ãã®èšäºã¯ãããããã¯ãŒã¯ ã€ã³ãã©ã¹ãã©ã¯ãã£ãå¶åŸ¡ããæ¹æ³ãã·ãªãŒãºã® XNUMX çªç®ã§ãã ã·ãªãŒãºã®ãã¹ãŠã®èšäºã®å
容ãšãªã³ã¯ãèŠã€ãããŸãã
Ð
ã€ã³ã¿ãŒãããã¢ã¯ã»ã¹
ã»ãã¥ãªãã£ã®ãããã¯ã¯ãééããªããããŒã¿ ãããã¯ãŒã¯ã®äžçã§æãè€éãªãããã¯ã® XNUMX ã€ã§ãã ãããŸã§ã®äŸãšåæ§ã«ãæ·±ããšå®å šæ§ã䞻匵ããããšã¯ããã«ãããã§ã¯éåžžã«åçŽã§ãããç§ã®æèŠã§ã¯éèŠãªè³ªåãšããã®çãããããã¯ãŒã¯ã®ã»ãã¥ãªãã£ã®ã¬ãã«ãäžããã®ã«åœ¹ç«ã€ããšãé¡ã£ãŠããŸãã
ãã®ã»ã°ã¡ã³ããç£æ»ãããšãã¯ã次ã®ç¹ã«æ³šæããŠãã ããã
- ãã¶ã€ã³
- BGPèšå®
- DOS/DDOS ä¿è·
- ãã¡ã€ã¢ãŠã©ãŒã«ã§ã®ãã©ãã£ãã¯ãã£ã«ã¿ãªã³ã°
ãã¶ã€ã³
ãšã³ã¿ãŒãã©ã€ãº ãããã¯ãŒã¯ã®ãã®ã»ã°ã¡ã³ãã®èšèšäŸãšããŠã次ããå§ãããŸãã
ãã¡ãããä»ã®ãã³ããŒã®ãœãªã¥ãŒã·ã§ã³ã®æ¹ãé
åçã«èŠãããããããŸãã (ãããåç
§)ã
泚æïŒ
SAFE ã§ã¯ãããªã¢ãŒã ã¢ã¯ã»ã¹ãã»ã°ã¡ã³ãã¯ãã€ã³ã¿ãŒããã ã¢ã¯ã»ã¹ãã»ã°ã¡ã³ãã®äžéšã§ãã ãã ãããã®äžé£ã®èšäºã§ã¯ããããåå¥ã«æ€èšããŸãã
ãã®ã»ã°ã¡ã³ãã®ãšã³ã¿ãŒãã©ã€ãº ãããã¯ãŒã¯çšã®æšæºæ©åšã»ããã¯æ¬¡ã®ãšããã§ãã
- ããŒããŒã«ãŒã¿ãŒ
- ãã¡ã€ã¢ãŠã©ãŒã«
åè1
ãã®äžé£ã®èšäºã§ãã¡ã€ã¢ãŠã©ãŒã«ã«ã€ããŠè©±ããšããç§ã¯æ¬¡ã®ããšãæå³ããŸãã
NGFW .
