ProHoster > Blog > Utongi > Chii chii uye ndiani ari mumusika wekudzivirira weDDoS

Chii chii uye ndiani ari mumusika wekudzivirira weDDoS

"Murume akaita webhusaiti yedu akatomisa kudzivirira kweDDoS."
"Tine DDoS dziviriro, nei saiti yakadzikira?"
"Qrator inoda zviuru zvingani?"

Kuti upindure zvakanaka mibvunzo yakadai kubva kumutengi / mukuru, zvingava zvakanaka kuziva chakavanzika kuseri kwezita rekuti "DDoS kudzivirira". Kusarudza masevhisi ekuchengetedza kwakafanana nekusarudza mushonga kubva kuna chiremba pane kusarudza tafura paIKEA.

Ndanga ndichitsigira mawebhusaiti kwemakore 11, ndakapona mazana ekurwiswa pamasevhisi andinotsigira, uye zvino ndichakuudza zvishoma nezvekushanda kwemukati kwekudzivirira.
Chii chii uye ndiani ari mumusika wekudzivirira weDDoS
Kurwisa nguva dzose. 350k req yakazara, 52k req zviri pamutemo

Kurwiswa kwekutanga kwakaonekwa panguva imwe chete neInternet. DDoS sechiitiko chave kupararira kubva mukupera kwe2000s (tarisa www.cloudflare.com/learning/ddos/famous-ddos-attacks).
Kubva munenge muna 2015-2016, vanenge vese vanopa vanopa vakachengetedzwa kubva kuDDoS kurwiswa, sezvakaita nzvimbo dzakakurumbira munzvimbo dzemakwikwi (do whois ne IP yemasaiti eldorado.ru, leroymerlin.ru, tilda.ws, iwe uchaona network yevashandi vekudzivirira).

Kana 10-20 makore apfuura kurwiswa kwakawanda kwaigona kudzoserwa pane server pachayo (ongorora kurudziro yeLenta.ru system administrator Maxim Moshkov kubva kuma90s: lib.ru/WEBMASTER/sowetywww2.txt_with-big-pictures.html#10), asi ikozvino mabasa ekudzivirira ave akaoma.

Mhando dzeDDoS dzinorwisa kubva pakuona kwekusarudza mutyairi wekudzivirira

Kurwiswa paL3/L4 level (maererano neOSI modhi)

- UDP mafashamo kubva kubhotnet (zvikumbiro zvakawanda zvinotumirwa zvakananga kubva kumidziyo ine hutachiona kuenda kune yakarwiswa sevhisi, maseva akavharwa nechiteshi);
- DNS/NTP/etc kukwidziridzwa (zvikumbiro zvakawanda zvinotumirwa kubva kumidziyo ine hutachiona kuenda kunjodzi DNS/NTP/etc, kero yeanotumira inogadzirwa, gore remapakiti rinopindura zvikumbiro mafashama chiteshi chemunhu ari kurwiswa; iyi ndiyo nzira yakanyanya kunaka. kurwiswa kukuru kunoitwa paInternet yemazuva ano);
- SYN / ACK mafashama (zvikumbiro zvakawanda zvekumisikidza chinongedzo zvinotumirwa kumaseva akarwiswa, mutsara wekubatanidza unofashukira);
- kurwiswa nekutsemuka kwepaketi, ping yerufu, ping mafashama (Google ndapota);
- zvichingoenda zvakadaro.

Uku kurwiswa kunovavarira "kuvhara" sevha chiteshi kana "kuuraya" kugona kwayo kugamuchira traffic nyowani.
Kunyangwe SYN/ACK mafashama uye kukwidziridzwa kwakasiyana zvakanyanya, makambani mazhinji anoarwisa zvakaenzana. Matambudziko anomuka nekurwiswa kweboka rinotevera.

Kurwiswa paL7 (application layer)

- http mafashamo (kana webhusaiti kana imwe http api yakarwiswa);
- kurwiswa kwenzvimbo dzisina njodzi dzesaiti (idzo dzisina cache, dzinotakura saiti zvakanyanya, nezvimwewo).

