ãã·ã¢ã«ãããçŠæ¢æ
å ±ãªã¹ããžã®ãããã¯ã®ç®¡çãèªåã·ã¹ãã ãã€ã³ã¹ãã¯ã¿ãŒãã«ãã£ãŠç£èŠãããŠããããšã¯åšç¥ã®äºå®ã§ãã ãããã©ã®ããã«æ©èœãããã¯ãããã«ããæžãããŠããŸã
ãããã€ããŒã§çŽæ¥ã€ã³ã¹ããŒã«
ãAgent Inspectorãã¢ãžã¥ãŒã«ã¯ãèªååã·ã¹ãã ãInspectorãïŒASãã€ã³ã¹ãã¯ã¿ãŒãïŒã®æ§é èŠçŽ ã§ãã ãã®ã·ã¹ãã ã¯ã15.1 幎 15.4 æ 27 æ¥ã®é£éŠæ³ No. 2006-FZãæ å ±ãæ å ±æè¡ããã³æ å ±ä¿è·ã«é¢ããã第 149 æ¡ãã第 XNUMX æ¡ã§å®ããããèŠå®ã®æ çµã¿å ã§ãéä¿¡äºæ¥è ã«ããã¢ã¯ã»ã¹å¶éèŠä»¶ã®éµå®ãç£èŠããããã«èšèšãããŠããŸãã ã
ASãRevizorããäœæããäž»ãªç®çã¯ã15.1 幎 15.4 æ 27 æ¥ã®é£éŠæ³ No. 2006-FZãæ å ±ãæ å ±æè¡ããã³æ å ±ã«é¢ããã第 149 æ¡ãã XNUMX æ¡ã§å®ããããèŠä»¶ã«å¯Ÿããéä¿¡äºæ¥è ã®éµå®ç¶æ³ã確å®ã«ç£èŠããããšã§ãã ãä¿è·ããšã¯ãçŠæ¢ãããŠããæ å ±ãžã®ã¢ã¯ã»ã¹ã®äºå®ãç¹å®ããçŠæ¢ãããŠããæ å ±ãžã®ã¢ã¯ã»ã¹ãå¶éããããã®éåã«é¢ããè£ä»ãè³æïŒããŒã¿ïŒãå ¥æãããšããæå³ã§ãã
ãã¹ãŠã§ã¯ãªãã«ããŠããå€ãã®ãããã€ããŒããã®ããã€ã¹ãã€ã³ã¹ããŒã«ããŠãããšããäºå®ãèæ
®ãããšã次ã®ãããªããŒã³ã³ ãããŒãã®å€§èŠæš¡ãªãããã¯ãŒã¯ãååšããã¯ãã§ãã
èšç®ããåã«ããªããããå¯èœãªã®ããèŠãŠã¿ãŸãããã
ããã€ãã®èª¬
ãšãŒãžã§ã³ãã¯ã次ã®ãã㪠HTTP(S) ãªã¯ãšã¹ããä»ããŠãªãœãŒã¹ã®å¯çšæ§ã確èªããŸãã
TCP, 14678 > 80, "[SYN] Seq=0"
TCP, 80 > 14678, "[SYN, ACK] Seq=0 Ack=1"
TCP, 14678 > 80, "[ACK] Seq=1 Ack=1"
HTTP, "GET /somepage HTTP/1.1"
TCP, 80 > 14678, "[ACK] Seq=1 Ack=71"
HTTP, "HTTP/1.1 302 Found"
TCP, 14678 > 80, "[FIN, ACK] Seq=71 Ack=479"
TCP, 80 > 14678, "[FIN, ACK] Seq=479 Ack=72"
TCP, 14678 > 80, "[ACK] Seq=72 Ack=480"
ãã€ããŒãã«å ããŠããªã¯ãšã¹ãã¯æ¥ç¶ç¢ºç«ãã§ãŒãºãã€ãŸã亀æã§æ§æãããŸãã SYN
О SYN-ACK
ãæ¥ç¶å®äºãã§ãŒãº: FIN-ACK
.
