Boka revatsvagiri kubva kuVrije Universiteit Amsterdam neETH Zurich vakagadzira nzira yekurwisa network. (Network Cache ATtack), iyo inobvumira, uchishandisa nzira dzekuongorora data kuburikidza nevechitatu-bato chiteshi, kutarisa kure makiyi anotsikirirwa nemushandisi uchishanda muchikamu cheSSH. Dambudziko rinongoonekwa chete pamaseva anoshandisa matekinoroji (Remote yakananga ndangariro kuwana) uye (Data-Yakananga I/O).
Intel , kuti kurwiswa kwakaoma kuita mukuita, sezvo kunoda mukana weanorwisa kune network yemunharaunda, mamiriro asina kuchena uye kurongeka kwekukurukurirana kwevaenzi vachishandisa RDMA uye DDIO matekinoroji, ayo anowanzoshandiswa mumambure ega, semuenzaniso, mune komputa. masumbu anoshanda. Nyaya yakarongwa Diki (CVSS 2.6, ) uye kurudziro inopihwa kuti isagone kugonesa DDIO neRDMA mumanetiweki emuno uko kuchengetedzeka kusingapiwe uye kubatana kwevatengi vasingavimbike kunobvumidzwa. DDIO yakashandiswa muIntel server processors kubvira 2012 (Intel Xeon E5, E7 uye SP). Masisitimu akavakirwa pama processors kubva ku AMD uye vamwe vagadziri haabatwe nedambudziko, sezvo ivo vasingatsigire kuchengetedza data inotamiswa pamusoro petiweki muCPU cache.
Nzira inoshandiswa pakurwisa yakafanana nenjodzi "", izvo zvinokutendera kuti uchinje zviri mukati memunhu mabits muRAM kuburikidza nekunyengera kwetiweki mapaketi mumasisitimu ane RDMA. Dambudziko idzva ndere mhedzisiro yebasa rekudzikisa kunonoka kana uchishandisa iyo DDIO mashandiro, ayo anovimbisa kupindirana kwakananga kwetiweki kadhi uye mamwe madhivhisi epamhepo ne processor cache (mukuita kugadzirisa network kadhi mapaketi, data inochengetwa mu cache uye yakatorwa kubva kucache, pasina kuwana ndangariro).
Kutenda kuDDIO, iyo processor cache inosanganisirawo data rakagadzirwa panguva yakaipa network chiitiko. Kurwiswa kweNetCAT kwakavakirwa pachokwadi chekuti makadhi etiweki anoshingairira cache data, uye kumhanya kwepakeji kugadzirisa mune zvemazuva ano network inokwana kupesvedzera kuzadzwa kwecache uye kuona kuvepo kana kusavapo kwedata mucache nekuongorora kunonoka panguva yedata. transfer.
Paunenge uchishandisa zvikamu zvinopindirana, zvakadai seSSH, network packet inotumirwa pakarepo mushure mokunge kiyi yatsikirirwa, i.e. kunonoka pakati pemapaketi anoenderana nekunonoka pakati pemakiyi. Uchishandisa nzira dzekuongorora nhamba uye uchifunga kuti kunonoka pakati pemakiyi kunowanzoenderana nenzvimbo yekiyi pakiyibhodhi, zvinokwanisika kudzokorora ruzivo rwakapinda neimwe mukana. Semuenzaniso, vanhu vazhinji vanowanzonyora "s" mushure me "a" nekukurumidza kupfuura "g" mushure me "s".
Iwo ruzivo rwakaiswa mu processor cache zvakare inobvumira munhu kutonga iyo chaiyo nguva yemapakiti anotumirwa netiweki kadhi kana uchigadzirisa zvinongedzo seSSH. Nekugadzira kumwe kuyerera kwetraffic, anorwisa anogona kuona nguva iyo data nyowani painooneka mucache ine chekuita nechimwe chiitiko muhurongwa. Kuti uongorore zviri mukati me cache, nzira inoshandiswa , izvo zvinosanganisira kuzadza cache nereferensi seti yezvinokosha uye kuyera nguva yekuwana kwavari kana yagarwa kuti ione shanduko.
Zvinogoneka kuti nzira yakatsanangurwa inogona kushandiswa kuona kwete chete makiyi, asiwo mamwe marudzi ezvakavanzika data akaiswa muCPU cache. Kurwiswa kwacho kunogona kuitwa kunyangwe RDMA yakaremara, asi pasina RDMA kushanda kwayo kwakaderedzwa uye kuuraya kunowedzera kuoma. Izvo zvakare zvinogoneka kushandisa DDIO kuronga yakavanzika yekutaurirana chiteshi inoshandiswa kutamisa data mushure mekunge sevha yakanganiswa, ichipfuura masisitimu ekuchengetedza.
Source: opennet.ru