Haisi chakavanzika kuti Internet inzvimbo ine hutsinye. Paunongosimudza sevha, inobva yaiswa pasi pekurwiswa kukuru uye ma scan akawanda. Semuyenzaniso unogona kufungidzira ukuru hweiyi traffic traffic. Muchokwadi, paavhareji sevha, 99% yetraffic inogona kuve yakaipa.
Tarpit chiteshi chemusungo chinoshandiswa kudzikisira chinouya chinongedzo. Kana yechitatu-bato system yakabatana nechiteshi ichi, haugone kukurumidza kuvhara kubatana. Anozofanira kutambisa zviwanikwa zvehurongwa uye kumirira kusvika nguva yekubatanidza yapera, kana kuimisa nemaoko.
Kazhinji, tarpits inoshandiswa kudzivirira. Iyo tekinoroji yakatanga kugadzirwa kudzivirira kubva kumakonye emakomputa. Uye ikozvino inogona kushandiswa kukanganisa hupenyu hweva spammers nevatsvaguri vari kuita yakazara scanning yeese IP kero mumutsara (mienzaniso paHabre: , ).
Mumwe wevatariri vehurongwa anonzi Chris Wellons sezviri pachena akaneta nekuona kunyadzisa uku - uye akanyora chirongwa chidiki. , tarpit yeSSH inodzikisira kubatanidza kunouya. Chirongwa chinovhura chiteshi (iyo chiteshi chekuyedzwa ndeye 2222) uye inonyepedzera kuva SSH sevha, asi muchokwadi inomisikidza hukama husingagumi nemutengi anouya kudzamara akanda mapfumo pasi. Izvi zvinogona kuenderera kwemazuva akati wandei kana kupfuura kusvika mutengi adonha.
Kuiswa kwekushandisa:
$ make
$ ./endlessh &
$ ssh -p2222 localhostIyo tarpit yakaitwa nemazvo inotora zviwanikwa zvakawanda kubva kune anorwisa kupfuura kubva kwauri. Asi haisi nyaya yezviwanikwa. Munyori kuti purogiramu inopindwa muropa. Parizvino ine vatengi makumi maviri nevanomwe vakavharirwa, vamwe vacho vakabatana kwemavhiki. Panhamba yepamusoro yebasa, vatengi 27 1378 vakavharirwa kwemaawa 20!
Mukushanda mode, Endlessh server inoda kuiswa pane yakajairwa port 22, uko hooligans inogogodza muzhinji. Kurudziro yekuchengetedza yakajairwa inogara ichikurudzira kufambisa SSH kune imwe chiteshi, izvo zvinokurumidza kuderedza saizi yematanda nekuraira kwehukuru.
Chris Wellons anoti chirongwa chake chinoshandisa ndima imwe chete yezvakatsanangurwa kune SSH protocol. Pakarepo mushure mekubatana kweTCP kwasimbiswa, asi cryptography isati yashandiswa, mapato maviri anofanira kutumira tambo yekuzivikanwa. Uye zvakare pane chinyorwa: "Sevha INOGONA kutumira mamwe mitsara yedata isati yatumira vhezheni mutsara". Uye hapana muganhu pahuwandu hweiyi data, iwe unongoda kutanga mutsara wega wega SSH-.
Izvi ndizvo chaizvo zvinoitwa neEndlessh chirongwa: iyo anotumira kusingaperi kuyerera kwe data yakagadzirwa zvisina tsarukano, iyo inoenderana neRFC 4253, kureva kuti, tumira pamberi pechokwadi, uye mutsara wega wega unotanga SSH- uye haipfuure mabhii 255, kusanganisira mutsetse wekugumisira. Kazhinji, zvinhu zvose zvinoenderana nechiyero.
Nekutadza, chirongwa chinomirira masekonzi gumi pakati pekutumira mapaketi. Izvi zvinodzivirira kuti mutengi asapedze nguva, saka mutengi anobatwa zvachose.
Sezvo iyo data yakatumirwa isati yaiswa cryptography, chirongwa ichi chiri nyore kwazvo. Izvo hazvidi kuita chero ciphers uye inotsigira akawanda maprotocol.
Munyori akaedza kuve nechokwadi chekuti zvinoshandiswa zvinoshandisa zvishoma zviwanikwa uye zvinoshanda zvisingaonekwe pamushini. Kusiyana nemazuva ano antivirus uye mamwe "security system," haifanire kudzikamisa komputa yako. Akakwanisa kudzikisira zvese zviri zviviri traffic uye ndangariro kushandiswa nekuda kwehungwaru hwekuita software. Kana ikangotangisa nzira yakaparadzana pakubatana kutsva, saka vanogona kurwisa vanogona kutanga DDoS kurwisa nekuvhura akawanda makubatanidza kuti apedze zviwanikwa pamushini. Imwe shinda pane yekubatanidza haisiriyo yakanakisa sarudzo, nekuti kernel ichapambadza zviwanikwa zvekugadzirisa tambo.
