Ka taea e te pouara kaainga (i tenei keehi FritzBox) te tuhi i te maha: e hia nga waka e haere ana i te wa, ko wai e hono ana i te tere, aha atu. Na tetahi ingoa rohe (DNS) i runga i te whatunga rohe i awhina i ahau ki te rapu he aha te mea i huna i muri i nga kaiwhiwhi kore mohio.
I te katoa, he pai te paanga o DNS ki te whatunga kaainga: kua taapirihia te tere, te pumau, me te whakahaere.
Kei raro nei he hoahoa i whakaara ake i nga patai me te hiahia kia mohio koe ki nga mahi. Kua tātarihia e nga hua nga tono e mohiotia ana, e mahi ana ki nga kaiwhakarato ingoa rohe.
He aha e 60 nga rohe kerekere i pootihia ia ra i te wa e moe tonu ana te katoa?
Ia ra, 440 nga rohe e kore e mohiotia ka pootihia i nga haora hohe. Ko wai ratou, he aha ta ratou mahi?
Tau toharite o nga tono mo ia ra ma ia haora
Uiui ripoata SQL
WITH CLS AS ( /* prepare unique requests */
SELECT
DISTINCT DATE_NK,
STRFTIME( '%s', SUBSTR(DATE_NK,8,4) || '-' ||
CASE SUBSTR(DATE_NK,4,3)
WHEN 'Jan' THEN '01' WHEN 'Feb' THEN '02' WHEN 'Mar' THEN '03' WHEN 'Apr' THEN '04' WHEN 'May' THEN '05' WHEN 'Jun' THEN '06'
WHEN 'Jul' THEN '07' WHEN 'Aug' THEN '08' WHEN 'Sep' THEN '09' WHEN 'Oct' THEN '10' WHEN 'Nov' THEN '11'
ELSE '12' END || '-' || SUBSTR(DATE_NK,1,2) || ' ' || SUBSTR(TIME_NK,1,8) ) AS EVENT_DT,
REQUEST_NK, DOMAIN
FROM STG_BIND9_LOG )
SELECT
1 as 'Line: DNS Requests per Day for Hours',
strftime('%H:00', datetime(EVENT_DT, 'unixepoch')) AS 'Day',
ROUND(1.0*SUM(1)/COUNT(DISTINCT strftime('%d.%m', datetime(EVENT_DT, 'unixepoch'))), 1) AS 'Requests per Day'
FROM CLS
WHERE DOMAIN NOT IN ('in-addr.arpa', 'IN-ADDR.ARPA', 'local', 'dyndns', 'nas', 'ntp.org')
AND datetime(EVENT_DT, 'unixepoch') > date('now', '-20 days')
GROUP BY /* hour aggregate */
strftime('%H:00', datetime(EVENT_DT, 'unixepoch'))
ORDER BY strftime('%H:00', datetime(EVENT_DT, 'unixepoch'))I te po, ka monokia te uru ahokore me te mahi a te taputapu, i.e. karekau he pooti mo nga rohe e kore e mohiotia. Ko te tikanga ko te mahi nui ka puta mai i nga taputapu whai punaha whakahaere penei i te Android, iOS me te Blackberry OS.
Me whakarārangihia nga rohe e tino pootihia ana. Ko te kaha ka whakatauhia e nga tawhā penei i te maha o nga tono mo ia ra, te maha o nga ra mahi me te maha o nga haora o te ra i kitea.
Ko nga tangata whakapae katoa kei runga i te rarangi ingoa.
