Variti ã¯ãããã DDoS æ»æã«å¯Ÿããä¿è·ãéçºããã¹ãã¬ã¹ãšè² è·ã®ãã¹ããå®æœããŠããŸãã HighLoad++ 2018 ã«ã³ãã¡ã¬ã³ã¹ã§ã¯ãããŸããŸãªã¿ã€ãã®æ»æãããªãœãŒã¹ãä¿è·ããæ¹æ³ã«ã€ããŠè©±ãåããŸããã ã€ãŸããã·ã¹ãã ã®äžéšãåé¢ããã¯ã©ãŠã ãµãŒãã¹ãš CDN ã䜿çšããå®æçã«æŽæ°ããŸãã ããããããã§ãå°éäŒç€Ÿãªãã§ã¯ä¿è·ââãæ±ãããšã¯ã§ããŸãã:)
æ¬æãèªãåã«ãçãèŠçŽãèªãããšãã§ããŸã
èªã¿ãããªãå ŽåããŸãã¯ãããªã ããèŠããå Žåã¯ãã¬ããŒãã®èšé²ããã¿ãã¬ã®äžã«èšèŒããŸãã
ã¬ããŒãã®ãããªé²ç»
å€ãã®äŒæ¥ã¯ãã§ã«è² è·ãã¹ãã®æ¹æ³ãç¥ã£ãŠããŸããããã¹ãŠã®äŒæ¥ãã¹ãã¬ã¹ ãã¹ããå®è¡ããŠããããã§ã¯ãããŸããã åœç€Ÿã®é¡§å®¢ã®äžã«ã¯ãèªç€Ÿã®ãµã€ãã¯é«è² è·ã®ã·ã¹ãã ã䜿çšããŠãããæ»æããååã«ä¿è·ãããŠãããããç¡æµã§ãããšèããŠãã人ãããŸãã ãããå®å
šã«çå®ã§ã¯ãªãããšã瀺ããŸãã
ãã¡ããããã¹ããå®æœããåã«ãã客æ§ãã眲åãšæºå°ã®ããèš±å¯ãåŸãŠãããç§ãã¡ã®ååãããã°ã誰ã«å¯ŸããŠã DDoS æ»æãå®è¡ããããšã¯ã§ããŸããã ãã¹ãã¯ããªãœãŒã¹ãžã®ãã©ãã£ãã¯ãæå°éã§ãã¢ã¯ã»ã¹ã®åé¡ãã¯ã©ã€ã¢ã³ãã«åœ±é¿ãäžããªãã顧客ãéžæããæéã«å®è¡ãããŸãã ããã«ããã¹ãããã»ã¹äžã«åžžã«åé¡ãçºçããå¯èœæ§ããããããç§ãã¡ã¯åžžã«ã客æ§ãšé£çµ¡ãåãåã£ãŠããŸãã ããã«ãããéæãããçµæãå ±åããã ãã§ãªãããã¹ãäžã«äœããå€æŽããããšãã§ããŸãã ãã¹ããå®äºãããšãæ€åºãããæ¬ ç¹ãææãããµã€ãã®åŒ±ç¹ã解æ¶ããããã®æšå¥šäºé
ãèšèŒããã¬ããŒããå¿
ãäœæããŸãã
ç§ãã¡ã®åãæ¹
ãã¹ãæã«ã¯ããããããããšãã¥ã¬ãŒãããŸãã åœç€Ÿã®ãããã¯ãŒã¯äžã«ãªãã¯ã©ã€ã¢ã³ããšé£æºããŠãããããå¶éãä¿è·ã®çºåã«ãã£ãŠãã¹ããæåã® XNUMX åã§çµäºããªãããã«ããããã«ãXNUMX ã€ã® IP ããã§ã¯ãªãç¬èªã®ãµããããããè² è·ãäŸçµŠããŠããŸãã ããã«ãããªãã®è² è·ãçºçãããããã«ãç¬èªã®ããªã匷åãªãã¹ã ãµãŒããŒãçšæããŠããŸãã
ä»®å®
å€ãããã®ã¯è¯ãæå³ã§ã¯ãããŸãã
ãªãœãŒã¹ã«é害ãããããè² è·ãå°ãªããã°å°ãªãã»ã©è¯ãã®ã§ãã XNUMX ç§ããã XNUMX ã€ã®ãªã¯ãšã¹ãããŸã㯠XNUMX åããã XNUMX ã€ã®ãªã¯ãšã¹ãã§ããµã€ãã®æ©èœãåæ¢ã§ããã°ãããã¯çŽ æŽãããããšã§ãã ãªããªããæå°æªã®æ³åã«ããã°ããŠãŒã¶ãŒãŸãã¯æ»æè ã¯èª€ã£ãŠãã®ç¹å®ã®è匱æ§ã«é¥ãå¯èœæ§ãããããã§ãã
éšåçãªå€±æã¯å®å šãªå€±æãããè¯ã
ç§ãã¡ã¯åžžã«ãã·ã¹ãã ãç°çš®æ··åã«ããããšããå§ãããŸãã ããã«ãã³ã³ããåã ãã§ã¯ãªããç©çã¬ãã«ã§ããããåé¢ãã䟡å€ããããŸãã ç©ççã«åé¢ããå Žåããµã€ãäžã§äœãé害ãçºçããŠãããµã€ãã®åäœãå®å šã«åæ¢ããããšã¯ãªãããŠãŒã¶ãŒã¯åŒãç¶ãæ©èœã®å°ãªããšãäžéšã«ã¢ã¯ã»ã¹ã§ããŸãã
åªããã¢ãŒããã¯ãã£ã¯æç¶å¯èœæ§ã®åºç€ã§ã
