Si chinsinsi kuti intaneti ndi malo ovuta kwambiri. Mukangokweza seva, nthawi yomweyo imakumana ndi ziwopsezo zazikulu komanso ma scan angapo. Mwachitsanzo mutha kuyerekeza kukula kwa kuchuluka kwa zinyalala izi. M'malo mwake, pa seva wamba, 99% yamagalimoto amatha kukhala oyipa.
Tarpit ndi doko la msampha lomwe limagwiritsidwa ntchito kuchepetsa kulumikizana komwe kukubwera. Ngati dongosolo la chipani chachitatu likugwirizanitsa ndi doko ili, simungathe kutseka mwamsanga. Ayenera kuwononga zida zake zamakina ndikudikirira mpaka nthawi yolumikizira itatha, kapena kuyimitsa pamanja.
Nthawi zambiri, tarpits imagwiritsidwa ntchito poteteza. Njirayi idapangidwa koyamba kuti iteteze ku nyongolotsi zamakompyuta. Ndipo tsopano itha kugwiritsidwa ntchito kuwononga miyoyo ya osuta ndi ofufuza omwe akuyang'ana kwambiri ma adilesi onse a IP motsatana (zitsanzo za Habre: , ).
M'modzi mwa oyang'anira makinawa dzina lake Chris Wellons mwachiwonekere adatopa ndikuwona zamanyazi izi - ndipo adalemba pulogalamu yaying'ono. , tarpit ya SSH yomwe imachepetsa maulumikizidwe obwera. Pulogalamuyi imatsegula doko (doko lokhazikika loyesa ndi 2222) ndikudziyesa ngati seva ya SSH, koma kwenikweni imakhazikitsa kulumikizana kosatha ndi kasitomala wobwera mpaka atasiya. Izi zitha kupitilira kwa masiku angapo kapena kupitilira apo mpaka kasitomala atagwa.
Kuyika kwa zothandiza:
$ make
$ ./endlessh &
$ ssh -p2222 localhostTarpit yoyendetsedwa bwino itenga zinthu zambiri kuchokera kwa wowukira kuposa kwa inu. Koma si nkhani ya chuma. Wolemba kuti pulogalamuyi ndi osokoneza. Pakali pano ili ndi makasitomala 27 omwe atsekeredwa, ena mwa iwo adalumikizidwa kwa milungu ingapo. Pachimake cha ntchito, makasitomala 1378 anatsekeredwa kwa maola 20!
Pogwira ntchito, seva ya Endlessh iyenera kukhazikitsidwa pa doko 22 wamba, pomwe zigawenga zimagogoda mochuluka. Malingaliro achitetezo okhazikika nthawi zonse amalangiza kusuntha SSH kupita ku doko lina, komwe kumachepetsa kukula kwa zipika ndi dongosolo la kukula kwake.
Chris Wellons akuti pulogalamu yake imagwiritsa ntchito ndime imodzi yatsatanetsatane ku protocol ya SSH. Kulumikizana kwa TCP kutangokhazikitsidwa, koma cryptography isanagwiritsidwe, onse awiri ayenera kutumiza chingwe chozindikiritsa. Ndipo palinso chidziwitso: "Seva Ikhoza kutumiza mizere ina ya data isanatumize mzere wamtundu". Ndipo palibe malire pa kuchuluka kwa deta iyi, muyenera kungoyambira mzere uliwonse SSH-.
Izi ndi zomwe pulogalamu ya Endlessh imachita: izo kutumiza osatha mtsinje wa deta yopangidwa mwachisawawa, zomwe zimagwirizana ndi RFC 4253, ndiko kuti, kutumiza musanatsimikizidwe, ndipo mzere uliwonse umayamba ndi SSH- ndipo sichidutsa zilembo 255, kuphatikiza zilembo zomaliza. Nthawi zambiri, zonse zimayenderana ndi muyezo.
