Thaum Lub Ob Hlis, Austrian Christian Haschek tau luam tawm ib tsab xov xwm nthuav tawm ntawm nws qhov blog muaj cai . Tau kawg, kuv tau xav txog dab tsi yuav tshwm sim yog tias txoj kev tshawb no tau rov ua dua, tab sis nrog Ukraine. Ob peb lub lis piam ntawm kev sib sau ua ke ntawm cov ntaub ntawv, ob peb hnub ntxiv los npaj tsab xov xwm, thiab thaum lub sijhawm tshawb fawb no, kev sib tham nrog ntau tus neeg sawv cev ntawm peb lub zej zog, tom qab ntawd qhia meej, tom qab ntawd paub ntau ntxiv. Sib pab sub os...
TL; DR
Tsis muaj cov cuab yeej tshwj xeeb tau siv los sau cov ntaub ntawv (txawm hais tias ntau tus neeg tau qhia kom siv tib lub OpenVAS los ua qhov kev tshawb fawb ntau dua thiab paub meej). Nrog rau kev ruaj ntseg ntawm IPs uas cuam tshuam rau Ukraine (ntxiv rau yuav ua li cas nws tau txiav txim hauv qab no), qhov xwm txheej, hauv kuv lub tswv yim, yog qhov phem heev (thiab twv yuav raug hu phem dua li qhov tshwm sim hauv Austria). Tsis muaj kev sim ua lossis npaj los siv cov kev tshawb nrhiav pom cov servers tsis zoo.
Ua ntej tshaj plaws: koj tuaj yeem tau txais tag nrho cov chaw nyob IP uas nyob rau hauv ib lub tebchaws twg?
Nws ua tau yooj yim heev. IP chaw nyob tsis yog tsim los ntawm lub teb chaws nws tus kheej, tab sis faib rau nws. Yog li ntawd, muaj ib daim ntawv teev npe (thiab nws yog pej xeem) ntawm txhua lub teb chaws thiab tag nrho cov IPs uas koom nrog lawv.
Txhua tus muaj peev xwm thiab ces lim nws grep Ukraine IP2LOCATION-LITE-DB1.CSV> ukraine.csv
, tso cai rau koj coj cov npe mus rau hauv daim ntawv siv tau ntau dua.
Ukraine muaj yuav luag ntau qhov chaw nyob IPv4 li Austria, ntau dua 11 lab 11 kom meej (rau kev sib piv, Austria muaj 640).
Yog tias koj tsis xav ua si nrog IP chaw nyob koj tus kheej (thiab koj yuav tsum tsis txhob!), ces koj tuaj yeem siv qhov kev pabcuam .
Puas muaj ib lub tshuab Windows uas tsis tau hloov kho hauv Ukraine uas muaj kev nkag mus rau Is Taws Nem ncaj qha?
Tau kawg, tsis yog ib tus neeg paub txog Ukrainian yuav qhib xws li nkag mus rau lawv lub khoos phis tawj. Los yog nws yuav?
masscan -p445 --rate 300 -iL ukraine.ips -oG ukraine.445.scan && cat ukraine.445.scan | wc -l5669 Windows tshuab nrog ncaj qha mus rau lub network tau pom (hauv Austria tsuas muaj 1273, tab sis qhov ntawd ntau heev).
Oops. Puas muaj ib qho ntawm lawv tuaj yeem tawm tsam siv ETHERNALBLUE kev siv, uas tau paub txij li xyoo 2017? Tsis muaj ib lub tsheb zoo li no hauv Austria, thiab kuv vam tias nws yuav tsis pom hauv Ukraine thiab. Hmoov tsis, nws tsis siv. Peb pom 198 tus IP chaw nyob uas tsis kaw qhov "qhov" hauv lawv tus kheej.
DNS, DDoS thiab qhov tob ntawm luav qhov
Txaus txog Windows. Cia peb saib seb peb muaj dab tsi nrog DNS servers, uas yog qhib kev daws teeb meem thiab tuaj yeem siv rau DDoS tawm tsam.
Nws ua haujlwm zoo li no. Tus neeg tawm tsam xa ib qhov kev thov DNS me me, thiab cov neeg rau zaub mov tsis zoo teb rau tus neeg raug tsim txom nrog ib pob ntawv uas loj dua 100 npaug. Boom! Cov tuam txhab lag luam tuaj yeem tawg sai sai los ntawm cov ntaub ntawv ntim, thiab kev tawm tsam yuav tsum muaj cov bandwidth uas niaj hnub smartphone tuaj yeem muab tau. Thiab muaj xws li kev tawm tsam txawm nyob rau GitHub.