åè2
ããã§ã¯ãL2/L1 æ¥ç¶ã確ä¿ããããã«å¿ èŠãªããŸããŸãªçš®é¡ã® L2/L3 ãŸãã¯ãªãŒããŒã¬ã€ L1 over L2 ãœãªã¥ãŒã·ã§ã³ã®èæ ®ãçç¥ããL3 ã¬ãã«ä»¥äžã®åé¡ã®ã¿ã«éå®ããŸãã L1/L2 ã®åé¡ã«ã€ããŠã¯ãããã®ç« ã§éšåçã«èª¬æããŸããã
ã¯ãªãŒãã³ã°ãšææžå "
ãã®ã»ã°ã¡ã³ãã§ãã¡ã€ã¢ãŠã©ãŒã«ãèŠã€ãããªãã£ãå Žåã§ããçµè«ãæ¥ãå¿ èŠã¯ãããŸããã
ãšåãããã«ãã£ãŠã¿ãŸããã
ããã¯ããã¡ã€ã¢ãŠã©ãŒã«ã䜿çšããè€éãªãã©ãã£ã㯠ãã£ã«ã¿ãªã³ã° ã¢ã«ãŽãªãºã ãé©çšããã®ã«æãæ£åœãªå Žæã§ãããšèšããŸãã ã§
äŸ1ã é ã
ã€ã³ã¿ãŒãããã«é¢ããŠã¯ã1ããªç§çšåºŠã®é 延ãèšã£ãŠãä»æ¹ããããŸããã ãããã£ãŠããã®ã»ã°ã¡ã³ãã®é 延ããã¡ã€ã¢ãŠã©ãŒã«ã®äœ¿çšãå¶éããèŠå ã«ãªãããšã¯ãããŸããã
äŸ2ã ÐÑПОзвПЎОÑелÑМПÑÑÑ
å Žåã«ãã£ãŠã¯ããã®èŠå ãäŸç¶ãšããŠéèŠã§ããå¯èœæ§ããããŸãã ãããã£ãŠãäžéšã®ãã©ãã£ã㯠(ããŒã ãã©ã³ãµãŒããã®ãã©ãã£ãã¯ãªã©) ããã¡ã€ã¢ãŠã©ãŒã«ããã€ãã¹ã§ããããã«ããå¿ èŠãããå ŽåããããŸãã
äŸ3ã ä¿¡é Œæ§
ãã®èŠçŽ ã¯äŸç¶ãšããŠèæ ®ããå¿ èŠããããŸãããã€ã³ã¿ãŒãããèªäœã®ä¿¡é Œæ§ãäœãããšãèãããšããã®ã»ã°ã¡ã³ãã«ãããéèŠæ§ã¯ããŒã¿ã»ã³ã¿ãŒã»ã©éèŠã§ã¯ãããŸããã
ãããã£ãŠããµãŒãã¹ã http/https äžã«ååšãããšä»®å®ããŸã (ã»ãã·ã§ã³ã¯çã)ã ãã®å ŽåãXNUMX ã€ã®ç¬ç«ããããã¯ã¹ (HA ãªã) ã䜿çšãããã®ãã¡ã® XNUMX ã€ã«ã«ãŒãã£ã³ã°ã®åé¡ãããå Žåããã¹ãŠã®ãã©ãã£ãã¯ã XNUMX çªç®ã®ããã¯ã¹ã«è»¢éã§ããŸãã
ãŸãã¯ããã¡ã€ã¢ãŠã©ãŒã«ããã©ã³ã¹ãã¢ã¬ã³ã ã¢ãŒãã§äœ¿çšãããã¡ã€ã¢ãŠã©ãŒã«ã«é害ãçºçããå Žåã«ãåé¡ã解決ããªãããã©ãã£ãã¯ããã¡ã€ã¢ãŠã©ãŒã«ããã€ãã¹ã§ããããã«ããããšãã§ããŸãã
ãããã£ãŠãããããåã« äŸ¡æ Œ ãã®ã»ã°ã¡ã³ãã§ã®ãã¡ã€ã¢ãŠã©ãŒã«ã®äœ¿çšãæŸæ£ããããåŸãªããªãèŠå ãšãªãå¯èœæ§ããããŸãã
éèŠïŒ
