2020 幎ã®æåã® 65 ååæã§ãDDoS æ»æã®æ°ã¯ã»ãŒ XNUMX åã«å¢å ããŸããããã®ãã¡ã® XNUMX% ã¯ãå°èŠæš¡ãªãªã³ã©ã€ã³ ã¹ãã¢ããã©ãŒã©ã ãããã°ãã¡ãã£ã¢ã®ç¡é²åãªãµã€ããç°¡åã«ãç¡å¹åããããè² è·ãã¹ããã®åå§çãªè©Šã¿ã§ããã
DDoS ããä¿è·ããããã¹ãã£ã³ã°ãéžæããã«ã¯ã©ãããã°ããã§ãã? äžå¿«ãªäºæ ã«é¥ããªãããã«ã¯ãäœã«æ³šæããäœãæºåããã°ããã®ã§ããããïŒ
(å éšã®ãã°ã¬ãŒãããŒã±ãã£ã³ã°ã«å¯Ÿããã¯ã¯ãã³æ¥çš®)
DDoS æ»æãå®è¡ããããã®ããŒã«ãå©çšå¯èœã§ãããããŸããŸãªããŒã«ãããããããªã³ã©ã€ã³ ãµãŒãã¹ã®ææè ã¯è åšã«å¯Ÿæããããã®é©åãªæªçœ®ãè¬ããããšãæ±ããããŸãã DDoS ä¿è·ã«ã€ããŠã¯ãæåã®é害ãçºçããåŸã§ã¯ãªããã€ã³ãã©ã¹ãã©ã¯ãã£ã®ãã©ãŒã«ã ãã¬ã©ã³ã¹ãé«ããããã®äžé£ã®å¯Ÿçã®äžéšãšããŠã§ããªããé 眮ãããµã€ã (ãã¹ãã£ã³ã° ãããã€ããŒãŸãã¯ããŒã¿ ã»ã³ã¿ãŒ) ãéžæãã段éã§æ€èšããå¿ èŠããããŸãã
DDoS æ»æã¯ããã®è匱æ§ã Open Systems Interconnection (OSI) ã¢ãã«ã®ã¬ãã«ã«æªçšããããããã³ã«ã«å¿ããŠåé¡ãããŸãã
- ãã£ã³ãã«(L2)ã
- ãããã¯ãŒã¯(L3)ã
- ãã©ã³ã¹ããŒã (L4)ã
- é©çšãããŸã (L7)ã
ã»ãã¥ãªã㣠ã·ã¹ãã ã®èŠ³ç¹ããã¯ãã€ã³ãã©ã¹ãã©ã¯ã㣠ã¬ãã«ã®æ»æ (L2 ïœ L4) ãšã¢ããªã±ãŒã·ã§ã³ ã¬ãã«ã®æ»æ (L7) ã® XNUMX ã€ã®ã°ã«ãŒãã«äžè¬åã§ããŸãã ããã¯ããã©ãã£ãã¯åæã¢ã«ãŽãªãºã ã®å®è¡é åºãšèšç®ã®è€éãã«ãããã®ã§ããIP ãã±ãããæ·±ã調ã¹ãã»ã©ãããå€ãã®èšç®èœåãå¿ èŠã«ãªããŸãã
äžè¬ã«ããªã¢ã«ã¿ã€ã ã§ãã©ãã£ãã¯ãåŠçããéã®èšç®ã®æé©åã®åé¡ã¯ãå¥ã®äžé£ã®èšäºã®ãããã¯ã§ãã ããã§ãæ¡ä»¶ä»ãã§ç¡å¶éã®ã³ã³ãã¥ãŒãã£ã³ã° ãªãœãŒã¹ãåããã¢ããªã±ãŒã·ã§ã³ ã¬ãã«ã®æ»æ (å«ã) ãããµã€ããä¿è·ã§ããã¯ã©ãŠã ãããã€ããŒããããšæ³åããŠã¿ãŸãããã
DDoS æ»æã«å¯Ÿãããã¹ãã£ã³ã°ã®ã»ãã¥ãªãã£ã®çšåºŠãå€æããããã® 3 ã€ã®äž»ãªè³ªå
DDoS æ»æã«å¯Ÿããä¿è·ã«é¢ããå©çšèŠçŽãšããã¹ãã£ã³ã° ãããã€ããŒã®ãµãŒãã¹ ã¬ãã« ã¢ã°ãªãŒã¡ã³ã (SLA) ãèŠãŠã¿ãŸãããã ãããã«ã¯æ¬¡ã®è³ªåã«å¯Ÿããçããå«ãŸããŠããŸãã?
