Ib lub tsev router (hauv qhov no FritzBox) tuaj yeem sau ntau: ntau npaum li cas tsheb mus thaum twg, leej twg txuas nrog ceev, thiab lwm yam. Lub npe neeg rau zaub mov (DNS) ntawm lub network hauv zos tau pab kuv nrhiav pom dab tsi tau muab zais tom qab cov neeg txais tsis paub.
Zuag qhia tag nrho, DNS tau muaj kev cuam tshuam zoo rau hauv tsev network: nws tau ntxiv nrawm, ruaj khov, thiab kev tswj hwm.
Hauv qab no yog ib daim duab uas tsa cov lus nug thiab xav kom nkag siab txog qhov tshwm sim. Cov txiaj ntsig twb tau lim tawm qhov paub thiab ua haujlwm thov rau lub npe sau npe servers.
Vim li cas 60 qhov chaw tsis pom tseeb raug tshuaj xyuas txhua hnub thaum sawv daws tseem tsaug zog?
Txhua txhua hnub, 440 qhov chaw tsis paub tau raug tshuaj xyuas thaum lub sijhawm ua haujlwm. Lawv yog leej twg thiab lawv ua dab tsi?
Qhov nruab nrab tus naj npawb ntawm kev thov ib hnub twg los ntawm teev
SQL qhia query
WITH CLS AS ( /* prepare unique requests */
SELECT
DISTINCT DATE_NK,
STRFTIME( '%s', SUBSTR(DATE_NK,8,4) || '-' ||
CASE SUBSTR(DATE_NK,4,3)
WHEN 'Jan' THEN '01' WHEN 'Feb' THEN '02' WHEN 'Mar' THEN '03' WHEN 'Apr' THEN '04' WHEN 'May' THEN '05' WHEN 'Jun' THEN '06'
WHEN 'Jul' THEN '07' WHEN 'Aug' THEN '08' WHEN 'Sep' THEN '09' WHEN 'Oct' THEN '10' WHEN 'Nov' THEN '11'
ELSE '12' END || '-' || SUBSTR(DATE_NK,1,2) || ' ' || SUBSTR(TIME_NK,1,8) ) AS EVENT_DT,
REQUEST_NK, DOMAIN
FROM STG_BIND9_LOG )
SELECT
1 as 'Line: DNS Requests per Day for Hours',
strftime('%H:00', datetime(EVENT_DT, 'unixepoch')) AS 'Day',
ROUND(1.0*SUM(1)/COUNT(DISTINCT strftime('%d.%m', datetime(EVENT_DT, 'unixepoch'))), 1) AS 'Requests per Day'
FROM CLS
WHERE DOMAIN NOT IN ('in-addr.arpa', 'IN-ADDR.ARPA', 'local', 'dyndns', 'nas', 'ntp.org')
AND datetime(EVENT_DT, 'unixepoch') > date('now', '-20 days')
GROUP BY /* hour aggregate */
strftime('%H:00', datetime(EVENT_DT, 'unixepoch'))
ORDER BY strftime('%H:00', datetime(EVENT_DT, 'unixepoch'))Thaum tsaus ntuj, kev nkag mus rau lub wireless tsis ua haujlwm thiab cov khoom siv yuav tsum tau ua, piv txwv li. tsis muaj kev xaiv tsa rau thaj chaw tsis paub. Qhov no txhais tau hais tias cov haujlwm loj tshaj plaws los ntawm cov khoom siv nrog kev ua haujlwm xws li Android, iOS thiab Blackberry OS.
Cia peb teev cov npe uas tau xaiv ntau heev. Qhov kev siv zog yuav raug txiav txim los ntawm qhov tsis xws li tus naj npawb ntawm kev thov hauv ib hnub, pes tsawg hnub ntawm kev ua ub no thiab pes tsawg teev ntawm hnub lawv tau pom.
Txhua tus neeg xav tias xav tau nyob hauv daim ntawv teev npe.
