Makambani mazhinji nhasi ane hanya nezve kuvimbisa kuchengetedzwa kweruzivo rwezvivakwa zvavo, vamwe vanoita izvi nekukumbira magwaro ekutonga, uye vamwe vanoita izvi kubva panguva yekutanga chiitiko. Mazuva ano maitiro anoratidza kuti nhamba yezviitiko zviri kukura, uye kurwisa pachako kuri kuwedzera kuoma. Asi iwe haufanire kuenda kure, njodzi iri pedyo zvakanyanya. Panguva ino ndinoda kusimudza musoro weInternet provider security. Pane zvinyorwa paHabrΓ© zvakakurukura nyaya iyi padanho rekushandisa. Ichi chinyorwa chichatarisa nezvekuchengetedza kune network uye data link mazinga.
Kuti zvese zvakatanga sei
Imwe nguva yapfuura, Internet yakaiswa mufurati kubva kune mutsva mupi; kare, Internet masevhisi akaunzwa mufurati achishandisa ADSL tekinoroji. Sezvo ini ndichipedza nguva shoma ndiri kumba, nharembozha yeInternet yaive yakanyanya kudiwa pane yekumba Internet. Nekuchinja kuenda kubasa kure, ndakasarudza kuti kumhanya kwe50-60 Mb/s yeInternet yekumba kwaingove kusina kukwana uye ndakasarudza kuwedzera kumhanya. Ne tekinoroji yeADSL, nekuda kwezvikonzero zvehunyanzvi, hazvigoneke kuwedzera kumhanya pamusoro pe60 Mb/s. Izvo zvakasarudzwa kuchinjira kune mumwe mupi ane akasiyana akaziviswa kumhanya uye nekupihwa kwemasevhisi kwete kuburikidza neADSL.
Chingave chakasiyana
Ndabata mumiriri weInternet provider. Mainstallers akauya, akaboora buri mumba, ndokuisa RJ-45 patch cord. Vakandipa chibvumirano uye mirairo ine network zvigadziriso zvinoda kuiswa pane router (yakatsaurirwa IP, gedhi, subnet mask uye IP kero yeDNS yavo), vakatora mubhadharo wemwedzi wekutanga webasa ndokuenda. Pandakapinda masethingi etiweki andakapihwa mu router yangu yekumba, Internet yakabva yapinda mufurati. Maitirwo emunyoreri mutsva kutanga kupinda kunetiweki aiita seakapusa kwandiri. Hapana mvumo yekutanga yakaitwa, uye chiziviso changu yaive IP kero yandakapihwa. Indaneti yakashanda nekukurumidza uye yakadzikama.Mufurati maive neruta yewifi uye nepamudhuri unotakura zvinhu kumhanya kwekubatanidza kwakadzikira zvishoma. Rimwe zuva, ndaida kudhawunirodha faira raiyera gumi nemaviri gigabytes. Ndakafunga, wadii kubatanidza iyo RJ-45 kuenda kuimba yakananga kuPC.
Ziva muvakidzani wako
Sezvo ndadhawunirodha faira rese, ndakafunga kuziva vavakidzani vari mumasokisi ekuchinja zviri nani.
Muzvivakwa zvefurati, iyo Internet yekubatanidza inowanzobva kune mupi kuburikidza neoptical fiber, inopinda muwadhiropu yewadhi mune imwe yekuchinja uye inogoverwa pakati pemasuo nemafurati kuburikidza neEthernet tambo, kana tikafunga yakanyanya primitive yekubatanidza dhizaini. Hongu, pane yatova tekinoroji iyo optics inoenda yakananga kufurati (GPON), asi izvi hazvisati zvapararira.
Kana tikatora topology yakareruka pachiyero cheimba imwe, inotaridzika seizvi:
Zvinoitika kuti vatengi vemupi uyu, dzimwe dzimba dzakavakidzana, vanoshanda mune imwecheteyo network network pane imwechete switch switch.
Nekugonesa kuteerera pane interface yakabatana zvakananga kune network yemupi, iwe unogona kuona kutepfenyura ARP traffic ichibhururuka kubva kune ese anotambira panetiweki.