Nga rohe pooti kaha
Uiui ripoata SQL
WITH CLS AS ( /* prepare unique requests */
SELECT
DISTINCT DATE_NK,
STRFTIME( '%s', SUBSTR(DATE_NK,8,4) || '-' ||
CASE SUBSTR(DATE_NK,4,3)
WHEN 'Jan' THEN '01' WHEN 'Feb' THEN '02' WHEN 'Mar' THEN '03' WHEN 'Apr' THEN '04' WHEN 'May' THEN '05' WHEN 'Jun' THEN '06'
WHEN 'Jul' THEN '07' WHEN 'Aug' THEN '08' WHEN 'Sep' THEN '09' WHEN 'Oct' THEN '10' WHEN 'Nov' THEN '11'
ELSE '12' END || '-' || SUBSTR(DATE_NK,1,2) || ' ' || SUBSTR(TIME_NK,1,8) ) AS EVENT_DT,
REQUEST_NK, DOMAIN
FROM STG_BIND9_LOG )
SELECT
1 as 'Table: Havy DNS Requests',
REQUEST_NK AS 'Request',
DOMAIN AS 'Domain',
REQ AS 'Requests per Day',
DH AS 'Hours per Day',
DAYS AS 'Active Days'
FROM (
SELECT
REQUEST_NK, MAX(DOMAIN) AS DOMAIN,
COUNT(DISTINCT REQUEST_NK) AS SUBD,
COUNT(DISTINCT strftime('%d.%m', datetime(EVENT_DT, 'unixepoch'))) AS DAYS,
ROUND(1.0*SUM(1)/COUNT(DISTINCT strftime('%d.%m', datetime(EVENT_DT, 'unixepoch'))), 1) AS REQ,
ROUND(1.0*COUNT(DISTINCT strftime('%d.%m %H', datetime(EVENT_DT, 'unixepoch')))/COUNT(DISTINCT strftime('%d.%m', datetime(EVENT_DT, 'unixepoch'))), 1) AS DH
FROM CLS
WHERE DOMAIN NOT IN ('in-addr.arpa', 'IN-ADDR.ARPA', 'local', 'dyndns', 'nas', 'ntp.org')
AND datetime(EVENT_DT, 'unixepoch') > date('now', '-20 days')
GROUP BY REQUEST_NK )
WHERE DAYS > 9 -- long period
ORDER BY 4 DESC, 5 DESC
LIMIT 20Ka aukatihia e matou isс.blackberry.com me iceberg.blackberry.com, ka whakamanahia e te kaihanga mo nga take haumaru. Hua: i te wa e ngana ana ki te hono ki te WLAN, ka whakaatuhia te wharangi takiuru ka kore e hono atu ki hea. Kia wetewete tatou.
Ko te detectportal.firefox.com he rite tonu te tikanga, ka whakatinanahia ki te tirotiro Firefox. Mena ka hiahia koe ki te takiuru ki te whatunga WLAN, ka whakaatu tuatahi i te wharangi takiuru. Kaore i te tino marama he aha te take me pinged te wahitau i nga wa maha, engari he maamaa te korero a te kaihanga.
skype. He rite nga mahi o tenei papatono ki te noke: ka huna, kare e tuku noa kia patua i roto i te paetaumahi, he nui nga waka i runga i te whatunga, pings 10 rohe ia 4 meneti. I te wa e waea ataata ana, ka pakaru tonu te hononga Ipurangi, ina kore e pai ake. Inaianei e tika ana, no reira ka mau tonu.
upload.fp.measure.office.com - e pa ana ki te Office 365, kaore au i kitea he whakaahuatanga tika.
browser.pipe.aria.microsoft.com - Kare i kitea e au he whakaahuatanga tika.
Ka aukatihia e matou e rua.
hono.facebook.net - Taupānga kōrerorero Facebook. Tonu.
mediator.mail.ru Ko te tātaritanga o nga tono katoa mo te rohe mail.ru i kitea te maha o nga rauemi panui me nga kaikohi tatauranga, na reira ka kore te whakapono. Ka tukuna katoatia te rohe mail.ru ki te rarangi pango.
google-analytics.com - kaore e pa ki te mahi o nga taputapu, na reira ka aukatihia e matou.
doubleclick.net - ka tatau i nga panui panui. Ka poraka tatou.
He maha nga tono ka haere ki googleapis.com. Na te aukati i te katinga koa o nga karere poto i runga i te papa, he ahua poauau ki ahau. Engari ka mutu te mahi a te toa purei, no reira me wetewete.
cloudflare.com - ka tuhi ratou e aroha ana ratou ki te puna tuwhera, a, i te nuinga o te waa, he maha nga korero mo ratou ano. Ko te kaha o te rangahau rohe kaore i te tino marama, he nui ake te teitei atu i nga mahi i runga i te Ipurangi. Me waiho mo tenei wa.
Na, ko te kaha o nga tono e pa ana ki nga mahi e hiahiatia ana o nga taputapu. Engari i kitea ano te hunga i kaha ki te mahi.
