Lub Npe Lub Npe System (DNS) zoo li phau ntawv xov tooj uas txhais cov npe siv zoo li "ussc.ru" rau hauv IP chaw nyob. Txij li thaum DNS kev ua haujlwm tam sim no nyob rau hauv yuav luag txhua qhov kev sib txuas lus, tsis hais raws li txoj cai. Yog li, DNS logging yog ib qho tseem ceeb ntawm cov ntaub ntawv rau cov ntaub ntawv kev ruaj ntseg tshwj xeeb, tso cai rau lawv mus ntes tsis xws luag los yog tau txais cov ntaub ntawv ntxiv txog qhov system nyob rau hauv kev tshawb nrhiav.
Nyob rau hauv 2004, Florian Weimer tau npaj ib txoj kev txiav txim siab hu ua Passive DNS, uas tso cai rau koj los kho cov keeb kwm ntawm DNS cov ntaub ntawv hloov nrog lub peev xwm los ntsuas thiab tshawb nrhiav, uas tuaj yeem nkag mus rau cov ntaub ntawv hauv qab no:
- ΠΠΌΠ΅Π½Π½ΠΎΠ΅ ΠΈΠΌΡ
- Tus IP chaw nyob ntawm lub npe sau npe thov
- Hnub thiab sijhawm teb
- Teb hom
- thiab ua li ntawd.
Cov ntaub ntawv rau Passive DNS yog sau los ntawm recursive DNS servers los ntawm built-in modules lossis los ntawm kev cuam tshuam cov lus teb los ntawm DNS servers lub luag haujlwm rau cheeb tsam.
Daim duab 1. Passive DNS (ntxiv los ntawm qhov chaw )
Qhov peculiarity ntawm Passive DNS yog tias tsis tas yuav sau npe tus neeg siv khoom tus IP chaw nyob, uas pab tiv thaiv tus neeg siv khoom ntiag tug.
Tam sim no, muaj ntau yam kev pabcuam uas muab kev nkag mus rau Passive DNS cov ntaub ntawv:
Ruaj
Kev ruaj ntseg Farsight
VirusTotal
Riskiq
Kev Nyab Xeeb
txoj kev ruaj ntseg
Cisco
Kev nkag
Ntawm kev thov
Tsis tas yuav sau npe
Kev sau npe yog dawb
Ntawm kev thov
Tsis tas yuav sau npe
Ntawm kev thov
API
Tam sim no
Tam sim no
Tam sim no
Tam sim no
Tam sim no
Tam sim no
Cov neeg siv khoom nyob
Tam sim no
Tam sim no
Tam sim no
Puas muaj lawm
Puas muaj lawm
Puas muaj lawm
Pib ntawm kev sau cov ntaub ntawv
2010 xyoo
2013 xyoo
2009 xyoo
Qhia tsuas yog 3 lub hlis dhau los
2008 xyoo
2006 xyoo
Table 1. Cov kev pabcuam nrog nkag mus rau Passive DNS cov ntaub ntawv
Siv cov ntaub ntawv rau Passive DNS
Siv Passive DNS, koj tuaj yeem tsim kev sib raug zoo ntawm cov npe sau npe, NS servers thiab IP chaw nyob. Qhov no tso cai rau koj los tsim cov duab qhia chaw ntawm cov kab ke hauv kev kawm thiab taug qab cov kev hloov pauv hauv daim ntawv qhia no los ntawm thawj qhov kev tshawb pom mus rau lub sijhawm tam sim no.
Passive DNS kuj ua rau nws yooj yim dua los txheeb xyuas qhov tsis txaus ntseeg hauv kev khiav tsheb. Piv txwv li, taug qab kev hloov pauv hauv NS thaj chaw thiab cov ntaub ntawv ntawm hom A thiab AAAA tso cai rau koj txheeb xyuas qhov chaw tsis zoo uas siv txoj kev nrawm nrawm, tsim los nkaum C&C los ntawm kev tshawb nrhiav thiab thaiv. Vim tias cov npe sau npe raug cai (nrog rau qhov tshwj tsis yog cov uas siv rau kev ntsuas qhov ntsuas) yuav tsis hloov lawv qhov chaw nyob IP feem ntau, thiab feem ntau thaj chaw raug cai tsis tshua hloov lawv NS servers.
Passive DNS, nyob rau hauv sib piv rau ncaj qha enumeration ntawm subdomains siv dictionaries, tso cai rau koj mus nrhiav tau txawm lub feem ntau txawv npe sau npe, piv txwv li, "222qmxacaiqaaaaazibq4aaidhmbqaaa0undefined7140c0.p.hoff.ru". Nws kuj tseem qee zaum tso cai rau koj mus nrhiav qhov kev sim (thiab qhov tsis zoo) thaj chaw ntawm lub vev xaib, cov ntaub ntawv tsim tawm, thiab lwm yam.
Tshawb xyuas qhov txuas los ntawm email siv Passive DNS
Tam sim no, spam yog ib txoj hauv kev tseem ceeb uas tus neeg tawm tsam nkag mus rau tus neeg raug tsim txom lub computer lossis nyiag cov ntaub ntawv tsis pub lwm tus paub. Cia peb sim tshuaj xyuas qhov txuas los ntawm email zoo li no siv Passive DNS los ntsuas qhov ua tau zoo ntawm txoj kev no.