Chinangwa ndechekuita kuti sevha "ishande nesimba", kugadzirisa zvakawanda zve "zvinoita sezvikumbiro chaizvo" uye kusiiwa isina zviwanikwa zvekukumbira chaiko.

Kunyangwe paine kumwe kurwiswa, uku ndiko kunonyanya kuitika.

Kurwiswa kwakakomba padanho reL7 kunogadzirwa nenzira yakasarudzika kune yega yega chirongwa chiri kurwiswa.

Sei mapoka maviri?
Nekuti kune vazhinji vanoziva nzira yekudzinga kurwiswa zvakanaka padanho reL3 / L4, asi vangave vasingatore dziviriro padanho rekunyorera (L7) zvachose, kana vachiri vasina kusimba pane dzimwe nzira mukubata navo.

Ndiani ari mumusika wekudzivirira weDDoS

(maonero angu)

Dziviriro paL3/L4 level

Kudzora kurwiswa neamplification ("kuvharika" kwevhavha chiteshi), kune yakakwana nzira dzakafara (mazhinji emasevhisi ekudzivirira anobatana nevazhinji veakuru emusana vanopa muRussia uye ane machaneli ane theoretical kugona kweanopfuura 1 Tbit). Usakanganwa kuti kushomeka kwekusimudzira kurwiswa kunotora nguva yakareba kupfuura awa. Kana iwe uri Spamhaus uye munhu wese asingakudi, hongu, vanogona kuedza kuvhara chiteshi chako kwemazuva akati wandei, kunyangwe panjodzi yekuenderera mberi kwekupona kwepasi rose botnet iri kushandiswa. Kana iwe uchingove nechitoro chendaneti, kunyangwe iri mvideo.ru, hauzooni 1 Tbit mukati memazuva mashoma nekukurumidza (ndinovimba).

Kuti udzinge kurwiswa neSYN/ACK mafashama, kupatsanurwa kwepaketi, nezvimwe, unoda michina kana masoftware masisitimu kuti uone nekumisa kurwiswa kwakadaro.
Vanhu vazhinji vanogadzira michina yakadai (Arbor, kune zvigadziriso kubva kuCisco, Huawei, mashandisirwo esoftware kubva kuWanguard, nezvimwewo), vazhinji vashandisi vemusana vakatoiisa uye vatengesa DDoS masevhisi ekudzivirira (Ndinoziva nezve kuiswa kubva kuRostelecom, Megafon, TTK, MTS. , kutaura zvazviri, vese vanopa vakuru vanoita zvakafanana nevanotambira vane dziviriro yavo a-la OVH.com, Hetzner.de, ini pachangu ndakasangana nekudzivirirwa paihor.ru). Mamwe makambani ari kugadzira ega software mhinduro (tekinoroji seDPDK inobvumidza iwe kugadzirisa makumi egigabits etraffic pamushini mumwe wemuviri x86).

Pakati pevatambi vanozivikanwa, munhu wese anogona kurwisa L3/L4 DDoS zvakanyanya kana zvishoma. Iye zvino handisi kuzotaura kuti ndiani ane yakakura yakakura chiteshi kugona (iyi ruzivo rwemukati), asi kazhinji izvi hazvina kukosha zvakanyanya, uye mutsauko chete ndewekuti kudzivirira kunoitwa nekukurumidza sei (pakarepo kana mushure memaminitsi mashoma ekuderera kweprojekiti, sezvakaita Hetzner).
Mubvunzo ndewokuti izvi zvinoitwa sei: kurwiswa kwekusimudzira kunogona kudzoserwa nekuvharira traffic kubva kunyika dzine huwandu hukuru hwetraffic inokuvadza, kana chete traffic isingakodzeri inogona kuraswa.
Asi panguva imwe chete, zvichibva pane zvakaitika kwandiri, vatambi vese vemusika vakakomba vanotarisana neizvi pasina matambudziko: Qrator, DDoS-Guard, Kaspersky, G-Core Labs (yaimbova SkyParkCDN), ServicePipe, Stormwall, Voxility, nezvimwewo.
Ini handina kusangana nedziviriro kubva kune vanoshanda vakaita seRostelecom, Megafon, TTK, Beeline; maererano neongororo kubva kune vatinoshanda navo, vanopa masevhisi aya zvakanaka, asi kusvika parizvino kushaikwa kwechiitiko kunogara kuchikanganisa: dzimwe nguva unofanirwa kugadzirisa chimwe chinhu kuburikidza nerutsigiro. yemushandi wekudzivirira.
Vamwe vashandisi vane sevhisi yakaparadzana "dziviriro pakurwiswa padanho reL3/L4", kana "kuchengetedzwa kwechiteshi"; inodhura zvishoma pane kudzivirira pamatanho ese.