Mwachikhazikitso, pulogalamuyi imadikirira masekondi 10 pakati pa kutumiza mapaketi. Izi zimalepheretsa kasitomala kuti asamachedwe, kotero kuti kasitomala atsekeredwa kosatha.
Popeza deta imatumizidwa cryptography isanagwiritsidwe, pulogalamuyi ndi yosavuta kwambiri. Sichifunikira kukhazikitsa ma ciphers aliwonse ndikuthandizira ma protocol angapo.
Wolembayo adayesetsa kuwonetsetsa kuti ntchitoyo imagwiritsa ntchito zinthu zochepa ndipo imagwira ntchito mosazindikira pamakina. Mosiyana ndi ma antivayirasi amakono ndi "makina achitetezo," sayenera kuchedwetsa kompyuta yanu. Anatha kuchepetsa kugwiritsidwa ntchito kwa magalimoto ndi kukumbukira chifukwa chogwiritsa ntchito mwanzeru kwambiri mapulogalamu. Ngati idangoyambitsa njira yosiyana pakulumikiza kwatsopano, ndiye kuti omwe angawukire atha kuyambitsa kuwukira kwa DDoS potsegula maulumikizidwe angapo kuti awononge zida pamakina. Ulusi umodzi pa kulumikizana nawonso si njira yabwino kwambiri, chifukwa kernel idzawononga zinthu zowongolera ulusi.
Ichi ndichifukwa chake Chris Wellons adasankha njira yopepuka kwambiri ya Endlessh: seva yokhala ndi ulusi umodzi poll(2), kumene makasitomala mumsampha amadya pafupifupi palibe zowonjezera zowonjezera, osawerengera chinthu cha socket mu kernel ndi zina 78 bytes kuti azitsatira Endlesssh. Pofuna kupewa kugawa zolandirira ndi kutumiza ma buffers kwa kasitomala aliyense, Endlessh imatsegula socket yolowera mwachindunji ndikumasulira mapaketi a TCP mwachindunji, kudutsa pafupifupi makina onse opangira TCP/IP. Chosungira chomwe chikubwera sichikufunika nkomwe, chifukwa sitikhala ndi chidwi ndi zomwe zikubwera.
Wolembayo akunena kuti panthawi ya pulogalamu yake za kukhalapo kwa Python's asycio ndi ma tarpits ena. Akadadziwa za asycio, amatha kugwiritsa ntchito mizere 18 ku Python:
import asyncio
import random
async def handler(_reader, writer):
try:
while True:
await asyncio.sleep(10)
writer.write(b'%xrn' % random.randint(0, 2**32))
await writer.drain()
except ConnectionResetError:
pass
async def main():
server = await asyncio.start_server(handler, '0.0.0.0', 2222)
async with server:
await server.serve_forever()
asyncio.run(main())Asyncio ndi yabwino kulemba tarpits. Mwachitsanzo, mbedza iyi idzaundana Firefox, Chrome, kapena kasitomala wina aliyense yemwe akuyesera kulumikiza ku seva yanu ya HTTP kwa maola ambiri:
import asyncio
import random
async def handler(_reader, writer):
writer.write(b'HTTP/1.1 200 OKrn')
try:
while True:
await asyncio.sleep(5)
header = random.randint(0, 2**32)
value = random.randint(0, 2**32)
writer.write(b'X-%x: %xrn' % (header, value))
await writer.drain()
except ConnectionResetError:
pass
async def main():
server = await asyncio.start_server(handler, '0.0.0.0', 8080)
async with server:
await server.serve_forever()
asyncio.run(main())Tarpit ndi chida chabwino kwambiri cholanga anthu ovutitsa anzawo pa intaneti. Zowona, pali chiopsezo china, m'malo mwake, chokopa chidwi chawo ku khalidwe lachilendo la seva inayake. Winawake ndi kuukira kwa DDoS pa IP yanu. Komabe, pakadali pano palibe milandu yotereyi, ndipo ma tarpits amagwira ntchito bwino.
