Kuedza: zvinogoneka here kuderedza kuipa kwekurwiswa kweDoS uchishandisa proxy

Mufananidzo: Unsplash

Kurwiswa kweDoS ndeimwe yekutyisidzira kukuru kwekuchengetedza ruzivo paInternet yazvino. Kune akawanda emabhotnet anohaiwa nevanorwisa kuti vaite kurwisa kwakadaro.

Masayendisiti kubva kuYunivhesiti yeSan Diego kudzidza mwero wekushandiswa kweproxies kunobatsira kudzikisira iyo yakaipa mhedzisiro yekurwiswa kweDoS - tinopa kune iwe pfungwa huru dzebasa iri.

Nhanganyaya: Proxy seDoS Fighting Tool

Kuedza kwakafanana kunoitwa nguva nenguva nevatsvakurudzi vanobva kunyika dzakasiyana-siyana, asi dambudziko ravo rinowanzoitika nderokushaya zviwanikwa zvekufananidza kurwiswa kuri pedyo nechokwadi. Miedzo pamabhenji madiki haibvumire kupindura mibvunzo nezve kuti kubudirira sei proxies kuramba kurwiswa mumatiweki akaomarara, ndeapi maparamendi anoita basa rakakosha mukukwanisa kuderedza kukuvadzwa, nezvimwe.

Pakuedza, masayendisiti akagadzira modhi yeakajairika webhu application - semuenzaniso, e-commerce sevhisi. Inoshanda nerubatsiro rweboka remaseva, vashandisi vanogoverwa munzvimbo dzakasiyana-siyana uye vanoshandisa Indaneti kuti vawane basa. Mumuenzaniso uyu, Indaneti inoshanda senzira yekukurukurirana pakati pesevhisi nevashandisi - iyi ndiyo mashandiro anoita masevhisi ewebhu kubva kumainjini ekutsvaga kuenda kumabhengi epamhepo.

Kurwiswa kweDoS kunoita kuti kudyidzana kwakajairwa pakati pesevhisi nevashandisi kusaite. Kune marudzi maviri eDoS: application layer kurwisa uye kurwisa kwezvivakwa. Muchiitiko chekupedzisira, vanorwisa vanorwisa zvakananga network uye mauto pane iyo sevhisi iri kushanda (semuenzaniso, vanofashama iyo yese network bandwidth nemafashama traffic). Panyaya yekurwisa-level yekurwisa, chinangwa cheanorwisa ndeye mushandisi yekudyidzana interface - nekuda kweizvi vanotumira nhamba huru yezvikumbiro kuitira kuti chikumbiro chiparare. Chiyedzo chakatsanangurwa chine chekuita nekurwiswa padanho rezvivakwa.

Proxy network ndeimwe yezvishandiso zvekudzikisa kukuvadzwa kubva kuDoS kurwiswa. Munyaya yekushandisa proxy, zvese zvikumbiro kubva kumushandisi kuenda kubasa uye mhinduro kwavari hazvifambiswe zvakananga, asi kuburikidza nepakati maseva. Vese mushandisi uye chishandiso "havaonane" mumwe nemumwe zvakananga, chete kero dzeproxy dzinowanikwa kwavari. Somugumisiro, hazvibviri kurwisa kushandiswa zvakananga. Pamucheto wetiweki pane anonzi edge proxies - ekunze proxies ane anowanikwa IP kero, kubatana kunotanga kwavari.

Kuti ubudirire kuramba kurwiswa kweDoS, proxy network inofanirwa kunge iine maviri makiyi ekugona. Chekutanga, network yakadaro yepakati inofanirwa kuita basa remurevereri, ndiko kuti, iwe unogona "kupfuura" kune application chete kuburikidza nayo. Izvi zvichabvisa mukana wekurwisa kwakananga pabasa. Chechipiri, iyo proxy network inofanirwa kukwanisa kubvumidza vashandisi kuti varambe vachipindirana neapp, kunyangwe panguva yekurwiswa.

Edzai zvivakwa

Chidzidzo chacho chakashandisa zvikamu zvina zvakakosha:

• kushandiswa kweproxy network;
• Apache web server
• dandemutande rekuongorora chishandiso Kutyisidzirwa;
• kurwisa chombo Trinoo.

Iyo simulation yakaitwa muMicroGrid nharaunda - inogona kushandiswa kutevedzera network ine zviuru makumi maviri ma routers, ayo anofananidzwa nema network eTier-20 anoshanda.

Yakajairika Trinoo network ine seti yevatambi vakakanganisika vanomhanyisa daemon yechirongwa. Kune zvakare yekutarisa software yekudzora network uye yakananga DoS kurwisa. Tichipihwa runyoro rwekero yeIP, iyo Trinoo daemon inotumira UDP mapaketi kune zvakatarwa panguva yakatarwa.

