DNS ãã³ããªã³ã°ã¯ããã¡ã€ã³ ããŒã ã·ã¹ãã ãããã«ãŒã®æŠåšã«å€ããŸãã DNS ã¯æ¬è³ªçã«ã¯ã€ã³ã¿ãŒãããã®å·šå€§ãªé»è©±åž³ã§ãã DNS ã¯ã管çè
ã DNS ãµãŒã㌠ããŒã¿ããŒã¹ã«ã¯ãšãªãå®è¡ã§ããããã«ããåºç€ãšãªããããã³ã«ã§ããããŸãããããŸã§ã®ãšããããã¹ãŠãæããã«ãªã£ãŠããŸããããããç¡çŸãªããã«ãŒã¯ãDNS ãããã³ã«ã«å¶åŸ¡ã³ãã³ããšããŒã¿ã泚å
¥ããããšã§ã被害è
ã®ã³ã³ãã¥ãŒã¿ãšå¯ãã«éä¿¡ã§ããããšã«æ°ã¥ããŸããããã®èãæ¹ã¯ DNS ãã³ããªã³ã°ã®åºç€ã§ãã
DNSãã³ããªã³ã°ã®ä»çµã¿
ã€ã³ã¿ãŒãããäžã®ãã¹ãŠã®ãã®ã«ã¯ãç¬èªã®åå¥ã®ãããã³ã«ããããŸãã DNS ãµããŒãã¯æ¯èŒçã·ã³ãã«ã§ã
ãã®äŸã§ã¯ããããã³ã«ã¯ãã¡ã€ã³ IP ã¢ãã¬ã¹ã§å¿çããŸããã DNSãããã³ã«ã«é¢ããŠã¯ãã¢ãã¬ã¹ãªã¯ãšã¹ãããããããªã¯ãšã¹ããè¡ããŸããã ãAãã¿ã€ããä»ã®çš®é¡ã®ãªã¯ãšã¹ãããããDNS ãããã³ã«ã¯å¥ã®ããŒã¿ ãã£ãŒã«ãã®ã»ããã§å¿çããŸãããåŸã§èª¬æããããã«ãããã¯ããã«ãŒã«ãã£ãŠæªçšãããå¯èœæ§ããããŸãã
ãããã«ãããDNS ãããã³ã«ã®äžæ žã¯ããµãŒããŒã«ãªã¯ãšã¹ããéä¿¡ãããã®å¿çãã¯ã©ã€ã¢ã³ãã«è¿ãããšã«é¢ä¿ããŠããŸããæ»æè ããã¡ã€ã³åãªã¯ãšã¹ãå ã«é ãã¡ãã»ãŒãžãè¿œå ããå Žåã¯ã©ããªãã§ãããã?ããšãã°ãå®å šã«æ£èŠã® URL ãå ¥åãã代ããã«ãéä¿¡ãããããŒã¿ã次ã®ããã«å ¥åããŸãã
æ»æè
ã DNS ãµãŒããŒãå¶åŸ¡ããŠãããšããŸãããã®åŸãå¿
ãããæ€åºãããããšãªããå人ããŒã¿ãªã©ã®ããŒã¿ãéä¿¡ã§ããŸããçµå±ã®ãšããããªã DNS ã¯ãšãªãçªç¶äžæ£ãªãã®ã«ãªã£ãŠããŸãã®ã§ãããã?
