Pulogalamu ya ProHoster > Blog > Ulamuliro > Ndi chiyani komanso ndani omwe ali pamsika wachitetezo cha DDoS

Ndi chiyani komanso ndani omwe ali pamsika wachitetezo cha DDoS

"Mnyamata yemwe adapanga tsamba lathu adakhazikitsa kale chitetezo cha DDoS."
"Tili ndi chitetezo cha DDoS, chifukwa chiyani tsambalo lidatsika?"
"Kodi Qrator akufuna masauzande angati?"

Kuti muyankhe bwino mafunso otere kuchokera kwa kasitomala / bwana, zingakhale bwino kudziwa zomwe zimabisika kumbuyo kwa dzina la "DDoS chitetezo". Kusankha ntchito zachitetezo kuli ngati kusankha mankhwala kuchokera kwa dokotala kuposa kusankha tebulo ku IKEA.

Ndakhala ndikuthandizira mawebusaiti kwa zaka 11, ndapulumuka mazanamazana pazochitika zomwe ndimathandizira, ndipo tsopano ndikuwuzani pang'ono za ntchito zamkati zachitetezo.
Ndi chiyani komanso ndani omwe ali pamsika wachitetezo cha DDoS
Kuukira kokhazikika. 350k req yonse, 52k req yovomerezeka

Kuukira koyamba kunawoneka pafupifupi nthawi imodzi ndi intaneti. DDoS ngati chodabwitsa chafalikira kuyambira kumapeto kwa 2000s (onani www.cloudflare.com/learning/ddos/famous-ddos-attacks).
Kuyambira 2015-2016, pafupifupi onse operekera alendo atetezedwa ku DDoS, monganso malo otchuka kwambiri m'malo ampikisano (do whois by IP of the sites eldorado.ru, leroymerlin.ru, tilda.ws, mudzawona maukonde za othandizira chitetezo).

Ngati zaka 10-20 zapitazo ziwopsezo zambiri zitha kuthetsedwa pa seva yokha (onani malingaliro a woyang'anira dongosolo la Lenta.ru Maxim Moshkov kuyambira 90s: lib.ru/WEBMASTER/sowetywww2.txt_with-big-pictures.html#10), koma tsopano ntchito zoteteza zakhala zovuta kwambiri.

Mitundu ya DDoS imawukira posankha wogwiritsa ntchito chitetezo

Zowukira pamlingo wa L3/L4 (malinga ndi mtundu wa OSI)

- Kusefukira kwa UDP kuchokera ku botnet (zopempha zambiri zimatumizidwa mwachindunji kuchokera ku zida zomwe zili ndi kachilombo kupita ku ntchito yowukiridwa, ma seva amatsekedwa ndi njira);
- Kukulitsa kwa DNS/NTP/etc (zopempha zambiri zimatumizidwa kuchokera ku zida zomwe zili ndi kachilombo kupita ku DNS/NTP/ etc, adilesi ya wotumizayo imapangidwa, mtambo wamapaketi oyankha zopempha umasefukira njira ya munthu yemwe akuwukiridwayo; umu ndi momwe zimakhalira kuukira kwakukulu kumachitika pa intaneti yamakono);
- SYN / ACK kusefukira (zopempha zambiri kuti akhazikitse kulumikizana zimatumizidwa ku ma seva omwe akuwukira, mzere wolumikizira umasefukira);
- kuwukira ndikugawikana kwa paketi, ping ya imfa, kusefukira kwa ping (chonde Google);
- ndi zina zotero.

Kuwukira uku kumafuna "kutseka" njira ya seva kapena "kupha" kuthekera kwake kuvomereza magalimoto atsopano.
Ngakhale kusefukira kwa SYN/ACK ndi kukulitsa ndizosiyana kwambiri, makampani ambiri amalimbana nawo chimodzimodzi. Mavuto amadza ndi kuwukira kwa gulu lotsatira.

Zowukira pa L7 (zosanjikiza)

- http kusefukira (ngati tsamba lawebusayiti kapena http api ikuukira);
- kuwukira kwa malo omwe ali pachiwopsezo (omwe alibe posungira, omwe amadzaza tsambalo kwambiri, etc.).