ãªãœãŒã¹ã®ãã©ãŒã«ã ãã¬ã©ã³ã¹ãšæ»æãè² è·ã«èããèœåã¯ãèšèšæ®µéãå®éã«ã¯ã¡ã¢åž³ã§æåã®ãããŒãã£ãŒããæã段éã§å®ããããå¿ èŠããããŸãã èŽåœçãªãšã©ãŒãå¿ã³èŸŒãã å Žåãå°æ¥çã«ä¿®æ£ããããšã¯å¯èœã§ãããããã¯éåžžã«å°é£ã ããã§ãã
ã³ãŒããåªããŠããã ãã§ãªããæ§æãåªããŠããå¿ èŠããããŸã
å€ãã®äººã¯ãåªããéçºããŒã ããã©ãŒã«ã ãã¬ã©ã³ããªãµãŒãã¹ãä¿èšŒãããšèããŠããŸãã åªããéçºããŒã ã¯æ¬åœã«å¿ èŠã§ãããåªããéçšãåªãã DevOps ãå¿ èŠã§ãã ã€ãŸããLinux ãšãããã¯ãŒã¯ãæ£ããæ§æããnginx ã§æ§æãæ£ããæžã蟌ã¿ãå¶éãèšå®ãããªã©ã®å°é家ãå¿ èŠã§ãã ããããªããšããªãœãŒã¹ã¯ãã¹ãã§ã®ã¿æ£åžžã«æ©èœããããæç¹ã§å®çšŒåç°å¢ã§ãã¹ãŠãæ©èœããªããªããŸãã
è² è·ãã¹ããšã¹ãã¬ã¹ãã¹ãã®éã
è² è·ãã¹ãã«ãããã·ã¹ãã æ©èœã®éçãç¹å®ã§ããŸãã ã¹ãã¬ã¹ ãã¹ãã¯ãã·ã¹ãã ã®åŒ±ç¹ãèŠã€ããããšãç®çãšããŠããããã®ã·ã¹ãã ãç Žå£ããç¹å®ã®éšåãæ éããéçšã§ã·ã¹ãã ãã©ã®ããã«åäœãããã確èªããããã«äœ¿çšãããŸãã ãã®å Žåãè² è·ã®æ§è³ªã¯éåžžãã¹ãã¬ã¹ ãã¹ããéå§ããããŸã§é¡§å®¢ã«ã¯äžæã®ãŸãŸã§ãã
L7æ»æã®ç¹åŸŽ
éåžžãè² è·ã®ã¿ã€ãã L7 ã¬ãã«ãš L3&4 ã¬ãã«ã®è² è·ã«åé¡ããŸãã L7 ã¯ã¢ããªã±ãŒã·ã§ã³ ã¬ãã«ã®è² è·ã§ãããã»ãšãã©ã®å Žå HTTP ã®ã¿ãæå³ããŸãããããã§ã¯ TCP ãããã³ã« ã¬ãã«ã®ããããè² è·ãæå³ããŸãã
L7 æ»æã«ã¯ç¹å®ã®ç¬ç¹ã®ç¹åŸŽããããŸãã ãŸãããããã¯ã¢ããªã±ãŒã·ã§ã³ã«çŽæ¥éä¿¡ãããŸããã€ãŸãããããã¯ãŒã¯æ段ãä»ããŠåæ ãããå¯èœæ§ã¯ã»ãšãã©ãããŸããã ãã®ãããªæ»æã¯ããžãã¯ã䜿çšãããããCPUãã¡ã¢ãªããã£ã¹ã¯ãããŒã¿ããŒã¹ããã®ä»ã®ãªãœãŒã¹ãéåžžã«å¹ççã«ãå°ãªããã©ãã£ãã¯ã§æ¶è²»ããŸãã
HTTPãã©ãã
ã©ã®ãããªæ»æã®å Žåã§ããè² è·ã¯åŠçãããããäœæããæ¹ãç°¡åã§ãããL7 ã®å Žåãåæ§ã§ãã æ»æãã©ãã£ãã¯ãšæ£èŠã®ãã©ãã£ãã¯ãåºå¥ããã®ã¯å¿
ãããç°¡åã§ã¯ãããŸãããå€ãã®å Žåãããã¯é »åºŠã«ãã£ãŠå€æã§ããŸããããã¹ãŠãæ£ããèšç»ãããŠããå Žåãã©ãã«æ»æããããã©ãã«æ£èŠã®ãªã¯ãšã¹ãããããããã°ããç解ããããšã¯äžå¯èœã§ãã
æåã®äŸãšããŠãHTTP ãã©ããæ»æãèããŠã¿ãŸãããã ã°ã©ãã¯ããã®ãããªæ»æãéåžžéåžžã«åŒ·åã§ããããšã瀺ããŠããŸãã以äžã®äŸã§ã¯ããªã¯ãšã¹ãã®ããŒã¯æ°ã¯ 600 åããã XNUMX äžä»¶ãè¶
ããŠããŸãã
HTTP ãã©ããã¯ãè² è·ãäœæããæãç°¡åãªæ¹æ³ã§ãã éåžžãApacheBench ãªã©ã®äœããã®è² è·ãã¹ã ããŒã«ã䜿çšãããªã¯ãšã¹ããšã¿ãŒã²ãããèšå®ããŸãã ãã®ãããªåçŽãªã¢ãããŒãã§ã¯ããµãŒã㌠ãã£ãã·ã¥ã«ééããå¯èœæ§ãé«ããªããŸããããããåé¿ããã®ã¯ç°¡åã§ãã ããšãã°ããªã¯ãšã¹ãã«ã©ã³ãã ãªæååãè¿œå ãããšããµãŒããŒã¯åžžã«æ°ããããŒãžãæäŸããããã«ãªããŸãã
ãŸããããŒããäœæããããã»ã¹ã§ã¯ãŠãŒã¶ãŒ ãšãŒãžã§ã³ãã«ã€ããŠãå¿ããªãã§ãã ããã äžè¬çãªãã¹ã ããŒã«ã®ãŠãŒã¶ãŒ ãšãŒãžã§ã³ãã®å€ãã¯ã·ã¹ãã 管çè