Intensively polled domains
SQL qhia query
WITH CLS AS ( /* prepare unique requests */
SELECT
DISTINCT DATE_NK,
STRFTIME( '%s', SUBSTR(DATE_NK,8,4) || '-' ||
CASE SUBSTR(DATE_NK,4,3)
WHEN 'Jan' THEN '01' WHEN 'Feb' THEN '02' WHEN 'Mar' THEN '03' WHEN 'Apr' THEN '04' WHEN 'May' THEN '05' WHEN 'Jun' THEN '06'
WHEN 'Jul' THEN '07' WHEN 'Aug' THEN '08' WHEN 'Sep' THEN '09' WHEN 'Oct' THEN '10' WHEN 'Nov' THEN '11'
ELSE '12' END || '-' || SUBSTR(DATE_NK,1,2) || ' ' || SUBSTR(TIME_NK,1,8) ) AS EVENT_DT,
REQUEST_NK, DOMAIN
FROM STG_BIND9_LOG )
SELECT
1 as 'Table: Havy DNS Requests',
REQUEST_NK AS 'Request',
DOMAIN AS 'Domain',
REQ AS 'Requests per Day',
DH AS 'Hours per Day',
DAYS AS 'Active Days'
FROM (
SELECT
REQUEST_NK, MAX(DOMAIN) AS DOMAIN,
COUNT(DISTINCT REQUEST_NK) AS SUBD,
COUNT(DISTINCT strftime('%d.%m', datetime(EVENT_DT, 'unixepoch'))) AS DAYS,
ROUND(1.0*SUM(1)/COUNT(DISTINCT strftime('%d.%m', datetime(EVENT_DT, 'unixepoch'))), 1) AS REQ,
ROUND(1.0*COUNT(DISTINCT strftime('%d.%m %H', datetime(EVENT_DT, 'unixepoch')))/COUNT(DISTINCT strftime('%d.%m', datetime(EVENT_DT, 'unixepoch'))), 1) AS DH
FROM CLS
WHERE DOMAIN NOT IN ('in-addr.arpa', 'IN-ADDR.ARPA', 'local', 'dyndns', 'nas', 'ntp.org')
AND datetime(EVENT_DT, 'unixepoch') > date('now', '-20 days')
GROUP BY REQUEST_NK )
WHERE DAYS > 9 -- long period
ORDER BY 4 DESC, 5 DESC
LIMIT 20Peb thaiv isΡ.blackberry.com thiab iceberg.blackberry.com, uas cov chaw tsim khoom yuav ua pov thawj rau kev ruaj ntseg. Qhov tshwm sim: thaum sim txuas rau WLAN, nws pom cov nplooj ntawv nkag mus thiab tsis txhob txuas mus rau qhov twg ntxiv. Wb unblock nws.
detectportal.firefox.com yog tib lub tswv yim, tsuas yog siv hauv Firefox browser. Yog tias koj xav tau nkag mus rau hauv WLAN network, nws yuav xub qhia nplooj ntawv nkag. Nws tsis meej meej vim li cas qhov chaw nyob yuav tsum tau pinged ntau zaus, tab sis lub tshuab tau piav qhia meej los ntawm cov chaw tsim khoom.
skype. Cov kev ua ntawm qhov kev pab cuam no zoo ib yam li tus cab: nws nkaum thiab tsis tsuas yog tso cai rau nws tus kheej raug tua nyob rau hauv lub taskbar, generates ib tug ntau ntawm cov tsheb nyob rau hauv lub network, pings 10 domains txhua 4 feeb. Thaum ua video hu, kev sib txuas hauv Is Taws Nem tas li tawg, thaum nws tsis tuaj yeem zoo dua. Txog tam sim no nws yog qhov tsim nyog, yog li nws tseem nyob.
upload.fp.measure.office.com - hais txog Office 365, Kuv nrhiav tsis tau cov lus piav qhia zoo.
browser.pipe.aria.microsoft.com - Kuv nrhiav tsis tau cov lus piav qhia zoo.
