Ð
ã¹ããŒããŸãã¯ã¹ãªã«ã¿ã ããŒã 1: äŒæ¥ãããã¯ãŒã¯ãä¿è·ããããã«ç¡æã® IDS/IPS ãéžæãã ã¹ããŒããŸãã¯ã¹ãªã«ã¿ã ããŒã 2: Suricata ã®ã€ã³ã¹ããŒã«ãšåæèšå®
ãããã¯ãŒã¯ãæ¥ç¶ãã
ãã¹ãã®ããã«ã¯ãæåã«ä»®æ³ãã·ã³ãã IDS ãåé€ããããšãå¿
èŠã«ãªãå ŽåããããŸãã ãã®ãããªãœãªã¥ãŒã·ã§ã³ãæ±ã£ãããšããªãå Žåã¯ãæ¥ãã§ç©çããŒããŠã§ã¢ã泚æãããããããã¯ãŒã¯ ã¢ãŒããã¯ãã£ãå€æŽãããããå¿
èŠã¯ãããŸããã ã³ã³ãã¥ãŒãã£ã³ã°ã®ããŒãºãå€æããã«ã¯ãã·ã¹ãã ãå®å
šãã€ã³ã¹ãå¹çããå®è¡ããããšãæåã§ãã ãã¹ãŠã®äŒæ¥ãã©ãã£ãã¯ã¯åäžã®å€éšããŒããééããå¿
èŠãããããšãç解ããããšãéèŠã§ããIDS Suricata ãã€ã³ã¹ããŒã«ãããŠãã VDS ã«ããŒã«ã« ãããã¯ãŒã¯ (ãŸãã¯è€æ°ã®ãããã¯ãŒã¯) ãæ¥ç¶ããã«ã¯ã次ã®ã³ãã³ãã䜿çšã§ããŸãã
sudo add-apt-repository ppa:paskal-07/softethervpn
sudo apt-get update
次ã®ã³ãã³ãã䜿çšããŠãå©çšå¯èœãªããã±ãŒãžã®ãªã¹ãã衚瀺ã§ããŸãã
apt-cache search softether
Softether-vpnserver (ãã¹ãæ§æã®ãµãŒããŒã¯ VDS äžã§å®è¡ãããŠããŸã) ãšããããæ§æããããã®ã³ãã³ã ã©ã€ã³ ãŠãŒãã£ãªãã£ã§ãã Softether-vpncmd ãå¿
èŠã§ãã
sudo apt-get install softether-vpnserver softether-vpncmd
ç¹å¥ãªã³ãã³ã ã©ã€ã³ ãŠãŒãã£ãªãã£ã䜿çšããŠãµãŒããŒãæ§æããŸãã
sudo vpncmd
èšå®ã«ã€ããŠã¯è©³ãã説æããŸãããæé ã¯éåžžã«ç°¡åã§ãå€ãã®åºçç©ã§è©³ãã説æãããŠãããèšäºã®äž»é¡ãšã¯çŽæ¥é¢ä¿ãããŸããã ã€ãŸããvpncmd ãèµ·åããåŸãé
ç® 1 ãéžæããŠãµãŒããŒç®¡çã³ã³ãœãŒã«ã«ç§»åããå¿
èŠããããŸãã ãããè¡ãã«ã¯ãããã®ååãå
¥åãã代ããã«ãlocalhost ãšããååãå
¥åã㊠Enter ããŒãæŒãå¿
èŠããããŸãã 管çè
ãã¹ã¯ãŒãã¯ãserverpasswordset ã³ãã³ãã䜿çšããŠã³ã³ãœãŒã«ã§èšå®ãããDEFAULT ä»®æ³ãããåé€ãã (hubdelete ã³ãã³ã)ãSuricata_VPN ãšããååã§æ°ããä»®æ³ãããäœæããããã®ãã¹ã¯ãŒããèšå®ãããŸã (hubcreate ã³ãã³ã)ã 次ã«ãhub Suricata_VPN ã³ãã³ãã䜿çšããŠæ°ããããã®ç®¡çã³ã³ãœãŒã«ã«ç§»åããgroupcreate ã³ãã³ããš usercreate ã³ãã³ãã䜿çšããŠã°ã«ãŒããšãŠãŒã¶ãŒãäœæããå¿