ã«ãã£ãŠãã£ã«ã¿ãªã³ã°ãããŠããããã®å Žåãè² è·ãããã¯ãšã³ãã«å°éããªãå¯èœæ§ããããŸãã ãã©ãŠã¶ããã®å€ããå°ãªããæå¹ãªããããŒããªã¯ãšã¹ãã«æ¿å
¥ããããšã§ãçµæã倧å¹
ã«æ¹åã§ããŸãã
HTTP ãã©ããæ»æã¯åçŽã§ãããæ¬ ç¹ããããŸãã ãŸããè² è·ãçæããã«ã¯å€§éã®é»åãå¿
èŠã§ãã 第 XNUMX ã«ããã®ãããªæ»æã¯ãç¹ã« XNUMX ã€ã®ã¢ãã¬ã¹ããã®ãã®ã§ããå Žåãéåžžã«ç°¡åã«æ€åºã§ããŸãã ãã®çµæããªã¯ãšã¹ãã¯ã·ã¹ãã 管çè
ãŸãã¯ãããã€ã㌠ã¬ãã«ã§ã®ãã£ã«ã¿ãªã³ã°ãããã«éå§ããŸãã
äœãæ¢ã
å¹çãèœãšããã« XNUMX ç§ãããã®ãªã¯ãšã¹ãæ°ãæžããã«ã¯ãå°ãæ³ååãçºæ®ããŠãµã€ããæ¢çŽ¢ããå¿ èŠããããŸãã ãããã£ãŠããã£ãã«ããµãŒããŒã ãã§ãªããããŒã¿ããŒã¹ããã¡ã€ã« ã·ã¹ãã ãªã©ã®ã¢ããªã±ãŒã·ã§ã³ã®åã ã®éšåãããŒãã§ããŸãã ãŸããé»åã補åéžæããŒãžãªã©ããµã€ãäžã§å€§èŠæš¡ãªèšç®ãè¡ãå Žæãæ¢ãããšãã§ããŸãã æåŸã«ããµã€ãã«ã¯æ°åäžè¡ã®ããŒãžãçæãããã皮㮠PHP ã¹ã¯ãªãããååšããããšããããããŸãã ãã®ãããªã¹ã¯ãªããã¯ãµãŒããŒã«å€§ããªè² è·ãäžããæ»æã®æšçã«ãªãå¯èœæ§ããããŸãã
ã©ããèŠãã°
ãã¹ãåã«ãªãœãŒã¹ãã¹ãã£ã³ãããšãã¯ããã¡ããããŸããµã€ãèªäœã調ã¹ãŸãã ç§ãã¡ã¯ãããããçš®é¡ã®å
¥åãã£ãŒã«ããéããã¡ã€ã«ãã€ãŸããªãœãŒââã¹ã«åé¡ãåŒãèµ·ããããã®åäœãé
ãããå¯èœæ§ã®ãããã¹ãŠã®ãã®ãæ¢ããŠããŸãã ããã§ã¯ãGoogle Chrome ãš Firefox ã®å¹³å¡ãªéçºããŒã«ã圹ã«ç«ã¡ãããŒãžã®å¿çæéã衚瀺ããŸãã
ãµããã¡ã€ã³ãã¹ãã£ã³ããŸãã ããšãã°ããããªã³ã©ã€ã³ ã¹ã㢠abc.com ãããããµããã¡ã€ã³ admin.abc.com ããããŸãã ãããããããã¯æš©éã®ãã管çããã«ã§ãããè² è·ãããããšã¡ã€ã³ ãªãœãŒã¹ã«åé¡ãçºçããå¯èœæ§ããããŸãã
ãµã€ãã«ã¯ãµããã¡ã€ã³ api.abc.com ãããå ŽåããããŸãã ãããããããã¯ã¢ãã€ã« ã¢ããªã±ãŒã·ã§ã³çšã®ãªãœãŒã¹ã§ãã ã¢ããªã±ãŒã·ã§ã³ã¯ App Store ãŸã㯠Google Play ã§èŠã€ããããšãã§ããç¹å¥ãªã¢ã¯ã»ã¹ ãã€ã³ããã€ã³ã¹ããŒã«ããAPI ãåæããŠãã¹ã ã¢ã«ãŠã³ããç»é²ããŸãã åé¡ã¯ãæ¿èªã«ãã£ãŠä¿è·ãããŠãããã®ã¯ãµãŒãã¹æåŠæ»æã®åœ±é¿ãåããªããšäººã
ãããèããŠããããšã§ãã ããããèªèšŒãæè¯ã® CAPTCHA ã§ãããšæãããŸãããããã§ã¯ãããŸããã 10 ïœ 20 åã®ãã¹ã ã¢ã«ãŠã³ããäœæããã®ã¯ç°¡åã§ãããäœæããããšã§ãè€éã§é ãããæ©èœã«ã¢ã¯ã»ã¹ã§ããããã«ãªããŸãã
åœç¶ã®ããšãªãããrobots.txt ã WebArchiveãViewDNS ã§å±¥æŽã調ã¹ããªãœãŒã¹ã®å€ãããŒãžã§ã³ãæ¢ããŸãã å Žåã«ãã£ãŠã¯ãéçºè
