Ziwerengero za maola 24 mutakhazikitsa poto wa uchi pa Digital Ocean node ku Singapore
Pew Pew! Tiyeni tiyambe pomwepo ndi mapu owukira
Mapu athu abwino kwambiri amawonetsa ma ASN apadera omwe adalumikizana ndi honeypot yathu ya Cowrie mkati mwa maola 24. Yellow imagwirizana ndi ma SSH, ndipo zofiira zimafanana ndi Telnet. Makanema oterowo nthawi zambiri amasangalatsa akulu akulu akampani, omwe angathandize kupeza ndalama zambiri zopezera chitetezo ndi zida. Komabe, mapuwa ali ndi phindu linalake, kusonyeza momveka bwino kufalikira kwa malo ndi mabungwe omwe akuukira omwe atilandira mu maola 24 okha. Makanema samawonetsa kuchuluka kwa magalimoto kuchokera kugwero lililonse.
Kodi mapu a Pew Pew ndi chiyani?
Pew Pew Mapu Ndi , nthawi zambiri zimakhala zamoyo komanso zokongola kwambiri. Ndi njira yabwino yogulitsira malonda anu, omwe amagwiritsidwa ntchito moyipa ndi Norse Corp. Kampaniyo inatha moyipa: zidapezeka kuti makanema okongola anali mwayi wawo wokha, ndipo adagwiritsa ntchito zidutswa zingapo kuti azisanthula.
Zopangidwa ndi Leafletjs
Kwa iwo omwe akufuna kupanga mapu owukira pazenera lalikulu pamalo ogwirira ntchito (abwana anu azikonda), pali laibulale. . Timagwirizanitsa ndi pulogalamu yowonjezera , ntchito ya Maxmind GeoIP - .
WTF: Kodi honeypot ya Cowrie ndi chiyani?
Honeypot ndi dongosolo lomwe limayikidwa pa netiweki makamaka kuti likope omwe akuukira. Kulumikizana ndi dongosolo nthawi zambiri kumakhala kosaloledwa ndipo kumakupatsani mwayi wozindikira wowukirayo pogwiritsa ntchito zipika zatsatanetsatane. Zipika zimangosunga zidziwitso zanthawi zonse zamalumikizidwe, komanso zomwe zimawululira njira, njira ndi njira (TTP) wolowerera.
adapangira Rekodi zolumikizana za SSH ndi Telnet. Miphika ya uchi yotereyi nthawi zambiri imayikidwa pa intaneti kuti ifufuze zida, zolemba ndi makamu a oukira.
Uthenga wanga kwa makampani omwe akuganiza kuti sadzaukiridwa: "Mukuyang'ana molimbika."
βJames Snook
M'zipika muli chiyani?
Chiwerengero chonse cha maulaliki
Panali kuyesayesa kobwerezabwereza kuchokera kwa olandira ambiri. Izi ndizabwinobwino, chifukwa zolemba zowukira zimakhala ndi mndandanda wazinthu zonse ndikuyesa kuphatikiza zingapo. Cowrie Honeypot idakonzedwa kuti ivomereze kuphatikizika kwa dzina lolowera ndi mawu achinsinsi. Izi zimakhazikitsidwa mu user.db fayilo.
Geography ya kuukira
Pogwiritsa ntchito deta ya Maxmind geolocation, ndinawerengera chiwerengero cha maulumikizidwe ochokera kudziko lililonse. Dziko la Brazil ndi China likutsogola motalikirapo, ndipo nthawi zambiri pamakhala phokoso lambiri lochokera ku masikelo obwera kuchokera kumayikowa.
Mwiniwake wa Network block
Kufufuza eni ake a ma network blocks (ASN) amatha kuzindikira mabungwe omwe ali ndi magulu ambiri omwe akuwukira. Inde, muzochitika zotere muyenera kukumbukira nthawi zonse kuti ziwopsezo zambiri zimachokera kwa omwe ali ndi kachilomboka. Ndizomveka kuganiza kuti owukira ambiri si opusa mokwanira kuti ayang'ane Network kuchokera pakompyuta yakunyumba.