Peb thaiv ob leeg.
txuas.facebook.net - Facebook sib tham app. Tseem nyob.
mediator.mail.ru Ib qho kev soj ntsuam ntawm txhua qhov kev thov rau mail.ru sau tau pom tias muaj ntau ntawm cov peev txheej tshaj tawm thiab cov neeg sau txheeb cais, uas ua rau tsis ntseeg. Lub npe mail.ru raug xa mus rau hauv daim ntawv teev npe dub.
google-analytics.com - tsis cuam tshuam rau kev ua haujlwm ntawm cov khoom siv, yog li peb thaiv nws.
doubleclick.net - suav advertising clicks. Peb thaiv.
Ntau qhov kev thov mus rau googleapis.com. Qhov thaiv tau ua rau muaj kev xyiv fab kaw ntawm cov lus luv luv ntawm cov ntsiav tshuaj, uas zoo li ruam rau kuv. Tab sis lub playstore nres ua haujlwm, yog li cia peb qhib nws.
cloudflare.com - lawv sau tias lawv nyiam qhib qhov chaw thiab, feem ntau, sau ntau txog lawv tus kheej. Qhov kev siv ntawm qhov kev sojntsuam sau npe tsis meej meej, uas feem ntau ntau dua li cov haujlwm tiag tiag hauv Is Taws Nem. Cia wb tso tseg tam sim no.
Yog li, kev siv ntawm kev thov feem ntau muaj feem xyuam rau qhov yuav tsum tau ua haujlwm ntawm cov khoom siv. Tab sis cov neeg uas overded nws nrog kev ua si kuj pom.
Thawj heev
Thaum lub wireless Is Taws Nem qhib, txhua tus neeg tseem tsaug zog thiab pom tau tias qhov kev thov twg raug xa mus rau lub network ua ntej. Yog li, thaum 6:50 Is Taws Nem tig rau thiab hauv thawj kaum-feeb lub sijhawm ntawm 60 tus thawj tswj hwm txhua hnub:
SQL qhia query
WITH CLS AS ( /* prepare unique requests */
SELECT
DISTINCT DATE_NK,
STRFTIME( '%s', SUBSTR(DATE_NK,8,4) || '-' ||
CASE SUBSTR(DATE_NK,4,3)
WHEN 'Jan' THEN '01' WHEN 'Feb' THEN '02' WHEN 'Mar' THEN '03' WHEN 'Apr' THEN '04' WHEN 'May' THEN '05' WHEN 'Jun' THEN '06'
WHEN 'Jul' THEN '07' WHEN 'Aug' THEN '08' WHEN 'Sep' THEN '09' WHEN 'Oct' THEN '10' WHEN 'Nov' THEN '11'
ELSE '12' END || '-' || SUBSTR(DATE_NK,1,2) || ' ' || SUBSTR(TIME_NK,1,8) ) AS EVENT_DT,
REQUEST_NK, DOMAIN
FROM STG_BIND9_LOG )
SELECT
1 as 'Table: First DNS Requests at 06:00',
REQUEST_NK AS 'Request',
DOMAIN AS 'Domain',
REQ AS 'Requests',
DAYS AS 'Active Days',
strftime('%H:%M', datetime(MIN_DT, 'unixepoch')) AS 'First Ping',
strftime('%H:%M', datetime(MAX_DT, 'unixepoch')) AS 'Last Ping'
FROM (
SELECT
REQUEST_NK, MAX(DOMAIN) AS DOMAIN,
MIN(EVENT_DT) AS MIN_DT,
MAX(EVENT_DT) AS MAX_DT,
COUNT(DISTINCT strftime('%d.%m', datetime(EVENT_DT, 'unixepoch'))) AS DAYS,
ROUND(1.0*SUM(1)/COUNT(DISTINCT strftime('%d.%m', datetime(EVENT_DT, 'unixepoch'))), 1) AS REQ
FROM CLS
WHERE DOMAIN NOT IN ('in-addr.arpa', 'IN-ADDR.ARPA', 'local', 'dyndns', 'nas', 'ntp.org')
AND datetime(EVENT_DT, 'unixepoch') > date('now', '-20 days')
AND strftime('%H', datetime(EVENT_DT, 'unixepoch')) = strftime('%H', '2019-08-01 06:50:00')
GROUP BY REQUEST_NK
)
WHERE DAYS > 3 -- at least 4 days activity
ORDER BY 5 DESC, 4 DESCFirefox tshawb xyuas WLAN kev twb kev txuas rau lub xub ntiag ntawm nplooj ntawv nkag.