ãµãŒããŒãå¶åŸ¡ããããšã§ãããã«ãŒã¯å¿çãåœé ããã¿ãŒã²ãã ã·ã¹ãã ã«ããŒã¿ãéãè¿ãããšãã§ããŸããããã«ãããDNS å¿çã®ããŸããŸãªãã£ãŒã«ãã«é ãããã¡ãã»ãŒãžããç¹å®ã®ãã©ã«ããŒå ãæ€çŽ¢ãããªã©ã®æ瀺ãšãšãã«ãææãããã·ã³äžã®ãã«ãŠã§ã¢ã«æž¡ãããšãã§ããŸãã
ãã®æ»æã®ããã³ããªã³ã°ãéšåã¯æ¬¡ã®ãšããã§ãã
ãããŠãããDNSãã³ããªã³ã°ã§ãïŒ
DNSãã³ããªã³ã°æ»æã®æŽå²
ãããã³ã°ç®çã§DNSãããã³ã«ããã€ãžã£ãã¯ãããšããã¢ã€ãã¢ãå«ãããã¹ãŠã«å§ãŸãããããŸããç§ãã¡ãç¥ãéããæåã®
2004 幎ãŸã§ã«ãDNS ãã³ããªã³ã°ã¯ Dan Kaminsky æ°ã®ãã¬ãŒã³ããŒã·ã§ã³ã§ãããã³ã°æè¡ãšã㊠Black Hat ã«å°å ¥ãããŸããããããã£ãŠããã®ã¢ã€ãã¢ã¯ããã«å®éã®æ»æããŒã«ã«æé·ããŸããã
çŸåšãDNS ãã³ããªã³ã°ã¯å°å³äžã§ç¢ºåºããå°äœãå ããŠããŸãã
ã«ã€ããŠèããããšããããŸãã
DNSãã³ããªã³ã°ã®è åš
DNS ãã³ããªã³ã°ã¯ãæªããã¥ãŒã¹ã®æ®µéã®å§ãŸãã瀺ããããªãã®ã§ããã©ãïŒãã§ã«ããã€ãã«ã€ããŠèª¬æããŸããããããããæ§é åããŠã¿ãŸãããã
- ããŒã¿åºåïŒæµåºïŒ â ããã«ãŒãéèŠãªããŒã¿ã DNS çµç±ã§å¯ãã«éä¿¡ããŸãããã¹ãŠã®ã³ã¹ããšãšã³ã³ãŒãã£ã³ã°ãèæ ®ãããšãããã¯è¢«å®³è ã®ã³ã³ãã¥ãŒã¿ããæ å ±ã転éããæãå¹ççãªæ¹æ³ã§ã¯ãããŸããããæ©èœããåæã«ç§å¯è£ã«åäœããŸãã
- ã³ãã³ã ã¢ã³ã ã³ã³ãããŒã« (ç¥ç§° C2) â ããã«ãŒã¯ DNS ãããã³ã«ã䜿çšããŠãããšãã°ã次ã®ãããªåçŽãªå¶åŸ¡ã³ãã³ããéä¿¡ããŸãã
ãªã¢ãŒãã¢ã¯ã»ã¹åããã€ã®æšéŠ¬ (ãªã¢ãŒã ã¢ã¯ã»ã¹ ããã€ã®æšéŠ¬ãç¥ç§° RAT)ã - IP-over-DNS ãã³ããªã³ã° - ããã¯ã¯ã¬ã€ãžãŒã«èããããããããŸããããDNS ãããã³ã«ã®èŠæ±ãšå¿çã®äžã« IP ã¹ã¿ãã¯ãå®è£ ãããŠãŒãã£ãªãã£ããããŸãã FTPãNetcatãsshãªã©ã䜿çšããŠããŒã¿è»¢éãè¡ããŸããæ¯èŒçåçŽãªã¿ã¹ã¯ãéåžžã«äžæ°å³ã§ãïŒ
DNSãã³ããªã³ã°ã®æ€åº
DNS ã®æªçšãæ€åºããã«ã¯ãè² è·åæãšãã©ãã£ãã¯åæãšãã 2 ã€ã®äž»ãªæ¹æ³ããããŸãã
ã« è² è·åæ é²åŸ¡åŽã¯ãéåä¿¡ãããããŒã¿å ã®ç°åžžãæ¢ããŸãããããã¯ãçµ±èšçææ³ã«ãã£ãŠæ€åºã§ãããã®ã§ããããšãã°ãå¥åŠãªå€èŠ³ã®ãã¹ãåãããŸã䜿çšãããªã DNS ã¬ã³ãŒã ã¿ã€ããæšæºä»¥å€ã®ãšã³ã³ãŒãã£ã³ã°ãªã©ã§ãã
ã« ãã©ãã£ãã¯åæ åãã¡ã€ã³ãžã® DNS ãªã¯ãšã¹ãã®æ°ã¯ãçµ±èšçå¹³åãšæ¯èŒããŠæšå®ãããŸãã DNS ãã³ããªã³ã°ã䜿çšããæ»æè ã¯ããµãŒããŒãžã®å€§éã®ãã©ãã£ãã¯ãçæããŸããçè«çã«ã¯ãéåžžã® DNS ã¡ãã»ãŒãžäº€æãããå€§å¹ ã«åªããŠããŸãããããŠãããã¯ç£èŠããå¿ èŠããããŸãã
DNSãã³ããªã³ã°ãŠãŒãã£ãªãã£