èŠããããŸãã ãŠãŒã¶ãŒãã¹ã¯ãŒã㯠usââerpasswordset ã䜿çšããŠèšå®ãããŸãã
SoftEther ã¯ãSecureNAT ãšããŒã«ã« ããªããžã® XNUMX ã€ã®ãã©ãã£ãã¯è»¢éã¢ãŒãããµããŒãããŸãã XNUMX ã€ç®ã¯ãç¬èªã® NAT ãš DHCP ã䜿çšããŠä»®æ³ãã©ã€ããŒã ãããã¯ãŒã¯ãæ§ç¯ããç¬èªã®ãã¯ãããžãŒã§ãã SecureNAT ã«ã¯ãTUN/TAPãNetfilterããŸãã¯ãã®ä»ã®ãã¡ã€ã¢ãŠã©ãŒã«èšå®ã¯å¿ èŠãããŸããã ã«ãŒãã£ã³ã°ã¯ã·ã¹ãã ã®ã³ã¢ã«ã¯åœ±é¿ããã䜿çšãããŠãããã€ããŒãã€ã¶ãŒã«é¢ä¿ãªãããã¹ãŠã®ããã»ã¹ãä»®æ³åãããä»»æã® VPS / VDS äžã§åäœããŸãã ãã®çµæãSoftEther ä»®æ³ãããç©çãããã¯ãŒã¯ ã¢ããã¿ãŒãŸã㯠TAP ããã€ã¹ã«æ¥ç¶ããããŒã«ã« ããªããž ã¢ãŒããšæ¯èŒããŠãCPU è² è·ãå¢å ããé床ãé ããªããŸãã
ãã®å Žåãã«ãŒãã£ã³ã°ã¯ Netfilter ã䜿çšããŠã«ãŒãã« ã¬ãã«ã§è¡ããããããæ§æã¯ããè€éã«ãªããŸãã VDS 㯠Hyper-V äžã«æ§ç¯ãããŠãããããæåŸã®ã¹ãããã§ããŒã«ã« ããªããžãäœæããbridgecreate Suricate_VPN -device:suricate_vpn -tap:yes ã³ãã³ãã䜿çšã㊠TAP ããã€ã¹ãã¢ã¯ãã£ãåããŸãã ãã管çã³ã³ãœãŒã«ãçµäºãããšãã·ã¹ãã å ã«ãŸã IP ãå²ãåœãŠãããŠããªãæ°ãããããã¯ãŒã¯ ã€ã³ã¿ãŒãã§ã€ã¹ã衚瀺ãããŸãã
ifconfig
次ã«ãã€ã³ã¿ãŒãã§ã€ã¹éã®ãã±ãã ã«ãŒãã£ã³ã° (ip forward) ãéã¢ã¯ãã£ããªå Žåã¯æå¹ã«ããå¿
èŠããããŸãã
sudo nano /etc/sysctl.conf
次ã®è¡ã®ã³ã¡ã³ãã解é€ããŸãã
net.ipv4.ip_forward = 1
å€æŽããã¡ã€ã«ã«ä¿åãããšãã£ã¿ãçµäºããŠã次ã®ã³ãã³ãã䜿çšããŠå€æŽãé©çšããŸãã
sudo sysctl -p
次ã«ãæ¶ç©ºã® IP (10.0.10.0/24 ãªã©) ã䜿çšããŠä»®æ³ãããã¯ãŒã¯ã®ãµãããããå®çŸ©ããã€ã³ã¿ãŒãã§ã€ã¹ã«ã¢ãã¬ã¹ãå²ãåœãŠãå¿ èŠããããŸãã
sudo ifconfig tap_suricata_vp 10.0.10.1/24
次ã«ãNetfilter ã«ãŒã«ãäœæããå¿ èŠããããŸãã
1. å¿ èŠã«å¿ããŠããªã¹ãã³ã° ããŒãã§ã®åä¿¡ãã±ãããèš±å¯ããŸã (SoftEther ç¬èªã®ãããã³ã«ã¯ HTTPS ãšããŒã 443 ã䜿çšããŸã)ã
sudo iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