ã mail2.yandex.net ãªã©ãå±éããã«ãããããããå€ãããŒãžã§ã³ã® mail.yandex.net ãæ®ã£ãŠããããšãèµ·ãããŸãã ãã® mail.yandex.net ã¯ãµããŒããããªããªããéçºãªãœãŒã¹ã¯å²ãåœãŠãããŸããããããŒã¿ããŒã¹ãæ¶è²»ãç¶ããŸãã ãããã£ãŠãå€ãããŒãžã§ã³ã䜿çšãããšãããã¯ãšã³ãã®ãªãœãŒã¹ãšã¬ã€ã¢ãŠãã®èåŸã«ãããã¹ãŠã®ãã®ãå¹æçã«äœ¿çšã§ããŸãã ãã¡ãããããã¯åžžã«èµ·ããããã§ã¯ãããŸããããããã§ãããªãã®é »åºŠã§ããã«ééããŸãã
åœç¶ã®ããšãªããããã¹ãŠã®ãªã¯ãšã¹ããã©ã¡ãŒã¿ãš Cookie æ§é ãåæããŸãã ããšãã°ãCookie å
ã® JSON é
åã«å€ããã³ãããå€æ°ã®ãã¹ããäœæããŠããªãœãŒã¹ãäžåœã«é·æéåäœãããããšãã§ããŸãã
æ€çŽ¢è² è·
ãµã€ãã調æ»ãããšãã«æåã«æãæµ®ãã¶ã®ã¯ãããŒã¿ããŒã¹ãããŒãããããšã§ããããã¯ãã»ãŒãã¹ãŠã®äººãæ€çŽ¢ãè¡ãããã§ãããæ®å¿µãªããšã«ãã»ãŒãã¹ãŠã®äººã«ãšã£ãŠãããŒã¿ããŒã¹ã¯ååã«ä¿è·ãããŠããŸããã äœããã®çç±ã§ãéçºè
ã¯æ€çŽ¢ã«ååãªæ³šæãæã£ãŠããŸããã ãã ããããã§ã®æšå¥šäºé
ã XNUMX ã€ãããŸããHTTP ãã©ããã®å Žåãšåæ§ã«ããã£ãã·ã¥ãçºçããå¯èœæ§ããããããåãã¿ã€ãã®ãªã¯ãšã¹ããäœæããªãã§ãã ããã
ããŒã¿ããŒã¹ã«å¯ŸããŠã©ã³ãã ãªã¯ãšãªãå®è¡ããããšããåžžã«å¹æçã§ãããšã¯éããŸããã æ€çŽ¢ã«é¢é£ããããŒã¯ãŒãã®ãªã¹ããäœæããããšããå§ãããŸãã ãªã³ã©ã€ã³ ã¹ãã¢ã®äŸã«æ»ããšããã®ãµã€ãã§ã¯è»ã®ã¿ã€ã€ã販売ãããŠãããã¿ã€ã€ã®ååŸãè»ã®çš®é¡ããã®ä»ã®ãã©ã¡ãŒã¿ãèšå®ã§ãããšããŸãã ãããã£ãŠãé¢é£ããåèªãçµã¿åããããšãããŒã¿ããŒã¹ã¯ããã«è€éãªæ¡ä»¶ã§åäœããããã«ãªããŸãã
ããã«ãããŒãžããŒã·ã§ã³ã䜿çšãã䟡å€ããããŸããæ€çŽ¢ã§æ€çŽ¢çµæã®æåŸãã XNUMX çªç®ã®ããŒãžãè¿ãããšã¯ãæåã®ããŒãžãããã¯ããã«å°é£ã§ãã ã€ãŸããããŒãžããŒã·ã§ã³ã䜿çšãããšãè² è·ããããã«åæ£ã§ããŸãã
以äžã®äŸã¯æ€çŽ¢è² è·ã瀺ããŠããŸãã XNUMX ç§ããã XNUMX ãªã¯ãšã¹ãã®é床ã§ãã¹ããè¡ã£ãæåã® XNUMX ç§ããããµã€ããããŠã³ããŠå¿çããªããªã£ãããšãããããŸãã
æ€çŽ¢ããªãã£ããïŒ
æ€çŽ¢ãè¡ãããªãå Žåã§ãããµã€ãã«ä»ã®è匱ãªå
¥åãã£ãŒã«ããå«ãŸããŠããªããšããæå³ã§ã¯ãããŸããã ãã®ãã£ãŒã«ãã¯èªèšŒã§ããå ŽåããããŸãã çŸåšãéçºè
ã¯ãã°ã€ã³ ããŒã¿ããŒã¹ãã¬ã€ã³ã㌠ããŒãã«æ»æããä¿è·ããããã«è€éãªããã·ã¥ãäœæããããšã奜ã¿ãŸãã ããã¯è¯ãããšã§ããããã®ãããªããã·ã¥ã¯å€§éã® CPU ãªãœãŒã¹ãæ¶è²»ããŸãã äžæ£ãªæ¿èªã倧éã«çºçãããšããã»ããµé害ãçºçãããã®çµæããµã€ããæ©èœããªããªããŸãã
ã³ã¡ã³ãããã£ãŒãããã¯çšã®ããããçš®é¡ã®ãã©ãŒã ããµã€ãã«ååšããããšã¯ãããã«éåžžã«å€§ããªããã¹ããéä¿¡ããããåã«å€§èŠæš¡ãªæŽªæ°ŽãåŒãèµ·ããããããçç±ã«ãªããŸãã ãµã€ãã«ãã£ãŠã¯ãgzip 圢åŒãªã©ã®æ·»ä»ãã¡ã€ã«ãåãå
¥ããããšããããŸãã ãã®å Žåã1 TB ã®ãã¡ã€ã«ãååŸããgzip ã䜿çšããŠæ°ãã€ããŸãã¯ãããã€ãã«å§çž®ãããµã€ãã«éä¿¡ããŸãã ãã®åŸã解åãããšãéåžžã«èå³æ·±ãå¹æãåŸãããŸãã
æ®ãã®API
