DDoS æ»æã¯ãäŸç¶ãšããŠæ
å ±ã»ãã¥ãªãã£ã®åéã§æãè°è«ãããŠãããããã¯ã® XNUMX ã€ã§ãã åæã«ããã®ãããªæ»æã®ããŒã«ã§ããããã ãã©ãã£ãã¯ããªã³ã©ã€ã³ ããžãã¹ã«ä»ã®å€ãã®å±éºã䌎ãããšã誰ããç¥ã£ãŠããããã§ã¯ãããŸããã ãããã®å©ããåããŠãæ»æè
㯠Web ãµã€ããç¡å¹ã«ããã ãã§ãªããããŒã¿ãçã¿ãããžãã¹ææšãæªããåºåã³ã¹ããå¢å ããããµã€ãã®è©å€ãæãªãããšãã§ããŸãã è
åšããã詳现ã«åæããåºæ¬çãªä¿è·æ¹æ³ã«ã€ããŠãæãåºããŠã¿ãŸãããã
解æäž
ãããã¯ãµãŒãããŒãã£ã®ãµã€ãäžã®ããŒã¿ãåžžã«è§£æ (ã€ãŸããåé) ããŸãã 圌ãã¯ã³ã³ãã³ããçã¿ãåºå žãæ瀺ããã«å ¬éããŸãã åæã«ãã³ããŒãããã³ã³ãã³ãããµãŒãããŒãã£ã®ãµã€ãã«æçš¿ãããšãæ€çŽ¢çµæã®ãœãŒã¹ ãªãœãŒã¹ãäœäžãããµã€ãã®èŠèŽè æ°ã売äžãåºååå ¥ãæžå°ããŸãã ãããã¯ãååãå®ã販売ããŠé¡§å®¢ãé ãããããã«äŸ¡æ Œã远跡ããããšããããŸãã 圌ãã¯ããé«ãäŸ¡æ Œã§è»¢å£²ããããã«ããŸããŸãªãã®ãè³Œå ¥ããŸãã èåœã®æ³šæãäœæããŠç©æµãªãœãŒã¹ãç©ã¿èŸŒã¿ããŠãŒã¶ãŒãååãå©çšã§ããªããªãå¯èœæ§ããããŸãã
解æã¯ããªã³ã©ã€ã³ ã¹ãã¢ãç¹ã«äž»ãªãã©ãã£ãã¯ãéçŽãµã€ãããæ¥ããªã³ã©ã€ã³ ã¹ãã¢ã®äœæ¥ã«å€§ããªåœ±é¿ãäžããŸãã æ»æè ã¯äŸ¡æ Œã解æããåŸã補åã®äŸ¡æ Œãå ã®äŸ¡æ Œãããããã«äœãèšå®ãããããæ€çŽ¢çµæã§ã®è¡šç€ºãå€§å¹ ã«äžæããŸãã æ è¡ããŒã¿ã«ããããæ»æã®å¯Ÿè±¡ãšãªãããšãå€ãããã±ããããã¢ãŒãããã«ã«é¢ããæ å ±ãçãŸããŸãã
äžè¬ã«ãæèšã¯åçŽã§ãããªãœãŒã¹ã«åºæã®ã³ã³ãã³ããå«ãŸããŠããå Žåããããã¯ãã§ã«ããªãã®ãšããã«æ¥ãŠããŸãã
ããŒã
ã€ã³ãžã±ãŒã¿ãŒã®å¢å ã¯ããµã€ãäžã®ãããã®ååšã«ããä»éçãªåœ±é¿ã§ãã ãã¹ãŠã®ãããã®ã¢ã¯ã·ã§ã³ã¯ããžãã¹ææšã«åæ ãããŸãã äžæ£ãªãã©ãã£ãã¯ã®å²åã倧ããããããªãœãŒã¹åæã«åºã¥ã決å®ã誀ãããšããããããŸãã
ããŒã±ãã£ã³ã°æ
åœè
ã¯ã蚪åè
ããªãœãŒã¹ãã©ã®ããã«å©çšãã賌å
