no ka mea pono ʻoe e hele i kahi ala lōʻihi a i ʻole ma kahi loulou liʻiliʻi. ʻO ka pōʻino loa, e hana hou ʻia ka hihia me Google a me Iapana.
ʻAʻole ʻo Google ponoʻī he mea hoʻokele a i ʻole he ʻōnaehana autonomous transit. Akā i kona hoʻolaha ʻana i nā pūnaewele o nā mea hoʻohana Kepani i kāna mea hoʻolako, ʻike ʻia ka huakaʻi ma Google ma o AS Path he mea kiʻekiʻe loa. Hele aku ke kaʻa i laila a hāʻule wale no ka mea ʻoi aku ka paʻakikī o nā hoʻonohonoho ala i loko o Google ma mua o nā kānana ma ka palena.
No ke aha e hana ʻole ai nā kānana?
ʻAʻohe mea mālama. ʻO kēia ke kumu nui - ʻaʻohe mea mālama. ʻO ka luna hoʻomalu o kahi mea hoʻolako liʻiliʻi a i ʻole ʻoihana e pili ana i ka mea hoʻolako ma o BGP lawe iā MikroTik, hoʻonohonoho i ka BGP ma luna a ʻaʻole ʻike i hiki ke hoʻonohonoho ʻia nā kānana ma laila.
Nā hewa hoʻonohonoho. Ua hana hewa lākou i kahi mea, hana hewa i ka mask, kau i ka mesh hewa - a i kēia manawa ua hewa hou.
ʻAʻohe hiki ʻenehana. No ka laʻana, he nui nā mea kūʻai aku o nā mea lawelawe kelepona. ʻO ka mea naʻauao e hana ai, ʻo ia ka hoʻololi ʻana i nā kānana no kēlā me kēia mea kūʻai aku - e nānā i ka loaʻa ʻana o kāna pūnaewele hou, ua hoʻolimalima ʻo ia i kāna pūnaewele i kekahi. He paʻakikī ke hahai i kēia, a ʻoi aku ka paʻakikī me kou mau lima. No laila, hoʻokomo wale lākou i nā kānana hoʻomaha a ʻaʻole hoʻokomo i nā kānana.
Nā kumu'ē aʻe. Aia nā ʻokoʻa no nā mea kūʻai aloha a nui. ʻOi loa i ka hihia o nā inter-operator interfaces. No ka laʻana, TransTeleCom a me Rostelecom he pūʻulu pūnaewele a aia kahi pilina ma waena o lākou. Inā hāʻule ka hui,ʻaʻole ia e maikaʻi no kekahi, no laila ua hoʻomaha a weheʻia paha nā kānana.
ʻO ka ʻike kahiko a pili ʻole paha i ka IRR. Kūkulu ʻia nā kānana ma muli o ka ʻike i hoʻopaʻa ʻia i loko IRR - Kakau Kakau Kakau Internet. ʻO kēia nā papa inoa o nā mea kākau inoa pūnaewele puni honua. ʻO ka manawa pinepine, loaʻa i nā registries nā ʻike kahiko a pili ʻole paha, a i ʻole nā mea ʻelua.
ʻO wai kēia mau mea kākau inoa?
No ka hui nā helu pūnaewele a pau IANA - Mana Hoʻohui Helu Pūnaewele. Ke kūʻai ʻoe i kahi pūnaewele IP mai kekahi, ʻaʻole ʻoe e kūʻai i nā helu wahi, akā ʻo ke kuleana e hoʻohana iā lākou. He kumu waiwai ʻole nā helu wahi a ma muli o ka ʻaelike maʻamau, nona lākou a pau e ka IANA.
Ke hana nei ka ʻōnaehana e like me kēia. Hāʻawi ʻo IANA i ka mālama ʻana i nā helu IP a me nā helu ʻōnaehana autonomous i ʻelima mau mea kākau inoa kūloko. Hāʻawi lākou i nā ʻōnaehana autonomous LIR - nā mea kākau inoa pūnaewele kūloko. A laila hoʻokaʻawale nā LIR i nā helu IP i nā mea hoʻohana hope.
ʻO ka hemahema o ka ʻōnaehana ʻo ia ka mālama ʻana o kēlā me kēia o nā mea hoʻopaʻa inoa kūloko i kāna mau papa inoa ma kona ʻano ponoʻī. Loaʻa i kēlā me kēia kanaka ko lākou manaʻo ponoʻī e pili ana i ka ʻike e pono ai i loko o nā papa inoa, a ʻo wai ka mea pono a ʻaʻole pono e nānā. ʻO ka hopena ka pilikia i loaʻa iā mākou i kēia manawa.