çŠæ¢æ å ±ã®ç»é²ã«ã¯ãããã€ãã®çš®é¡ã®ãããã¯ãå«ãŸããŸãã æããã«ããªãœãŒã¹ã IP ã¢ãã¬ã¹ãŸãã¯ãã¡ã€ã³åã«ãã£ãŠãããã¯ãããŠããå Žåããªã¯ãšã¹ãã¯è¡šç€ºãããŸããã ãããã¯æãç Žå£çãªã¿ã€ãã®ãããã¯ã§ãããXNUMX ã€ã® IP ã¢ãã¬ã¹äžã®ãã¹ãŠã®ãªãœãŒã¹ãŸãã¯ãã¡ã€ã³äžã®ãã¹ãŠã®æ å ±ã«ã¢ã¯ã»ã¹ã§ããªããªããŸãã ãURL ã«ãããã¿ã€ãã®ãããã¯ããããŸãã ãã®å Žåããã£ã«ã¿ãªã³ã° ã·ã¹ãã 㯠HTTP ãªã¯ãšã¹ã ããããŒã解æããŠãäœããããã¯ããããæ£ç¢ºã«å€æããå¿ èŠããããŸãã äžã§èŠãããããã«ããã®åã«ããã£ã«ã¿ãŒãèŠéããŠããŸãå¯èœæ§ãé«ãããã远跡ã§ããæ¥ç¶ç¢ºç«ãã§ãŒãºãããã¯ãã§ãã
ãããè¡ãã«ã¯ããURLããš HTTP ããã㯠ã¿ã€ããåããé©åãªç¡æãã¡ã€ã³ãéžæããŠããã£ã«ã¿ãªã³ã° ã·ã¹ãã (ã§ããã°é·ãéæŸæ£ãããŠãããã®) ã®åäœãä¿é²ãããšãŒãžã§ã³ããã以å€ã®ç¡é¢ä¿ãªãã©ãã£ãã¯ã®äŸµå
¥ãæå°éã«æããå¿
èŠããããŸãã ãã®äœæ¥ã¯ãŸã£ããé£ããããšã§ã¯ãªãããšãå€æããŸãããçŠæ¢ãããæ
å ±ã®ç»é²ã«ã¯ããããã奜ã¿ã«åãããŠç¡æã®ãã¡ã€ã³ãããªããããããããŸãã ãããã£ãŠããã¡ã€ã³ã¯è³Œå
¥ãããå®è¡ãããŠãã VPS äžã® IP ã¢ãã¬ã¹ã«ãªã³ã¯ãããŸããã tcpdump
ãããŠã«ãŠã³ããå§ãŸããŸããã
ãç£æ»åœ¹ãã®ç£æ»
å®æçãªãªã¯ãšã¹ãã®ããŒã¹ããçºçãããšäºæ³ããŠããŸããããããã¯å¶åŸ¡ãããã¢ã¯ã·ã§ã³ã瀺ããŠãããšç§ã¯èããŠããŸãã ãŸã£ããèŠããªãã£ããšèšãã®ã¯äžå¯èœã§ãããæ確ãªã€ã¡ãŒãžã¯ãŸã£ãããããŸããã§ããã
ããã¯é©ãã¹ãããšã§ã¯ãããŸãããçŸä»£ã®ã€ã³ã¿ãŒãããã®ããã«ã誰ãå¿ èŠãšããªããã¡ã€ã³ã決ããŠäœ¿çšãããªã IP äžã§ãã£ãŠãã倧éã®äžæ¹çãªæ å ±ãååšããããšã«ãªããŸãã ããã幞ããªããšã«ãå¿ èŠãªã®ã¯ç¹å®ã® URL ã«å¯Ÿãããªã¯ãšã¹ãã ãã ã£ãã®ã§ããã¹ãŠã®ã¹ãã£ããŒãšãã¹ã¯ãŒã ã¯ã©ãã«ãŒãããã«èŠã€ãããŸããã ãŸããåæ§ã®ãªã¯ãšã¹ãã倧éã«ãã£ããããã©ãã§æŽªæ°Žãçºçããããéåžžã«ç°¡åã«ç解ã§ããŸããã 次ã«ãIP ã¢ãã¬ã¹ã®åºçŸé »åºŠãéèšããäžäœå šäœãæåã§èª¿ã¹ãŠãåã®æ®µéã§èŠéãããã®ãåé¢ããŸããã ããã«ãXNUMX ã€ã®ããã±ãŒãžã§éãããŠãããœãŒã¹ããã¹ãŠåãåããŸããããããœãŒã¹ã¯ããŸãå€ããããŸããã§ããã ãããŠããããèµ·ãããŸããïŒ