Malo:
Python, Information Security, Software, System Administration
Tags:
SSH, Endlesssh, tarpit, tarpit, trap, asycio
Trap (tarpit) pamalumikizidwe obwera a SSH
Si chinsinsi kuti intaneti ndi malo ovuta kwambiri. Mukangokweza seva, nthawi yomweyo imakumana ndi ziwopsezo zazikulu komanso ma scan angapo. Mwachitsanzo mutha kuyerekeza kukula kwa kuchuluka kwa zinyalala izi. M'malo mwake, pa seva wamba, 99% yamagalimoto amatha kukhala oyipa.
Tarpit ndi doko la msampha lomwe limagwiritsidwa ntchito kuchepetsa kulumikizana komwe kukubwera. Ngati dongosolo la chipani chachitatu likugwirizanitsa ndi doko ili, simungathe kutseka mwamsanga. Ayenera kuwononga zida zake zamakina ndikudikirira mpaka nthawi yolumikizira itatha, kapena kuyimitsa pamanja.
Nthawi zambiri, tarpits imagwiritsidwa ntchito poteteza. Njirayi idapangidwa koyamba kuti iteteze ku nyongolotsi zamakompyuta. Ndipo tsopano itha kugwiritsidwa ntchito kuwononga miyoyo ya osuta ndi ofufuza omwe akuyang'ana kwambiri ma adilesi onse a IP motsatana (zitsanzo za Habre: , ).
M'modzi mwa oyang'anira makinawa dzina lake Chris Wellons mwachiwonekere adatopa ndikuwona zamanyazi izi - ndipo adalemba pulogalamu yaying'ono. , tarpit ya SSH yomwe imachepetsa maulumikizidwe obwera. Pulogalamuyi imatsegula doko (doko lokhazikika loyesa ndi 2222) ndikudziyesa ngati seva ya SSH, koma kwenikweni imakhazikitsa kulumikizana kosatha ndi kasitomala wobwera mpaka atasiya. Izi zitha kupitilira kwa masiku angapo kapena kupitilira apo mpaka kasitomala atagwa.
Kuyika kwa zothandiza:
$ make
$ ./endlessh &
$ ssh -p2222 localhostTarpit yoyendetsedwa bwino itenga zinthu zambiri kuchokera kwa wowukira kuposa kwa inu. Koma si nkhani ya chuma. Wolemba kuti pulogalamuyi ndi osokoneza. Pakali pano ili ndi makasitomala 27 omwe atsekeredwa, ena mwa iwo adalumikizidwa kwa milungu ingapo. Pachimake cha ntchito, makasitomala 1378 anatsekeredwa kwa maola 20!
Pogwira ntchito, seva ya Endlessh iyenera kukhazikitsidwa pa doko 22 wamba, pomwe zigawenga zimagogoda mochuluka. Malingaliro achitetezo okhazikika nthawi zonse amalangiza kusuntha SSH kupita ku doko lina, komwe kumachepetsa kukula kwa zipika ndi dongosolo la kukula kwake.
Chris Wellons akuti pulogalamu yake imagwiritsa ntchito ndime imodzi yatsatanetsatane ku protocol ya SSH. Kulumikizana kwa TCP kutangokhazikitsidwa, koma cryptography isanagwiritsidwe, onse awiri ayenera kutumiza chingwe chozindikiritsa. Ndipo palinso chidziwitso: "Seva Ikhoza kutumiza mizere ina ya data isanatumize mzere wamtundu". Ndipo palibe malire pa kuchuluka kwa deta iyi, muyenera kungoyambira mzere uliwonse SSH-.
Izi ndi zomwe pulogalamu ya Endlessh imachita: izo kutumiza osatha mtsinje wa deta yopangidwa mwachisawawa, zomwe zimagwirizana ndi RFC 4253, ndiko kuti, kutumiza musanatsimikizidwe, ndipo mzere uliwonse umayamba ndi SSH- ndipo sichidutsa zilembo 255, kuphatikiza zilembo zomaliza. Nthawi zambiri, zonse zimayenderana ndi muyezo.