ãã®ãã¡ã€ã¢ãŠã©ãŒã«ãããŒã¿ã»ã³ã¿ãŒã®ãã¡ã€ã¢ãŠã©ãŒã«ãšçµã¿åãããããšããèªæããããŸã (ãããã®ã»ã°ã¡ã³ãã«å¯Ÿã㊠XNUMX ã€ã®ãã¡ã€ã¢ãŠã©ãŒã«ã䜿çšããŸã)ã 解決çã¯åççã«ã¯å¯èœã§ããã次ã®ç¹ãç解ããŠããå¿ èŠããããŸãã ã€ã³ã¿ãŒããã ã¢ã¯ã»ã¹ ãã¡ã€ã¢ãŠã©ãŒã«ã¯å®éã«ã¯é²åŸ¡ã®æåç·ã«ãããæªæã®ãããã©ãã£ãã¯ã®å°ãªããšãäžéšããåŒãåããããããåœç¶ããã®ãã¡ã€ã¢ãŠã©ãŒã«ãç¡å¹ã«ãªããªã¹ã¯ã®å¢å ãèæ ®ããå¿ èŠããããŸãã ã€ãŸããããã XNUMX ã€ã®ã»ã°ã¡ã³ãã§åãããã€ã¹ã䜿çšãããšãããŒã¿ã»ã³ã¿ãŒ ã»ã°ã¡ã³ãã®å¯çšæ§ãå€§å¹ ã«äœäžããŸãã
ãã€ãã®ããã«ãäŒæ¥ãæäŸãããµãŒãã¹ã«å¿ããŠããã®ã»ã°ã¡ã³ãã®èšèšã¯å€§ããç°ãªãå¯èœæ§ãããããšãç解ããå¿ èŠããããŸãã ãã€ãã®ããã«ãèŠä»¶ã«å¿ããŠããŸããŸãªã¢ãããŒããéžæã§ããŸãã
äŸ
CDN ãããã¯ãŒã¯ã䜿çšããã³ã³ãã³ã ãããã€ããŒã®å Žå (ããšãã°ã次ãåç §)
äžé£ã®èšäº ) ã®å Žåããã©ãã£ãã¯ã®ã«ãŒãã£ã³ã°ãšãã£ã«ã¿ãªã³ã°ã«å¥åã®ããã€ã¹ã䜿çšããŠãæ°åãããã«ã¯æ°çŸã®ãã€ã³ã ãªã ãã¬ãŒã³ã¹ã«ãããã€ã³ãã©ã¹ãã©ã¯ãã£ãäœæããããªãå ŽåããããŸãã è²»çšããããããåçŽã«äžå¿ èŠãããããŸãããBGP ã®å Žåãå¿ ãããå°çšã«ãŒã¿ãŒãçšæããå¿ èŠã¯ãªãã次ã®ãããªãªãŒãã³ãœãŒã¹ ããŒã«ã䜿çšã§ããŸãã
ã¯ã¢ã㬠ã ãããã£ãŠãããããå¿ èŠãªã®ã¯ãXNUMX å°ãŸãã¯è€æ°ã®ãµãŒããŒãã¹ã€ãããããã³ BGP ã ãã§ãããã®å ŽåããµãŒããŒãŸãã¯è€æ°ã®ãµãŒããŒã CDN ãµãŒããŒã ãã§ãªãã«ãŒã¿ãŒã®åœ¹å²ãæããããšãã§ããŸãã ãã¡ããã詳现ã¯ãŸã ãããããããŸã (ãã©ã³ã¹ã確ä¿ããæ¹æ³ãªã©) ããå®è¡å¯èœã§ãããåœç€Ÿã®ããŒãããŒã® XNUMX 瀟ã§äœ¿çšããŠæåããã¢ãããŒãã§ãã
å®å šãªä¿è· (ã€ã³ã¿ãŒããã ãããã€ããŒãæäŸãããã¡ã€ã¢ãŠã©ãŒã«ãDDOS ä¿è·ãµãŒãã¹) ãåããè€æ°ã®ããŒã¿ ã»ã³ã¿ãŒãšãL2 ã¹ã€ãããšãµãŒããŒã®ã¿ãåããæ°åãŸãã¯æ°çŸã®ãç°¡çŽ åãããããã€ã³ã ãªã ãã¬ãŒã³ã¹ãæã€ããšãã§ããŸãã
ãããããã®å Žåã®ä¿è·ã¯ã©ããªãã®ã§ããããïŒ
ããšãã°ãæè¿äººæ°ã®ãããã®ãèŠãŠã¿ãŸãããã
DNS å¢å¹ DDOS æ»æ ã ãã®å±éºæ§ã¯ã倧éã®ãã©ãã£ãã¯ãçæããããã¹ãŠã®ã¢ãããªã³ã¯ã 100% åã«ãè©°ãŸãããšããäºå®ã«ãããŸããç§ãã¡ã®ãã¶ã€ã³ã®å Žåã¯ã©ããªãã§ããããã