Rest APIãªã©ã®äººæ°ãµãŒãã¹ã«å°ã泚ç®ããŠã¿ãããšæããŸãã Rest API ãä¿è·ããããšã¯ãéåžžã® Web ãµã€ããããã¯ããã«å°é£ã§ãã ãã¹ã¯ãŒãã®ãã«ãŒã ãã©ãŒã¹ããã®ä»ã®äžæ£è¡çºããä¿è·ããç°¡åãªæ¹æ³ã§ãã£ãŠããRest API ã§ã¯æ©èœããŸããã
Rest API ã¯ããŒã¿ããŒã¹ã«çŽæ¥ã¢ã¯ã»ã¹ãããããéåžžã«ç°¡åã«ç ŽãããŠããŸããŸãã åæã«ããã®ãããªãµãŒãã¹ã®å€±æã¯ããžãã¹ã«éåžžã«æ·±å»ãªåœ±é¿ããããããŸãã å®éãRest API ã¯éåžžãã¡ã€ã³ Web ãµã€ãã ãã§ãªããã¢ãã€ã« ã¢ããªã±ãŒã·ã§ã³ãäžéšã®å
éšããžãã¹ ãªãœãŒã¹ã«ã䜿çšãããŸãã ãããŠãããããã¹ãŠå€±æããå Žåããã®åœ±é¿ã¯åçŽãª Web ãµã€ãã®é害ã®å Žåãããã¯ããã«å€§ãããªããŸãã
éãã³ã³ãã³ãã®èªã¿èŸŒã¿
è€éãªæ©èœãæããªãéåžžã®åäžããŒãžã®ã¢ããªã±ãŒã·ã§ã³ãã©ã³ãã£ã³ã° ããŒãžãååº Web ãµã€ãã®ãã¹ããäŸé Œãããå Žåãç§ãã¡ã¯éãã³ã³ãã³ããæ¢ããŸãã ããšãã°ããµãŒããŒãéä¿¡ãã倧ããªç»åããã€ã㪠ãã¡ã€ã«ãPDF ããã¥ã¡ã³ããªã©ãããããã¹ãŠãããŠã³ããŒãããããšããŸãã ãã®ãããªãã¹ãã¯ãã¡ã€ã« ã·ã¹ãã ã«ååãªè² è·ãããããã£ãã«ãè©°ãŸããããããå¹æçã§ãã ã€ãŸãããµãŒããŒãåæ¢ãããªããŠãã倧ããªãã¡ã€ã«ãäœéã§ããŠã³ããŒããããšãã¿ãŒã²ãã ãµãŒããŒã®ãã£ãã«ãè©°ãŸãã ãã§ããµãŒãã¹åŠšå®³ãçºçããŸãã
ãã®ãããªãã¹ãã®äŸã§ã¯ã30 RPS ã®é床ã§ãµã€ããå¿çãåæ¢ãããã500 çªç®ã®ãµãŒã㌠ãšã©ãŒãçºçããããšã瀺ãããŠããŸãã
ãµãŒããŒã®ã»ããã¢ãããå¿ããªãã§ãã ããã å€ãã®å Žåããã人ãä»®æ³ãã·ã³ã賌å
¥ããããã« Apache ãã€ã³ã¹ããŒã«ããããã©ã«ãã§ãã¹ãŠãæ§æããPHP ã¢ããªã±ãŒã·ã§ã³ãã€ã³ã¹ããŒã«ããçµæã以äžã«è¡šç€ºãããŸãã
ããã§ã¯è² è·ãã«ãŒãã«ããããããã 10 RPS ã«éããŸããã 5åã»ã©åŸ
ã£ããšããããµãŒããŒãã¯ã©ãã·ã¥ããŸããã 確ãã«åœŒããªãèœã¡ãã®ãã¯å®å
šã«ã¯ããã£ãŠããªãããåçŽã«èšæ¶åã匷ãããŠåå¿ããªããªã£ãŠããŸã£ãã®ã§ã¯ãªãããšããæšæž¬ãããã
ãŠã§ãŒãããŒã¹
ãã 30 ïœ 40 幎ã§ãæ³¢ç¶æ»æãéåžžã«äººæ°ã«ãªããŸããã ããã¯ãå€ãã®çµç¹ã DDoS ä¿è·ã®ããã«ç¹å®ã®ããŒããŠã§ã¢ã賌å
¥ããŠãããæ»æã®ãã£ã«ã¿ãªã³ã°ãéå§ããããã«çµ±èšãèç©ããã®ã«äžå®ã®æéãå¿
èŠã§ãããšããäºå®ã«ãããã®ã§ãã ã€ãŸããããŒã¿ãèç©ããŠåŠç¿ãããããæåã® 30 ïœ 40 ç§éã®æ»æã¯ãã£ã«ã¿ãªã³ã°ãããŸããã ãããã£ãŠããã® XNUMX ïœ XNUMX ç§ã®éã«ããµã€ãäžã§éåžžã«å€ãã®ãªã¯ãšã¹ããèµ·åã§ããããããã¹ãŠã®ãªã¯ãšã¹ããã¯ãªã¢ããããŸã§ãªãœãŒã¹ãé·æé暪ãããããšã«ãªããŸãã
以äžã®æ»æã®å Žåã10 åã®ééãããããã®åŸãæ»æã®æ°ããªå€æŽãããéšåãå°çããŸããã
ã€ãŸããé²åŸ¡åŽã¯åŠç¿ããŠãã£ã«ã¿ãªã³ã°ãéå§ããŸããããæ»æã®ãŸã£ããç°ãªãæ°ããéšåãå°çããé²åŸ¡åŽãåã³åŠç¿ãå§ããŸããã å®éããã£ã«ã¿ãªã³ã°ãæ©èœããªããªããä¿è·ãç¡å¹ã«ãªãããµã€ããå©çšã§ããªããªããŸãã