ç¬èªã®äŸµå ¥ãã¹ããå®æœããŠãäŒç€Ÿããã®ãããªã¢ã¯ãã£ããã£ãã©ã®çšåºŠæ€åºããŠå¯Ÿå¿ã§ãããã確èªãããå Žåã¯ããã®ããã®ãŠãŒãã£ãªãã£ãããã€ããããŸãããããã¯ãã¹ãŠã¢ãŒãã§ãã³ãã«ã§ããŸã IP-over-DNS:
ãšãŠçŽ â å€ãã®ãã©ãããã©ãŒã (LinuxãMac OSãFreeBSDãWindows) ã§å©çšå¯èœãã¿ãŒã²ãã ã³ã³ãã¥ãŒã¿ãŒãšã³ã³ãããŒã« ã³ã³ãã¥ãŒã¿ãŒã®éã« SSH ã·ã§ã«ãã€ã³ã¹ããŒã«ã§ããŸããããã¯ããããšã ãã¬ã€ã Iodine ã®ã»ããã¢ãããšäœ¿çšã«ã€ããŠããªãžãã³DNS â Dan Kaminsky ã«ãããPerl ã§æžããã DNS ãã³ããªã³ã° ãããžã§ã¯ãã SSHçµç±ã§æ¥ç¶ã§ããŸããDNSCat2 - ãç æ°ã«ãªããªãDNSãã³ãã«ããã¡ã€ã«ã®éä¿¡/ããŠã³ããŒããã·ã§ã«ã®èµ·åãªã©ã®ããã®æå·åããã C2 ãã£ãã«ãäœæããŸãã
DNSç£èŠãŠãŒãã£ãªãã£
以äžã¯ããã³ããªã³ã°æ»æã®æ€åºã«åœ¹ç«ã€ããã€ãã®ãŠãŒãã£ãªãã£ã®ãªã¹ãã§ãã
dnsãã³ã¿ãŒ â MercenaryHuntFramework ããã³ Mercenary-Linux çšã«äœæããã Python ã¢ãžã¥ãŒã«ã .pcap ãã¡ã€ã«ãèªã¿åããDNS ã¯ãšãªãæœåºããåæãæ¯æŽããããã«å°çäœçœ®æ å ±ãããã³ã°ãå®è¡ããŸããreassemble_dns â .pcap ãã¡ã€ã«ãèªã¿åããDNS ã¡ãã»ãŒãžãåæãã Python ãŠãŒãã£ãªãã£ã
DNSãã³ããªã³ã°ã«é¢ãããã€ã¯ãFAQ
圹ç«ã€æ å ±ãQïŒA圢åŒã§ãå±ãããŸãïŒ
Q: ãã³ããªã³ã°ãšã¯äœã§ãã?
ã«ã€ããŠïŒ ããã¯ãæ¢åã®ãããã³ã«ãä»ããŠããŒã¿ã転éããåãªãæ¹æ³ã§ããåºç€ãšãªããããã³ã«ã¯å°çšã®ãã£ãã«ãŸãã¯ãã³ãã«ãæäŸããå®éã«éä¿¡ãããæ
å ±ãé ãããã«äœ¿çšãããŸãã
Q: æåã® DNS ãã³ããªã³ã°æ»æã¯ãã€å®è¡ãããŸããã?
ã«ã€ããŠïŒ æã
ã¯ç¥ããŸããïŒãåç¥ã®å Žåã¯ãç¥ãããã ãããç§ãã¡ã®ç¥ãéãããã®æ»æã«é¢ããæåã®è°è«ã¯ 1998 幎 XNUMX æã« Bugtraq ã¡ãŒãªã³ã° ãªã¹ã㧠Oscar Piersan ã«ãã£ãŠéå§ãããŸããã
Q: DNS ãã³ããªã³ã°ã«äŒŒãæ»æã«ã¯ã©ã®ãããªãã®ããããŸãã?
ã«ã€ããŠïŒ DNS ã¯ãã³ããªã³ã°ã«äœ¿çšã§ããå¯äžã®ãããã³ã«ã§ã¯ãããŸãããããšãã°ãã³ãã³ã ã¢ã³ã ã³ã³ãããŒã« (C2) ãã«ãŠã§ã¢ã¯ãHTTP ã䜿çšããŠéä¿¡ãã£ãã«ããã¹ã¯ããããšããããããŸãã DNS ãã³ããªã³ã°ãšåæ§ã«ãããã«ãŒã¯èªåã®ããŒã¿ãé ããŸããããã®å Žåããªã¢ãŒã ãµã€ã (æ»æè
ãå¶åŸ¡ãã) ã«ã¢ã¯ã»ã¹ããéåžžã® Web ãã©ãŠã¶ããã®ãã©ãã£ãã¯ã®ããã«èŠããŸããç£èŠããã°ã©ã ãèªèããããã«æ§æãããŠããªãå Žåãããã¯ç£èŠããã°ã©ã ã«ãã£ãŠæ°ä»ãããªãå¯èœæ§ããããŸãã
DNS ãã³ãã«ã®æ€åºãæäŒã£ãŠããããŸããã?ç§ãã¡ã®ã¢ãžã¥ãŒã«ããã§ãã¯ããŠãã ãã
åºæïŒ habr.com