Ndosaka Chris Wellons akasarudza yakanyanya kureruka sarudzo yeEndlessh: imwe-yakapetwa sevha poll(2), uko vatengi vari mumusungo vanodya zvisingaite zvekuwedzera zviwanikwa, vasingaverenge socket chinhu mu kernel uye imwe 78 bytes yekutevera mu Endlesssh. Kuti udzivise kugovera kugashira uye kutumira mabuffers kumutengi wega wega, Endlessh inovhura yakananga socket uye inoshandura TCP mapaketi zvakananga, ichipfuura inenge yese yekushandisa system TCP/IP stack. Iyo inouya buffer haidiwi zvachose, nekuti isu hatifarire data rinouya.
Munyori anoti panguva yechirongwa chake nezve kuvapo kwePython's asycio nemamwe matarpits. Dai aiziva nezve asycio, aigona kuita zvekushandisa mumitsara gumi nemasere muPython:
import asyncio
import random
async def handler(_reader, writer):
try:
while True:
await asyncio.sleep(10)
writer.write(b'%xrn' % random.randint(0, 2**32))
await writer.drain()
except ConnectionResetError:
pass
async def main():
server = await asyncio.start_server(handler, '0.0.0.0', 2222)
async with server:
await server.serve_forever()
asyncio.run(main())Asyncio yakanakira kunyora tarpits. Semuenzaniso, hoko iyi ichaomesa Firefox, Chrome, kana chero mumwe mutengi ari kuyedza kubatanidza kune yako HTTP server kwemaawa akawanda:
import asyncio
import random
async def handler(_reader, writer):
writer.write(b'HTTP/1.1 200 OKrn')
try:
while True:
await asyncio.sleep(5)
header = random.randint(0, 2**32)
value = random.randint(0, 2**32)
writer.write(b'X-%x: %xrn' % (header, value))
await writer.drain()
except ConnectionResetError:
pass
async def main():
server = await asyncio.start_server(handler, '0.0.0.0', 8080)
async with server:
await server.serve_forever()
asyncio.run(main())Tarpit chishandiso chikuru chekuranga vanodheerera pamhepo. Ichokwadi, pane imwe njodzi, pane kudaro, yekukwevera pfungwa dzavo kune zvisingawanzoitiki maitiro eimwe server. Mumwe munhu uye yakanangwa DDoS kurwisa paIP yako. Nekudaro, kusvika parizvino hapasati pave nezviitiko zvakadaro, uye tarpits inoshanda zvikuru.
Hubs:
Python, Ruzivo rwekuchengetedza, Software, System manejimendi
Tags:
SSH, Endlesssh, tarpit, tarpit, trap, asycio
Musungo (tarpit) yeinouya SSH yekubatanidza
Haisi chakavanzika kuti Internet inzvimbo ine hutsinye. Paunongosimudza sevha, inobva yaiswa pasi pekurwiswa kukuru uye ma scan akawanda. Semuyenzaniso unogona kufungidzira ukuru hweiyi traffic traffic. Muchokwadi, paavhareji sevha, 99% yetraffic inogona kuve yakaipa.
Tarpit chiteshi chemusungo chinoshandiswa kudzikisira chinouya chinongedzo. Kana yechitatu-bato system yakabatana nechiteshi ichi, haugone kukurumidza kuvhara kubatana. Anozofanira kutambisa zviwanikwa zvehurongwa uye kumirira kusvika nguva yekubatanidza yapera, kana kuimisa nemaoko.
Kazhinji, tarpits inoshandiswa kudzivirira. Iyo tekinoroji yakatanga kugadzirwa kudzivirira kubva kumakonye emakomputa. Uye ikozvino inogona kushandiswa kukanganisa hupenyu hweva spammers nevatsvaguri vari kuita yakazara scanning yeese IP kero mumutsara (mienzaniso paHabre: , ).
Mumwe wevatariri vehurongwa anonzi Chris Wellons sezviri pachena akaneta nekuona kunyadzisa uku - uye akanyora chirongwa chidiki. , tarpit yeSSH inodzikisira kubatanidza kunouya. Chirongwa chinovhura chiteshi (iyo chiteshi chekuyedzwa ndeye 2222) uye inonyepedzera kuva SSH sevha, asi muchokwadi inomisikidza hukama husingagumi nemutengi anouya kudzamara akanda mapfumo pasi. Izvi zvinogona kuenderera kwemazuva akati wandei kana kupfuura kusvika mutengi adonha.
Kuiswa kwekushandisa:
$ make
$ ./endlessh &
$ ssh -p2222 localhostIyo tarpit yakaitwa nemazvo inotora zviwanikwa zvakawanda kubva kune anorwisa kupfuura kubva kwauri. Asi haisi nyaya yezviwanikwa. Munyori kuti purogiramu inopindwa muropa. Parizvino ine vatengi makumi maviri nevanomwe vakavharirwa, vamwe vacho vakabatana kwemavhiki. Panhamba yepamusoro yebasa, vatengi 27 1378 vakavharirwa kwemaawa 20!