ãŠã§ãŒãæ»æã¯ããŒã¯æã®å€ãéåžžã«é«ãã®ãç¹åŸŽã§ãL7 ã®å Žåã3 ç§ããã 4 äžãŸã㯠XNUMX äžã®ãªã¯ãšã¹ãã«éããããšããããŸãã LXNUMX ãš LXNUMX ã«ã€ããŠè©±ãå Žåããã±ããåäœã§ã«ãŠã³ããããšãæ°çŸã®ã¬ããããã€ãŸãæ°çŸ mpps ã®ãã©ãã£ãã¯ãååšããå¯èœæ§ããããŸãã
ãã®ãããªæ»æã®åé¡ã¯åæã§ãã ãã®æ»æã¯ããããããããè¡ãããéåžžã«å€§èŠæš¡ãª XNUMX åéãã®ã¹ãã€ã¯ãäœæããã«ã¯é«åºŠãªåæãå¿
èŠã§ãã ãããŠããã®èª¿æŽã¯åžžã«ããŸãããããã§ã¯ãããŸãããåºåãæŸç©ç·ç¶ã®ããŒã¯ã«ãªãå Žåããããããã¯ããªãæ
ããªããã®ã«èŠããŸãã
HTTP ã ãã§ã¯ãªã
L7 ã§ã® HTTP ã«å ããŠãç§ãã¡ã¯ä»ã®ãããã³ã«ã掻çšããããšèããŠããŸãã äžè¬ã«ãéåžžã® Web ãµã€ããç¹ã«éåžžã®ãã¹ãã£ã³ã°ã§ã¯ãã¡ãŒã« ãããã³ã«ãš MySQL ãçªåºããŠããŸãã ã¡ãŒã« ãããã³ã«ã¯ããŒã¿ããŒã¹ãããè² è·ãäœãã§ãããéåžžã«å¹ççã«è² è·ããããããµãŒããŒäžã® CPU ãéè² è·ã«ãªãå¯èœæ§ããããŸãã
ç§ãã¡ã¯ 2016 幎㮠SSH è匱æ§ãå©çšããŠããªãæåããŸããã çŸåšããã®è匱æ§ã¯ã»ãŒãã¹ãŠã®äººã«å¯ŸããŠä¿®æ£ãããŠããŸãããSSH ã«è² è·ãéä¿¡ã§ããªããšããæå³ã§ã¯ãããŸããã ã§ããã åçŽã«èšå€§ãªæ¿èªã®è² è·ããããSSH ããµãŒããŒäžã® CPU ãã»ãŒãã¹ãŠæ¶è²»ããXNUMX ç§ããã XNUMX ã€ãŸã㯠XNUMX ã€ã®ãªã¯ãšã¹ã㧠Web ãµã€ãã厩å£ããŸãã ãããã£ãŠããã°ã«åºã¥ãããã XNUMX ã€ãŸã㯠XNUMX ã€ã®ãªã¯ãšã¹ãã¯ãæ£åœãªè² è·ãšåºå¥ã§ããŸããã
ãµãŒããŒå
ã§éããå€ãã®æ¥ç¶ãé¢é£æ§ãç¶æããŸãã 以åã¯ãApache ããã®åé¡ãæ±ããŠããŸããããçŸåšã¯ nginx ãããã©ã«ãã§èšå®ãããŠããããšãå€ããããå®éã«ã¯ãã®åé¡ãæ±ããŠããŸãã nginx ãéãããŸãŸã«ã§ããæ¥ç¶ã®æ°ã¯å¶éãããŠããããããã®æ°ã®æ¥ç¶ãéããšãnginx ã¯æ°ããæ¥ç¶ãåãå
¥ããªããªãããã®çµæãµã€ããæ©èœããªããªããŸãã
ç§ãã¡ã®ãã¹ã ã¯ã©ã¹ã¿ãŒã«ã¯ãSSL ãã³ãã·ã§ã€ã¯ãæ»æããã®ã«åå㪠CPU ããããŸãã ååãšããŠãå®è·µã瀺ãããã«ãããããããããããè¡ãããšã奜ãããšããããŸãã äžæ¹ã§ãGoogle ã®æ€çŽ¢çµæãã©ã³ãã³ã°ãã»ãã¥ãªãã£ã®ããã« SSL ãªãã§ã¯ãã£ãŠãããªãããšã¯æããã§ãã äžæ¹ãSSL ã«ã¯æ®å¿µãªãã CPU ã®åé¡ããããŸãã
L3&4
L3 ããã³ 4 ã¬ãã«ã§ã®æ»æã«ã€ããŠè©±ããšãã¯ãéåžžããªã³ã¯ ã¬ãã«ã§ã®æ»æã«ã€ããŠè©±ããŸãã ãã®ãããªè² è·ã¯ãSYN ãã©ããæ»æã§ãªãéããã»ãšãã©ã®å Žåãæ£èŠã®è² è·ãšåºå¥ã§ããŸãã ã»ãã¥ãªã㣠ããŒã«ã«å¯Ÿãã SYN ãã©ããæ»æã®åé¡ã¯ãæ»æéã倧ããããšã§ãã L3&4 ã®æ倧å€ã¯ 1,5 ïœ 2 Tbit/s ã§ããã ãã®çš®ã®ãã©ãã£ãã¯ã¯ãOracle ã Google ãªã©ã®å€§äŒæ¥ã§ãåŠçãéåžžã«å°é£ã§ãã
SYN ããã³ SYN-ACK ã¯ãæ¥ç¶ã確ç«ãããšãã«äœ¿çšããããã±ããã§ãã ãããã£ãŠãSYN ãã©ãããæ£åœãªããŒããšåºå¥ããã®ã¯å°é£ã§ãããããæ¥ç¶ã確ç«ããããã«æ¥ã SYN ãªã®ãããããšããã©ããã®äžéšãªã®ãã¯æããã§ã¯ãããŸããã