- AnyCast ã䜿çšããå Žåããã©ãã£ãã¯ã¯ãã€ã³ã ãªã ãã¬ãŒã³ã¹éã§åæ£ãããŸãã åèšåž¯åå¹ ããã©ãããã®å Žåãããèªäœãå®éã« (ãã ããæè¿ããã©ãããåäœã®æªæã®ãããã©ãã£ãã¯ã«ããæ»æãããã€ããããŸã)ãã¢ãããªã³ã¯ã®ããªãŒããŒãããŒãããä¿è·ããŸãã
- ãã ããäžéšã®ã¢ãããªã³ã¯ãè©°ãŸã£ãå Žåã¯ããã®ãµã€ãããµãŒãã¹ããåé€ããã ãã§ã (ãã¬ãã£ãã¯ã¹ã®ã¢ããã¿ã€ãºãåæ¢ããŸã)ã
- ãŸãããå®å šãªãïŒãããã£ãŠä¿è·ãããïŒããŒã¿ã»ã³ã¿ãŒããéä¿¡ããããã©ãã£ãã¯ã®å²åãå¢ããããšãã§ãããããä¿è·ãããŠããªããã€ã³ã ãªã ãã¬ãŒã³ã¹ããæªæã®ãããã©ãã£ãã¯ã®ããªãã®éšåãé€å»ã§ããŸãã
ãã®äŸã«ã¯ãã XNUMX ã€ã®å°ããªã¡ã¢ããããŸãã IX çµç±ã§ååãªãã©ãã£ãã¯ãéä¿¡ãããšããã®ãããªæ»æã«å¯Ÿããè匱æ§ã軜æžãããŸãã
BGP ã®èšå®
ããã«ã¯ XNUMX ã€ã®ãããã¯ããããŸãã
- æ¥ç¶æ§
- BGP ã®èšå®
æ¥ç¶æ§ã«ã€ããŠã¯ãã§ã«å°ã説æããŸããã
äŸ1
ããªãã亀ææ¥è ã§ãããã¯ã©ã€ã¢ã³ãã«ãšã£ãŠããªç§æªæºã®æéééãéèŠã§ããå Žåãåœç¶ãã€ã³ã¿ãŒãããã®çš®é¡ã«ã€ããŠã¯ãŸã£ãã話ã«ãªããŸããã
äŸ2
ããªããã²ãŒã äŒç€Ÿã§ãæ°åããªç§ãéèŠã§ããå Žåãåœç¶ãæ¥ç¶ã¯éåžžã«éèŠã§ãã
äŸ3
ãŸããTCP ãããã³ã«ã®ç¹æ§ã«ãããXNUMX ã€ã® TCP ã»ãã·ã§ã³å ã®ããŒã¿è»¢éé床㯠RTT (åŸåŸ©æé) ã«ãäŸåããããšãç解ããå¿ èŠããããŸãã CDN ãããã¯ãŒã¯ããã³ã³ãã³ãé ä¿¡ãµãŒããŒãã³ã³ãã³ãã®æ¶è²»è ã®è¿ãã«ç§»åããããšã§ãã®åé¡ã解決ããããã«æ§ç¯ãããŠããŸãã
æ¥ç¶ã®ç 究ã¯ããèªäœèå³æ·±ããããã¯ã§ãããåç¬ã®èšäºãŸãã¯äžé£ã®èšäºãäœæãã䟡å€ããããã€ã³ã¿ãŒããããã©ã®ããã«ãæ©èœãããããååã«ç解ããå¿ èŠããããŸãã
圹ç«ã€ãªãœãŒã¹:
äŸ
å°ããªäŸã XNUMX ã€ã ãæããŠã¿ãŸãããã
ããŒã¿ã»ã³ã¿ãŒãã¢ã¹ã¯ã¯ã«ãããåäžã®ã¢ãããªã³ã¯ãRostelecom (AS12389) ããããšä»®å®ããŸãã ãã®å Žå (ã·ã³ã°ã« ããŒã )ãBGP ã¯å¿ èŠãªããRostelecom ã®ã¢ãã¬ã¹ ããŒã«ããããªã㯠ã¢ãã¬ã¹ãšããŠäœ¿çšããå¯èœæ§ãé«ããªããŸãã