ã¡ãã£ãšããåæ
çãªäœè«ã XNUMXæ¥åŒ·åŸãç§ã®ãã¹ãã£ã³ã°ãããã€ããŒã¯ãããªãã®æœèšã«ã¯RKNçŠæ¢ãªã¹ãã®ãªãœãŒã¹ãå«ãŸããŠãããããããã¯ãããŠãããšãããããªãç°¡æœãªå
容ã®æçŽãéããŸããã æåã¯ã¢ã«ãŠã³ãããããã¯ãããã®ããšæããŸããããããã§ã¯ãããŸããã§ããã ãã®ãšãç§ã¯ã圌ãã¯åã«ç§ããã§ã«ç¥ã£ãŠããããšã«ã€ããŠèŠåããŠããã ãã ãšæããŸããã ãããããã¹ãã£ã³ã°æ¥è
ãç§ã®ãã¡ã€ã³ã®åã§ãã£ã«ã¿ãŒãæå¹ã«ããŠããããšãå€æãããã®çµæããããã€ããŒãšãã¹ãã£ã³ã°æ¥è
ããã®äºéã®ãã£ã«ã¿ãªã³ã°ãåããããšã«ãªããŸããã ãã£ã«ã¿ãŒã¯ãªã¯ãšã¹ãã®æ«å°Ÿã®ã¿ãæž¡ããŸããã FIN-ACK
О RST
çŠæ¢ããã URL ã§ãã¹ãŠã® HTTP ãé®æããŸãã äžã®ã°ã©ããããããããã«ãåæ¥ä»¥éãåä¿¡ããããŒã¿ã¯æžãå§ããŸããããããã§ãåä¿¡ããŠããããªã¯ãšã¹ã ãœãŒã¹ãã«ãŠã³ãããã¿ã¹ã¯ã«ã¯ååã§ããã
æ¬é¡ã«å ¥ããŸãã ç§ã®æèŠã§ã¯ãæ¯æ¥6åã®ããŒã¹ããã¯ã£ãããšèŠããŸããæåã®ããŒã¹ãã¯ã¢ã¹ã¯ã¯æéã®çå€äžéãã«å°ããã12çªç®ã¯ååXNUMXæè¿ãã§ãæ£åãŸã§å°ŸãåŒããŸãã ããŒã¯ã¯ãŸã£ããåæã«çºçããããã§ã¯ãããŸããã åœåã¯ããšãŒãžã§ã³ãã«ãããã§ãã¯ãå®æçã«è¡ãããããšãåæãšããŠããã®æéã«ã®ã¿è©²åœãã IP ã¢ãã¬ã¹ãšããã¹ãŠã®æéã«è©²åœãã IP ã¢ãã¬ã¹ãéžæããããšèããŠããŸããã ãããã泚ææ·±ã確èªãããšãæ倧 XNUMX æéããšã« XNUMX 件ã®ãªã¯ãšã¹ããŸã§ãå¥ã®é »åºŠã§å¥ã®ééã«è©²åœããæéãããã«èŠã€ãããŸããã 次ã«ãã¿ã€ã ãŸãŒã³ã«ã€ããŠèãããããã¿ã€ã ãŸãŒã³ã«é¢ä¿ããŠããã®ã§ã¯ãªãããšèããäžè¬çã«ã·ã¹ãã ã¯ã°ããŒãã«ã«åæãããŠããªãã®ã§ã¯ãªãããšèããŸããã ããã«ãNAT ã圹å²ãæããå¯èœæ§ããããåããšãŒãžã§ã³ããç°ãªããããªã㯠IP ãããªã¯ãšã¹ããè¡ãããšãã§ããŸãã
