DNS tunneling hloov lub npe sau npe rau hauv riam phom rau hackers. DNS yog qhov tseem ceeb hauv Internet phau ntawv xov tooj loj. DNS kuj tseem yog cov txheej txheem hauv qab uas tso cai rau cov thawj coj los nug DNS server database. Txog tam sim no txhua yam zoo li meej. Tab sis cunning hackers pom tau hais tias lawv tuaj yeem zais kev sib txuas lus nrog cov neeg raug tsim txom lub computer los ntawm kev txhaj tshuaj tswj cov lus txib thiab cov ntaub ntawv rau hauv DNS raws tu qauv. Lub tswv yim no yog lub hauv paus ntawm DNS tunneling.
Yuav ua li cas DNS tunneling ua haujlwm
Txhua yam hauv Is Taws Nem muaj nws tus kheej cov txheej txheem cais. Thiab kev txhawb nqa DNS yog qhov yooj yim thov teb hom. Yog tias koj xav pom nws ua haujlwm li cas, koj tuaj yeem khiav nslookup, lub cuab yeej tseem ceeb rau kev ua cov lus nug DNS. Koj tuaj yeem thov qhov chaw nyob los ntawm kev qhia meej lub npe koj nyiam, piv txwv li:
Hauv peb qhov xwm txheej, cov txheej txheem tau teb nrog qhov chaw nyob IP. Hais txog DNS raws tu qauv, kuv tau thov qhov chaw nyob lossis hu ua kev thov. "A" hom. Muaj lwm hom kev thov, thiab DNS raws tu qauv yuav teb nrog cov txheej txheem sib txawv ntawm cov ntaub ntawv, uas, raws li peb yuav pom tom qab, tuaj yeem siv los ntawm hackers.
Ib txoj hauv kev los yog lwm qhov, ntawm nws qhov tseem ceeb, DNS raws tu qauv muaj kev txhawj xeeb nrog kev xa cov lus thov mus rau tus neeg rau zaub mov thiab nws cov lus teb rov qab rau tus neeg siv khoom. Yuav ua li cas yog tias tus neeg tawm tsam ntxiv cov lus zais hauv lub npe sau npe thov? Piv txwv li, tsis txhob nkag mus rau qhov URL uas raug cai, nws yuav nkag mus rau cov ntaub ntawv nws xav xa mus:
Cia peb hais tias tus neeg tawm tsam tswj hwm DNS server. Nws tuaj yeem xa cov ntaub ntawv-cov ntaub ntawv tus kheej, piv txwv li-tsis tas yuav raug kuaj pom. Tom qab tag nrho, vim li cas cov lus nug DNS dheev dhau los ua ib yam dab tsi tsis raug cai?
Los ntawm kev tswj hwm tus neeg rau zaub mov, hackers tuaj yeem tsim cov lus teb thiab xa cov ntaub ntawv rov qab mus rau lub hom phiaj. Qhov no tso cai rau lawv hla cov lus zais hauv ntau qhov chaw ntawm DNS teb rau cov malware ntawm lub tshuab muaj kab mob, nrog rau cov lus qhia xws li kev tshawb nrhiav hauv cov ntawv tshwj xeeb.
Qhov "tunneling" ntawm qhov kev tawm tsam no yog cov ntaub ntawv thiab cov lus txib los ntawm kev tshawb nrhiav los ntawm kev saib xyuas cov tshuab. Hackers tuaj yeem siv base32, base64, thiab lwm yam. cim teeb, lossis txawm tias encrypt cov ntaub ntawv. Xws li encoding yuav dhau undetected los ntawm yooj yim kev hem thawj utilities uas tshawb nrhiav cov ntsiab lus.
Thiab qhov no yog DNS tunneling!