ããªããç¹å®ã®ãµãŒãã¹ãæäŸããŠãããååãªæ°ã®ãŠã¯ã©ã€ãããã®ã¯ã©ã€ã¢ã³ããããŠã圌ããé·ãé 延ã«ã€ããŠèŠæ ãèšã£ãŠãããšä»®å®ããŸãããã 調æ»äžã«ããããã®äžéšã® IP ã¢ãã¬ã¹ã 37.52.0.0/21 ã°ãªããå ã«ããããšãããããŸããã
ãã¬ãŒã¹ã«ãŒããå®è¡ãããšããã©ãã£ãã¯ã AS1299 (Telia) ãééããŠããããšãããããping ãå®è¡ãããšãå¹³å RTT ã 70 ïœ 80 ããªç§ã§ããã ããã¯æ¬¡ã®ãµã€ãã§ãèŠãããšãã§ããŸã
æ¢ããŠããã¬ã©ã¹ ãã¹ãã¬ã³ã .Whois ãŠãŒãã£ãªã㣠(ripe.net ãŸãã¯ããŒã«ã« ãŠãŒãã£ãªãã£äž) ã䜿çšãããšãããã㯠37.52.0.0/21 ã AS6849 (Ukrtelecom) ã«å±ããŠããããšãç°¡åã«å€æã§ããŸãã
次ã«ãã«è¡ãããšã§ã
bgp.he.net AS6849 㯠AS12389 ãšé¢ä¿ããªãããšãããããŸã (ãããã¯çžäºã«ã¯ã©ã€ã¢ã³ãã§ãã¢ãããªã³ã¯ã§ãããã¢ãªã³ã°ããããŸãã)ã ããããèŠãŠã¿ããšããã¢ã®ãªã¹ã AS6849 ã®å Žåãããšãã°ãAS29226 (Mastertel) ããã³ AS31133 (Megafon) ã衚瀺ãããŸãããããã®ãããã€ããŒã®æ€çŽ¢çµæãèŠã€ãããããã¹ãš RTT ãæ¯èŒã§ããŸãã ããšãã°ãMastertel ã®å ŽåãRTT ã¯çŽ 30 ããªç§ã«ãªããŸãã
ãããã£ãŠã80 ããªç§ãš 30 ããªç§ã®å·®ããµãŒãã¹ã«ãšã£ãŠéèŠãªå Žåã¯ãæ¥ç¶ã«ã€ããŠæ€èšããAS çªå·ãšã¢ãã¬ã¹ ããŒã«ã RIPE ããååŸããè¿œå ã®ã¢ãããªã³ã¯ãæ¥ç¶ããããIX äžã«ãã€ã³ã ãªã ãã¬ãŒã³ã¹ãäœæããå¿ èŠããããããããŸããã
BGP ã䜿çšãããšãæ¥ç¶ãæ¹åã§ããã ãã§ãªããã€ã³ã¿ãŒãããæ¥ç¶ãåé·çã«ç¶æããããšãã§ããŸãã
DOS/DDOS ä¿è·
çŸåšãDOS/DDOS æ»æã¯å€ãã®äŒæ¥ã«ãšã£ãŠæ¥åžžçãªçŸå®ãšãªã£ãŠããŸãã å®éãããªãã¯äœããã®åœ¢ã§é »ç¹ã«æ»æãåããŠããŸãã ããªããããã«ãŸã æ°ã¥ããŠããªããšããäºå®ã¯ãããªãã«å¯ŸããŠæšçåæ»æããŸã çµç¹ãããŠããããããããæ°ã¥ããã«äœ¿çšããŠããä¿è·æ段 (ãªãã¬ãŒãã£ã³ã° ã·ã¹ãã ã«çµã¿èŸŒãŸããŠããããŸããŸãªä¿è·æ段) ããæ»æãåŒãèµ·ããã®ã«ååã§ããããšãæå³ããŸããããªããšããªãã®é¡§å®¢ã®ããã«æäŸããããµãŒãã¹ã®äœäžãæå°éã«æããããããã«ããŸãã
æ©åšã®ãã°ã«åºã¥ããŠããªã¢ã«ã¿ã€ã ã§çŸããæ»æããããæç»ããã€ã³ã¿ãŒããã ãªãœãŒã¹ããããŸãã