åœåã®ç®æšã¯æ£ç¢ºã§ã¯ãªãã£ãã®ã§ãXNUMX é±éã§èŠã€ãããã¹ãŠã®ã¢ãã¬ã¹ãæ°ããŠã¿ããšããã次ã®çµæãåŸãããŸããã 2791ã 4 ã€ã®ã¢ãã¬ã¹ãã確ç«ããã TCP ã»ãã·ã§ã³ã®æ°ã¯å¹³å 2 ã§ãäžå€®å€ã¯ 464 ã§ããã¢ãã¬ã¹ãããã®äžäœã»ãã·ã§ã³: 231ã149ã83ã77ã95ããµã³ãã«ã® 8% ããã®æ倧å€ã¯ãã¢ãã¬ã¹ããã 4 ã»ãã·ã§ã³ã§ãã äžå€®å€ã¯ããã»ã©é«ããããŸããããã°ã©ãã«ã¯æ確ãªæ¯æ¥ã®åšææ§ã瀺ãããŠããããã8 æ¥éã§çŽ 7 ïœ 5 ãäºæ³ãããããšãæãåºããŠãã ããã äžåºŠçºçãããã¹ãŠã®ã»ãã·ã§ã³ãé€å€ãããšãäžå€®å€ã¯ XNUMX ã«ãªããŸããããããæ確ãªåºæºã«åºã¥ããŠããããé€å€ããããšã¯ã§ããŸããã§ããã ããã©ããããã©ã³ãã ãã§ãã¯ã«ãããããããçŠæ¢ããããªãœãŒã¹ãžã®ãªã¯ãšã¹ãã«é¢é£ããŠããããšãå€æããŸããã
ã¢ãã¬ã¹ã¯ã¢ãã¬ã¹ã§ãããã€ã³ã¿ãŒãããã§ã¯èªåŸã·ã¹ãã ãã€ãŸã AS ã®æ¹ãéèŠã§ããããšãå€æããŸãã 1510ãAS ãããå¹³å 2 ã¢ãã¬ã¹ãäžå€®å€ã¯ 1ãAS ãããã®äžäœã¢ãã¬ã¹: 288ã77ã66ã39ã27ããµã³ãã«ã®æ倧 95% 㯠AS ããã 4 ã¢ãã¬ã¹ã§ãã ããã§ã¯äžå€®å€ (ãããã€ããŒããšã« 1409 ã€ã®ãšãŒãžã§ã³ã) ãäºæ³ãããŸãã ç§ãã¡ã¯ãããã«ãæåŸ ããŠããŸã - ãã®äžã«ã¯å€§ç©éžæãããŸãã 倧èŠæš¡ãªãããã¯ãŒã¯ã§ã¯ããšãŒãžã§ã³ãã¯ãªãã¬ãŒã¿ãååšããåå°åã«é 眮ããå¿ èŠããããNAT ã«ã€ããŠãå¿ããªãã§ãã ããã åœããšã«èŠããšãæ倧æ°ã¯æ¬¡ã®ããã«ãªããŸãã42 - RUã23 - UAã36 - CZãRIPE NCC ã§ã¯ãªãä»ã®å°åããã® XNUMXã ãã·ã¢åœå€ããã®èŠè«ã泚ç®ãéããŠããã ããã¯ãããããããŒã¿å ¥åæã®äœçœ®æ å ±ãšã©ãŒãŸãã¯ã¬ãžã¹ãã© ãšã©ãŒã«ãã£ãŠèª¬æãããå¯èœæ§ããããŸãã ãããã¯ããã·ã¢äŒæ¥ããã·ã¢ã«ã«ãŒããæã£ãŠããªãå¯èœæ§ãããã®æ¹ãç°¡åã§ãããšããçç±ã§å€åœé§åšå¡äºåæãæã£ãŠããªãå¯èœæ§ããããšããäºå®ã¯ãå€åœçµç¹RIPE NCCãšååŒããå Žåã«ã¯åœç¶ã®ããšã§ãã äžéšã®éšåã¯ééããªãäœåã§ããããªãœãŒã¹ã¯ããããã³ã°äžã«ãããXNUMX æ¥ç®ããã¯äºéããããã³ã°äžã«ãããã»ãšãã©ã®ã»ãã·ã§ã³ã¯åã«ããã€ãã®ãµãŒãã¹ ãã±ããã®äº€æã§ããããããããåé¢ããã®ã¯ç¢ºå®ã«å°é£ã§ãã ããã¯ã»ãã®äžéšã§ããããšã«åæããŸãããã
ãããã®æ°ã¯ãã§ã«ãã·ã¢ã®ãããã€ããŒã®æ°ãšæ¯èŒã§ããŸãã