Panguva yekuedza, mapoka maviri akashandiswa. Iyo MicroGrid simulator yakamhanya paXeon Linux cluster yegumi nematanhatu node (16GHz maseva ane 2.4GB yendangariro pamushini) akabatana kuburikidza ne1Gbps Ethernet hub. Zvimwe zvikamu zvesoftware zvaive muboka remakumi maviri nemana node (1MHz PII Linux-cthdths ine 24 GB yekuyeuka pamushini) yakabatana ne450Mbps Ethernet hub. Masumbu maviri akabatanidzwa ne 1Gbps chiteshi.

Iyo proxy network inotambirwa mudziva re1000 mauto. Edge proxies akagovaniswa zvakaenzana padziva rekushandisa. MaProxies ekushanda nechishandiso anowanikwa pane anotambira ari padyo neayo masisitimu. Mamwe ese emaproxies akagovaniswa zvakaenzana pakati pemupendero proxies uye maproxies ekushandisa.

Network yekufananidza

Kudzidza kushanda kweproxy sechombo chekupikisa kurwiswa kweDoS, vatsvakurudzi vakayera kubudirira kwekushandiswa pasi pezviitiko zvakasiyana zvekunze kwekunze. Pakazara, pakanga paine 192 proxies mune proxy network (64 yacho yaive yemuganhu). Kuita kurwiswa uku, network yeTrinoo yakagadzirwa, kusanganisira zana madhimoni. Imwe neimwe yemadhimoni yaive ne100Mbps chiteshi. Izvi zvinoenderana nebhotnet ye100 ma routers epamba.

Kukanganisa kwekurwiswa kweDoS pachikumbiro uye proxy network yakayerwa. Muchiedzo chekugadzirisa, chikumbiro chaive neInternet chiteshi che 250Mbps, uye yega yega bhodha proxy yaive ne100 Mbps.

Edza mhinduro

Maererano nemigumisiro yekuongorora, zvakazoitika kuti kurwiswa kwe250Mbps kunowedzera zvakanyanya nguva yekupindura kwechikumbiro (kanenge kagumi), semugumisiro wekuti hazvibviri kuishandisa. Nekudaro, kana uchishandisa proxy network, kurwiswa hakuna kukanganisa kwakakosha pakuita uye hakudzikisire ruzivo rwemushandisi. Izvi zvinodaro nekuti ma proxies emupendero anoderedza mhedzisiro yekurwiswa, uye zviwanikwa zveiyo proxy network zvakakwirira pane izvo zvekushandisa pachayo.

Maererano nehuwandu, kana simba rekurwisa risingapfuuri 6.0Gbps (zvisinei nokuti iyo yose bandwidth yemuganhu weproxy channels inongova 6.4Gbps), ipapo 95% yevashandisi havaoni kuoneka kwekuora kwekuita. Panguva imwecheteyo, munyaya yekurwisa kwakasimba kudarika 6.4Gbps, kunyange kushandiswa kweproxy network kwaisazobvumira kudzivisa kuderedzwa kwehutano hwevashandi vekupedzisira.

Munyaya yekurwiswa kwakanyanyisa, kana simba ravo rakanangidzirwa pane isina kurongeka seti yeedge proxies. Muchiitiko ichi, kurwiswa kunovhara chikamu che proxy network, saka chikamu chakakosha chevashandisi chinoona kudonha kwekuita.

zvakawanikwa

Mhedzisiro yekuedza inoratidza kuti proxy network inogona kuvandudza mashandiro eTCP application uye inopa yakajairika nhanho yebasa yevashandisi, kunyangwe pakaitika kurwiswa kweDoS. Zvinoenderana nedata rakawanikwa, network proxies inzira inoshanda yekudzikisa mhedzisiro yekurwiswa, vanopfuura 90% yevashandisi panguva yekuyedza havana kunzwa kuderera kwehutano hwesevhisi. Pamusoro pezvo, vaongorori vakawana kuti nekukura kweiyo proxy network inowedzera, chiyero cheDoS kurwiswa icho chaanogona kutsungirira chinowedzera mutsara. Nokudaro, iyo yakakura iyo network, iyo inonyanya kushanda iyo inobata neDoS.

Zvishandiso zvinobatsira uye zvinhu kubva Infatica:

• Tsvagiridzo: Kugadzira block-resistant proxy sevhisi uchishandisa mutambo dzidziso
• Nhoroondo yekurwisa censorship: iyo flash proxy nzira yakagadzirwa nemasayendisiti kubva kuMIT neStanford inoshanda
• Maitiro ekunzwisisa kana ma proxies achinyepa: kusimbiswa kwenzvimbo dzemuviri dze network proxies uchishandisa inoshanda geolocation algorithm.
• Maitiro ekuzvivanza iwe paInternet: kuenzanisa sevha uye ekugara proxies

Kunobva: www.habr.com