Pehea e hiki ai iā ʻoe ke pale aku i kēia mau pilikia?
IRR - maikaʻi maʻamau. Ua maopopo me IRR - ua hewa nā mea a pau ma laila.
BGP-kaiaulu. ʻO kēia kekahi ʻano i wehewehe ʻia ma ka protocol. Hiki iā mākou ke hoʻopili, no ka laʻana, kahi kaiāulu kūikawā i kā mākou hoʻolaha i ʻole e hoʻouna ka hoalauna i kā mākou pūnaewele i kona mau hoalauna. Ke loaʻa iā mākou kahi loulou P2P, hoʻololi wale mākou i kā mākou pūnaewele. No ka pale ʻana i ke ala mai ka hele ʻole ʻana i nā pūnaewele ʻē aʻe, hoʻohui mākou i ke kaiāulu.
ʻAʻole transitive nā kaiāulu. He ʻaelike mau ia no ʻelua, a ʻo kā lākou drawback kēia. ʻAʻole hiki iā mākou ke hāʻawi i kekahi kaiāulu, koe wale kekahi, i ʻae ʻia e nā mea āpau. ʻAʻole hiki iā mākou ke maopopo e ʻae nā mea a pau i kēia kaiāulu a wehewehe pololei. No laila, i ka maikaʻi loa, inā ʻoe e ʻae me kāu uplink, e hoʻomaopopo ʻo ia i kāu mea e makemake ai iā ia e pili ana i ke kaiāulu. Akā ʻaʻole maopopo i kou hoalauna, a i ʻole e hoʻonohonoho hou ka mea hoʻohana i kāu tag, a ʻaʻole ʻoe e hoʻokō i kāu mea i makemake ai.
Hoʻoponopono ʻo RPKI + ROA i kahi hapa liʻiliʻi o nā pilikia. ʻO RPKI Punawai Kūlana Nui - he papa hana kūikawā no ke kau inoa ʻana i ka ʻike ala ala. He manaʻo maikaʻi ia e koi aku i nā LIR a me kā lākou mea kūʻai aku e mālama i kahi waihona kikoʻī kikoʻī. Akā hoʻokahi pilikia me ia.
He ʻōnaehana kī lehulehu hoʻi ʻo RPKI. He kī ko IANA i hana ʻia ai nā kī RIR, a mai hea mai nā kī LIR? a lākou e kau inoa ai i kā lākou wahi helu wahi me ka hoʻohana ʻana i nā ROA - Nā Mana Hoʻomaka ʻO ke Alanui:
— Ke hōʻoiaʻiʻo aku nei au iā ʻoe e hoʻolaha ʻia kēia prefix ma ka inoa o kēia ʻāina kūʻokoʻa.
Ma waho aʻe o ROA, aia nā mea ʻē aʻe, akā e pili ana iā lākou ma hope. Me he mea lā he mea maikaʻi a pono. Akā ʻaʻole ia e pale iā mākou mai nā leaks mai ka huaʻōlelo "ʻaʻole i hoʻopau i nā pilikia āpau me ka prefix hijacking. No laila, ʻaʻole wikiwiki nā mea pāʻani e hoʻokō. ʻOiai ua loaʻa nā hōʻoiaʻiʻo mai nā mea pāʻani nui e like me AT&T a me nā hui IX nui e hoʻopau ʻia me kahi moʻolelo ROA hewa ʻole.
Malia paha e hana lākou i kēia, akā i kēia manawa he nui kā mākou prefixes ʻaʻole i kau inoa ʻia ma kekahi ʻano. Ma kekahi ʻaoʻao, ʻaʻole maopopo inā hoʻolaha ʻia lākou. Ma ka ʻaoʻao ʻē aʻe, ʻaʻole hiki iā mākou ke hoʻokuʻu iā lākou ma ke ʻano maʻamau, no ka mea ʻaʻole maopopo mākou inā pololei kēia a ʻaʻole paha.
He aha hou aku?