ç§ã®ãæ°ã«å
¥ã
DDOS/DOS ã«å¯Ÿããä¿è·ã¯éåžžãéå±€åãããŠããŸãã ãã®çç±ãç解ããã«ã¯ãã©ã®ãããªçš®é¡ã® DOS/DDOS æ»æãååšããããç解ããå¿
èŠããããŸã (ããšãã°ã次ãåç
§)ã
ã€ãŸãã次㮠XNUMX çš®é¡ã®æ»æããããŸãã
- ããªã¥ãŒã æ»æ
- ãããã³ã«æ»æ
- ã¢ããªã±ãŒã·ã§ã³æ»æ
ããšãã°ããã¡ã€ã¢ãŠã©ãŒã«ã䜿çšããŠæåŸã® XNUMX çš®é¡ã®æ»æãã身ãå®ãããšãã§ãããšããŠããã¢ãããªã³ã¯ããå§åãããããšãç®çãšããæ»æãã身ãå®ãããšã¯ã§ããŸãã (ãã¡ãããã€ã³ã¿ãŒããã ãã£ãã«ã®ç·å®¹éããã©ãããåäœã§èšç®ãããŠããªãå Žåã¯ããããã¯ãããã«è¯ãã®ã¯ãæ°åãã©ãããåäœã§ã)ã
ãããã£ãŠãé²åŸ¡ã®ç¬¬äžç·ã¯ã倧éãæ»æã«å¯Ÿããä¿è·ã§ããããããã€ããŒã¯ãã®ä¿è·ãæäŸããå¿ èŠããããŸãã ãŸã ããã«æ°ã¥ããŠããªãã®ãªããä»ã¯ãã 幞éãªã ãã§ãã
äŸ
è€æ°ã®ã¢ãããªã³ã¯ããããããã®ä¿è·ãæäŸã§ãããããã€ããŒã¯ XNUMX ã€ã ãã§ãããšããŸãã ãããããã¹ãŠã®ãã©ãã£ãã¯ã XNUMX ã€ã®ãããã€ããŒãçµç±ããå Žåãå ã»ã©ç°¡åã«èª¬æããæ¥ç¶ã¯ã©ããªãã§ãããã?
ãã®å Žåãæ»æäžã«æ¥ç¶ãéšåçã«ç ç²ã«ããå¿ èŠããããŸãã ããã
- ããã¯æ»æã®éã®ã¿ã§ãã æ»æãçºçããå Žåã¯ããã©ãã£ãã¯ããã¢ã³ãã¬ã©ããæäŸãããããã€ããŒã®ã¿ãééããããã« BGP ãæåãŸãã¯èªåã§åæ§æã§ããŸãã æ»æãçµãã£ãããã«ãŒãã£ã³ã°ã以åã®ç¶æ ã«æ»ãããšãã§ããŸã
- ãã¹ãŠã®ãã©ãã£ãã¯ã転éããå¿ èŠã¯ãããŸããã ããšãã°ãäžéšã®ã¢ãããªã³ã¯ãŸãã¯ãã¢ãªã³ã°ãä»ããæ»æããªãããšãããã£ãå Žå (ãŸãã¯ãã©ãã£ãã¯ãéèŠã§ã¯ãªãå Žå)ããããã® BGP ãã€ããŒã«åããŠç«¶åå±æ§ãæã€ãã¬ãã£ãã¯ã¹ãã¢ããã¿ã€ãºãç¶ããããšãã§ããŸãã
ããããã³ã«æ»æãããã¢ããªã±ãŒã·ã§ã³æ»æãããã®ä¿è·ãããŒãããŒã«å§ä»»ããããšãã§ããŸãã
ããã§
ååãšããŠãèªåèªèº«ãããã«éå®ããä¿è·ãå®å šã«ã¢ãŠããœãŒã·ã³ã°ããããšãã§ããŸãã ãã®æ±ºå®ã«ã¯å©ç¹ããããŸãããæãããªæ¬ ç¹ããããŸãã äºå®ã¯ãïŒãããäŒç€Ÿã®åãçµã¿æ¬¡ç¬¬ã§ããïŒããžãã¹ã®åç¶ã«ã€ããŠè©±ãåãããšãã§ãããšããããšã§ãã ãããŠããã®ãããªããšã¯ç¬¬äžè ã«ä»»ããŠãã ãã...
