ProHoster > Blog > Utongi > Chii chinonzi DNS tunneling? Mirayiridzo yekuona

Chii chinonzi DNS tunneling? Mirayiridzo yekuona

Chii chinonzi DNS tunneling? Mirayiridzo yekuona

DNS tunneling inoshandura iyo domain zita system kuita chombo chevanoba. DNS ibhuku guru renhare reInternet. DNS zvakare iri pasi peprotocol inobvumira vatariri kubvunza iyo DNS server database. Kusvika ikozvino zvinhu zvose zvinoratidzika zvakajeka. Asi matsotsi akangwara akaziva kuti vaigona kutaurirana pachivande nekombuta yakabatwa nekubaya mirairo yekudzora uye data muDNS protocol. Iyi pfungwa ndiyo hwaro hweDNS tunneling.

Iyo DNS tunneling inoshanda sei

Chii chinonzi DNS tunneling? Mirayiridzo yekuona

Zvese zviri paInternet zvine zvazvo zvakasiyana protocol. Uye DNS tsigiro iri nyore protocol chikumbiro-mhinduro mhando. Kana iwe uchida kuona kuti inoshanda sei, unogona kumhanya nslookup, chishandiso chikuru chekugadzira DNS mibvunzo. Unogona kukumbira kero nekungodoma zita rezita rauri kufarira, semuenzaniso:

Chii chinonzi DNS tunneling? Mirayiridzo yekuona

Kwatiri, iyo protocol yakapindura neiyo domain IP kero. Panyaya yeDNS protocol, ndakaita chikumbiro chekero kana chinonzi chikumbiro. "A" mhando. Kune mamwe marudzi ezvikumbiro, uye iyo DNS protocol ichapindura neyakasiyana seti yedata data, iyo, sezvatichaona gare gare, inogona kushandiswa nevabiki.

Imwe nzira kana imwe, pamusimboti wayo, iyo DNS protocol ine chekuita nekutumira chikumbiro kune sevha uye mhinduro yayo kudzokera kumutengi. Ko kana munhu anorwisa akawedzera meseji yakavanzika mukati mezita rezita rekukumbira? Semuyenzaniso, pachinzvimbo chekuisa URL iri pamutemo, anoisa data raanoda kufambisa:

Chii chinonzi DNS tunneling? Mirayiridzo yekuona

Ngatiti munhu anorwisa anodzora iyo DNS server. Inogona kufambisa data-yako data, semuenzaniso-pasina kunyatsoonekwa. Mushure mezvose, nei mubvunzo weDNS uchizoerekana wava chimwe chinhu chisiri pamutemo?

Nekudzora sevha, ma hackers anogona kugadzira mhinduro uye kutumira data kumashure kune inotangwa system. Izvi zvinovabvumira kupfuudza mameseji akavanzwa munzvimbo dzakasiyana dzeDNS mhinduro kune malware pamushini une hutachiona, nemirayiridzo yakadai sekutsvaga mukati meimwe folda.

Iyo "tunneling" chikamu chekurwisa uku kuvanza data uye mirairo kubva pakuonekwa nekutarisa masisitimu. Hackers vanogona kushandisa base32, base64, nezvimwewo seti yemhando, kana kunyange encrypt data. Encoding yakadaro ichapfuura isingaonekwe nezviri nyore zvekutyisidzira zvinoshandiswa zvinotsvaga zviri pachena.

Uye iyi ndiyo DNS tunneling!

Nhoroondo yeDNS tunneling kurwisa

Zvese zvine mavambo, kusanganisira iyo pfungwa yekubira iyo DNS protocol nekuda kwekubira. Sezvatinogona kutaura, yekutanga hurukuro Kurwiswa uku kwakaitwa naOskar Pearson paBugtraq tsamba yetsamba muna Kubvumbi 1998.

Pakazosvika 2004, DNS tunneling yakaunzwa paBlack Hat senzira yekubira mumharidzo naDan Kaminsky. Nokudaro, pfungwa yacho yakakurumidza kukura ikava chombo chaicho chekurwisa.

Nhasi, DNS tunneling inotora nzvimbo ine chivimbo pamepu zvinogona kutyisidzira (uye ruzivo rwekuchengetedza mablogiki vanowanzobvunzwa kuti vatsanangure).

Wakambonzwa nezvazvo Turtle yegungwa ? Uyu ndiwo mushandirapamwe unoenderera mberi nemapoka e-cybercriminal - angangove anotsigirwa nehurumende - kubira maseva ari pamutemo eDNS kuitira kuti adzore zvikumbiro zveDNS kumaseva avo. Izvi zvinoreva kuti masangano anogashira kero "yakaipa" IP inonongedza kumapeji ewebhu emanyepo anofambiswa nematsotsi, akadai seGoogle kana FedEx. Panguva imwecheteyo, vanorwisa vachakwanisa kuwana maakaundi evashandisi uye mapassword, avo vasingazive vanovaisa panzvimbo dzakadaro dzenhema. Iyi haisi DNS tunneling, asi imwe chete inosuruvarisa mhedzisiro yevanobira vanodzora DNS maseva.