Daim duab 2. Spam email
Qhov txuas ntawm tsab ntawv no tau coj mus rau qhov chaw magnit-boss.rocks, uas tau muab los khaws cov nyiaj tshwj xeeb thiab tau txais nyiaj:
Daim duab 3. Nplooj ntawv hosted ntawm magnit-boss.rocks sau
Rau kev kawm ntawm qhov chaw no tau siv , uas twb muaj 3 npaj-ua neeg rau , ΠΈ .
Ua ntej tshaj plaws, peb yuav pom tag nrho cov keeb kwm ntawm lub npe sau npe no, rau qhov no peb yuav siv cov lus txib:
pt-client pdns --query magnit-boss.rocks
Cov lus txib no yuav rov qab cov ntaub ntawv hais txog txhua qhov kev daws teeb meem DNS cuam tshuam nrog lub npe sau npe no.
Daim duab 4. Teb los ntawm Riskiq API
Cia peb coj cov lus teb los ntawm API mus rau ib daim ntawv pom ntau dua:
Daim duab 5. Txhua qhov kev nkag los ntawm cov lus teb
Rau kev tshawb fawb ntxiv, peb tau muab IP chaw nyob uas lub npe sau npe tau daws thaum lub sijhawm tau txais tsab ntawv ntawm 01.08.2019/92.119.113.112/85.143.219.65, cov chaw nyob IP no yog cov chaw nyob hauv qab no XNUMX thiab XNUMX.
Siv cov lus txib:
pt-client pdns --query
koj tuaj yeem tau txais tag nrho cov npe sau npe uas cuam tshuam nrog muab IP chaw nyob.
Tus IP chaw nyob 92.119.113.112 muaj 42 lub npe tshwj xeeb uas tau daws rau qhov chaw nyob IP no, ntawm cov npe hauv qab no:
- magnet-boss.club
- igrovie-automaty.me
- pro-x-audit.xyz
- zep3-www.xyz
- thiab lwm yam
Tus IP chaw nyob 85.143.219.65 muaj 44 lub npe tshwj xeeb uas tau daws rau qhov chaw nyob IP no, ntawm cov npe hauv qab no:
- cvv2.name (website muag credit card paub meej)
- emails.world
- www.mailru.space
- thiab lwm yam
Kev sib txuas nrog cov npe sau npe no ua rau phishing, tab sis peb ntseeg cov neeg siab zoo, yog li cia peb sim kom tau txais nyiaj ntxiv ntawm 332 rubles? Tom qab nyem rau ntawm "YES" khawm, lub xaib hais kom peb hloov 501.72 rubles los ntawm daim npav kom qhib tus as-qhauj thiab xa peb mus rau qhov chaw as-torpay.info nkag mus rau cov ntaub ntawv.
Daim duab 6. Nplooj ntawv tseem ceeb ntawm lub vev xaib ac-pay2day.net
Nws zoo li lub vev xaib raug cai, muaj daim ntawv pov thawj https, thiab nplooj ntawv tseem ceeb muab txuas rau qhov kev them nyiaj no rau koj qhov chaw, tab sis, alas, txhua qhov txuas mus txuas tsis ua haujlwm. Lub npe sau npe no daws tau tsuas yog 1 ip chaw nyob - 190.115.19.74. Nws, nyob rau hauv lem, muaj 1475 lub npe tshwj xeeb uas daws rau qhov chaw nyob IP no, suav nrog cov npe xws li:
- ac-pay2day.net
- ac-payfit.com
- as-manypay.com
- fletkass.net
- as-magicpay.com
- thiab lwm yam
Raws li peb tuaj yeem pom, Passive DNS tso cai rau koj kom sai thiab ua tau zoo sau cov ntaub ntawv hais txog cov peev txheej hauv qab kev kawm thiab txawm tsim ib hom kev luam ntawv uas tso cai rau koj los nthuav tawm tag nrho cov tswv yim rau nyiag cov ntaub ntawv tus kheej, los ntawm nws daim ntawv txais nyiaj mus rau qhov chaw muag khoom.
Daim duab 7. Daim ntawv qhia txog qhov system nyob rau hauv kev kawm
Tsis yog txhua yam yog rosy raws li peb xav tau. Piv txwv li, qhov kev tshawb nrhiav no tuaj yeem tawg yooj yim ntawm CloudFlare lossis cov kev pabcuam zoo sib xws. Thiab qhov ua tau zoo ntawm cov ntaub ntawv khaws cia yog nyob ntawm tus naj npawb ntawm DNS queries dhau los ntawm cov module rau sau Passive DNS cov ntaub ntawv. Txawm li cas los xij, Passive DNS yog qhov chaw ntawm cov ntaub ntawv ntxiv rau tus kws tshawb fawb.
Sau: Tus kws tshaj lij ntawm Ural Center for Security Systems
Tau qhov twg los: www.hab.com