ãããã£ãŠã(ãããã€ããŒããã®ä¿è·ã«å ããŠ) 第 XNUMX ããã³ç¬¬ XNUMX ã®é²åŸ¡ç·ãç·šæããæ¹æ³ãèŠãŠã¿ãŸãããã
ãããã£ãŠã第 XNUMX ã®é²åŸ¡ç·ã¯ããããã¯ãŒã¯ã®å ¥ãå£ã«ãããã£ã«ã¿ãªã³ã°ãšãã©ãã£ã㯠ãªããã¿ãŒ (ããªãµãŒ) ã§ãã
äŸ1
ããããã®ãããã€ããŒã®å©ããåããŠãDDOS ã«å¯ŸããŠåããã¶ãããšä»®å®ããŸãããã ãã®ãããã€ããŒã Arbor ã䜿çšããŠãã©ãã£ãã¯ããã£ã«ã¿ãªã³ã°ãããããã¯ãŒã¯ã®ãšããžã§ãã£ã«ã¿ãªã³ã°ãããšä»®å®ããŸãã
Arbor ããåŠçãã§ãã垯åå¹ ã¯éãããŠããããããã€ããŒã¯åœç¶ã®ããšãªããããã®ãµãŒãã¹ã泚æãããã¹ãŠã®ããŒãããŒã®ãã©ãã£ãã¯ãåžžã«ãã£ã«ã¿ãªã³ã°è£ 眮ãééãããããšã¯ã§ããŸããã ãããã£ãŠãéåžžã®ç¶æ ã§ã¯ããã©ãã£ãã¯ã¯ãã£ã«ã¿ãªã³ã°ãããŸããã
SYN ãã©ããæ»æããã£ããšä»®å®ããŸãã æ»æãçºçããå Žåã«ãã©ãã£ãã¯ãèªåçã«ãã£ã«ã¿ãªã³ã°ã«åãæ¿ãããµãŒãã¹ã泚æããå Žåã§ãããããå³åº§ã«è¡ãããããã§ã¯ãããŸããã XNUMX å以äžæ»æãåãç¶ããŸãã ãããŠãããã¯æ©åšã®æ éããµãŒãã¹ã®äœäžã«ã€ãªããå¯èœæ§ããããŸãã ãã®å Žåããšããž ã«ãŒãã£ã³ã°ã§ãã©ãã£ãã¯ãå¶éãããšããã®éã«äžéšã® TCP ã»ãã·ã§ã³ã確ç«ãããªããªããŸãããã€ã³ãã©ã¹ãã©ã¯ãã£ã倧èŠæš¡ãªåé¡ããå®ãããšãã§ããŸãã
äŸ2
ç°åžžã«å€æ°ã® SYN ãã±ãããçºçããã®ã¯ãSYN ãã©ããæ»æã ããåå ã§ã¯ãªãå¯èœæ§ããããŸãã (100 ã€ã®ããŒã¿ã»ã³ã¿ãŒã«å¯ŸããŠ) çŽ XNUMX äžã® TCP æ¥ç¶ãåæã«å®è¡ã§ãããµãŒãã¹ãæäŸãããšä»®å®ããŸãã
äž»èŠãããã€ããŒã® 50 ã€ã§çæçãªåé¡ãçºçããçµæãã»ãã·ã§ã³ã®ååãåæããããšããŸãã ã¢ããªã±ãŒã·ã§ã³ããæ·±ãèããã«ããã« (ãŸãã¯ãã¹ãŠã®ã»ãã·ã§ã³ã§åãäžå®ã®æéééã眮ããŠ) æ¥ç¶ãå確ç«ããããšããããã«èšèšãããŠããå ŽåãçŽ XNUMX å以äžã® SYN ãã±ãããåä¿¡ããããšã«ãªããŸããåæã«ã
ããšãã°ã蚌ææžã®äº€æã䌎ããããã®ã»ãã·ã§ã³äžã§ ssl/tls ãã³ãã·ã§ã€ã¯ãå®è¡ããå¿ èŠãããå ŽåãããŒã ãã©ã³ãµãŒã®ãªãœãŒã¹ãæ¯æžããããšãã芳ç¹ããèŠããšãããã¯åçŽãªãDDOSããããã¯ããã«åŒ·åãªãDDOSãã«ãªããŸãã SYN ãã©ããã ãã®ãããªã€ãã³ãã¯ãã©ã³ãµãŒãåŠçããå¿ èŠãããããã«æããŸãã...æ®å¿µãªãããç§ãã¡ã¯ãã®ãããªåé¡ã«çŽé¢ããŠããŸãã