DNS tunneling kutyisidzira

Chii chinonzi DNS tunneling? Mirayiridzo yekuona

DNS tunneling yakafanana nechiratidzo chekutanga kweiyo yakaipa nhau nhanho. Zvipi? Takatotaura nezve akati wandei, asi ngativagadzirise:

  • Kuburitsa data (exfiltration) -Hacker inotumira muchivande data rakakosha pamusoro peDNS. Iyi haisi iyo yakanyanya kunaka nzira yekuendesa ruzivo kubva kune akabatwa komputa - uchifunga nezvese mutengo uye encodings - asi inoshanda, uye panguva imwe chete - pachivande!
  • Kuraira uye Kudzora (yakapfupikiswa C2) -matsotsi anoshandisa iyo DNS protocol kutumira yakapusa kutonga mirairo kuburikidza, toti, remote access trojan (Remote Access Trojan, yakapfupikiswa RAT).
  • IP-Over-DNS Tunneling - Izvi zvingaite sekupenga, asi pane zvinoshandiswa zvinoshandisa IP stack pamusoro peDNS protocol zvikumbiro uye mhinduro. Inoita kuendesa data uchishandisa FTP, Netcat, ssh, nezvimwe. basa riri nyore. Zvinotyisa zvakanyanya!

Kutsvaga DNS tunneling

Chii chinonzi DNS tunneling? Mirayiridzo yekuona

Pane nzira mbiri huru dzekuona DNS kushungurudzwa: kuongorora mutoro uye kuongorora traffic.

pa load analysis Bato rinodzivirira rinotarisa kusakanganiswa mu data inotumirwa kumashure nekudzoka iyo inogona kuonekwa nenzira dzenhamba: mazita echienzi-anotaridzika, DNS rekodhi mhando isingashandiswe kazhinji, kana isiri-yakajairwa encoding.

pa traffic analysis Huwandu hwezvikumbiro zveDNS kune imwe neimwe dhomeini inofungidzirwa ichienzaniswa neavhareji yehuwandu. Vanorwisa vachishandisa DNS tunneling vanogadzira huwandu hukuru hwetraffic kune server. Mune dzidziso, yakanyanya kunaka kune yakajairwa DNS meseji kuchinjanisa. Uye izvi zvinoda kuongororwa!

DNS tunneling zvishandiso

Kana iwe uchida kuitisa yako pentest uye uone kuti kambani yako inogona sei kuona uye kupindura kune yakadaro chiitiko, kune akati wandei maturusi eizvi. Vese vanogona kuita tunnel mune mode IP-Over-DNS:

  • Iodine - inowanikwa pamapuratifomu akawanda (Linux, Mac OS, FreeBSD uye Windows). Inokutendera kuti uise SSH shell pakati pechinangwa uye kutonga makomputa. Ndiyo yakanaka Π³Π°ΠΉΠ΄ pakugadzirisa nekushandisa Iodine.
  • OzymanDNS -DNS tunneling purojekiti kubva kuna Dan Kaminsky, yakanyorwa muPerl. Iwe unogona kubatana nayo kuburikidza neSSH.
  • DNSCat2 - "DNS mugero usingarware." Inogadzira yakavharidzirwa C2 chiteshi chekutumira / kurodha mafaera, kuvhura mabhomba, nezvimwe.

DNS yekutarisa zvishandiso

Pazasi pane runyorwa rwezvishandiso zvinoverengeka zvinozobatsira pakuona tunneling kurwiswa:

  • dnsHunter - Python module yakanyorerwa MercenaryHuntFramework uye Mercenary-Linux. Inoverenga .pcap mafaira, inobvisa DNS mibvunzo uye inoita geolocation mepu kubatsira mukuongorora.
  • reassemble_dns - a Python utility iyo inoverenga .pcap mafaira uye inoongorora DNS mameseji.

Micro FAQ paDNS tunneling

Ruzivo runobatsira mumhando yemibvunzo nemhinduro!

Q: Chii chinonzi tunneling?
About: Ingori nzira yekuendesa data pamusoro peiyo iripo protocol. Iyo yepasi peprotocol inopa yakatsaurirwa chiteshi kana mugero, iyo inozoshandiswa kuvanza iyo ruzivo rwuri kufambiswa.

Mubvunzo: Ndeipi yekutanga DNS tunneling kurwisa yakaitwa?
About: Hatizivi! Kana uchiziva, tapota tizivise. Sekuziva kwedu, hurukuro yekutanga yekurwiswa kwakatangwa naOscar Piersan mutsamba yetsamba yeBugtraq muna Kubvumbi 1998.

Q: Ndekupi kurwiswa kwakafanana neDNS tunneling?
About: DNS iri kure neiyo chete protocol inogona kushandiswa kuita tunnel. Semuenzaniso, kuraira uye kutonga (C2) malware inowanzoshandisa HTTP kuvhara nzira yekutaurirana. Sezvakaita DNS tunneling, mubiki anoviga data rake, asi mune iyi nyaya inoita senge traffic kubva kune yenguva dzose webhu browser inowana iri kure saiti (inodzorwa neanorwisa). Izvi zvinogona kuenda zvisingaonekwe nekutarisa zvirongwa kana zvisina kugadzirwa kuti zvionekwe kutyisidzira kushungurudzwa kweHTTP protocol nekuda kwehacker zvinangwa.

Ungade here kuti tibatsire nekuona DNS tunnel? Tarisa uone module yedu Varonis Edge uye edza mahara demo!

Source: www.habr.com

Voeg