BGPSec. He mea ʻoluʻolu kēia i hoʻokumu ʻia e ka poʻe hoʻonaʻauao no kahi pūnaewele o nā poni ʻulaʻula. 'Ōlelo lākou:
- Loaʻa iā mākou RPKI + ROA - kahi hana no ka hōʻoia ʻana i nā pūlima kikoʻī. E hana mākou i kahi ʻano BGP ʻokoʻa a kapa ʻia ʻo BGPSec Path. E kau inoa kēlā me kēia router me kāna pūlima ponoʻī i nā hoʻolaha e hoʻolaha ai i kona mau hoalauna. Ma kēia ala e loaʻa iā mākou kahi ala hilinaʻi mai ke kaulahao o nā hoʻolaha i kau inoa ʻia a hiki iā mākou ke nānā.
Maikaʻi i ke kumumanaʻo, akā i ka hoʻomaʻamaʻa he nui nā pilikia. Hoʻopau ʻo BGPSec i nā mīkini BGP e loaʻa nei no ke koho ʻana i nā hope-hops a me ka hoʻokele pono ʻana i nā kaʻa komo / puka i waho ma ke alalai. ʻAʻole hana ʻo BGPSec a hiki i ka 95% o ka mākeke holoʻokoʻa i hoʻokō iā ia, ʻo ia iho he utopia.
He pilikia nui ka BGPSec. Ma ka lako o kēia manawa, ʻo ka wikiwiki o ka nānā ʻana i nā hoʻolaha ma kahi o 50 prefixes i kēlā me kēia kekona. No ka hoʻohālikelike: e hoʻouka ʻia ka papa ʻaina pūnaewele o kēia manawa o 700 prefix i 000 mau hola, a ma ia manawa e hoʻololi hou ʻia ai 5 mau manawa.
BGP Open Policy (BGP pili i ke kuleana). Noi hou ma muli o ke kŘkohu Gao-Rexford. He ʻelua ʻepekema kēia e noiʻi nei iā BGP.
ʻO ke kumu hoʻohālike Gao-Rexford penei. No ka maʻalahi, me ka BGP aia kahi helu liʻiliʻi o nā ʻano pilina:
- Mea hoʻolako mea kūʻai;
- P2P;
- kamaʻilio kūloko, e ʻōlelo iBGP.
Ma muli o ke kuleana o ka mea alalai, ua hiki ke hoʻokaʻawale i kekahi mau kulekele lawe mai / lawe aku ma ke ʻano maʻamau. ʻAʻole pono ka luna hoʻoponopono e hoʻonohonoho i nā papa inoa prefix. Ma muli o ka hana a nā mea hoʻokele e ʻae ai i waena o lākou iho a hiki ke hoʻonohonoho ʻia, ua loaʻa iā mākou kekahi mau kānana paʻamau. ʻO kēia kahi kikoʻī e kūkākūkā ʻia nei ma ka IETF. Manaʻo wau e ʻike koke mākou i kēia ma ke ʻano o kahi RFC a me ka hoʻokō ʻana i ka ʻenehana.
Nā mea hoʻolako pūnaewele nui
E nānā kākou i ka laʻana o ka mea hoʻolako ʻO CenturyLink. ʻO ia ke kolu o ka mea hoʻolako nui loa o ʻAmelika, e lawelawe ana i nā mokuʻāina 37 a loaʻa iā 15 mau kikowaena data.
I Dekemaba 2018, aia ʻo CenturyLink ma ka mākeke US no 50 mau hola. I ka wā o ka hanana, aia nā pilikia me ka hana ʻana o nā ATM ma nā mokuʻāina ʻelua, a ʻaʻole hana ka helu 911 no kekahi mau hola ma nā mokuʻāina ʻelima. Ua pau loa ka hailona ma Idaho. Ke hoʻokolokolo ʻia nei kēia hanana e ka US Telecommunications Commission.
ʻO ke kumu o ka pōʻino he hoʻokahi kāleka pūnaewele i hoʻokahi kikowaena data. Ua hewa ke kāleka, ua hoʻouna ʻia nā ʻeke hewa, a ua iho nā 15 o nā kikowaena ʻikepili o ka mea hoʻolako.
ʻAʻole i holo ka manaʻo no kēia mea hoʻolako "nui loa e hāʻule". ʻAʻole pono kēia manaʻo. Hiki iā ʻoe ke lawe i kekahi mea pāʻani nui a kau i kekahi mau mea liʻiliʻi ma luna. Ke hana maikaʻi nei ʻo US me ka hoʻopili. ʻO nā mea kūʻai aku ʻo CenturyLink i loaʻa kahi mālama i hele i loko o ia mea. A laila hoʻopiʻi nā mea hoʻohana ʻē aʻe no ka hoʻonui ʻia ʻana o kā lākou loulou.