Tsegulani madoko pamakina owukira (data kuchokera ku Shodan.io)
Kuyendetsa mndandanda wa IP mwabwino kwambiri mwamsanga amazindikira machitidwe okhala ndi madoko otseguka ndi madoko awa ndi chiyani? Chithunzi chomwe chili pansipa chikuwonetsa kuchuluka kwa madoko otseguka malinga ndi dziko ndi bungwe. Zingakhale zotheka kuzindikira midadada ya machitidwe osokonezeka, koma mkati chitsanzo chaching'ono palibe chodziwika bwino chomwe chikuwoneka, kupatula kuchuluka 500 madoko otseguka ku China.
Chochititsa chidwi ndi kuchuluka kwa machitidwe ku Brazil omwe ali nawo osatsegula 22, 23 kapena madoko ena, malinga ndi Censs ndi Shodan. Mwachiwonekere awa ndi malumikizano ochokera kumakompyuta ogwiritsa ntchito kumapeto.
Maboti? Osafunikira
deta kwa madoko 22 ndi 23 adawonetsa chodabwitsa tsiku limenelo. Ndinkaganiza kuti ma scan ambiri ndi mawu achinsinsi amachokera ku bots. Zolembazo zimafalikira pamadoko otseguka, kulosera mawu achinsinsi, ndikudzikopera yokha kuchokera kudongosolo latsopano ndikupitilira kufalikira pogwiritsa ntchito njira yomweyo.
Koma apa mutha kuwona kuti owerengeka ochepa okha omwe amajambula telnet ali ndi doko 23 lotseguka kunja.
Kulumikizana kunyumba
Kupeza kwina kosangalatsa kunali kuchuluka kwa ogwiritsa ntchito kunyumba pachitsanzocho. Pogwiritsa ntchito kuyang'ana kumbuyo Ndidazindikira kulumikizana kwa 105 kuchokera pamakompyuta apanyumba apadera. Pamalumikizidwe ambiri apanyumba, kuyang'ana kwa DNS mobwerera kumawonetsa dzina la alendo ndi mawu akuti dsl, kunyumba, chingwe, fiber, ndi zina zotero.
Phunzirani ndi Kuwona: Kwezani Mphika Wanuwanu
Posachedwapa ndinalemba phunziro lalifupi la momwe . Monga tanenera kale, ife tinagwiritsa ntchito Digital Ocean VPS ku Singapore. Kwa maola 24 akuwunika, mtengo wake unalidi masenti ochepa, ndipo nthawi yosonkhanitsa makinawo inali mphindi 30.
M'malo mothamanga Cowrie pa intaneti ndikugwira phokoso lonse, mutha kupindula ndi uchi pa intaneti yanu. Nthawi zonse khalani ndi chidziwitso ngati zopempha zitumizidwa kumadoko ena. Uyu ndi wachiwembu mkati mwa netiweki, kapena wogwira ntchito mwachidwi, kapena scannerability scan.
anapezazo
Pambuyo poyang'ana zochita za omwe akuukira pa nthawi ya maola XNUMX, zikuwonekeratu kuti n'kosatheka kuzindikira gwero lodziwika bwino lachiwembu m'bungwe lililonse, dziko, kapena ngakhale machitidwe opangira.
Kugawidwa kwakukulu kwa magwero kumasonyeza kuti phokoso la scan limakhala lokhazikika ndipo silinagwirizane ndi gwero linalake. Aliyense amene amagwira ntchito pa intaneti ayenera kuonetsetsa kuti dongosolo lawo angapo chitetezo milingo. A wamba ndi ogwira yothetsera SSH ntchitoyo idzapita kumalo okwera mwachisawawa. Izi sizimathetsa kufunika kotetezedwa mwamphamvu ndi kuwunika mawu achinsinsi, koma zimatsimikizira kuti zipikazo sizimatsekeka ndi kusanthula kosalekeza. Malumikizidwe apamwamba amadoko amatha kukhala akuwukira, zomwe zingakhale zosangalatsa kwa inu.
Nthawi zambiri madoko a telnet otseguka amakhala pa ma routers kapena zida zina, kotero sangasunthidwe kupita kudoko lalitali. ΠΈ ndi njira yokhayo yowonetsetsera kuti mautumikiwa ali ndi zozimitsa moto kapena kuzimitsa. Ngati ndi kotheka, musagwiritse ntchito Telnet konse; protocol iyi sinabisike. Ngati mukuzifuna ndipo simungathe kuchita popanda izo, tsatirani mosamala ndikugwiritsa ntchito mawu achinsinsi amphamvu.
Source: www.habr.com