Nei asiri mupi wemusana asiri kudzoreredza kurwiswa kwemazana eGbits, sezvo isina nzira dzayo?Mushandi wekudzivirira anogona kubatana kune chero evapeji vakuru uye kudzinga kurwiswa "nemari yake." Iwe uchafanirwa kubhadhara chiteshi, asi ese aya mazana eGbits haagare achishandiswa; pane sarudzo dzekudzikisa zvakanyanya mutengo wemachaneli mune iyi kesi, saka chirongwa chinoramba chichishanda.
Chii chii uye ndiani ari mumusika wekudzivirira weDDoS
Iyi ndiyo mishumo yandaigara ndichigashira kubva kumusoro-level L3 / L4 kuchengetedzwa ndichitsigira masisitimu eanopa.

Dziviriro paL7 level (chishandiso chepamusoro)

Kurwiswa padanho reL7 (chikumbiro chepamusoro) vanokwanisa kudzinga mayunitsi nguva dzose uye nemazvo.
Ndine ruzivo rwakanyanya rwechokwadi
- Qrator.net;
- DDoS-Guard;
- G-Core Labs;
— Kaspersky.

Vanobhadharisa megabit yega yega yetraffic yakachena, megabit inodhura anenge zviuru zvinoverengeka rubles. Kana iwe uine angangoita 100 Mbps ye traffic yakachena - oh. Kudzivirirwa kuchadhura zvakanyanya. Ini ndinogona kukuudza mune zvinotevera zvinyorwa maitiro ekugadzira maapplication kuitira kuchengetedza yakawanda pakukwanisa kwenzira dzekuchengetedza.
Iye chaiye "mambo wechikomo" ndiye Qrator.net, vamwe vese vakasara kumashure kwavo. Qrator kusvika pari zvino ivo chete mune yangu ruzivo vanopa chikamu chezvekunyepa padyo ne zero, asi panguva imwechete ivo vanodhura kakawanda kupfuura vamwe vatambi vemusika.

Vamwe vashandisi vanopawo kuchengetedzwa kwemhando yepamusoro uye kwakagadzikana. Masevhisi mazhinji anotsigirwa nesu (kusanganisira anozivikanwa zvikuru munyika!) anodzivirirwa kubva kuDDoS-Guard, G-Core Labs, uye anogutsikana kwazvo nemhedzisiro yakawanikwa.
Chii chii uye ndiani ari mumusika wekudzivirira weDDoS
Kurwiswa kunodzingwa naQrator

Ini zvakare ndine ruzivo nevadiki chengetedzo vanoshanda se cloud-shield.ru, ddosa.net, zviuru zvavo. Ini zvirokwazvo handisi kuzvikurudzira, nekuti ... Ini handina ruzivo rwakawanda, asi ini ndichakuudza nezvemisimboti yebasa ravo. Mari yavo yekudzivirira inowanzova 1-2 mirairo yehukuru yakaderera pane yevatambi vakuru. Semutemo, vanotenga chikamu chekudzivirira sevhisi (L3 / L4) kubva kune mumwe wevatambi vakakura + vanoita dziviriro yavo pakurwiswa pamazinga akakwirira. Izvi zvinogona kunyatsoshanda + unogona kuwana basa rakanaka nemari shoma, asi aya achiri makambani madiki ane vashandi vadiki, ndapota chengeta izvo mupfungwa.