UDP ãã©ãã
éåžžãæ»æè ã¯ç§ãã¡ã®ãããªèœåãæã£ãŠããªããããæ»æãçµç¹åããããã«å¢å¹ ã䜿çšãããå¯èœæ§ããããŸãã ã€ãŸããæ»æè ã¯ã€ã³ã¿ãŒããããã¹ãã£ã³ããè匱ãªãµãŒããŒãŸãã¯äžé©åã«æ§æããããµãŒã㌠(ããšãã°ãXNUMX ã€ã® SYN ãã±ããã«å¿çã㊠XNUMX ã€ã® SYN-ACK ã§å¿çãããµãŒããŒ) ãèŠã€ããŸãã ã¿ãŒã²ãã ãµãŒããŒã®ã¢ãã¬ã¹ããéä¿¡å ã¢ãã¬ã¹ãã¹ããŒãã£ã³ã°ããããšã§ãXNUMX ã€ã®ãã±ããã§é»åãããšãã° XNUMX åã«å¢å ããããã©ãã£ãã¯ã被害è ã«ãªãã€ã¬ã¯ãããããšãã§ããŸãã
å¢å¹
ã®åé¡ã¯ãæ€åºãé£ããããšã§ãã æè¿ã®äŸã«ã¯ãè匱㪠memcached ã®ã»ã³ã»ãŒã·ã§ãã«ãªã±ãŒã¹ãå«ãŸããŸãã ããã«ãçŸåšã§ã¯å€ãã® IoT ããã€ã¹ã IP ã«ã¡ã©ãååšããŸãããããããã»ãšãã©ãããã©ã«ãã§èšå®ãããŠãããããã©ã«ãã§ã¯æ£ããèšå®ãããŠããªããããæ»æè
ã¯ãã®ãããªããã€ã¹ãä»ããŠæ»æãè¡ãããšãã»ãšãã©ã§ãã
å°é£ãª SYN ãã©ãã
éçºè
ã®èŠ³ç¹ããèŠããšãSYN ãã©ããã¯ããããæãèå³æ·±ãã¿ã€ãã®æ»æã§ãã åé¡ã¯ãã·ã¹ãã 管çè
ãä¿è·ã®ããã« IP ãããã¯ã䜿çšããããšãå€ãããšã§ãã ããã«ãIP ãããã¯ã¯ãã¹ã¯ãªããã䜿çšããŠè¡åããã·ã¹ãã 管çè
ã ãã§ãªããæ®å¿µãªãããé«é¡ãªè²»çšããããŠè³Œå
¥ããäžéšã®ã»ãã¥ãªã㣠ã·ã¹ãã ã«ã圱é¿ãåãŒããŸãã
æ»æè
ã IP ã¢ãã¬ã¹ã眮ãæãããšãäŒæ¥ã¯èªç€Ÿã®ãµããããããããã¯ããŠããŸãããããã®æ¹æ³ã¯å€§æšäºã«ãªãå¯èœæ§ããããŸãã ãã¡ã€ã¢ãŠã©ãŒã«ãç¬èªã®ã¯ã©ã¹ã¿ãŒããããã¯ãããšãåºåã¯å€éšãšã®å¯Ÿè©±ã«å€±æãããªãœãŒã¹ã«é害ãçºçããŸãã
ããã«ãèªåã®ãããã¯ãŒã¯ããããã¯ããããšã¯é£ãããããŸããã ã¯ã©ã€ã¢ã³ãã®ãªãã£ã¹ã« Wi-Fi ãããã¯ãŒã¯ãããå ŽåããŸãã¯ããŸããŸãªç£èŠã·ã¹ãã ã䜿çšããŠãªãœãŒã¹ã®ããã©ãŒãã³ã¹ã枬å®ããå Žåããã®ç£èŠã·ã¹ãã ãŸãã¯ã¯ã©ã€ã¢ã³ãã®ãªãã£ã¹ã® Wi-Fi ã® IP ã¢ãã¬ã¹ãååŸããããããœãŒã¹ãšããŠäœ¿çšããŸãã æçµçã«ããªãœãŒã¹ã¯å©çšå¯èœã§ããããã«èŠããŸãããã¿ãŒã²ãã IP ã¢ãã¬ã¹ã¯ãããã¯ãããŸãã ãããã£ãŠãäŒç€Ÿã®æ°è£œåãçºè¡šããã HighLoad ã«ã³ãã¡ã¬ã³ã¹ã® Wi-Fi ãããã¯ãŒã¯ããããã¯ãããå¯èœæ§ããããããã«ã¯äžå®ã®ããžãã¹äžããã³çµæžçã³ã¹ããããããŸãã
ãã¹ãäžã¯ãèš±å¯ããã IP ã¢ãã¬ã¹ã«ã®ã¿ãã©ãã£ãã¯ãéä¿¡ãããšããåã決ãããããããå€éšãªãœãŒã¹ã§ memcached ãä»ããå¢å¹
ã䜿çšããããšã¯ã§ããŸããã ãããã£ãŠãã·ã¹ãã ã XNUMX ã€ã® SYN ã®éä¿¡ã« XNUMX ã€ãŸã㯠XNUMX ã€ã® SYN-ACK ã§å¿çããå ŽåãSYN ãš SYN-ACK ã«ããå¢å¹
ã䜿çšããåºåã§ã¯æ»æã XNUMX ãŸã㯠XNUMX åã«ãªããŸãã
ããŒã«
L7 ã¯ãŒã¯ããŒãã«äœ¿çšããäž»ãªããŒã«ã® XNUMX ã€ã¯ Yandex-tank ã§ãã ç¹ã«ããã¡ã³ãã ã¯éãšããŠäœ¿çšãããããã«ã«ãŒããªããžãçæããçµæãåæããããã®ã¹ã¯ãªãããããã€ããããŸãã