Mupi wacho akasarudza kusanyanya kunetseka nekuparadzanisa network kuita zvidimbu zvidiki, saka nhepfenyuro yekushambadzira kubva kune 253 mauto inogona kuyerera mukati meimwe switch, tisingaverenge iyo yakadzimwa, nekudaro ichivhara chiteshi bandwidth.
Mushure mekutarisa network tichishandisa nmap, takaona huwandu hweanoshanda kubva kune yese kero dziva, iyo software vhezheni uye yakavhurika madoko eiyo main switch:
ARP uye ARP-spoofing iripi?
Kuita zvimwe zviito, iyo ettercap-graphical utility yakashandiswa; kune zvakare mamwe emazuva ano analogues, asi software iyi inokwezva neiyo primitive graphical interface uye nyore kushandisa.
Muchikamu chekutanga pane ma IP kero evose ma routers vakapindura ping, mune yechipiri ndidzo kero dzavo.
Kero yemuviri yakasarudzika; inogona kushandiswa kuunganidza ruzivo nezve nzvimbo yerouter, nezvimwewo, saka ichave yakavanzika nekuda kwechinyorwa chino.
Chinangwa 1 chinowedzera gedhi guru nekero 192.168.xxx.1, chinangwa chechipiri chinowedzera imwe yedzimwe kero.
Tinozvisuma kugedhi semugamuchiri ane kero inoti 192.168.xxx.204, asi nekero yedu yeMAC. Zvadaro tinozviratidza kumushandisi router segedhi rine kero 192.168.xxx.1 ine MAC yayo. Iwo madeti eiyi ARP protocol kusagadzikana anokurukurwa zvakadzama mune zvimwe zvinyorwa zviri nyore kuGoogle.
Nekuda kwezvese manipulations, isu tine traffic kubva kune vanogamuchira iyo inopfuura nepakati pedu, takambogonesa kutumirwa kwepaketi:
Ehe, https yakatoshandiswa pese pese, asi network ichiri kuzara nemamwe maprotocol asina kuchengetedzwa. Semuenzaniso, iyo DNS imwechete ine DNS-spoofing kurwisa. Icho chokwadi chekuti kurwiswa kweMITM kunogona kuitwa kunomutsa kumwe kurwiswa kwakawanda. Zvinhu zvinotonyanya kuipa kana paine akati wandei ane gumi nemaviri anoshanda anowanikwa pane network. Zvakakodzera kufunga kuti iyi inzvimbo yakazvimirira, kwete network yemakambani, uye havasi vese vane matanho ekudzivirira ekuona uye kurwisa kurwiswa kwakabatana.
Kunzvenga sei
Mupi anofanirwa kuve nehanya nedambudziko iri; kumisikidza dziviriro pakurwiswa kwakadaro kuri nyore, kana iri iyo Cisco switch imwechete.
Kugonesa Dynamic ARP Inspection (DAI) yaizodzivirira master gedhi reMAC kero kubva pakubirwa. Kupwanya dura renhepfenyuro kuita zvidimbu zvidiki kwakadzivirira kanenge ARP traffic kubva kupararira kune vese vanogamuchira mumutsara uye kuderedza huwandu hwevaenzi vanogona kurwiswa. Mutengi, zvakare, anogona kuzvidzivirira kubva mukunyengedza kwakadaro nekumisikidza VPN zvakananga parouter yake yekumba; mazhinji maturusi anototsigira basa iri.
zvakawanikwa
Zvingangodaro, vanopa havana hanya neizvi; kuedza kwese kune chinangwa chekuwedzera huwandu hwevatengi. Ichi chinyorwa hachina kunyorwa kuratidza kurwiswa, asi kukuyeuchidza kuti kunyangwe network yemupi wako inogona kunge isina kuchengetedzeka zvakanyanya pakufambisa data rako. Ndine chokwadi chekuti kune akawanda madiki edunhu Internet masevhisi vanopa vasina chavakamboita kunze kwekudiwa kuti vamhanye zvakakosha network zvishandiso.
Source: www.habr.com