Keeb kwm ntawm DNS tunneling tawm tsam
Txhua yam muaj qhov pib, suav nrog lub tswv yim ntawm kev nyiag DNS raws tu qauv rau hacking lub hom phiaj. Raws li peb tuaj yeem qhia, thawj Qhov kev tawm tsam no tau ua los ntawm Oskar Pearson ntawm Bugtraq mailing list nyob rau lub Plaub Hlis 1998.
Los ntawm 2004, DNS tunneling tau qhia ntawm Black Hat raws li cov txheej txheem hacking hauv kev nthuav qhia los ntawm Dan Kaminsky. Yog li, lub tswv yim sai sai tau loj hlob mus rau hauv lub cuab yeej tawm tsam tiag.
Niaj hnub no, DNS tunneling occupies ib txoj hauj lwm ntseeg siab ntawm daim ntawv qhia (thiab cov ntaub ntawv kev ruaj ntseg bloggers feem ntau hais kom piav qhia nws).
Koj puas tau hnov txog ? Qhov no yog ib qho kev sib tw tsis tu ncua los ntawm cybercriminal pawg-feem ntau yuav yog lub xeev-sponsored-rau nyiag DNS servers raug cai txhawm rau hloov pauv DNS thov rau lawv tus kheej servers. Qhov no txhais tau hais tias cov koom haum yuav tau txais IP chaw nyob "tsis zoo" taw qhia rau cov nplooj ntawv cuav uas khiav los ntawm hackers, xws li Google lossis FedEx. Nyob rau tib lub sijhawm, cov neeg tawm tsam yuav tuaj yeem tau txais cov neeg siv nyiaj thiab cov passwords, leej twg yuav nkag mus rau lawv ntawm qhov chaw cuav. Qhov no tsis yog DNS tunneling, tab sis tsuas yog lwm qhov tsis zoo ntawm hackers tswj DNS servers.
DNS tunneling kev hem thawj
DNS tunneling yog zoo li qhov taw qhia ntawm qhov pib ntawm theem xov xwm phem. Qhov twg? Peb twb tau tham txog ntau yam, tab sis cia peb tsim lawv:
- Cov ntaub ntawv tso zis (exfiltration) - ib tug hacker zais xa cov ntaub ntawv tseem ceeb tshaj DNS. Qhov no yeej tsis yog txoj hauv kev zoo tshaj plaws los hloov cov ntaub ntawv los ntawm cov neeg raug tsim txom lub computer - noj rau hauv tus account tag nrho cov nqi thiab encodings - tab sis nws ua haujlwm, thiab tib lub sijhawm - zais cia!
- Hais kom ua thiab tswj (ua luv C2) - hackers siv DNS raws tu qauv xa yooj yim tswj commands los ntawm, hais, (Kev nkag mus rau tej thaj chaw deb Trojan, abbreviated RAT).
- IP-Over-DNS Tunneling - Qhov no yuav zoo li vwm, tab sis muaj cov khoom siv hluav taws xob uas siv IP pawg nyob rau sab saum toj ntawm DNS raws tu qauv thov thiab cov lus teb. Nws ua rau cov ntaub ntawv hloov pauv siv FTP, Netcat, ssh, thiab lwm yam. ib txoj hauj lwm yooj yim. ominous heev!
Tshawb xyuas DNS tunneling
Muaj ob txoj hauv kev tseem ceeb rau kev kuaj xyuas DNS kev tsim txom: kev txheeb xyuas kev thauj khoom thiab kev txheeb xyuas tsheb.
ntawm tsom xam load Cov neeg tiv thaiv saib rau qhov tsis txaus ntseeg hauv cov ntaub ntawv xa rov qab tuaj yeem tshawb pom los ntawm cov txheej txheem txheeb cais: cov npe coj txawv txawv, hom DNS cov ntaub ntawv uas tsis siv ntau zaus, lossis tsis yog tus qauv encoding.
ntawm kev soj ntsuam tsheb Tus naj npawb ntawm DNS thov rau txhua tus sau yog kwv yees piv rau qhov nruab nrab ntawm qhov ntsuas. Cov neeg tawm tsam siv DNS tunneling yuav tsim kom muaj ntau qhov kev khiav mus rau lub server. Nyob rau hauv txoj kev xav, ho superior rau ib txwm DNS lus pauv. Thiab qhov no yuav tsum tau saib xyuas!