- ãµãŒãã¹ãããã€ããŒã¯ã©ã®ãããªæè¡çå¶éãæèšããŠããŸãã??
- 顧客ãéçãè¶ ãããã©ããªãã§ãããã?
- ãã¹ãã£ã³ã°ãããã€ããŒã¯ãDDoS æ»æã«å¯Ÿããä¿è·ãã©ã®ããã«æ§ç¯ããŸãã (ãã¯ãããžãŒããœãªã¥ãŒã·ã§ã³ããµãã©ã€ã€ãŒ)?
ãã®æ å ±ãèŠã€ãããªãå Žåã¯ããµãŒãã¹ ãããã€ããŒã®çå£åºŠã«ã€ããŠèããããåºæ¬ç㪠DDoS é²åŸ¡ (L3 ïœ 4) ãç¬èªã«çµç¹ããå¿ èŠããããŸãã ããšãã°ãå°éã®ã»ãã¥ãªã㣠ãããã€ããŒã®ãããã¯ãŒã¯ãžã®ç©çæ¥ç¶ã泚æããŸãã
éèŠïŒ ãã¹ãã£ã³ã° ãããã€ããŒãã€ã³ãã©ã¹ãã©ã¯ã㣠ã¬ãã«ã®æ»æã«å¯Ÿããä¿è·ãæäŸã§ããªãå ŽåããªããŒã¹ ãããã·ã䜿çšããŠã¢ããªã±ãŒã·ã§ã³ ã¬ãã«ã®æ»æã«å¯Ÿããä¿è·ãæäŸããŠãæå³ããããŸããããããã¯ãŒã¯æ©åšã¯éè² è·ã«ãªããã¯ã©ãŠã ãããã€ããŒã®ãããã· ãµãŒããŒãå«ããŠäœ¿çšã§ããªããªããŸã (å³) 1)ã
å³ 1. ãã¹ãã£ã³ã° ãããã€ããŒã®ãããã¯ãŒã¯ã«å¯ŸããçŽæ¥æ»æ
ãŸãããµãŒããŒã®å®éã® IP ã¢ãã¬ã¹ã¯ã»ãã¥ãªã㣠ãããã€ããŒã®ã¯ã©ãŠãã®èåŸã«é ãããŠãããçŽæ¥æ»æããããšã¯äžå¯èœã§ãããšããããšã話ã話ãããªãã§ãã ããã åäžå «ä¹ãæ»æè ããµãŒããŒå šäœã®å®éã® IP ã¢ãã¬ã¹ããŸãã¯å°ãªããšããã¹ãã£ã³ã° ãããã€ããŒã®ãããã¯ãŒã¯ãèŠã€ããŠãããŒã¿ ã»ã³ã¿ãŒå šäœããç Žå£ãããããšã¯é£ãããããŸããã
ããã«ãŒãå®éã® IP ã¢ãã¬ã¹ãæ±ããŠã©ã®ããã«è¡åããã
ã¹ãã€ã©ãŒã®äžã«ã¯ãå®éã® IP ã¢ãã¬ã¹ãèŠã€ããããã®ããã€ãã®æ¹æ³ããããŸã (æ å ±æäŸãç®çãšããŠèšèŒãããŠããŸã)ã
æ¹æ³ 1: ãªãŒãã³ãœãŒã¹ã§æ€çŽ¢ãã
ãªã³ã©ã€ã³ãµãŒãã¹ã§æ€çŽ¢ãéå§ã§ããŸã
ããã€ãã®å
å (HTTP ããããŒãWhois ããŒã¿ãªã©) ã«åºã¥ããŠããµã€ãã®ä¿è·ã Cloudflare ã䜿çšããŠçµç¹ãããŠãããšå€æã§ããå Žåã¯ã次ããå®éã® IP ã®æ€çŽ¢ãéå§ã§ããŸãã
SSL蚌ææžãšSSLãµãŒãã¹ã®äœ¿çš
_parsed.names: ååãµã€ããšã¿ã°.raw: ä¿¡é Œã§ãã