Cholinga chake ndikupangitsa seva "kugwira ntchito molimbika", konzekerani zambiri "zopempha zooneka ngati zenizeni" ndikusiyidwa popanda zothandizira pazopempha zenizeni.

Ngakhale pali ziwonetsero zina, izi ndizofala kwambiri.

Kuukira kwakukulu pamlingo wa L7 kumapangidwa mwanjira yapaderadera lililonse lomwe likuwukiridwa.

Chifukwa chiyani magulu awiri?
Chifukwa pali ambiri omwe amadziwa kuthamangitsa ziwopsezo bwino pamlingo wa L3 / L4, koma mwina satenga chitetezo pamlingo wofunsira (L7) konse, kapena akadali ofooka kuposa njira zina pothana nazo.

Ndani yemwe ali mumsika wachitetezo wa DDoS

(malingaliro anga)

Chitetezo pamlingo wa L3 / L4

Kuthamangitsa kuukiridwa ndi kukulitsa ("kutsekeka" kwa njira ya seva), pali njira zokulirapo zokwanira (zambiri zachitetezo zimalumikizana ndi ambiri omwe amapereka msana waukulu ku Russia ndipo ali ndi mayendedwe opitilira 1 Tbit). Musaiwale kuti kuukira kosowa kwambiri kokulitsa kumatenga nthawi yayitali kuposa ola limodzi. Ngati ndinu Spamhaus ndipo aliyense sakukondani, inde, angayese kutseka mayendedwe anu kwa masiku angapo, ngakhale pachiwopsezo cha kupulumuka kwina kwa botnet padziko lonse lapansi. Ngati muli ndi sitolo yapaintaneti, ngakhale ndi mvideo.ru, simudzawona 1 Tbit mkati mwa masiku angapo posachedwa (ndikuyembekeza).

Kuti muchepetse ziwopsezo ndi kusefukira kwa SYN/ACK, kupatukana kwa paketi, ndi zina zambiri, mufunika zida kapena mapulogalamu apulogalamu kuti muwone ndikuyimitsa izi.
Anthu ambiri amapanga zida zotere (Arbor, pali mayankho ochokera ku Cisco, Huawei, kukhazikitsa mapulogalamu kuchokera ku Wanguard, etc.), ambiri ogwira ntchito zam'mbuyo adayiyika kale ndikugulitsa ntchito zoteteza DDoS (ndikudziwa za kukhazikitsa kuchokera ku Rostelecom, Megafon, TTK, MTS , Ndipotu, onse opereka chithandizo chachikulu amachita chimodzimodzi ndi hosters ndi chitetezo chawo a-la OVH.com, Hetzner.de, ine ndekha ndinakumana ndi chitetezo pa ihor.ru). Makampani ena akupanga mayankho awo a mapulogalamu (matekinoloje ngati DPDK amakupatsani mwayi wokonza ma gigabits ambiri pamakina amodzi a x86).

Mwa osewera odziwika bwino, aliyense akhoza kumenyana ndi L3 / L4 DDoS mochuluka kapena mocheperapo. Tsopano sindinena kuti ndi ndani yemwe ali ndi njira yayikulu yokulirapo (ichi ndi chidziwitso chamkati), koma nthawi zambiri izi sizofunika, ndipo kusiyana kokhako ndikuti chitetezo chimayambika mwachangu (nthawi yomweyo kapena pakangopita mphindi zochepa za kutha kwa ntchito, monga Hetzner).
Funso ndilakuti izi zimatheka bwanji: kuwukira kokulitsa kumatha kubwezeredwa poletsa magalimoto ochokera kumayiko omwe ali ndi kuchuluka kwakukulu kwa magalimoto owopsa, kapena kungotayidwa kosafunikira kwenikweni.
Koma panthawi imodzimodziyo, kutengera zomwe ndakumana nazo, osewera onse akuluakulu a msika akulimbana ndi izi popanda mavuto: Qrator, DDoS-Guard, Kaspersky, G-Core Labs (omwe poyamba anali SkyParkCDN), ServicePipe, Stormwall, Voxility, etc.
Sindinakumanepo ndi chitetezo kuchokera kwa ogwira ntchito monga Rostelecom, Megafon, TTK, Beeline; malinga ndi ndemanga kuchokera kwa ogwira nawo ntchito, amapereka mautumikiwa bwino, koma mpaka pano kusowa kwa chidziwitso kumakhudza nthawi ndi nthawi: nthawi zina muyenera kusintha chinachake kudzera mu chithandizo. wa woyang'anira chitetezo.
Ogwiritsa ntchito ena ali ndi ntchito yosiyana "chitetezo pakuwukiridwa pamlingo wa L3 / L4", kapena "chitetezo chanjira"; zimawononga ndalama zochepa kwambiri kuposa chitetezo pamagawo onse.