DNS tunneling kev pab cuam
Yog tias koj xav ua koj tus kheej pentest thiab pom zoo npaum li cas koj lub tuam txhab tuaj yeem ntes thiab teb rau cov haujlwm no, muaj ntau yam khoom siv rau qhov no. Tag nrho cov ntawm lawv muaj peev xwm tunnel nyob rau hauv lub hom IP-Over-DNS:
- - muaj nyob rau ntau lub platform (Linux, Mac OS, FreeBSD thiab Windows). Tso cai rau koj nruab ib lub plhaub SSH ntawm lub hom phiaj thiab tswj cov khoos phis tawj. Qhov ntawd yog ib qho zoo ntawm kev teeb tsa thiab siv iodine.
- - DNS tunneling project los ntawm Dan Kaminsky, sau hauv Perl. Koj tuaj yeem txuas rau nws ntawm SSH.
- - "DNS qhov uas tsis ua rau koj mob." Tsim ib qho encrypted C2 channel rau xa / rub tawm cov ntaub ntawv, tua cov plhaub, thiab lwm yam.
DNS saib xyuas cov khoom siv
Hauv qab no yog cov npe ntawm ntau cov khoom siv hluav taws xob uas yuav muaj txiaj ntsig rau kev tshawb xyuas qhov kev tawm tsam tunneling:
- - Python module sau rau MercenaryHuntFramework thiab Mercenary-Linux. Nyeem .pcap cov ntaub ntawv, rho tawm cov lus nug DNS thiab ua cov phiaj xwm geolocation los pab hauv kev tshuaj xyuas.
- - Python cov nqi hluav taws xob uas nyeem .pcap cov ntaub ntawv thiab txheeb xyuas cov lus DNS.
Micro FAQ ntawm DNS tunneling
Cov ntaub ntawv tseem ceeb hauv cov lus nug thiab lus teb!
Q: tunneling yog dab tsi?
Hais txog: Nws tsuas yog ib txoj hauv kev los hloov cov ntaub ntawv hla tus txheej txheem uas twb muaj lawm. Cov txheej txheem hauv qab no muab cov channel tshwj xeeb lossis qhov, uas yog siv los zais cov ntaub ntawv tiag tiag raug xa mus.
Q: Thaum twg yog thawj DNS tunneling nres ua tiav?
Hais txog: Peb tsis paub! Yog koj paub, thov qhia rau peb paub. Rau qhov zoo tshaj plaws ntawm peb txoj kev paub, thawj qhov kev sib tham ntawm kev tawm tsam tau pib los ntawm Oscar Piersan hauv Bugtraq mailing list nyob rau lub Plaub Hlis 1998.
Q: Dab tsi tawm tsam zoo ib yam li DNS tunneling?
Hais txog: DNS yog nyob deb ntawm tib txoj cai uas tuaj yeem siv rau tunneling. Piv txwv li, hais kom ua thiab tswj (C2) malware feem ntau siv HTTP los npog cov kev sib txuas lus. Raws li nrog DNS tunneling, tus hacker zais nws cov ntaub ntawv, tab sis qhov no nws zoo li kev khiav tsheb los ntawm lub vev xaib niaj hnub nkag mus rau thaj chaw deb (tswj los ntawm tus neeg tawm tsam). Qhov no tuaj yeem tsis pom los ntawm kev saib xyuas cov haujlwm yog tias lawv tsis tau teeb tsa kom pom tau kev tsim txom ntawm HTTP raws tu qauv rau hacker lub hom phiaj.
Koj puas xav kom peb pab nrog DNS qhov nrhiav kom pom? Mus saib peb lub module thiab sim nws dawb !
Tau qhov twg los: www.hab.com