¥ãããã調æ»ããŸãã 圌ãã¯ã³ã³ããŒãžã§ã³çãšèŠèŸŒã¿é¡§å®¢ã調ã¹ãäž»èŠãªè²©å£²ç®æšå°éããã»ã¹ãç¹å®ããŸãã äŒæ¥ãA/Bãã¹ããå®æœãããã®çµæã«å¿ããŠãµã€ãéå¶ã®æŠç¥ãçå®ããŸãã ãããã¯ããããã¹ãŠã®ææšã«åœ±é¿ãäžãããããäžåçãªææ決å®ãäžå¿
èŠãªããŒã±ãã£ã³ã° ã³ã¹ããçºçããŸãã
æ»æè
ã¯ãããã䜿çšããŠããœãŒã·ã£ã« ãããã¯ãŒã¯ãªã©ã®ãµã€ãã®è©å€ã«åœ±é¿ãäžããããšãã§ããŸãã ç¶æ³ã¯ãªã³ã©ã€ã³æ祚ãµã€ãã§ãåæ§ã§ãæ»æè
ãæãéžæè¢ãåã€ããã«ããããææšãæ°Žå¢ãããããšããããããŸãã
äžæ£è¡çºãæ€åºããæ¹æ³:
- åæã確èªããŠãã ããã ãã°ã€ã³è©Šè¡ãªã©ã®ææšãæ¥æ¿ãã€äºæããå¢å ããå Žåãå€ãã®å Žåããããæ»æãæå³ããŸãã
- ãã©ãã£ãã¯ã®çºä¿¡å ã®å€åãç£èŠããŸãã ãµã€ããç°åžžãªåœããç°åžžã«å€§éã®ãªã¯ãšã¹ããåä¿¡ããããšããããŸãããã£ã³ããŒã³ã®å¯Ÿè±¡ããã®åœã«èšå®ããŠããªãå Žåãããã¯å¥åŠã§ãã
DDoSæ»æ
å€ãã®äººã DDoS æ»æã«ã€ããŠèããããšãããããããã¯çµéšããããšããããŸãã ãã©ãã£ãã¯ãå€ãããã«ãªãœãŒã¹ãåžžã«ç¡å¹ã«ãªãããã§ã¯ãªãããšã«æ³šæããŠãã ããã API æ»æã¯é »åºŠãäœãããšãå€ããã¢ããªã±ãŒã·ã§ã³ãã¯ã©ãã·ã¥ããŠãããã¡ã€ã¢ãŠã©ãŒã«ãšããŒã ãã©ã³ãµãŒã¯äœäºããªãã£ããã®ããã«åäœããŸãã
ããŒã ããŒãžãžã®ãã©ãã£ãã¯ã XNUMX åã«ãªã£ãŠãããµã€ãã®ããã©ãŒãã³ã¹ã«ã¯åœ±é¿ããªãå¯èœæ§ããããŸãããã¢ããªã±ãŒã·ã§ã³ããã©ã³ã¶ã¯ã·ã§ã³ã«é¢ä¿ãããã¹ãŠã®ã³ã³ããŒãã³ãã«è€æ°ã®ãªã¯ãšã¹ããéä¿¡ãå§ãããããåãè² è·ãã«ãŒã ããŒãžã«çŽæ¥éä¿¡ããããšåé¡ãçºçããŸãã
æ»æãæ€åºããæ¹æ³ (æåã® XNUMX ã€ã®ç¹ã¯æçœã«æãããããããŸããããç¡èŠããªãã§ãã ãã)ã
- 顧客ã¯ãµã€ããæ©èœããªããšèŠæ ãç³ãç«ãŠãŠããŸãã
- ãµã€ããŸãã¯åã ã®ããŒãžãé ãã
- åã ã®ããŒãžã®ãã©ãã£ãã¯ãæ¥æ¿ã«å¢å ããã«ãŒããŸãã¯æ¯æãããŒãžã«å¯ŸããŠå€§éã®ãªã¯ãšã¹ãã衚瀺ãããŸãã