Inā hāʻule ka conditional Kazakhtelecom, e waiho ʻia ka ʻāina āpau me ka ʻole o ka Pūnaewele.
Nā hui
Kākoʻo paha ʻo Google, Amazon, FaceBook a me nā hui ʻē aʻe i ka Pūnaewele? ʻAʻole, haki pū kekahi.
Ma 2017 ma St. Petersburg i ka hālāwai ENOG13 Jeff Houston mai APNIKA hoopuka . Ua ʻōlelo ʻia ua maʻa mākou i ka launa pū ʻana, ke kahe kālā a me ke kaʻa ʻana ma ka Pūnaewele e kū pololei. Loaʻa iā mākou nā mea hoʻolako liʻiliʻi e uku no ka hoʻopili ʻana i nā mea nui, a ua uku lākou no ka hoʻopili ʻana i ka transit honua.
I kēia manawa ua loaʻa iā mākou kahi hoʻolālā vertically oriented. Maikaʻi nā mea a pau, akā ke loli nei ka honua - ke kūkulu nei nā mea pāʻani nui i kā lākou mau kaula transoceanic e kūkulu i ko lākou mau iwi kuamoʻo.
Nūhou e pili ana i ke kaula CDN.
I ka makahiki 2018, ua hoʻokuʻu ʻo TeleGeography i kahi noiʻi ʻoi aku ma mua o ka hapalua o ke kaʻa ma ka Pūnaewele ʻaʻole ia ka Pūnaewele, akā ʻo nā iwi hope CDN o nā mea pāʻani nui. ʻO kēia nā kaʻa e pili ana i ka Pūnaewele, akā ʻaʻole kēia ka pūnaewele a mākou e kamaʻilio nei.
Ke wāwahi nei ka Pūnaewele i loko o kahi pūʻulu nui o nā pūnaewele pili ʻole.
Loaʻa iā Microsoft kāna pūnaewele ponoʻī, loaʻa iā Google kāna ponoʻī, a he liʻiliʻi ko lākou uhi ʻana me kekahi. ʻO ke kaʻa kaʻa i puka mai ma kahi o ʻAmelika e hele ana ma nā kahawai Microsoft ma waena o ka moana a hiki i ʻEulopa ma kahi o kahi CDN, a laila ma CDN a i ʻole IX e hoʻopili ai me kāu mea hāʻawi a hiki i kāu router.
Ke nalowale nei ka decentralization.
ʻO kēia ikaika o ka Pūnaewele, e kōkua iā ia e ola i kahi pahū nuklea, ke nalowale nei. Hōʻike ʻia nā wahi o nā mea hoʻohana a me nā kaʻa. Inā hāʻule ka Google Cloud kūlana, nui ka poʻe i hoʻokahi manawa. Ua manaʻo mākou i kēia ʻāpana i ka wā i kāohi ai ʻo Roskomnadzor iā AWS. A ʻo ka hiʻohiʻona o CenturyLink e hōʻike ana ua lawa nā mea liʻiliʻi no kēia.
Ma mua,ʻaʻole nā mea a pau aʻaʻole i haki nā mea a pau. I ka wā e hiki mai ana, hiki iā mākou ke hoʻoholo i ka hoʻohuli ʻana i hoʻokahi mea pāʻani nui, hiki iā mākou ke uhaʻi i nā mea he nui, ma nā wahi he nui a ma nā poʻe he nui.
Mokuʻāina
ʻO nā mokuʻāina ma hope o ka laina, a ʻo ia ka mea maʻamau iā lākou.
Eia ko mākou Roskomnadzor ʻaʻole ia he paionia. Aia kekahi hana like o ka pani ʻana i ka Pūnaewele ma Iran, India, a me Pakistan. Aia ma ʻEnelani kahi bila e pili ana i ka hiki ke pani i ka Pūnaewele.
Makemake kekahi moku'āina nui e kiʻi i kahi hoʻololi e hoʻopau i ka Pūnaewele, a i ʻole ma nā ʻāpana: Twitter, Telegram, Facebook. ʻAʻole ia no ka maopopo ʻole ʻaʻole lākou e kūleʻa, akā makemake maoli lākou. Hoʻohana ʻia ka hoʻololi, ma ke ʻano he kānāwai, no nā kumu politika - e hoʻopau i nā mea hoʻokūkū politika, a i ʻole ke kokoke mai nei ke koho balota, a i ʻole ua haki hou nā mea hackers Lūkini i kekahi mea.