ãããŠãã¡ããããã®å Žåããšããžã«ãŒã¿ãŒäžã®ããªãµãŒãæ©åšãç¯çŽããŸãã
DDOS/DOS ã«å¯Ÿããä¿è·ã® XNUMX çªç®ã®ã¬ãã«ã¯ããã¡ã€ã¢ãŠã©ãŒã«ã®èšå®ã§ãã
ããã§ã¯ãXNUMX çªç®ãš XNUMX çªç®ã®ã¿ã€ãã®äž¡æ¹ã®æ»æãæ¢ããããšãã§ããŸãã äžè¬ã«ããã¡ã€ã¢ãŠã©ãŒã«ã«å°éãããã¹ãŠã®ãã®ãããã§ãã£ã«ã¿ãªã³ã°ã§ããŸãã
åè°äŒ
ãã¡ã€ã¢ãŠã©ãŒã«ã«äžããä»äºãã§ããéãå°ãªãããæåã® XNUMX ã€ã®é²åŸ¡ç·ãã§ããéããã£ã«ã¿ãªã³ã°ããŠãã ããã ã ããããã
ããšãã°ããµãŒããŒã®ãªãã¬ãŒãã£ã³ã° ã·ã¹ãã ã DDOS æ»æã«å¯ŸããŠã©ãã ãèæ§ããããããã§ãã¯ããããã«ãã©ãã£ãã¯ãçæããŠãããšãã«ãéåžžã®åŒ·åºŠã®ãã©ãã£ãã¯ã§ãã¡ã€ã¢ãŠã©ãŒã«ã 100% è² è·ããŠã匷å¶çµäºããããšããããšãå¶ç¶èµ·ãã£ãããšã¯ãããŸãã? ? ããã§ãªãå Žåã¯ãåã«è©ŠããŠããªãã ãã§ãããã?
äžè¬ã«ãå ã»ã©ãè¿°ã¹ãããã«ããã¡ã€ã¢ãŠã©ãŒã«ã¯è€éãªãã®ã§ãããæ¢ç¥ã®è匱æ§ããã¹ãæžã¿ã®ãœãªã¥ãŒã·ã§ã³ãšããŸãé£æºããŸãããç°åžžãªãã®ãåãªãã¬ããŒãžãäžæ£ãªããããŒãæã€ãã±ãããéä¿¡ããå Žåã¯ãäœããã®åé¡ãæ±ããŠããããšã«ãªããåé¡ãæ±ããŠããããã§ã¯ãããŸããã (ç§ã®çµéšã«åºã¥ããš) éåžžã«äœã確çã§ãããããšã³ãã®æ©åšã§ããåç¶ãšããå¯èœæ§ããããŸãã ãããã£ãŠãã¹ããŒãž 2 ã§ã¯ãéåžžã® ACL (L3/L4 ã¬ãã«) ã䜿çšããŠããããã¯ãŒã¯ã«å ¥ãå¿ èŠã®ãããã©ãã£ãã¯ã®ã¿ãèš±å¯ããŸãã
ãã¡ã€ã¢ãŠã©ãŒã«ã§ã®ãã©ãã£ãã¯ã®ãã£ã«ã¿ãªã³ã°
ãã¡ã€ã¢ãŠã©ãŒã«ã«ã€ããŠã®è©±ãç¶ããŸãããã DOS/DDOS æ»æã¯ãµã€ããŒæ»æã®äžçš®ã«ãããªãããšãç解ããå¿ èŠããããŸãã
DOS/DDOS ä¿è·ã«å ããŠã次ã®æ©èœãªã¹ãã®ãããªãã®ã䜿çšããããšãã§ããŸãã
- ã¢ããªã±ãŒã·ã§ã³ãã¡ã€ã¢ãŠã©ãŒã«
- è åšã®é²æ¢ (ãŠã€ã«ã¹å¯Ÿçãã¹ãã€ãŠã§ã¢å¯Ÿçãè匱æ§)
- URLãã£ã«ã¿ãªã³ã°
- ããŒã¿ãã£ã«ã¿ãªã³ã°ïŒã³ã³ãã³ããã£ã«ã¿ãªã³ã°ïŒ
- ãã¡ã€ã«ã®ããã㯠(ãã¡ã€ã« ã¿ã€ãã®ãããã¯)
ãã®ãªã¹ãããäœãå¿ èŠãã決ããã®ã¯ããªã次第ã§ãã
ã€ã¥ããŸã
åºæïŒ habr.com