DPIã«ã€ããŠ
ãã¹ãã£ã³ã° ãããã€ããŒã 4 æ¥ç®ãããã£ã«ã¿ãŒããªã³ã«ããã«ããããããã460 æ¥ç®ã®æ
å ±ã«åºã¥ããŠããããã¯ã¯æ£åžžã«æ©èœããŠãããšçµè«ä»ããããšãã§ããŸãã (äžèšã®äŸã®ããã«) HTTP ã»ãã·ã§ã³ãš TCP ã»ãã·ã§ã³ãééã§ããå®å
šã«å®äºãããœãŒã¹ã¯ XNUMX ã€ã ãã§ããã å¥ã® XNUMX ãéä¿¡ã§ããŸã GET
ããããã»ãã·ã§ã³ã¯ããã«çµäºããŸã RST
ã 泚æãæã TTL
:
TTL 50, TCP, 14678 > 80, "[SYN] Seq=0"
TTL 64, TCP, 80 > 14678, "[SYN, ACK] Seq=0 Ack=1"
TTL 50, TCP, 14678 > 80, "[ACK] Seq=1 Ack=1"
HTTP, "GET /filteredpage HTTP/1.1"
TTL 64, TCP, 80 > 14678, "[ACK] Seq=1 Ack=294"
#ÐÐŸÑ ÑÑП пÑОÑлал ÑОлÑÑÑ
TTL 53, TCP, 14678 > 80, "[RST] Seq=3458729893"
TTL 53, TCP, 14678 > 80, "[RST] Seq=3458729893"
HTTP, "HTTP/1.1 302 Found"
#Ð ÑÑП пПпÑÑка ОÑÑ
ПЎМПгП Ñзла пПлÑÑОÑÑ Ð¿ÐŸÑеÑÑ
TTL 50, TCP ACKed unseen segment, 14678 > 80, "[ACK] Seq=294 Ack=145"
TTL 50, TCP, 14678 > 80, "[FIN, ACK] Seq=294 Ack=145"
TTL 64, TCP, 80 > 14678, "[FIN, ACK] Seq=171 Ack=295"
TTL 50, TCP Dup ACK 14678 > 80 "[ACK] Seq=295 Ack=145"
#ÐÑÑ
ПЎМÑй Ñзел Ð¿ÐŸÐœÐžÐŒÐ°ÐµÑ ÑÑП ÑеÑÑÐžÑ ÑазÑÑÑеМа
TTL 50, TCP, 14678 > 80, "[RST] Seq=294"
TTL 50, TCP, 14678 > 80, "[RST] Seq=295"
ããã®ããªãšãŒã·ã§ã³ã¯ç°ãªãå ŽåããããŸãã RST
ãŸãã¯ãã以äžã®åéä¿¡ - ãã£ã«ã¿ãéä¿¡å
ããŒãã«éä¿¡ããå
容ã«ãäŸåããŸãã ãããã«ãããããã¯æãä¿¡é Œã§ãããã³ãã¬ãŒãã§ãããèŠæ±ããããªãœãŒã¹ãçŠæ¢ããããªãœãŒã¹ã§ããããšãæããã§ãã ããã«ãã»ãã·ã§ã³äžã«å¿
ãçããçŸããŸãã TTL
ååŸã®ããã±ãŒãžãããåªããŠããŸãã
ä»ããã¯èŠããŸãã GET
:
TTL 50, TCP, 14678 > 80, "[SYN] Seq=0"
TTL 64, TCP, 80 > 14678, "[SYN, ACK] Seq=0 Ack=1"