Hoʻouka kaua ʻo DDoS
ʻAʻole au e lawe i ka berena mai koʻu mau hoa mai Qrator Labs, ʻoi aku ka maikaʻi ma mua oʻu. Ua loaʻa iā lākou ma ka paʻa pūnaewele. A ʻo kēia ka mea a lākou i kākau ai i ka hōʻike 2018.
ʻO ka awelika lōʻihi o nā hoʻouka kaua DDoS e hāʻule i 2.5 mau hola. Hoʻomaka pū ka poʻe hoʻouka i ka helu kālā, a inā ʻaʻole i loaʻa koke ka waiwai, a laila haʻalele koke lākou.
Ke ulu nei ka ikaika o nā hoʻouka kaua. Ma 2018, ua ʻike mākou i ka 1.7 Tb/s ma ka pūnaewele Akamai, ʻaʻole kēia ka palena.
Ke puka mai nei nā mea hoʻouka kaua hou a ke hoʻoikaika nei nā mea kahiko. Ke puka mai nei nā protocols hou i hiki ke hoʻonui ʻia, a ke kū mai nei nā hoʻouka hou ʻana i nā protocol i loaʻa, ʻoi aku ka TLS a me nā mea like.
ʻO ka hapa nui o nā kaʻa mai nā polokalamu kelepona. I ka manawa like, hoʻololi ka ʻoihana pūnaewele i nā mea kūʻai kelepona. ʻO ka poʻe e hoʻouka a me ka poʻe pale e pono e hana me kēia.
Hiki ʻole - ʻaʻole. ʻO kēia ka manaʻo nui - ʻaʻohe pale honua e pale pono i kekahi DDoS.
ʻAʻole hiki ke hoʻokomo ʻia ka ʻōnaehana ke ʻole ia e pili ana i ka Pūnaewele.
Manaʻo wau ua lawa kaʻu makaʻu iā ʻoe. E noʻonoʻo kākou i ka mea e hana ai.
He aha ka hana?!
Inā loaʻa iā ʻoe ka manawa kūʻokoʻa, makemake a ʻike i ka ʻōlelo Pelekania, e komo i nā hui hana: IETF, RIPE WG. ʻO kēia nā papa inoa leka uila, e kākau inoa i nā leka uila, e komo i nā kūkākūkā, e hele mai i nā hālāwai kūkā. Inā loaʻa iā ʻoe ke kūlana LIR, hiki iā ʻoe ke koho balota, no ka laʻana, ma RIPE no nā ʻano hana like ʻole.
No ka poe make wale keia ka nānā ʻana. E ʻike i ka mea i haki.
Nānā: he aha ka nānā?
Ping maʻamau, a ʻaʻole wale ka helu binary - hana a ʻaʻole paha. E hoʻopaʻa i ka RTT ma ka mōʻaukala i hiki iā ʻoe ke nānā i nā anomalies ma hope.
Hoʻomākaukau. He polokalamu pono kēia no ka hoʻoholo ʻana i nā ala ʻikepili ma nā pūnaewele TCP/IP. Kōkua i ka ʻike ʻana i nā anomalies a me nā poloka.
Nānā HTTP no nā URL maʻamau a me nā palapala hōʻoia TLS e kōkua i ka ʻike ʻana i ka hoʻopaʻa ʻana a i ʻole DNS spoofing no ka hoʻouka ʻana, ʻo ia ka mea like. Hoʻohana pinepine ʻia ka pale ʻana e DNS spoofing a me ka hoʻohuli ʻana i ke kaʻa i kahi ʻaoʻao stub.
Inā hiki, e nānā i ka mana'o o kāu po'e kū'ai no kou kumu mai nā wahi like 'ole inā he palapala kāu. E kōkua kēia iā ʻoe e ʻike i nā anomalies hijacking DNS, kahi mea e hana ai nā mea hoʻolako i kekahi manawa.
Nānā: ma hea e nānā ai?
ʻAʻohe pane āpau. E nānā i kahi e hele mai ai ka mea hoʻohana. Inā aia nā mea hoʻohana ma Rūsia, e nānā mai Rūsia, akā, mai kaupalena iā ʻoe iho. Inā noho kāu mea hoʻohana ma nā ʻāpana like ʻole, e nānā mai kēia mau ʻāpana. Akā ʻoi aku ka maikaʻi mai ka honua holoʻokoʻa.