Chii chinonetsa kudzinga kurwiswa paL7 level?

Ese maapplication akasiyana, uye iwe unofanirwa kubvumidza traffic inobatsira kwavari uye kuvhara inokuvadza. Hazvisi nguva dzose zvinogoneka kusimudza masora kunze bots, saka unofanirwa kushandisa akawanda, chaizvo MAZWI madhigirii ekucheneswa kwetraffic.

Pane imwe nguva, iyo nginx-testcookie module yakanga yakakwana (https://github.com/kyprizel/testcookie-nginx-module), uye zvichiri zvakakwana kudzinga nhamba huru yekurwiswa. Pandakashanda muindasitiri yekutambira, kuchengetedzwa kweL7 kwakavakirwa panginx-testcookie.
Zvinosuruvarisa, kurwisa kwave kwakaoma. testcookie inoshandisa JS-based bot cheki, uye akawanda mabhoti emazuva ano anogona kubudirira kuapfuura.

Attack botnets zvakare akasiyana, uye maitiro ebhoti rimwe nerimwe rakakura anofanira kuverengerwa.
Kukwidziridzwa, mafashama akananga kubva kubhoti, kusefa traffic kubva kunyika dzakasiyana (kusefa kwakasiyana kune nyika dzakasiyana), SYN/ACK mafashama, kupatsanurwa kwepakiti, ICMP, http mafashamo, nepo padanho rekushandisa/http unogona kuuya nenhamba isingaverengeki ye kurwisa kwakasiyana.
Pakazara, padanho rekudzivirira chiteshi, michina yakasarudzika yekubvisa traffic, yakakosha software, yakawedzera kusefa marongero ega ega mutengi anogona kuve nemakumi nemazana emazinga ekusefa.
Kuti utore izvi nemazvo uye nekunyatso kurongedza kusefa kwevashandisi vakasiyana, unoda ruzivo rwakawanda uye vashandi vanokwanisa. Kunyangwe mushandisi mukuru akafunga kupa masevhisi edziviriro haagone "kukanda mari nehupenzi padambudziko": ruzivo ruchafanirwa kuwanikwa kubva kunzvimbo dzekunyepa uye manyepo ekunyepa pane zviri pamutemo traffic.
Iko hakuna "repel DDoS" bhatani rekuchengetedza opareta; kune huwandu hukuru hwematurusi, uye iwe unofanirwa kuziva mashandisirwo awo.

Uye mumwezve bhonasi muenzaniso.
Chii chii uye ndiani ari mumusika wekudzivirira weDDoS
Sevha isina kudzivirirwa yakavharwa nehoster panguva yekurwisa ine simba re600 Mbit
("Kurasikirwa" kwemotokari hakuoneki, nokuti 1 saiti chete yakarwiswa, yakabviswa kwenguva pfupi kubva pavhavha uye kuvhara kwakasimudzwa mukati meawa).
Chii chii uye ndiani ari mumusika wekudzivirira weDDoS
Iyo imwechete sevha inodzivirirwa. Varwi vacho "vakakanda mapfumo pasi" mushure mezuva rekurwiswa. Kurwisa pachayo kwakanga kusiri kwakasimba zvikuru.

Kurwiswa uye kudzivirira kweL3/L4 zvakanyanya diki; ivo vanonyanya kutsamira pane ukobvu hwematanho, kuona uye kusefa maalgorithms ekurwiswa.
Kurwiswa kweL7 kwakanyanya kuoma uye kwepakutanga; zvinoenderana nekushandiswa kuri kurwiswa, kugona uye fungidziro yevanorwisa. Kudzivirirwa kwavari kunoda ruzivo rwakawanda uye ruzivo, uye mhedzisiro inogona kunge isiri yekukurumidza uye kwete zana muzana. Kusvikira Google yauya neimwe neural network yekudzivirira.

Source: www.habr.com

Voeg