Chifukwa chiyani wopereka msana sakuthamangitsa kuukira kwa mazana a Gbits, popeza ilibe njira zake?Wothandizira chitetezo amatha kulumikizana ndi omwe amapereka chithandizo chachikulu ndikuthamangitsa ziwopsezo "ndi ndalama zake." Muyenera kulipira tchanelo, koma mazana onsewa a Gbits sadzagwiritsidwa ntchito nthawi zonse; pali zosankha zochepetsera mtengo wamayendedwe pankhaniyi, chifukwa chake chiwembucho chimakhalabe chotheka.
Ndi chiyani komanso ndani omwe ali pamsika wachitetezo cha DDoS
Awa ndi malipoti omwe ndimalandira pafupipafupi kuchokera ku chitetezo chapamwamba cha L3 / L4 ndikuthandizira machitidwe operekera alendo.

Chitetezo pamlingo wa L7 (mulingo wogwiritsa ntchito)

Zowukira pamlingo wa L7 (mulingo wamapulogalamu) zimatha kuthamangitsa mayunitsi mosasintha komanso moyenera.
Ndili ndi zambiri zenizeni zenizeni ndi
- Qrator.net;
- DDoS-Guard;
- G-Core Labs;
- Kaspersky.

Amalipiritsa pa megabit iliyonse yamagalimoto abwino, megabit imawononga pafupifupi ma ruble masauzande angapo. Ngati muli ndi osachepera 100 Mbps yamagalimoto angwiro - oh. Chitetezo chidzakhala chokwera mtengo kwambiri. Ndikhoza kukuuzani m'nkhani zotsatirazi momwe mungapangire mapulogalamu kuti mupulumutse zambiri pa mphamvu ya njira zotetezera.
"Mfumu ya phiri" yeniyeni ndi Qrator.net, ena onse amatsalira kumbuyo kwawo. Qrator ndi okhawo omwe ali ndi chidziwitso changa omwe amapereka chiŵerengero cha zabwino zabodza pafupi ndi zero, koma nthawi yomweyo zimakhala zokwera mtengo kangapo kuposa osewera ena amsika.

Ogwiritsa ntchito ena amaperekanso chitetezo chapamwamba komanso chokhazikika. Ntchito zambiri zothandizidwa ndi ife (kuphatikiza zodziwika bwino mdziko muno!) zimatetezedwa ku DDoS-Guard, G-Core Labs, ndipo ndi okhutira ndi zotsatira zomwe zapezedwa.
Ndi chiyani komanso ndani omwe ali pamsika wachitetezo cha DDoS
Zowukira zothamangitsidwa ndi Qrator

Ndilinso ndi chidziwitso ndi oyendetsa ang'onoang'ono achitetezo monga cloud-shield.ru, ddosa.net, masauzande aiwo. Sindingavomereze, chifukwa ... Ndilibe zambiri, koma ndikuuzani za mfundo za ntchito yawo. Mtengo wawo wachitetezo nthawi zambiri umakhala wochepera 1-2 kuposa wa osewera akulu. Monga lamulo, amagula ntchito yoteteza pang'ono (L3 / L4) kuchokera kwa osewera akulu + amadziteteza okha ku ziwopsezo zapamwamba. Izi zitha kukhala zogwira mtima + mutha kupeza ntchito yabwino ndi ndalama zochepa, koma awa akadali makampani ang'onoang'ono okhala ndi antchito ang'onoang'ono, chonde kumbukirani izi.