Citrix tab tom pinging nws server txawm tias daim ntawv thov tsis ua haujlwm.
Symantec txheeb xyuas cov ntawv pov thawj.
Mozilla tshawb xyuas qhov hloov tshiab, txawm hais tias hauv qhov chaw kuv thov kom tsis txhob ua qhov no.
mmo.de yog qhov kev pabcuam gaming. Feem ntau yuav qhov kev thov yog pib los ntawm kev sib tham facebook. Peb thaiv.
Apple yuav qhib tag nrho nws cov kev pabcuam. api-glb-fra.smoot.apple.com - txiav txim los ntawm cov lus piav qhia, txhua lub pob nyem raug xa tawm ntawm no rau kev tshawb fawb cav optimization lub hom phiaj. Muaj kev tsis txaus ntseeg, tab sis cuam tshuam nrog kev ua haujlwm. Peb tso tseg.
Cov hauv qab no yog cov npe ntev ntawm kev thov rau microsoft.com. Peb thaiv txhua qhov chaw pib los ntawm qib peb.
Tus naj npawb ntawm thawj subdomains
Yog li, thawj 10 feeb ntawm kev qhib lub wireless Internet.
iOS polls lub feem ntau subdomains - 32. Ua raws li Android - 24, ces Windows - 15 thiab kawg Blackberry - 9.
Daim ntawv thov facebook ib leeg xaiv 10 lub npe, skype polls 9 domains.
Ib qhov chaw ntawm cov ntaub ntawv
Lub hauv paus rau kev tsom xam yog bind9 lub zos neeg rau zaub mov teev cov ntaub ntawv, uas muaj cov qauv hauv qab no:
01-Aug-2019 20:03:30.996 client 192.168.0.2#40693 (api.aps.skype.com): query: api.aps.skype.com IN A + (192.168.0.102)
Cov ntaub ntawv raug xa mus rau hauv sqlite database thiab tshuaj xyuas siv SQL queries.
Lub server ua raws li lub cache; kev thov tuaj ntawm router, yog li muaj ib txwm muaj ib tus neeg thov. Ib qho yooj yim lub rooj qauv yog txaus, i.e. Daim ntawv tshaj tawm xav tau lub sijhawm ntawm qhov kev thov, qhov kev thov nws tus kheej, thiab qhov thib ob-theem sau npe rau kev ua pab pawg.
DDL rooj
CREATE TABLE STG_BIND9_LOG (
LINE_NK INTEGER NOT NULL DEFAULT 1,
DATE_NK TEXT NOT NULL DEFAULT 'n.a.',
TIME_NK TEXT NOT NULL DEFAULT 'n.a.',
CLI TEXT, -- client
IP TEXT,
REQUEST_NK TEXT NOT NULL DEFAULT 'n.a.', -- requested domain
DOMAIN TEXT NOT NULL DEFAULT 'n.a.', -- domain second level
QUERY TEXT,
UNIQUE (LINE_NK, DATE_NK, TIME_NK, REQUEST_NK)
);xaus
Yog li, raws li kev txheeb xyuas lub npe sau npe neeg rau zaub mov, ntau tshaj 50 cov ntaub ntawv raug censored thiab muab tso rau hauv daim ntawv teev npe.
Qhov tsim nyog ntawm qee cov lus nug tau piav qhia zoo los ntawm cov tuam txhab software thiab txhawb kev ntseeg siab. Txawm li cas los xij, feem ntau ntawm cov haujlwm no tsis muaj tseeb thiab muaj lus nug.
Tau qhov twg los: www.hab.com