Nānā: he aha ka nānā?
Ua hele mai au me nā ala ʻekolu. Inā ʻike hou aku ʻoe, e kākau i nā manaʻo.
- RIPE Atlas.
- Mākaʻikaʻi kālepa.
- ʻO kāu pūnaewele ponoʻī o nā mīkini virtual.
E kamaʻilio kākou no kēlā me kēia o lākou.
RIPE Atlas - he pahu liʻiliʻi ia. No ka poʻe i ʻike i ka "Inspector" home - ʻo ia ka pahu hoʻokahi, akā me kahi sticker ʻokoʻa.
He polokalamu manuahi ʻo RIPE Atlas. Hoʻopaʻa inoa ʻoe, loaʻa kahi alalai ma ka leka uila a hoʻopili iā ia i ka pūnaewele. No ka hoʻohana ʻana o kekahi i kāu hāpana, loaʻa iā ʻoe kekahi mau hōʻaiʻē. Me kēia mau hōʻaiʻē hiki iā ʻoe ke hana i kahi noiʻi iā ʻoe iho. Hiki iā ʻoe ke hoʻāʻo ma nā ʻano like ʻole: ping, traceroute, nānā i nā palapala hōʻoia. Nui loa ka uhi, nui nā nodes. Akā aia nā nuances.
ʻAʻole ʻae ka ʻōnaehana hōʻaiʻē i ke kūkulu ʻana i nā hāʻina hana. ʻAʻole lawa nā hōʻaiʻē no ka noiʻi mau ʻana a i ʻole ka nānā ʻana i nā ʻoihana. Ua lawa nā hōʻaiʻē no kahi haʻawina pōkole a i ʻole nānā hoʻokahi manawa. Hoʻopau ʻia ka maʻamau o kēlā me kēia lā mai kahi laʻana e 1-2 nānā.
ʻAʻole kūlike ka uhi. No ka manuahi ka papahana ma nā ʻaoʻao ʻelua, maikaʻi ka uhi ʻana ma ʻEulopa, ma ka ʻāpana ʻEulopa o Rūsia a me kekahi mau wahi. Akā inā makemake ʻoe iā Indonesia a i ʻole New Zealand, a laila ʻoi aku ka maikaʻi o nā mea āpau - ʻaʻole paha ʻoe he 50 mau laʻana i kēlā me kēia ʻāina.
ʻAʻole hiki iā ʻoe ke nānā i ka http mai kahi laʻana. ʻO kēia ma muli o nā nuances ʻenehana. Hoʻohiki lākou e hoʻoponopono iā ia i ka mana hou, akā i kēia manawa ʻaʻole hiki ke nānā ʻia ka http. Hiki ke hōʻoia i ka palapala hōʻoia. Hiki ke hana wale ʻia kekahi ʻano o ka mākaʻikaʻi http i kahi hāmeʻa RIPE Atlas kūikawā i kapa ʻia ʻo Anchor.
ʻO ke ala ʻelua ka nānā ʻana i ka ʻoihana. Ua maikaʻi nā mea a pau iā ia, ke uku nei ʻoe i ke kālā, ʻeā? Hoʻohiki lākou iā ʻoe i mau haneli a i ʻole mau haneli o ka nānā ʻana a puni ka honua a huki i nā dashboards nani mai ka pahu. Akā, aia hou nā pilikia.
Ua uku ʻia, ma kekahi mau wahi he nui loa. ʻO ka nānā ʻana i ka ping, ka nānā ʻana i ka honua, a me ka nui o nā māka http hiki ke kūʻai i mau tausani kālā i ka makahiki. Inā ʻae ke kālā a makemake ʻoe i kēia hoʻonā, e hele i mua.
ʻAʻole lawa paha ka uhi ʻana ma ka ʻāina hoihoi. Me ka ping hoʻokahi, ua kuhikuhi ʻia ka nui o kahi ʻāpana abstract o ka honua - ʻAsia, ʻEulopa, ʻAmelika ʻAmelika. Hiki i nā ʻōnaehana nānā kakaʻikahi ke hoʻoheheʻe i lalo i kahi ʻāina a i ʻole ka ʻāina.