å人ã¢ã«ãŠã³ãã®ãããã³ã°
BruteForce (ãã¹ã¯ãŒãç·åœããæ»æ) ã¯ãããã䜿çšããŠçµç¹ãããŸãã æŒæŽ©ããããŒã¿ããŒã¹ã¯ãããã³ã°ã«äœ¿çšãããŸãã å¹³åããŠããŠãŒã¶ãŒãæãã€ããã¹ã¯ãŒãã®ãªãã·ã§ã³ã¯ãã¹ãŠã®ãªã³ã©ã€ã³ ã¢ã«ãŠã³ãã«å¯Ÿã㊠XNUMX ã€ä»¥äžã§ãããããã®ãªãã·ã§ã³ã¯ãå¯èœãªéãçãæéã§äœçŸäžãã®çµã¿åããããã§ãã¯ãããããã«ãã£ãŠç°¡åã«éžæãããŸãã ãã®åŸãæ»æè ã¯çŸåšã®ãã°ã€ã³ãšãã¹ã¯ãŒãã®çµã¿åãããå販ããå¯èœæ§ããããŸãã
ããã«ãŒã¯å人ã¢ã«ãŠã³ããä¹ã£åãããããèªåãã¡ã®å©çã®ããã«å©çšããããšããããŸãã ããšãã°ãèç©ãããããŒãã¹ãåŒãåºããããè³Œå ¥ããã€ãã³ãã®ãã±ãããçãã ããããªã©ãäžè¬ã«ããããªãã¢ã¯ã·ã§ã³ã«ã¯å€ãã®ãªãã·ã§ã³ããããŸãã
BruteForce ãèŠåããã®ã¯ããã»ã©é£ããããšã§ã¯ãããŸãããããã«ãŒãã¢ã«ãŠã³ãããããã³ã°ããããšããŠãããšããäºå®ã¯ããã°ã€ã³è©Šè¡ã®å€±æåæ°ãç°åžžã«å€ãããšããããããŸãã ãã ããæ»æè ãå°æ°ã®ãªã¯ãšã¹ããéä¿¡ããããšããããŸãã
ã¯ãªãã¯ãã
ãããã«ããåºåãã¯ãªãã¯ãããŸãŸæŸçœ®ãããšãäŒæ¥ã«å€å€§ãªæ倱ãããããå¯èœæ§ããããŸãã æ»æäžããããã¯ãµã€ãã«æ²èŒãããåºåãã¯ãªãã¯ãããããææšã«å€§ããªåœ±é¿ãäžããŸãã
åºåäž»ã¯ããµã€ãã«æ²èŒããããããŒããããªãå®éã®ãŠãŒã¶ãŒã«é²èŠ§ãããããšãæåŸ ããŠããã®ã¯æããã§ãã ããããã€ã³ãã¬ãã·ã§ã³æ°ã«ã¯éããããããããããã®ããã§åºåã衚瀺ããã人ã¯ãŸããŸãå°ãªããªããŸãã
ãµã€ãèªäœã¯åºåã衚瀺ããããšã§å©çãå¢ãããããšèããŠããŸãã ãŸããåºåäž»ã¯ãããã®ãã©ãã£ãã¯ã確èªãããšããµã€ããžã®æ²èŒæ°ãæžããããšã«ãªããæ倱ãçºçãããµã€ãã®è©å€ãäœäžããŸãã
å°é家ã¯ã次ã®çš®é¡ã®åºåè©æ¬ºãç¹å®ããŸãã
- 誀ã£ãèŠè§£ã ãããã¯å€ãã® Web ãµã€ã ããŒãžã«ã¢ã¯ã»ã¹ããäžæ£ãªåºåãã¥ãŒãçæããŸãã
- ã¯ãªãã¯è©æ¬ºã ãããã¯æ€çŽ¢å ã®åºåãªã³ã¯ãã¯ãªãã¯ãããããæ€çŽ¢åºåã³ã¹ãã®å¢å ã«ã€ãªãããŸãã