Kodi pali vuto lanji kubweza kuukira pamlingo wa L7?

Mapulogalamu onse ndi apadera, ndipo muyenera kulola magalimoto omwe ali othandiza kwa iwo ndikuletsa owopsa. Sizingatheke nthawi zonse kuchotsa bots mosakayikira, chifukwa chake muyenera kugwiritsa ntchito ambiri, magawo AMBIRI oyeretsa magalimoto.

Nthawi ina, module ya nginx-testcookie inali yokwanira (https://github.com/kyprizel/testcookie-nginx-module), ndipo ndizokwanira kubweza ziwopsezo zambiri. Ndikagwira ntchito mumakampani ochititsa, chitetezo cha L7 chidakhazikitsidwa pa nginx-testcookie.
Tsoka ilo, kuwukira kwakhala kovuta kwambiri. testcookie imagwiritsa ntchito macheke a JS-based bot, ndipo ma bots ambiri amakono amatha kuwadutsa.

Mabotolo owukira amakhalanso apadera, ndipo mawonekedwe a botnet iliyonse yayikulu ayenera kuganiziridwa.
Kukulitsa, kusefukira kwachindunji kuchokera ku botnet, kusefa magalimoto ochokera kumayiko osiyanasiyana (kusefa kosiyana kwa mayiko osiyanasiyana), kusefukira kwa SYN/ACK, kupatukana kwa paketi, ICMP, http kusefukira, pomwe pakugwiritsa ntchito / http mutha kubwera ndi nambala yopanda malire ya kuukira kosiyana.
Ponseponse, pamlingo wachitetezo cha njira, zida zapadera zochotsera magalimoto, mapulogalamu apadera, zosintha zina zosefera kwa kasitomala aliyense pakhoza kukhala makumi ndi mazana a kusefa.
Kuti musamalire bwino izi ndikuwongolera zokonda zosefera kwa ogwiritsa ntchito osiyanasiyana, mufunika odziwa zambiri komanso oyenerera. Ngakhale wogwiritsa ntchito wamkulu yemwe wasankha kupereka zithandizo zachitetezo sangathe "kuponya ndalama mopusa pavutoli": zokumana nazo ziyenera kupezedwa kuchokera kumasamba onama komanso zabodza pamagalimoto ovomerezeka.
Palibe batani la "Repel DDoS" kwa woyendetsa chitetezo; pali zida zambiri, ndipo muyenera kudziwa momwe mungagwiritsire ntchito.

Ndipo chitsanzo china cha bonasi.
Ndi chiyani komanso ndani omwe ali pamsika wachitetezo cha DDoS
Seva yosatetezedwa idatsekedwa ndi hoster panthawi yachiwembu chokhala ndi mphamvu ya 600 Mbit
("Kutayika" kwa magalimoto sikudziwika, chifukwa malo a 1 okha adawukiridwa, adachotsedwa kwakanthawi kuchokera pa seva ndipo kutsekereza kudakwezedwa mkati mwa ola limodzi).
Ndi chiyani komanso ndani omwe ali pamsika wachitetezo cha DDoS
Seva yomweyo imatetezedwa. Oukirawo "adagonja" pambuyo pa tsiku lachiwembu. Kuukira komweko sikunali kwamphamvu kwambiri.

Kuwukira ndi chitetezo cha L3/L4 ndizochepa kwambiri; zimatengera makulidwe a mayendedwe, kuzindikira ndi kusefa ma aligorivimu pakuwukiridwa.
Kuwukira kwa L7 kumakhala kovuta komanso koyambirira; zimatengera momwe pulogalamu ikuwukira, kuthekera ndi malingaliro a omwe akuwukirawo. Kutetezedwa kwa iwo kumafuna chidziwitso ndi chidziwitso chochuluka, ndipo zotsatira zake sizingakhale zachangu komanso osati zana. Mpaka Google idabwera ndi neural network ina yoteteza.

Source: www.habr.com

Kuwonjezera ndemanga