Mwachikhazikitso, pulogalamuyi imadikirira masekondi 10 pakati pa kutumiza mapaketi. Izi zimalepheretsa kasitomala kuti asamachedwe, kotero kuti kasitomala atsekeredwa kosatha.
Popeza deta imatumizidwa cryptography isanagwiritsidwe, pulogalamuyi ndi yosavuta kwambiri. Sichifunikira kukhazikitsa ma ciphers aliwonse ndikuthandizira ma protocol angapo.
Wolembayo adayesetsa kuwonetsetsa kuti ntchitoyo imagwiritsa ntchito zinthu zochepa ndipo imagwira ntchito mosazindikira pamakina. Mosiyana ndi ma antivayirasi amakono ndi "makina achitetezo," sayenera kuchedwetsa kompyuta yanu. Anatha kuchepetsa kugwiritsidwa ntchito kwa magalimoto ndi kukumbukira chifukwa chogwiritsa ntchito mwanzeru kwambiri mapulogalamu. Ngati idangoyambitsa njira yosiyana pakulumikiza kwatsopano, ndiye kuti omwe angawukire atha kuyambitsa kuwukira kwa DDoS potsegula maulumikizidwe angapo kuti awononge zida pamakina. Ulusi umodzi pa kulumikizana nawonso si njira yabwino kwambiri, chifukwa kernel idzawononga zinthu zowongolera ulusi.
Ichi ndichifukwa chake Chris Wellons adasankha njira yopepuka kwambiri ya Endlessh: seva yokhala ndi ulusi umodzi poll(2), kumene makasitomala mumsampha amadya pafupifupi palibe zowonjezera zowonjezera, osawerengera chinthu cha socket mu kernel ndi zina 78 bytes kuti azitsatira Endlesssh. Pofuna kupewa kugawa zolandirira ndi kutumiza ma buffers kwa kasitomala aliyense, Endlessh imatsegula socket yolowera mwachindunji ndikumasulira mapaketi a TCP mwachindunji, kudutsa pafupifupi makina onse opangira TCP/IP. Chosungira chomwe chikubwera sichikufunika nkomwe, chifukwa sitikhala ndi chidwi ndi zomwe zikubwera.
Wolembayo akunena kuti panthawi ya pulogalamu yake za kukhalapo kwa Python's asycio ndi ma tarpits ena. Akadadziwa za asycio, amatha kugwiritsa ntchito mizere 18 ku Python:
import asyncio
import random
async def handler(_reader, writer):
try:
while True:
await asyncio.sleep(10)
writer.write(b'%xrn' % random.randint(0, 2**32))
await writer.drain()
except ConnectionResetError:
pass
async def main():
server = await asyncio.start_server(handler, '0.0.0.0', 2222)
async with server:
await server.serve_forever()
asyncio.run(main())Asyncio ndi yabwino kulemba tarpits. Mwachitsanzo, mbedza iyi idzaundana Firefox, Chrome, kapena kasitomala wina aliyense yemwe akuyesera kulumikiza ku seva yanu ya HTTP kwa maola ambiri:
import asyncio
import random
async def handler(_reader, writer):
writer.write(b'HTTP/1.1 200 OKrn')
try:
while True:
await asyncio.sleep(5)
header = random.randint(0, 2**32)
value = random.randint(0, 2**32)
writer.write(b'X-%x: %xrn' % (header, value))
await writer.drain()
except ConnectionResetError:
pass
async def main():
server = await asyncio.start_server(handler, '0.0.0.0', 8080)
async with server:
await server.serve_forever()
asyncio.run(main())Tarpit ndi chida chabwino kwambiri cholanga anthu ovutitsa anzawo pa intaneti. Zowona, pali chiopsezo china, m'malo mwake, chokopa chidwi chawo ku khalidwe lachilendo la seva inayake. Winawake ndi kuukira kwa DDoS pa IP yanu. Komabe, pakadali pano palibe milandu yotereyi, ndipo ma tarpits amagwira ntchito bwino.
Source: www.habr.com