- ãªã¿ãŒã²ãã£ã³ã°ã ãããã¯ãåºåäž»ã«ãšã£ãŠããé«äŸ¡ãª Cookie ãã¯ãªãã¯ããŠäœæããåã«ãè€æ°ã®æ£èŠã®ãµã€ãã«ã¢ã¯ã»ã¹ããŸãã
ã¯ãªãã¯ãæ€åºããã«ã¯ã©ãããã°ããã§ãã? éåžžããã©ãã£ãã¯ããäžæ£è¡çºãæé€ãããåŸã¯ãã³ã³ããŒãžã§ã³çãäœäžããŸãã ãããŒã®ã¯ãªãã¯æ°ãäºæ³ãããå€ãå Žåã¯ããµã€ãã«ããããååšããããšã瀺ããŠããŸãã éæ³ãªãã©ãã£ãã¯ã瀺ããã®ä»ã®ææšãšããŠã¯ã次ã®ãããªãã®ããããŸãã
- æå°éã®ã³ã³ããŒãžã§ã³ã§åºåã®ã¯ãªãã¯æ°ãå¢å ããŸãã
- åºåå 容ã¯å€ãã£ãŠããªãã«ãããããããã³ã³ããŒãžã§ã³ã¯æžå°ããŠããŸãã
- XNUMX ã€ã® IP ã¢ãã¬ã¹ããã®è€æ°åã®ã¯ãªãã¯ã
- ã¯ãªãã¯æ°ã®å¢å ã«äŒŽããŠãŒã¶ãŒ ãšã³ã²ãŒãžã¡ã³ãçã®äœäž (å€æ°ã®çŽåž°ãå«ã)ã
è匱æ§ã®æ€çŽ¢
è匱æ§ãã¹ãã¯ããµã€ããš API ã®åŒ±ç¹ãæ¢ãèªåããã°ã©ã ã«ãã£ãŠå®è¡ãããŸãã 人æ°ã®ããããŒã«ã«ã¯ãMetasploitãBurp SuiteãGrendel ScanãNmap ãªã©ããããŸãã äŒæ¥ãç¹å¥ã«éã£ããµãŒãã¹ãšæ»æè ã®äž¡æ¹ããµã€ããã¹ãã£ã³ããå¯èœæ§ããããŸãã ãµã€ãã¯ãããã³ã°ã®å°é家ãšäº€æžããŠããã®ä¿è·ã確èªããŸãã ãã®å Žåãç£æ»äººã® IP ã¢ãã¬ã¹ã¯ãã¯ã€ã ãªã¹ãã«å«ãŸããŸãã
æ»æè ã¯äºåã®åæãªãã«ãµã€ãããã¹ãããŸãã å°æ¥ãããã«ãŒã¯ãã§ãã¯ã®çµæãç¬èªã®ç®çã«äœ¿çšããŸããããšãã°ããµã€ãã®åŒ±ç¹ã«é¢ããæ å ±ãå販ããå¯èœæ§ããããŸãã ãªãœãŒã¹ãæå³çã«ã¹ãã£ã³ãããã®ã§ã¯ãªãããµãŒãããŒãã£ã®ãªãœãŒã¹ã®è匱æ§ãæªçšããäžç°ãšããŠã¹ãã£ã³ãããããšããããŸãã WordPress ãäŸã«æããŠã¿ãŸããããããããã®ããŒãžã§ã³ã§ãã°ãèŠã€ãã£ãå Žåããããã¯ãã®ããŒãžã§ã³ã䜿çšããŠãããã¹ãŠã®ãµã€ããæ€çŽ¢ããŸãã ããªãã®ãªãœãŒã¹ããã®ãããªãªã¹ãã«èŒã£ãŠããå Žåãããã«ãŒã蚪åããããšãäºæ³ãããŸãã
ããããæ€åºããã«ã¯ã©ãããã°ããã§ãã?