Cia saib seb puas muaj cov servers zoo li no hauv Ukraine.
masscan -pU 53 -iL ukraine.ips -oG ukraine.53.scan && cat ukraine.53.scan | wc -lThawj kauj ruam yog nrhiav cov uas tau qhib chaw nres nkoj 53. Raws li qhov tshwm sim, peb muaj cov npe ntawm 58 IP chaw nyob, tab sis qhov no tsis txhais tau tias txhua tus tuaj yeem siv rau DDoS nres. Qhov thib ob yuav tsum tau ua raws li, uas yog lawv yuav tsum tau qhib-resolver.
Ua li no, peb tuaj yeem siv qhov yooj yim dig hais kom ua thiab pom tias peb tuaj yeem "dig" khawb + luv test.openresolver.com TXT @ip.of.dns.server. Yog hais tias tus neeg rau zaub mov teb nrog qhib-resolver-nrhiav, ces nws tuaj yeem suav tias yog lub hom phiaj ntawm kev tawm tsam. Qhib cov kev daws teeb meem ua rau kwv yees li 25%, uas yog piv rau Austria. Nyob rau hauv cov nqe lus ntawm tag nrho cov naj npawb, qhov no yog hais txog 0,02% ntawm tag nrho cov Ukrainian IPs.
Dab tsi ntxiv koj tuaj yeem pom hauv Ukraine?
Zoo siab koj nug. Nws yooj yim dua (thiab qhov nthuav tshaj plaws rau kuv tus kheej) saib IP nrog qhib chaw nres nkoj 80 thiab dab tsi khiav ntawm nws.
web server
260 Ukrainian IPs teb rau qhov chaw nres nkoj 849 (http). 80 chaw nyob teb zoo (125 xwm txheej) rau qhov yooj yim GET thov uas koj tus browser tuaj yeem xa. Tus so ua ib qho los yog lwm qhov yuam kev. Nws yog qhov nthuav tias 444 servers tau tshaj tawm cov xwm txheej ntawm 200, thiab cov xwm txheej tsawg tshaj plaws yog 853 (thov thov kev tso cai tso cai) thiab tsis yog tus qauv 500 (IP tsis nyob hauv "dawb daim ntawv teev npe") rau ib qho lus teb.
Apache yog qhov tseem ceeb heev - 114 servers siv nws. Qhov qub tshaj plaws uas kuv pom hauv Ukraine yog 544, tso tawm rau Lub Kaum Hli 1.3.29, 29 (!!!). nginx nyob rau hauv qhov chaw thib ob nrog 2003 servers.
11 servers siv WinCE, uas tau tso tawm xyoo 1996, thiab lawv ua tiav patching nws hauv 2013 (tseem muaj 4 ntawm cov no hauv Austria).
HTTP/2 raws tu qauv siv 5 servers, HTTP/144 - 1.1, HTTP/256 - 836.
Cov tshuab luam ntawv...vim...vim tsis yog?
2 HP, 5 Epson thiab 4 Canon, uas nkag tau los ntawm lub network, qee qhov tsis muaj kev tso cai.
webcams
Nws tsis yog xov xwm hais tias nyob rau hauv Ukraine muaj ntau lub webcams tshaj tawm lawv tus kheej hauv Is Taws Nem, sau rau ntau yam kev pab. Tsawg kawg yog 75 lub koob yees duab tshaj tawm lawv tus kheej hauv Is Taws Nem yam tsis muaj kev tiv thaiv. Koj tuaj yeem saib lawv .
Yuav ua li cas yog tom ntej no?
Ukraine yog ib lub tebchaws me me, zoo li Austria, tab sis muaj teeb meem tib yam li cov teb chaws loj hauv IT sector. Peb yuav tsum tsim kom muaj kev nkag siab zoo txog qhov muaj kev nyab xeeb thiab qhov txaus ntshai, thiab cov tuam txhab tsim khoom yuav tsum muaj kev nyab xeeb thawj zaug rau lawv cov khoom siv.
Tsis tas li ntawd, kuv sau cov tuam txhab koom nrog (), uas tuaj yeem pab koj kom muaj kev ncaj ncees ntawm koj tus kheej IT infrastructure. Cov kauj ruam tom ntej kuv npaj yuav ua yog tshuaj xyuas kev ruaj ntseg ntawm Ukrainian cov vev xaib. Tsis txhob hloov!
Tau qhov twg los: www.hab.com