Ikike iwetu ngwaọrụ dịpụrụ adịpụ dabere na RouterOS (Mikrotik) na-etinye ọtụtụ narị puku ngwaọrụ netwọkụ n'ihe egwu. A na-ejikọta adịghị ike ahụ na nsị nke cache DNS nke Winbox protocol ma na-enye gị ohere ibu ihe mgbe ochie (na ndabara paswọọdụ nrụpụta) ma ọ bụ gbanwetụrụ firmware na ngwaọrụ.
Nkọwa adịghị ike
Ọnụ ụzọ RouterOS na-akwado iwu mkpebi maka nyocha DNS.
A na-edozi arịrịọ a site na ọnụọgụ abụọ a na-akpọ resolver. Resolver bụ otu n'ime ọtụtụ ọnụọgụ abụọ na-ejikọta na RouterOS's Winbox protocol. N'ọkwa dị elu, enwere ike ibugharị "ozi" ezigara na ọdụ ụgbọ mmiri Winbox na ọnụọgụ abụọ dị iche iche na RouterOS dabere na atụmatụ ọnụọgụ dabere n'usoro.
Site na ndabara, RouterOS nwere ihe nkesa DNS nwere nkwarụ.
Agbanyeghị, ọbụlagodi mgbe arụrụ ọrụ nkesa, onye rawụta na-edobe cache DNS nke ya.
Mgbe anyị rịọrọ arịrịọ site na iji winbox_dns_request dịka ọmụmaatụ.com, router ga-echekwa nsonaazụ ya.
Ebe anyị nwere ike ịkọwa ihe nkesa DNS nke arịrịọ ahụ kwesịrị ịga, ịbanye adreesị na-ezighi ezi bụ ihe na-adịghị mkpa. Dịka ọmụmaatụ, ị nwere ike hazie mmejuputa ihe nkesa DNS site na iji ndekọ nwere adreesị IP na-aza mgbe niile 192.168.88.250.
def dns_response(data):
request = DNSRecord.parse(data)
reply = DNSRecord(DNSHeader(
id=request.header.id, qr=1, aa=1, ra=1), q=request.q)
qname = request.q.qname
qn = str(qname)
reply.add_answer(RR(qn,ttl=30,rdata=A("192.168.88.250")))
print("---- Reply:n", reply)
return reply.pack()Ugbu a ọ bụrụ na ịchọọ example.com site na iji Winbox, ị nwere ike ịhụ na cache DNS nke rawụta merụrụ.
N'ezie, nsi example.com adịghị aba uru ebe ọ bụ na rawụta agaghị eji ya n'ezie. Otú ọ dị, rawụta kwesịrị ịnweta upgrade.mikrotik.com, cloud.mikrotik.com, cloud2.mikrotik.com na download.mikrotik.com. Na ekele maka mmejọ ọzọ, ọ ga-ekwe omume imebi ha niile n'otu oge.
def dns_response(data):
request = DNSRecord.parse(data)
reply = DNSRecord(DNSHeader(
id=request.header.id, qr=1, aa=1, ra=1), q=request.q)
qname = request.q.qname
qn = str(qname)
reply.add_answer(RR(qn,ttl=30,rdata=A("192.168.88.250")))
reply.add_answer(RR("upgrade.mikrotik.com",ttl=604800,
rdata=A("192.168.88.250")))
reply.add_answer(RR("cloud.mikrotik.com",ttl=604800,
rdata=A("192.168.88.250")))
reply.add_answer(RR("cloud2.mikrotik.com",ttl=604800,
rdata=A("192.168.88.250")))
reply.add_answer(RR("download.mikrotik.com",ttl=604800,
rdata=A("192.168.88.250")))
print("---- Reply:n", reply)
return reply.pack()The rawụta na-arịọ otu ikike, na anyị nyeghachi ise azụ. Onye rawụta anaghị echekwa azịza ndị a niile nke ọma.
N'ụzọ doro anya, ọgụ a bara uru ma ọ bụrụ na rawụta na-eme ihe dị ka sava DNS, ebe ọ na-enye ohere ka a wakpo ndị ahịa nke rawụta ahụ.
Mwakpo a na-enyekwa gị ohere iji ihe ọghọm dị njọ karị: iwetulata ma ọ bụ weghachi ụdị nke RouterOS. Onye na-awakpo ahụ na-emegharị mgbagha nke ihe nkesa mmelite, gụnyere mgbanwe log, ma na-amanye RouterOS ka ọ ghọta ụdị ochie (adịghị ike) dị ka ugbu a. Ihe egwu dị ebe a bụ n'eziokwu na mgbe emelitere ụdị ahụ, a na-emegharị paswọọdụ nchịkwa na uru ndabara - onye mwakpo nwere ike iji paswọọdụ efu banye na sistemụ ahụ!
Mwakpo a na-arụ ọrụ nke ọma, n'agbanyeghị eziokwu ahụ na-arụ ọrụ ọtụtụ vector ọzọ, gụnyere ndị metụtara , mana nke a bụlarị usoro ejighi arụ ọrụ yana iji ya mee ihe na-akwadoghị iwu megidere iwu.
nchedo
Naanị gbanyụọ Winbox na-enye gị ohere ichebe onwe gị na mwakpo ndị a. N'agbanyeghị mma nchịkwa site na Winbox, ọ ka mma iji SSH protocol.
isi: www.habr.com