sudo iptables -A INPUT -p tcp -m tcp --dport 992 -j ACCEPT
sudo iptables -A INPUT -p tcp -m tcp --dport 1194 -j ACCEPT
sudo iptables -A INPUT -p udp -m udp --dport 1194 -j ACCEPT
sudo iptables -A INPUT -p tcp -m tcp --dport 5555 -j ACCEPT
2. 10.0.10.0/24 ãµããããããã¡ã€ã³ ãµãŒã㌠IP ãžã® NAT ãèšå®ããŸãã
sudo iptables -t nat -A POSTROUTING -s 10.0.10.0/24 -j SNAT --to-source 45.132.17.140
3. ãµãããã 10.0.10.0/24 ããã®ãã±ããã®ééãèš±å¯ããŸãã
sudo iptables -A FORWARD -s 10.0.10.0/24 -j ACCEPT
4. ãã§ã«ç¢ºç«ãããŠããæ¥ç¶ã«å¯ŸããŠãã±ããã®ééãèš±å¯ãã
sudo iptables -A FORWARD -p all -m state --state ESTABLISHED,RELATED -j ACCEPT
åæåã¹ã¯ãªããã䜿çšããã·ã¹ãã åèµ·åæã®åŠçã®èªååã«ã€ããŠã¯ãèªè ã®å®¿é¡ãšããŠæ®ããŠãããŸãã
ã¯ã©ã€ã¢ã³ãã« IP ãèªåçã«ä»äžãããå Žåã¯ãããŒã«ã« ããªããžã«äœããã® DHCP ãµãŒãã¹ãã€ã³ã¹ããŒã«ããå¿ èŠããããŸãã ããã§ãµãŒããŒã®ã»ããã¢ãããå®äºããã¯ã©ã€ã¢ã³ãã«ã¢ã¯ã»ã¹ã§ããããã«ãªããŸãã SoftEther ã¯å€ãã®ãããã³ã«ããµããŒãããŠããŸããããã®äœ¿çšã¯ LAN æ©åšã®æ©èœã«ãã£ãŠç°ãªããŸãã
netstat -ap |grep vpnserver
ãã¹ã ã«ãŒã¿ãŒã Ubuntu ã§å®è¡ããããããç¬èªã®ãããã³ã«ã䜿çšããããã«ãå€éšãªããžããªãã Softether-vpnclient ããã±ãŒãžãš Softether-vpncmd ããã±ãŒãžãã€ã³ã¹ããŒã«ããŸãããã ã¯ã©ã€ã¢ã³ããå®è¡ããå¿
èŠããããŸãã
sudo vpnclient start
æ§æããã«ã¯ãvpncmd ãŠãŒãã£ãªãã£ã䜿çšããvpnclient ãå®è¡ãããŠãããã·ã³ãšã㊠localhost ãéžæããŸãã ãã¹ãŠã®ã³ãã³ãã¯ã³ã³ãœãŒã«ã§å®è¡ãããŸããä»®æ³ã€ã³ã¿ãŒãã§ã€ã¹ (NicCreate) ãšã¢ã«ãŠã³ã (AccountCreate) ãäœæããå¿ èŠããããŸãã
å Žåã«ãã£ãŠã¯ãAccountAnonymousSetãAccountPasswordSetãAccountCertSetãããã³ AccountSecureCertSet ã³ãã³ãã䜿çšããŠèªèšŒæ¹æ³ãæå®ããå¿ èŠããããŸãã DHCP ã䜿çšããŠããªããããä»®æ³ã¢ããã¿ãŒã®ã¢ãã¬ã¹ã¯æåã§èšå®ãããŸãã