#ÐÐŸÑ ÑÑП пÑОÑлал ÑОлÑÑÑ
TTL 53, TCP, 14678 > 80, "[RST] Seq=1"
ãããšãïŒ
TTL 50, TCP, 14678 > 80, "[SYN] Seq=0"
TTL 64, TCP, 80 > 14678, "[SYN, ACK] Seq=0 Ack=1"
TTL 50, TCP, 14678 > 80, "[ACK] Seq=1 Ack=1"
#ÐÐŸÑ ÑÑП пÑОÑлал ÑОлÑÑÑ
TTL 53, TCP, 14678 > 80, "[RST, PSH] Seq=1"
TTL 50, TCP ACKed unseen segment, 14678 > 80, "[FIN, ACK] Seq=89 Ack=172"
TTL 50, TCP ACKed unseen segment, 14678 > 80, "[FIN, ACK] Seq=89 Ack=172"
#ÐпÑÑÑ ÑОлÑÑÑ, ЌМПгП Ñаз
TTL 53, TCP, 14678 > 80, "[RST, PSH] Seq=1"
...
éãã¯æããã«ç®ã«èŠããŠããã TTL
ãã£ã«ã¿ãŒããäœããå
¥ã£ãå Žåã ããããå€ãã®å Žåãäœãå°çããªãå¯èœæ§ããããŸãã
TCP, 14678 > 80, "[SYN] Seq=0"
TCP, 80 > 14678, "[SYN, ACK] Seq=0 Ack=1"
TCP Retransmission, 80 > 14678, "[SYN, ACK] Seq=0 Ack=1"
...
ãããšãïŒ
TCP, 14678 > 80, "[SYN] Seq=0"
TCP, 80 > 14678, "[SYN, ACK] Seq=0 Ack=1"
TCP, 14678 > 80, "[ACK] Seq=1 Ack=1"
#ÐÑПÑлП МеÑкПлÑкП ÑекÑМЎ без ÑÑаÑОка
TCP, 80 > 14678, "[FIN, ACK] Seq=1 Ack=1"
TCP Retransmission, 80 > 14678, "[FIN, ACK] Seq=1 Ack=1"
...
ãããŠãã°ã©ããããããããã«ãããããã¹ãŠãæ¯æ¥äœåºŠãç¹°ãè¿ãããŸãã
IPv6ã«ã€ããŠ
è¯ããã¥ãŒã¹ã¯ããããååšãããšããããšã§ãã çŠæ¢ãããŠãããªãœãŒã¹ãžã®å®æçãªãªã¯ãšã¹ãã 5 ã€ã®ç°ãªã IPv6 ã¢ãã¬ã¹ããçºçããŠãããšç¢ºä¿¡ã§ããŸããããã¯ãŸãã«ç§ãäºæ³ããŠãããšãŒãžã§ã³ãã®åäœã§ãã ããã«ãIPv6 ã¢ãã¬ã¹ã® XNUMX ã€ããã£ã«ã¿ãªã³ã°ã«è©²åœãããå®å
šãªã»ãã·ã§ã³ã衚瀺ãããŸãã ããã« XNUMX ã€ã®ã»ãã·ã§ã³ã®ãã¡ãæªå®äºã®ã»ãã·ã§ã³ã¯ XNUMX ã€ã ãèŠããŸãããããã®ãã¡ã® XNUMX ã€ã¯æ¬¡ã®ãããªçç±ã§äžæãããŸããã RST
ãã£ã«ã¿ãŒãããæéçã«ã¯ XNUMX çªç®ã§ãã åèšéé¡ 7.