SSL 蚌ææžã䜿çšããŠãµãŒããŒã® IP ã¢ãã¬ã¹ãæ€çŽ¢ããã«ã¯ãããã€ãã®ããŒã«ã䜿çšããŠããããããŠã³ ãªã¹ããæåã§å®è¡ããå¿ èŠããããŸã ([æ¢çŽ¢] ã¿ã㧠[IPv4 ãã¹ã] ãéžæããŸã)ã
æ¹æ³ 2: DNS
DNS ã¬ã³ãŒãã®å€æŽå±¥æŽã®æ€çŽ¢ã¯ãå€ãããå®çžŸã®ããæ¹æ³ã§ãã ãµã€ãã®ä»¥åã® IP ã¢ãã¬ã¹ã«ããããã®ãµã€ããã©ã®ãã¹ãã£ã³ã° (ãŸãã¯ããŒã¿ ã»ã³ã¿ãŒ) ã«äœçœ®ããŠããã®ããæ確ã«ãªããŸãã 䜿ããããã®ç¹ã§ãªã³ã©ã€ã³ ãµãŒãã¹ã®äžã§éç«ã£ãŠããã®ã¯æ¬¡ã®ãšããã§ãã
èšå®ãå€æŽãããšããµã€ãã¯ã¯ã©ãŠã ã»ãã¥ãªã㣠ãããã€ããŒãŸã㯠CDN ã® IP ã¢ãã¬ã¹ãããã«ã¯äœ¿çšããŸãããããã°ããã®éã¯çŽæ¥åäœããŸãã ãã®å ŽåãIP ã¢ãã¬ã¹ã®å€æŽå±¥æŽãä¿åãããªã³ã©ã€ã³ ãµãŒãã¹ã«ããµã€ãã®éä¿¡å ã¢ãã¬ã¹ã«é¢ããæ å ±ãå«ãŸããŠããå¯èœæ§ããããŸãã
å€ã DNS ãµãŒããŒã®ååãããªãå Žåã¯ãç¹å¥ãªãŠãŒãã£ãªã㣠(digãhostããŸã㯠nslookup) ã䜿çšããŠããµã€ãã®ãã¡ã€ã³åã«ãã£ãŠ IP ã¢ãã¬ã¹ãèŠæ±ã§ããŸãã次ã«äŸã瀺ããŸãã
_dig @old_dns_server_name ååÑайÑа
æ¹æ³ 3: é»åã¡ãŒã«ã§éä¿¡ãã
ãã®æ¹æ³ã®èãæ¹ã¯ããã£ãŒãããã¯/ç»é²ãã©ãŒã (ãŸãã¯ã¬ã¿ãŒã®éä¿¡ãéå§ã§ãããã®ä»ã®æ¹æ³) ã䜿çšããŠãã¡ãŒã«ãžã®ã¬ã¿ãŒãåä¿¡ããããããŒãç¹ã«ãåä¿¡æžã¿ããã£ãŒã«ãã確èªããããšã§ãã ã
å€ãã®å Žåãé»åã¡ãŒã« ããããŒã«ã¯ MX ã¬ã³ãŒã (é»åã¡ãŒã«äº€æãµãŒããŒ) ã®å®éã® IP ã¢ãã¬ã¹ãå«ãŸããŠãããããã¯ã¿ãŒã²ããäžã®ä»ã®ãµãŒããŒãèŠã€ããããã®éå§ç¹ãšãªããŸãã
æ€çŽ¢èªååããŒã«
Cloudflare ã·ãŒã«ãã®èåŸã«ãã IP æ€çŽ¢ãœãããŠã§ã¢ã¯ãã»ãšãã©ã®å Žåã次㮠XNUMX ã€ã®ã¿ã¹ã¯ã§æ©èœããŸãã
- DNSDumpster.com ã䜿çšã㊠DNS ã®èšå®ãã¹ãã¹ãã£ã³ããŸãã
- Crimeflare.com ããŒã¿ããŒã¹ ã¹ãã£ã³ã
- èŸæžæ€çŽ¢æ¹æ³ã䜿çšããŠãµããã¡ã€ã³ãæ€çŽ¢ããŸãã
å€ãã®å Žåããµããã¡ã€ã³ãèŠã€ããããšã XNUMX ã€ã®ãªãã·ã§ã³ã®äžã§æãå¹æçã§ãããµã€ãææè
ã¯ã¡ã€ã³ ãµã€ããä¿è·ãããµããã¡ã€ã³ãçŽæ¥å®è¡ãç¶ããããšãã§ããŸãã ãã§ãã¯ããæãç°¡åãªæ¹æ³ã¯ã