Ko te tuatahi
Ina ka ana te Ipurangi ahokore, kei te moe tonu te katoa, ka taea te kite ko wai nga tono ka tukuna ki te whatunga tuatahi. Na, i te 6:50 ka huri te Ipurangi, a i roto i te waa tekau meneti tuatahi ka pootihia nga rohe 60 ia ra:
Uiui ripoata SQL
WITH CLS AS ( /* prepare unique requests */
SELECT
DISTINCT DATE_NK,
STRFTIME( '%s', SUBSTR(DATE_NK,8,4) || '-' ||
CASE SUBSTR(DATE_NK,4,3)
WHEN 'Jan' THEN '01' WHEN 'Feb' THEN '02' WHEN 'Mar' THEN '03' WHEN 'Apr' THEN '04' WHEN 'May' THEN '05' WHEN 'Jun' THEN '06'
WHEN 'Jul' THEN '07' WHEN 'Aug' THEN '08' WHEN 'Sep' THEN '09' WHEN 'Oct' THEN '10' WHEN 'Nov' THEN '11'
ELSE '12' END || '-' || SUBSTR(DATE_NK,1,2) || ' ' || SUBSTR(TIME_NK,1,8) ) AS EVENT_DT,
REQUEST_NK, DOMAIN
FROM STG_BIND9_LOG )
SELECT
1 as 'Table: First DNS Requests at 06:00',
REQUEST_NK AS 'Request',
DOMAIN AS 'Domain',
REQ AS 'Requests',
DAYS AS 'Active Days',
strftime('%H:%M', datetime(MIN_DT, 'unixepoch')) AS 'First Ping',
strftime('%H:%M', datetime(MAX_DT, 'unixepoch')) AS 'Last Ping'
FROM (
SELECT
REQUEST_NK, MAX(DOMAIN) AS DOMAIN,
MIN(EVENT_DT) AS MIN_DT,
MAX(EVENT_DT) AS MAX_DT,
COUNT(DISTINCT strftime('%d.%m', datetime(EVENT_DT, 'unixepoch'))) AS DAYS,
ROUND(1.0*SUM(1)/COUNT(DISTINCT strftime('%d.%m', datetime(EVENT_DT, 'unixepoch'))), 1) AS REQ
FROM CLS
WHERE DOMAIN NOT IN ('in-addr.arpa', 'IN-ADDR.ARPA', 'local', 'dyndns', 'nas', 'ntp.org')
AND datetime(EVENT_DT, 'unixepoch') > date('now', '-20 days')
AND strftime('%H', datetime(EVENT_DT, 'unixepoch')) = strftime('%H', '2019-08-01 06:50:00')
GROUP BY REQUEST_NK
)
WHERE DAYS > 3 -- at least 4 days activity
ORDER BY 5 DESC, 4 DESCKa tirohia e Firefox te hononga WLAN mo te waahi o te whaarangi takiuru.
Kei te pinging a Citrix i tana tūmau ahakoa kaore i te kaha te rere o te tono.
Ka whakamanahia e Symantec nga tiwhikete.
Ka tirotirohia e Mozilla nga whakahou, ahakoa i roto i nga tautuhinga i tono ahau kia kaua e mahi i tenei.
Ko te mmo.de he ratonga petipeti. Ko te nuinga o te waa ka timata te tono ma te korerorero facebook. Ka poraka tatou.
Ka whakahohehia e Apple ana ratonga katoa. api-glb-fra.smoot.apple.com - ma te whakamaaramatanga, ka tukuna nga patene katoa ki konei mo nga kaupapa arotautanga miihini rapu. He tino whakapae, engari e pa ana ki te mahi. Ka waiho e matou.
E whai ake nei he rarangi roa o nga tono ki microsoft.com. Ka aukatihia e matou nga rohe katoa mai i te taumata tuatoru.
Te maha o nga roheroto tuatahi
Na, ko nga meneti 10 tuatahi o te huri i te Ipurangi ahokore.
Ka pooti a iOS i te nuinga o nga rohe-roto - 32. Whai muri ko te Android - 24, katahi ko Windows - 15 ka mutu ko Blackberry - 9.
Ko te tono facebook anake te pooti 10 rohe, skype polls 9 rohe.
He puna korero
Ko te puna mo te tātaritanga ko te bind9 te konae rangitaki tūmau rohe, kei roto te whakatakotoranga e whai ake nei:
01-Aug-2019 20:03:30.996 client 192.168.0.2#40693 (api.aps.skype.com): query: api.aps.skype.com IN A + (192.168.0.102)
I kawemai te konae ki roto i te putunga sqlite ka tātarihia ma te whakamahi i nga patai SQL.
Ka mahi te tūmau hei keteroki; ka puta mai nga tono mai i te pouara, na reira kotahi tonu te tono a te kiritaki. He rawaka te anga tepu whakangawari, ara. Kei te ripoata te wa o te tono, te tono ake, me te rohe taumata tuarua mo te whakarōpū.
DDL ripanga
CREATE TABLE STG_BIND9_LOG (
LINE_NK INTEGER NOT NULL DEFAULT 1,
DATE_NK TEXT NOT NULL DEFAULT 'n.a.',
TIME_NK TEXT NOT NULL DEFAULT 'n.a.',
CLI TEXT, -- client
IP TEXT,
REQUEST_NK TEXT NOT NULL DEFAULT 'n.a.', -- requested domain
DOMAIN TEXT NOT NULL DEFAULT 'n.a.', -- domain second level
QUERY TEXT,
UNIQUE (LINE_NK, DATE_NK, TIME_NK, REQUEST_NK)
);mutunga
Na, ko te hua o te tātaritanga o te raarangi ingoa ingoa rohe, neke atu i te 50 nga rekoata i taraihia, ka tuu ki te rarangi poraka.
Ko te hiahia o etahi patai he pai te korero e nga kaihanga rorohiko me te whakahihiri i te maia. Heoi, ko te nuinga o nga mahi he koretake, he pahekeheke.
Source: will.com