ã¢ãã¬ã¹ãå°ãªãã®ã§ããã¹ãŠã詳ãã調ã¹ããšãããã¹ã¿ã³ãã£ã³ã°ãªããŒã·ã§ã³ãäžãããããããã€ããŒã 3 ã€ãããªãããšãããããŸããã å¥ã®ã¢ãã¬ã¹ã¯ãã·ã¢ã®ã¯ã©ãŠã ãã¹ãã£ã³ã° (ãã£ã«ã¿ãŒãªã)ããã XNUMX ã€ã¯ãã€ãã®ç 究ã»ã³ã¿ãŒ (ãã£ã«ã¿ãŒãããã©ã?) ã§ãã ãããããªãã¹ã±ãžã¥ãŒã«ã«åŸã£ãŠçŠæ¢ããããªãœãŒã¹ã®å©çšå¯èœæ§ããã§ãã¯ããã®ããšããããšã¯è¯ã質åã§ãã æ®ãã® XNUMX 件㯠XNUMX 件ã®ãªã¯ãšã¹ããè¡ã£ãŠããããã·ã¢åœå€ã«ããããã®ãã¡ XNUMX 件ã¯ãã£ã«ã¿ãªã³ã°ãããŠããŸã (çµå±ã®ãšããã茞éäž?)ã
ããããã³ã°ãšãšãŒãžã§ã³ã㯠IPv6 ã«ãšã£ãŠå€§ããªé害ãšãªã£ãŠãããIPvXNUMX ã®å®è£ ã¯ããã»ã©æ©ãã¯é²ãã§ããŸããã æ²ããã§ããã ãã®åé¡ã解決ãã人ã¯ãèªåèªèº«ãååã«èªãã«æãããšãã§ããŸãã
çµè«
ç§ã¯ 100% ã®ç²ŸåºŠãç®æããããã§ã¯ãããŸããããããã«ã€ããŠã¯ã容赊ãã ããã誰ãããã®äœæ¥ãããæ£ç¢ºã«åçŸããããšé¡ã£ãŠããŸãã ç§ã«ãšã£ãŠããã®ã¢ãããŒããåççã«æ©èœãããã©ãããç解ããããšãéèŠã§ããã çãã¯ãã¯ããã§ãã åŸãããæ°å€ã¯ãäžæ¬¡è¿äŒŒãšããŠã¯ããªãä¿¡é Œã§ãããšæããŸãã
ä»ã«ã§ããããšã¯ãããŸããããç§ãããã®ãé¢åã ã£ãã®ã¯ãDNS ãªã¯ãšã¹ããæ°ããããšã§ããã ãããã¯ãã£ã«ã¿ãªã³ã°ãããŸããããURL å šäœã§ã¯ãªããã¡ã€ã³ã«å¯ŸããŠã®ã¿æ©èœããããã粟床ãããŸãé«ããããŸããã åšæ³¢æ°ã衚瀺ãããã¯ãã§ãã ã¯ãšãªã§çŽæ¥è¡šç€ºããããã®ãšçµã¿åããããšãäžèŠãªãã®ãåé¢ããŠããå€ãã®æ å ±ãååŸã§ããããã«ãªããŸãã ãããã€ããŒãªã©ã䜿çšãã DNS ã®éçºè ãç¹å®ããããšãå¯èœã§ãã
ãã¹ãã£ã³ã°æ¥è
ãç§ã® VPS çšã«ç¬èªã®ãã£ã«ã¿ãŒãå«ãããšã¯ãŸã£ããäºæ³ããŠããŸããã§ããã ããããããã¯äžè¬çãªæ