ããã«ãèŸæžæ€çŽ¢ã䜿çšããŠãµããã¡ã€ã³ãæ€çŽ¢ãããããªãŒãã³ ãœãŒã¹ã§æ€çŽ¢ãããããããã ãã«èšèšããããŠãŒãã£ãªãã£ããããŸãã次ã«äŸã瀺ããŸãã
å®éã«æ€çŽ¢ãã©ã®ããã«è¡ãããã
ããšãã°ãCloudflare ã䜿çšããŠãµã€ã seo.com ãèããŠã¿ãŸãããããã®ãµã€ãã¯ãããç¥ããããµãŒãã¹ã䜿çšããŠæ€çŽ¢ããŸãã
ãIPv4 ãã¹ããã¿ããã¯ãªãã¯ãããšã蚌ææžã䜿çšããŠãããã¹ãã®ãªã¹ãããµãŒãã¹ã«è¡šç€ºãããŸãã å¿
èŠãªã¢ãã¬ã¹ãèŠã€ããã«ã¯ãããŒã 443 ãéããŠãã IP ã¢ãã¬ã¹ãæ¢ããŸããç®çã®ãµã€ãã«ãªãã€ã¬ã¯ããããå Žåã¯ãã¿ã¹ã¯ã¯å®äºã§ãããã以å€ã®å Žåã¯ããµã€ãã®ãã¡ã€ã³åãããã¹ããããããŒã«è¿œå ããå¿
èŠããããŸãã HTTP ãªã¯ãšã¹ã (äŸ: *curl -H "Host: site_name" *
ç§ãã¡ã®å ŽåãCensys ããŒã¿ããŒã¹ãæ€çŽ¢ããŠãäœã衚瀺ãããªãã£ãã®ã§ã次ã«é²ã¿ãŸãã
ãµãŒãã¹ãéããŠDNSæ€çŽ¢ãå®è¡ããŸã
CloudFail ãŠãŒãã£ãªãã£ã䜿çšããŠãDNS ãµãŒããŒã®ãªã¹ãã«èšèŒãããŠããã¢ãã¬ã¹ãæ€çŽ¢ãããšãåäœäžã®ãªãœãŒã¹ãèŠã€ãããŸãã çµæã¯æ°ç§ä»¥å ã«è¡šç€ºãããŸãã
ãªãŒãã³ ããŒã¿ãšã·ã³ãã«ãªããŒã«ã®ã¿ã䜿çšããŠãWeb ãµãŒããŒã®å®éã® IP ã¢ãã¬ã¹ãç¹å®ããŸããã æ»æåŽã®æ®ãã¯æè¡ã®åé¡ã§ãã
ãã¹ãã£ã³ã°ãããã€ããŒã®éžæã«æ»ããŸãããã ã客æ§ã«ãšã£ãŠã®ãµãŒãã¹ã®å©ç¹ãè©äŸ¡ããããã«ãDDoS æ»æã«å¯Ÿããå¯èœãªä¿è·æ¹æ³ãæ€èšããŸãã
ãã¹ãã£ã³ã°ãããã€ããŒãä¿è·ãæ§ç¯ããæ¹æ³
- ãã£ã«ã¿è£
眮ãåããç¬èªã®ä¿è·ã·ã¹ãã (å³ 2)ã
å¿ èŠïŒ
1.1. ãã©ãã£ãã¯ãã£ã«ã¿ãªã³ã°æ©åšããã³ãœãããŠã§ã¢ã©ã€ã»ã³ã¹ã
1.2. ãµããŒããšéçšãæ åœãããã«ã¿ã€ã ã®å°é家ã
1.3. æ»æãåããã®ã«ååãªã€ã³ã¿ãŒããã ã¢ã¯ã»ã¹ ãã£ãã«ã
1.4. ããžã£ã³ã¯ããã©ãã£ãã¯ãåä¿¡ããããã®ããªãã®ããªãã€ã ãã£ãã«åž¯åå¹ ã
å³ 2. ãã¹ãã£ã³ã°ãããã€ããŒç¬èªã®ã»ãã¥ãªãã£ã·ã¹ãã