ãµã€ãã®åŒ±ç¹ãèŠã€ããããã«ãæ»æè ã¯ãŸãåµå¯ãè¡ããŸããããã«ããããµã€ãäžã§ã®äžå¯©ãªã¢ã¯ãã£ããã£ãå¢å ããŸãã ãã®æ®µéã§ãããããã£ã«ã¿ãªã³ã°ãããšããã®åŸã®æ»æãåé¿ã§ããŸãã ããããæ€åºããã®ã¯å°é£ã§ãããXNUMX ã€ã® IP ã¢ãã¬ã¹ãããµã€ãã®ãã¹ãŠã®ããŒãžã«ãªã¯ãšã¹ããéä¿¡ãããå Žåã¯ãå±éºä¿¡å·ã§ããå¯èœæ§ããããŸãã ååšããªãããŒãžã«å¯Ÿãããªã¯ãšã¹ãã®å¢å ã«æ³šæããå¿ èŠããããŸãã
СпаЌ
ãããã¯ããŠãŒã¶ãŒã®ç¥ããªããã¡ã«ãWeb ãµã€ãã®ãã©ãŒã ã«ãžã£ã³ã¯ ã³ã³ãã³ããå ¥åããå¯èœæ§ããããŸãã ã¹ãããŒã¯ã³ã¡ã³ããã¬ãã¥ãŒãæ®ããåœã®ç»é²ã泚æãäœæããŸãã ããããšæŠãå€å žçãªæ¹æ³ã§ãã CAPTCHA ã¯ãå®éã®ãŠãŒã¶ãŒãã€ã©ã€ã©ãããããããã®å Žåã¯å¹æããããŸããã ããã«ããããã¯ãã®ãããªããŒã«ãåé¿ããããšãåŠç¿ããŸããã
ã»ãšãã©ã®å Žåãã¹ãã ã¯ç¡å®³ã§ãããããããçããããµãŒãã¹ãæäŸããå ŽåããããŸãããããã¯ãåœé åãå»è¬åã®è²©å£²ã®åºåãæçš¿ãããã«ã ãµã€ããžã®ãªã³ã¯ã宣äŒãããŠãŒã¶ãŒãè©æ¬ºãªãœãŒã¹ã«èªå°ããŸãã
ã¹ãããŒããããæ€åºããæ¹æ³:
- ãµã€ãã«ã¹ãã ã衚瀺ãããå Žåããããæçš¿ããŠããã®ã¯å®éã«ã¯ãããã§ããå¯èœæ§ãé«ããªããŸãã
- ã¡ãŒãªã³ã° ãªã¹ãã«ã¯ç¡å¹ãªã¢ãã¬ã¹ãå€æ°ãããŸãã ãããã¯ååšããªãã¡ãŒã«ãæ®ãããšããããããŸãã
- ããªãã®ããŒãããŒãåºåäž»ã¯ãããªãã®ãµã€ãããã¹ãã èªå°ãæ¥ãŠãããšèŠæ ãèšã£ãŠããŸãã
ãã®èšäºãèªããšãèªåã ãã§ããããšæŠãã®ã¯é£ããããã«æãããããããŸããã å®éãããã¯äºå®ã§ãããWeb ãµã€ãã®ä¿è·ã¯å°é家ã«ä»»ããã»ããããã§ãããã 倧äŒæ¥ã§ãã£ãŠããå€ãã®å Žåãäžæ£ãªãã©ãã£ãã¯ãç¬èªã«ç£èŠããããšã¯ã§ããããŸããŠããã£ã«ã¿ãªã³ã°ããããšã¯ã§ããŸãããããã«ã¯ãIT ããŒã ã«å€å€§ãªå°éç¥èãšå€é¡ã®è²»çšãå¿ èŠãšãªãããã§ãã
Variti ã¯ãè©æ¬ºãDDoSãã¯ãªãã¯ãã¹ã¯ã¬ã€ãã³ã°ãªã©ãããããçš®é¡ã®ãããæ»æãã Web ãµã€ããš API ãä¿è·ããŸãã åœç€Ÿç¬èªã® Active Bot Protection ãã¯ãããžãŒã«ãããCAPTCHA ã IP ã¢ãã¬ã¹ã®ãããã¯ãè¡ããã«ããããèå¥ããŠãããã¯ã§ããŸãã
åºæïŒ habr.com