£è¡ã§ãã æçµçã«ãRKN ã¯ãªãœãŒã¹ãåé€ãããªã¯ãšã¹ãããã¹ã¿ãŒã«éä¿¡ããŸãã ããããããã¯ç§ã«ãšã£ãŠé©ãã¹ãããšã§ã¯ãªããããæå³ã§ã¯ç§ã«ãšã£ãŠæå©ã«åããããšãããããŸããã ãã®ãã£ã«ã¿ãŒã¯éåžžã«å¹æçã«æ©èœããçŠæ¢ããã URL ãžã®æ£ãã HTTP ãªã¯ãšã¹ãããã¹ãŠé®æããŸãããããããã€ããŒã®ãã£ã«ã¿ãŒã以åã«ééããæ£ãã HTTP ãªã¯ãšã¹ãã¯ãããšãæ«å°Ÿã®åœ¢ã ãã§ãã£ãŠãããããã® URL ã«å°éããŠããŸããã§ããã FIN-ACK
О RST
- ãã€ãã¹ã«ã¯ãã€ãã¹ããããŠããã¯ã»ãšãã©ãã©ã¹ã§ããããšãå€æããŸããã ã¡ãªã¿ã«IPv6ã¯ãã¹ãã£ã³ã°æ¥è
ã«ãããã£ã«ã¿ãªã³ã°ã¯ãããŠããŸããã§ããã ãã¡ãããããã¯åéãããçŽ æã®å質ã«åœ±é¿ãäžããŸããããããã§ãé »åºŠã確èªã§ããããã«ãªããŸããã ããã¯ããªãœãŒã¹ãé
眮ãããµã€ããéžæããéã®éèŠãªãã€ã³ãã§ããããšãããããŸãããçŠæ¢ããããµã€ãã®ãªã¹ããš RKN ããã®èŠæ±ãèæ
®ããäœæ¥ã®æŽçã®åé¡ã«é¢å¿ãæã€ããšãå¿ããªãã§ãã ããã
åé ã§ã¯ASãInspectorããšæ¯èŒããŠã¿ãŸããã
ããäžã€è§ŠããŠããããã®ã¯ãããããããŒã«ã¯æŠåšã«ãªãåŸããšããããšã§ãã ASãã€ã³ã¹ãã¯ã¿ãŒãã¯éãããããã¯ãŒã¯ã§ããããšãŒãžã§ã³ãã¯çŠæ¢ãªã¹ãã«ãããã¹ãŠã®ãªãœãŒã¹ã«å¯Ÿãããªã¯ãšã¹ããéä¿¡ããããšã§å
šå¡ãåŒãæž¡ããŸãã ãã®ãããªãªãœãŒã¹ããã£ãŠããŸã£ããåé¡ã¯ãããŸããã åèšãããšããããã€ããŒã¯ãšãŒãžã§ã³ããéããŠãç¥ããç¥ããã®ãã¡ã«ããããã䟡å€ããã以äžã«ãããã¯ãŒã¯ã«ã€ããŠå€ãã®æ
å ±ãäŒããŸããã€ãŸããDPI ãš DNS ã®çš®é¡ããšãŒãžã§ã³ãã®å Žæ (ã»ã³ãã©ã« ããŒããšãµãŒãã¹ ãããã¯ãŒã¯?)ãé
延ãšæ倱ã®ãããã¯ãŒã¯ ããŒã«ãŒããããããã§ããæãæãããªããšã ãã 誰ãããªãœãŒã¹ã®å¯çšæ§ãåäžãããããã«ãšãŒãžã§ã³ãã®ã¢ã¯ã·ã§ã³ãç£èŠã§ããã®ãšåæ§ã«ã誰ããä»ã®ç®çã§ãããè¡ãããšãã§ããããã«ã¯äœã®é害ããããŸããã ãã®çµæãäž¡åã®éåžžã«å€é¢çãªããŒã«ãèªçããŸãããããã¯èª°ã§ãããããŸãã
åºæïŒ habr.com