Mukushanda mode, Endlessh server inoda kuiswa pane yakajairwa port 22, uko hooligans inogogodza muzhinji. Kurudziro yekuchengetedza yakajairwa inogara ichikurudzira kufambisa SSH kune imwe chiteshi, izvo zvinokurumidza kuderedza saizi yematanda nekuraira kwehukuru.
Chris Wellons anoti chirongwa chake chinoshandisa ndima imwe chete yezvakatsanangurwa kune SSH protocol. Pakarepo mushure mekubatana kweTCP kwasimbiswa, asi cryptography isati yashandiswa, mapato maviri anofanira kutumira tambo yekuzivikanwa. Uye zvakare pane chinyorwa: "Sevha INOGONA kutumira mamwe mitsara yedata isati yatumira vhezheni mutsara". Uye hapana muganhu pahuwandu hweiyi data, iwe unongoda kutanga mutsara wega wega SSH-.
Izvi ndizvo chaizvo zvinoitwa neEndlessh chirongwa: iyo anotumira kusingaperi kuyerera kwe data yakagadzirwa zvisina tsarukano, iyo inoenderana neRFC 4253, kureva kuti, tumira pamberi pechokwadi, uye mutsara wega wega unotanga SSH- uye haipfuure mabhii 255, kusanganisira mutsetse wekugumisira. Kazhinji, zvinhu zvose zvinoenderana nechiyero.
Nekutadza, chirongwa chinomirira masekonzi gumi pakati pekutumira mapaketi. Izvi zvinodzivirira kuti mutengi asapedze nguva, saka mutengi anobatwa zvachose.
Sezvo iyo data yakatumirwa isati yaiswa cryptography, chirongwa ichi chiri nyore kwazvo. Izvo hazvidi kuita chero ciphers uye inotsigira akawanda maprotocol.
Munyori akaedza kuve nechokwadi chekuti zvinoshandiswa zvinoshandisa zvishoma zviwanikwa uye zvinoshanda zvisingaonekwe pamushini. Kusiyana nemazuva ano antivirus uye mamwe "security system," haifanire kudzikamisa komputa yako. Akakwanisa kudzikisira zvese zviri zviviri traffic uye ndangariro kushandiswa nekuda kwehungwaru hwekuita software. Kana ikangotangisa nzira yakaparadzana pakubatana kutsva, saka vanogona kurwisa vanogona kutanga DDoS kurwisa nekuvhura akawanda makubatanidza kuti apedze zviwanikwa pamushini. Imwe shinda pane yekubatanidza haisiriyo yakanakisa sarudzo, nekuti kernel ichapambadza zviwanikwa zvekugadzirisa tambo.
Ndosaka Chris Wellons akasarudza yakanyanya kureruka sarudzo yeEndlessh: imwe-yakapetwa sevha poll(2), uko vatengi vari mumusungo vanodya zvisingaite zvekuwedzera zviwanikwa, vasingaverenge socket chinhu mu kernel uye imwe 78 bytes yekutevera mu Endlesssh. Kuti udzivise kugovera kugashira uye kutumira mabuffers kumutengi wega wega, Endlessh inovhura yakananga socket uye inoshandura TCP mapaketi zvakananga, ichipfuura inenge yese yekushandisa system TCP/IP stack. Iyo inouya buffer haidiwi zvachose, nekuti isu hatifarire data rinouya.
Munyori anoti panguva yechirongwa chake nezve kuvapo kwePython's asycio nemamwe matarpits. Dai aiziva nezve asycio, aigona kuita zvekushandisa mumitsara gumi nemasere muPython:
import asyncio
import random
async def handler(_reader, writer):
try:
while True:
await asyncio.sleep(10)
writer.write(b'%xrn' % random.randint(0, 2**32))
await writer.drain()
except ConnectionResetError:
pass
async def main():
server = await asyncio.start_server(handler, '0.0.0.0', 2222)
async with server:
await server.serve_forever()
asyncio.run(main())Asyncio yakanakira kunyora tarpits. Semuenzaniso, hoko iyi ichaomesa Firefox, Chrome, kana chero mumwe mutengi ari kuyedza kubatanidza kune yako HTTP server kwemaawa akawanda:
import asyncio
import random
async def handler(_reader, writer):
writer.write(b'HTTP/1.1 200 OKrn')
try:
while True:
await asyncio.sleep(5)
header = random.randint(0, 2**32)
value = random.randint(0, 2**32)
writer.write(b'X-%x: %xrn' % (header, value))
await writer.drain()
except ConnectionResetError:
pass
async def main():
server = await asyncio.start_server(handler, '0.0.0.0', 8080)
async with server:
await server.serve_forever()
asyncio.run(main())Tarpit chishandiso chikuru chekuranga vanodheerera pamhepo. Ichokwadi, pane imwe njodzi, pane kudaro, yekukwevera pfungwa dzavo kune zvisingawanzoitiki maitiro eimwe server. Mumwe munhu uye yakanangwa DDoS kurwisa paIP yako. Nekudaro, kusvika parizvino hapasati pave nezviitiko zvakadaro, uye tarpits inoshanda zvikuru.
Source: www.habr.com