ããã§èª¬æããã·ã¹ãã ããæ°çŸ Gbps ã®ææ°ã® DDoS æ»æã«å¯Ÿããä¿è·æ段ãšããŠèãããšããã®ãããªã·ã¹ãã ã«ã¯å€é¡ã®è²»çšãããããŸãã ãã¹ãã£ã³ã°ãããã€ããŒã«ã¯ãã®ãããªä¿è·ããããŸãã? 圌ã¯ããžã£ã³ã¯ããã©ãã£ãã¯ã®æéãæ¯æãæºåãã§ããŠããŸãã? æéã«è¿œå ã®æ¯æããèŠå®ãããŠããªãå Žåããã®ãããªçµæžã¢ãã«ã¯ãããã€ããŒã«ãšã£ãŠæ¡ç®ãåããªãããšã¯æããã§ãã - ãªããŒã¹ ãããã· (Web ãµã€ãããã³äžéšã®ã¢ããªã±ãŒã·ã§ã³ã®ã¿)ã æ°åãããã«ãããããã
ã¡ãªãã ããµãã©ââã€ã€ãŒã¯çŽæ¥ç㪠DDoS æ»æã«å¯Ÿããä¿è·ãä¿èšŒããŸãã (å³ 1 ãåç §)ã ãã¹ãã£ã³ã° ãããã€ããŒã¯ãã»ãã¥ãªã㣠ãããã€ããŒã«è²¬ä»»ã移ããŠãäžèœè¬ã®ãããªãœãªã¥ãŒã·ã§ã³ãæäŸããããšããããããŸãã - ãããã OSI ã¬ãã«ã§ã® DDoS æ»æããä¿è·ããããã®ãå°éã®ã¯ã©ãŠã ãããã€ããŒã®ãµãŒãã¹ (ãã®ãã£ã«ã¿ãªã³ã° ãããã¯ãŒã¯ã®äœ¿çš) (å³ 3)ã
å³ 3. å°éãããã€ããŒã䜿çšãã DDoS æ»æã«å¯Ÿããå æ¬çãªä¿è·
ãœãªã¥ãŒã·ã§ã³ åæ¹ã®æ·±ãçµ±åãšé«ãã¬ãã«ã®æè¡çèœåãåæãšãªããŸãã ãã©ãã£ã㯠ãã£ã«ã¿ãªã³ã° ãµãŒãã¹ãã¢ãŠããœãŒã·ã³ã°ãããšããã¹ãã£ã³ã° ãããã€ããŒã¯é¡§å®¢ã®è¿œå ãµãŒãã¹ã®äŸ¡æ Œãåæžã§ããŸãã
éèŠïŒ æäŸããããµãŒãã¹ã®æè¡çç¹åŸŽã詳现ã«èšè¿°ãããŠããã»ã©ããã®å®è£ ãããŠã³ã¿ã€ã ã®å Žåã®è£åãèŠæ±ãããå¯èœæ§ãé«ããªããŸãã
äž»èŠãª XNUMX ã€ã®æ¹æ³ä»¥å€ã«ããããŸããŸãªçµã¿åãããçµã¿åããããããŸãã ãã¹ãã£ã³ã°ãéžæããéã顧客ã¯ããã®æ±ºå®ãããããã¯ãããæ»æã®ä¿èšŒèŠæš¡ããã£ã«ã¿ãªã³ã°ã®ç²ŸåºŠã ãã§ãªããå¿çé床ãæ å ±å 容 (ãããã¯ãããæ»æã®ãªã¹ããäžè¬çãªçµ±èšãªã©ïŒã
蚱容å¯èœãªã¬ãã«ã®ä¿è·ãç¬èªã«æäŸã§ãããã¹ãã£ã³ã° ãããã€ããŒã¯äžçäžã§ã»ãã®ãããã§ããããšãèŠããŠãããŠãã ãããå Žåã«ãã£ãŠã¯ãååãšæè¡çãªãã©ã·ãŒã圹ç«ã€ããšããããŸãã ãããã£ãŠãDDoS æ»æã«å¯Ÿããä¿è·ãçµç¹ããããã®åºæ¬ååãç解ããã°ããµã€ãææè ã¯ããŒã±ãã£ã³ã°ææ³ã«éšããããããè±ãã€ã€ããããšãé¿ããããšãã§ããŸãã
åºæïŒ habr.com