Kākoʻo nāwaliwali no nā hoʻokolohua maʻamau. Inā makemake ʻoe i kahi mea maʻamau, ʻaʻole wale he "curly" ma ka url, a laila aia nā pilikia me ia.
ʻO ke ala ʻekolu kāu nānā ʻana. He mea maʻamau kēia: "E kākau kāua iā mākou iho!"
Huli kou nānā ʻana i ka hoʻomohala ʻana i kahi huahana lako polokalamu, a me kahi mea i puʻunaue ʻia. Ke ʻimi nei ʻoe i kahi mea hoʻolako waiwai, e nānā pehea e kau ai a nānā iā ia - pono ke nānā ʻia ka nānā ʻana, ʻaʻole? A koi pū ʻia ke kākoʻo. E noʻonoʻo i ʻumi manawa ma mua o kou lawe ʻana i kēia. ʻOi aku ka maʻalahi o ka uku ʻana i kekahi e hana iā ʻoe.
Ka nānā ʻana i nā anomalies BGP a me nā hoʻouka kaua DDoS
Maanei, ma muli o nā kumuwaiwai i loaʻa, ʻoi aku ka maʻalahi o nā mea āpau. ʻIke ʻia nā anomalies BGP me ka hoʻohana ʻana i nā lawelawe kūikawā e like me QRadar, BGPmon. Hāʻawi lākou i kahi papa ʻike piha mai nā mea hoʻohana lehulehu. Ma muli o ka mea a lākou e ʻike ai mai nā mea hoʻohana like ʻole, hiki iā lākou ke ʻike i nā anomalies, ʻimi i nā amplifier, a pēlā aku. He manuahi ka hoʻopaʻa inoa - hoʻokomo ʻoe i kāu helu kelepona, kau inoa i nā leka uila, a na ka lawelawe e hoʻomaopopo iā ʻoe i kāu mau pilikia.
He maʻalahi hoʻi ka nānā ʻana i nā hōʻeha DDoS. ʻO ka maʻamau kēia NetFlow-based a me nā lāʻau. Aia nā ʻōnaehana kūikawā like FastNetMon, modules no Lāʻelā. Ma ke ʻano he hopena hope loa, aia kāu mea mālama mālama DDoS. Hiki iā ia ke hoʻokuʻu iā NetFlow a, e pili ana iā ia, e haʻi aku iā ʻoe i nā hoʻouka kaua ma kāu kuhikuhi.
haʻina
Mai hoʻopunipuni - e haki maoli ka Pūnaewele. ʻAʻole nā mea āpau a ʻaʻole nā mea a pau e haki, akā ʻo 14 tausani mau hanana ma 2017 e hōʻike ana e loaʻa nā hanana.
ʻO kāu hana ke ʻike i nā pilikia i ka wā hiki. Ma ka liʻiliʻi, ʻaʻole ma mua o kāu mea hoʻohana. ʻAʻole wale ka mea nui e nānā, e mālama mau i kahi "Plan B" i mālama ʻia. ʻO ka hoʻolālā kahi hoʻolālā no ka mea āu e hana ai ke haki nā mea a pau.: nā mea mālama mālama, DC, CDN. ʻO kahi hoʻolālā he papa helu ʻokoʻa kahi āu e nānā ai i ka hana o nā mea āpau. Pono e hana ka hoʻolālā me ka ʻole o ke komo ʻana o nā ʻenekinia pūnaewele, no ka mea he kakaikahi wale nō o lākou a makemake lākou e hiamoe.
ʻo ia wale nō. Makemake wau iā ʻoe i ka loaʻa kiʻekiʻe a me ka nānā ʻana i ka ʻōmaʻomaʻo.
ʻO ka pule aʻe ma Novosibirsk ka lā, manaʻo ʻia ke kiʻekiʻe kiʻekiʻe a me kahi kiʻekiʻe o nā mea hoʻomohala . Ma Siberia, ua wānana ʻia kahi mua o nā hōʻike e pili ana i ka nānā ʻana, ka hiki a me ka hoʻāʻo ʻana, palekana a me ka hoʻokele. Manaʻo ʻia ka ua ma ke ʻano o nā memo i kākau ʻia, ka pūnaewele, nā kiʻi a me nā pou ma nā pūnaewele kaiapuni. Manaʻo mākou e hoʻopanee i nā hana āpau ma Iune 24 a me 25 a . Ke kali nei mākou iā ʻoe ma Siberia!
Source: www.habr.com