Tcpdump ã¯ãããã¯ãŒã¯ ãã©ãã£ãã¯ã®åæã«äœ¿çšãããNmap ã¯ãµãŒããŒã®åæã«äœ¿çšãããŸãã L3&4 ã¬ãã«ã§è² è·ãäœæããã«ã¯ãOpenSSL ãš DPDK ã©ã€ãã©ãªã䜿çšããç¬èªã®éæ³ãå°ã䜿çšãããŸãã DPDK ã¯ãLinux ã¹ã¿ãã¯ããã€ãã¹ããŠãããã¯ãŒã¯ ã€ã³ã¿ãŒãã§ã€ã¹ãæäœã§ããããã«ãã Intel ã®ã©ã€ãã©ãªã§ãããã«ããå¹çãåäžããŸãã åœç¶ã®ããšãªãããDPDK 㯠L3 ããã³ 4 ã¬ãã«ã ãã§ãªããL7 ã¬ãã«ã§ã䜿çšãããŸããããã¯ãXNUMX å°ã®ãã·ã³ãã XNUMX ç§ãããæ°çŸäžãªã¯ãšã¹ãã®ç¯å²å
ã§éåžžã«é«ãè² è·ãããŒãäœæã§ããããã§ãã
ãŸããç¹å®ã®ãã©ãã£ã㯠ãžã§ãã¬ãŒã¿ãŒããç¹å®ã®ãã¹ãçšã«äœæããç¹å¥ãªããŒã«ã䜿çšããŸãã SSH ã§ã®è匱æ§ãæãåºããšãäžèšã®ã»ãããæªçšããããšã¯ã§ããŸããã ã¡ãŒã« ãããã³ã«ãæ»æããå Žåã¯ãã¡ãŒã« ãŠãŒãã£ãªãã£ã䜿çšããããåã«ãã®äžã«ã¹ã¯ãªãããäœæããŸãã
æèŠ
çµè«ãšããŠç§ã¯æ¬¡ã®ããã«èšããããšæããŸãã
- åŸæ¥ã®è² è·ãã¹ãã«å ããŠãã¹ãã¬ã¹ ãã¹ããå®æœããå¿ èŠããããŸãã ããŒãããŒã®äžè«ãæ¥è ãè² è·ãã¹ãã®ã¿ãå®è¡ããå®éã®äŸããããŸãã ããã¯ããªãœãŒã¹ãéåžžã®è² è·ã«èããããããšã瀺ããŠããŸãã ããããã®åŸãç°åžžãªè² è·ãçºçãããµã€ã蚪åè ããªãœãŒã¹ãå°ãç°ãªãæ¹æ³ã§äœ¿çšãå§ãããã®çµæãäžè«ãæ¥è ãåç£ããŸããã ãããã£ãŠããã§ã« DDoS æ»æããä¿è·ãããŠããå Žåã§ããè匱æ§ãæ¢ã䟡å€ããããŸãã
- ã·ã¹ãã ã®äžéšãä»ã®éšåããåé¢ããå¿ èŠããããŸãã æ€çŽ¢ãããå Žåã¯ããããå¥ã®ãã·ã³ (Docker ã«ãã移åããå¿ èŠã¯ãããŸãã) ã«ç§»åããå¿ èŠããããŸãã ãªããªããæ€çŽ¢ãæ¿èªã倱æããŠããå°ãªããšãäœãã¯åŒãç¶ãæ©èœããããã§ãã ãªã³ã©ã€ã³ ã¹ãã¢ã®å ŽåããŠãŒã¶ãŒã¯åŒãç¶ãã«ã¿ãã°ã§è£œåãæ€çŽ¢ããã¢ã°ãªã²ãŒã¿ãŒããã¢ã¯ã»ã¹ãããã§ã«æ¿èªãããŠããå Žåã¯è³Œå ¥ããããOAuth2 çµç±ã§æ¿èªããŸãã
- ããããçš®é¡ã®ã¯ã©ãŠã ãµãŒãã¹ãç¡èŠããªãã§ãã ããã
- CDN ã¯ããããã¯ãŒã¯é 延ãæé©åããããã ãã§ãªãããã£ãã«ã®æ¯æžãéçãã©ãã£ââãã¯ãžã®åçŽãªãã©ããã£ã³ã°ã«å¯Ÿããæ»æããä¿è·ããæ段ãšããŠã䜿çšããŸãã
- å°éã®ä¿è·ãµãŒãã¹ãå©çšããå¿ èŠããããŸãã ååãªãã£ãã«ããªãå¯èœæ§ãé«ãããããã£ãã« ã¬ãã«ã§ L3&4 æ»æãã身ãå®ãããšã¯ã§ããŸããã ãŸããL7 æ»æã¯éåžžã«å€§èŠæš¡ã«ãªãå¯èœæ§ããããããæéããå¯èœæ§ã¯ã»ãšãã©ãããŸããã ããã«ãå°èŠæš¡ãªæ»æã®æ¢çŽ¢ã¯äŸç¶ãšããŠç¹å¥ãªãµãŒãã¹ãç¹å¥ãªã¢ã«ãŽãªãºã ã®ç¹æš©ã§ãã
- å®æçã«æŽæ°ããŠãã ããã ããã¯ã«ãŒãã«ã ãã§ãªããSSH ããŒã¢ã³ã«ãåœãŠã¯ãŸããŸã (ç¹ã«ãSSH ããŒã¢ã³ãå€éšã«éããŠããå Žå)ã ç¹å®ã®è匱æ§ãèªåã§è¿œè·¡ã§ããå¯èœæ§ã¯äœããããååãšããŠãã¹ãŠãæŽæ°ããå¿ èŠããããŸãã
åºæïŒ habr.com