ããã«ãip forward (/etc/sysctl.conf ãã¡ã€ã«ã®ãªãã·ã§ã³ net.ipv4.ip_forward=1) ãæå¹ã«ããéçã«ãŒããæ§æããå¿ èŠããããŸãã å¿ èŠã«å¿ããŠãSuricata ãåãã VDS ã§ãããŒã«ã« ãããã¯ãŒã¯ã«ã€ã³ã¹ããŒã«ãããŠãããµãŒãã¹ã䜿çšããããã«ããŒã転éãæ§æã§ããŸãã ããã«ããããããã¯ãŒã¯ã®çµ±åã¯å®äºãããšèŠãªãããšãã§ããŸãã
ç§ãã¡ãææ¡ããæ§æã¯æ¬¡ã®ããã«ãªããŸãã
Suricata ã®ã»ããã¢ãã
Ð
IDS ãåèµ·åããã«ã¯ã次ã®ã³ãã³ãã䜿çšããŸãã
systemctl restart suricata
ãœãªã¥ãŒã·ã§ã³ã®æºåãæŽã£ãã®ã§ãæªæã®ããã¢ã¯ã·ã§ã³ã«å¯Ÿããèæ§ããã¹ãããå¿ èŠãããå ŽåããããŸãã
æ»æã®ã·ãã¥ã¬ãŒã·ã§ã³
å€éš IDS ãµãŒãã¹ã®æŠé䜿çšã«ã¯ãããã€ãã®ã·ããªãªãèããããŸãã
DDoS æ»æã«å¯Ÿããä¿è· (äž»ãªç®ç)
åæçšã®ãã±ããã¯ã€ã³ã¿ãŒããããåç §ããã·ã¹ãã ã€ã³ã¿ãŒãã§ã€ã¹ã«å°éããå¿ èŠããããããäŒæ¥ãããã¯ãŒã¯å ã§ãã®ãããªãªãã·ã§ã³ãå®è£ ããããšã¯å°é£ã§ãã IDS ããããããããã¯ãããšããŠããåœã®ãã©ãã£ãã¯ã«ãã£ãŠããŒã¿ ãªã³ã¯ãããŠã³ããå¯èœæ§ããããŸãã ãããåé¿ããã«ã¯ããã¹ãŠã®ããŒã«ã« ãããã¯ãŒã¯ ãã©ãã£ãã¯ãšãã¹ãŠã®å€éšãã©ãã£ãã¯ãééã§ãããååã«çç£æ§ã®é«ãã€ã³ã¿ãŒãããæ¥ç¶ãåãã VPS ã泚æããå¿ èŠããããŸãã å€ãã®å Žåããªãã£ã¹ãã£ãã«ãæ¡å€§ãããããããããè¡ãæ¹ãç°¡åã§å®äŸ¡ã§ãã 代æ¿æ¡ãšããŠãDDoS ã«å¯Ÿããä¿è·ã«ç¹åãããµãŒãã¹ã«ã€ããŠèšåãã䟡å€ããããŸãã ãµãŒãã¹ã®ã³ã¹ãã¯ä»®æ³ãµãŒããŒã®ã³ã¹ãã«å¹æµããæéã®ãããæ§æã¯å¿ èŠãããŸããããæ¬ ç¹ããããŸããã¯ã©ã€ã¢ã³ãã¯èªåã®ãé㧠DDoS ä¿è·ããåããããŸããããã¯ã©ã€ã¢ã³ãç¬èªã® IDS ã¯ãŠãŒã¶ãŒã®å¥œã¿ã«åãããŠæ§æã§ããŸãã奜ãã
ä»ã®çš®é¡ã®å€éšæ»æã«å¯Ÿããä¿è·
Suricata ã¯ãã€ã³ã¿ãŒãããããã¢ã¯ã»ã¹ã§ããäŒæ¥ãããã¯ãŒã¯ ãµãŒãã¹ (ã¡ãŒã« ãµãŒããŒãWeb ãµãŒããŒãWeb ã¢ããªã±ãŒã·ã§ã³ãªã©) ã®ããŸããŸãªè匱æ§ãæªçšããè©Šã¿ã«å¯ŸåŠã§ããŸãã éåžžããã®ããã« IDS ã¯å¢çããã€ã¹ã®åŸã« LAN å ã«èšçœ®ãããŸãããIDS ãå€éšã«æã¡åºãããšãååšããæš©å©ããããŸãã
å éšé¢ä¿è ããã®ä¿è·
ã·ã¹ãã 管çè ã®æåã®åªåã«ãããããããäŒæ¥ãããã¯ãŒã¯äžã®ã³ã³ãã¥ãŒã¿ã¯ãã«ãŠã§ã¢ã«ææããå¯èœæ§ããããŸãã ããã«ãå°å å°åã«éæ³è¡çºãè¡ãããšããããŒãªã¬ã³ãçŸããããšããããŸãã Suricata ã¯ãã®ãããªè©Šã¿ããããã¯ããã®ã«åœ¹ç«ã¡ãŸãããå éšãããã¯ãŒã¯ãä¿è·ããã«ã¯ãSuricata ãå¢çå ã«ã€ã³ã¹ããŒã«ãããã©ãã£ãã¯ã XNUMX ã€ã®ããŒãã«ãã©ââãŒãªã³ã°ã§ãããããŒãžã ã¹ã€ãããšäœµçšããããšããå§ãããŸãã ãã®å Žåãå€éš IDS ã圹ã«ç«ã¡ãŸãããå°ãªããšããLAN äžã«ååšãããã«ãŠã§ã¢ã«ããå€éšãµãŒããŒãžã®æ¥ç¶ã®è©Šã¿ããã£ããããããšãã§ããŸãã
ãŸããVPS ãæ»æããå¥ã®ãã¹ããäœæããããŒã«ã« ãããã¯ãŒã¯ ã«ãŒã¿ãŒäžã§ããã©ã«ãèšå®ã§ Apache ãèµ·åãããã®åŸãIDS ãµãŒããŒããããã« 80 çªç®ã®ããŒãã転éããŸãã 次ã«ãæ»æãã¹ãããã® DDoS æ»æãã·ãã¥ã¬ãŒãããŸãã ãããè¡ãã«ã¯ãGitHub ããããŠã³ããŒãããæ»æããŒãäžã§å°ã㪠xerxes ããã°ã©ã ãã³ã³ãã€ã«ããŠå®è¡ããŸã (gcc ããã±ãŒãžã®ã€ã³ã¹ããŒã«ãå¿ èŠãªå ŽåããããŸã)ã
git clone https://github.com/Soldie/xerxes-DDos-zanyarjamal-C.git
cd xerxes-DDos-zanyarjamal-C/
gcc xerxes.c -o xerxes
./xerxes 45.132.17.140 80
圌女ã®ä»äºã®çµæã¯æ¬¡ã®ãšããã§ããã
Suricata ãæªåœ¹ãé®æããç§ãã¡ã®å³åžã®æ»æãšããªãã£ã¹ã(å®éã«ã¯èªå®
) ãããã¯ãŒã¯ã®ããªãæ©èœäžå
šãªãã£ãã«ã«ãããããããããã©ã«ã㧠Apache ããŒãžãéããŸãã ããæ·±å»ãªã¿ã¹ã¯ã®å Žåã¯ã次ã䜿çšããå¿
èŠããããŸãã
sudo msfupdate
ãã¹ãããã«ã¯ãmsfconsole ãå®è¡ããŸãã
æ®å¿µãªããããã®ãã¬ãŒã ã¯ãŒã¯ã®ææ°ããŒãžã§ã³ã«ã¯èªåçã«ã¯ã©ãã¯ããæ©èœããªãããããšã¯ã¹ããã€ããæåã§åé¡ããuse ã³ãã³ãã䜿çšããŠå®è¡ããå¿
èŠããããŸãã ãŸããæ»æããããã·ã³äžã§éããŠããããŒãããããšãã° nmap ã䜿çšããŠç¢ºèªã (ãã®å Žåãæ»æããããã¹ãäžã® netstat ã«å®å
šã«çœ®ãæããããŸã)ãé©åãªããŒããéžæããŠäœ¿çšããããšãéèŠã§ãã
ãªã³ã©ã€ã³ ãµãŒãã¹ãªã©ãæ»æã«å¯Ÿãã IDS ã®å埩åããã¹ãããä»ã®æ段ããããŸãã èå³ã®ããã«ãè©Šçšçã䜿çšããŠã¹ãã¬ã¹ ãã¹ããæé
ã§ããŸãã
åºæïŒ habr.com