Wax qarsoodi ah maaha in Internetku yahay deegaan colaadeed. Isla marka aad kor u qaaddo server-ka, isla markiiba waxa lagu qaadayaa weeraro waaweyn iyo sawirro badan. Tusaale ahaan
Tarpit waa deked dabin ah oo loo isticmaalo in lagu yareeyo isku xirka soo socda. Haddii nidaamka saddexaad uu ku xidhmo dekeddan, ma awoodi doontid inaad si degdeg ah u xidho xidhiidhka. Waxay ku qasbanaan doontaa inay lumiso agabkeeda nidaamkeeda oo ay sugto ilaa wakhtiga xidhiidhku ka dhacayo, ama ay gacanta ku joojiso.
Inta badan, taarbiyada waxaa loo isticmaalaa ilaalinta. Farsamadan ayaa markii ugu horreysay la sameeyay si looga ilaaliyo gooryaanka kombayutarka. Oo hadda waxaa loo isticmaali karaa in lagu burburiyo nolosha spammers iyo cilmi-baarayaasha ku hawlan iskaanka ballaaran ee dhammaan ciwaannada IP oo isku xigta (tusaale ahaan HabrΓ©:
Mid ka mid ah maamulayaasha nidaamka oo lagu magacaabo Chris Wellons ayaa sida muuqata ka daalay daawashada ceebtan - wuxuuna qoray barnaamij yar
Ku rakibida tamarta:
$ make
$ ./endlessh &
$ ssh -p2222 localhost
Daamur si fiican loo hirgeliyay ayaa ka qaadan doonta agabka weerarka soo qaaday oo ka badan intii adiga. Laakiin xitaa maaha arrin kheyraad ah. Qoraa
Habka hawlgalka, server-ka Endlessh wuxuu u baahan yahay in lagu rakibo dekedda caadiga ah ee 22, halkaas oo hooligans ay garaacaan masse. Talooyinka amniga caadiga ah waxay had iyo jeer ku talinayaan in SSH loo raro deked kale, taas oo isla markiiba yaraynaysa cabbirka logyada iyadoo loo eegayo siday u kala horreeyaan.
Chris Wellons wuxuu leeyahay barnaamijkiisu wuxuu ka faa'iidaysanayaa hal cutub oo faahfaahinta ah SSH-
.
Tani waa sida saxda ah ee uu sameeyo barnaamijka Endlessh: it diraa aan dhammaad lahayn socodka xogta si aan kala sooc lahayn loo soo saaray, kaas oo u hoggaansamaya RFC 4253, taas oo ah, soo dir ka hor inta aan la xaqiijin, oo xariiq kastaa wuxuu ku bilaabmayaa SSH-
oo aan ka badnayn 255 xaraf, oo ay ku jiraan xarriiqda dhammaatay. Guud ahaan, wax walba waa sida waafaqsan heerka.
Sida caadiga ah, barnaamijku wuxuu sugayaa 10 ilbiriqsi inta u dhaxaysa xirmooyinka dirida. Tani waxay ka hortagtaa macmiilka in uu waqti ku dhaco, sidaas darteed macmiilku wuxuu ku xirnaan doonaa weligiis.
Maadaama xogta la soo diro ka hor intaan la isticmaalin cryptografi, barnaamijku aad buu u fudud yahay. Looma baahna in la hirgeliyo wax xaraf ah waxayna taageertaa borotokoollo badan.
Qoraagu wuxuu isku dayay inuu hubiyo in utility-gu uu isticmaalo ugu yaraan agabka oo uu si buuxda ugu shaqeeyo mishiinka. Si ka duwan antivirus-yada casriga ah iyo "nidaamyada amniga" kale, waa inaysan hoos u dhigin kombuyuutarkaaga. Waxa uu ku guulaystey in uu yareeyo isticmaalka taraafikada iyo xusuusta labadaba sababtoo ah waxyar oo ka dhagar badan hirgelinta software. Haddii ay si fudud u bilawday hannaan gaar ah oo ku saabsan xiriir cusub, markaa weeraryahannada suurtagalka ah waxay bilaabi karaan weerarka DDoS iyagoo furaya xiriiro badan si ay u daaliyaan kheyraadka mashiinka. Hal dun oo xidhiidhkiiba sidoo kale maaha doorashada ugu fiican, sababtoo ah kernelku wuxuu lumin doonaa agabka maaraynta dunta.
Taasi waa sababta Chris Wellons uu u doortay ikhtiyaarka ugu fudud ee Endlessh: server-ka-xadhkaha leh poll(2)
, halkaasoo macaamiisha dabinka ku jirta ay ku cunaan wax agab ah oo dheeraad ah, iyaga oo aan xisaabin shayga godka ee kernel-ka iyo 78 bytes kale oo loogu talagalay raadinta Endlessh. Si looga fogaado in loo qoondeeyo soo-dhoweynta iyo u diridda macaamiil kasta, Endlessh waxay furaysaa godka gelitaanka tooska ah waxayna si toos ah u tarjumeysaa baakadaha TCP, iyada oo dhaaftay dhammaan nidaamka hawlgalka TCP/IP. Bakhaarka soo galaya gabi ahaanba looma baahna, sababtoo ah ma xiisayneyno xogta soo socota.
Qoraagu wuxuu sheegay in wakhtiga barnaamijkiisa
import asyncio
import random
async def handler(_reader, writer):
try:
while True:
await asyncio.sleep(10)
writer.write(b'%xrn' % random.randint(0, 2**32))
await writer.drain()
except ConnectionResetError:
pass
async def main():
server = await asyncio.start_server(handler, '0.0.0.0', 2222)
async with server:
await server.serve_forever()
asyncio.run(main())
Asyncio waxay ku habboon tahay qorista daadadka. Tusaale ahaan, jillaabkani wuxuu qaboojin doonaa Firefox, Chrome, ama macmiil kasta oo isku dayaya inuu ku xidho server-kaaga HTTP saacado badan:
import asyncio
import random
async def handler(_reader, writer):
writer.write(b'HTTP/1.1 200 OKrn')
try:
while True:
await asyncio.sleep(5)
header = random.randint(0, 2**32)
value = random.randint(0, 2**32)
writer.write(b'X-%x: %xrn' % (header, value))
await writer.drain()
except ConnectionResetError:
pass
async def main():
server = await asyncio.start_server(handler, '0.0.0.0', 8080)
async with server:
await server.serve_forever()
asyncio.run(main())
Tarpit waa aalad weyn oo lagu ciqaabo cagajuglaynta internetka. Run, waxaa jira khatar qaar ka mid ah, liddi ku ah, soo jiidashada dareenkooda habdhaqanka aan caadiga ahayn ee server gaar ah. Qof
Hubs
Python, Amniga macluumaadka, Software, maamulka nidaamka
Tags:
SSH, aan dhamaad lahayn, taako, tarbiin, dabinka, asycio
Dabin (tarpit) ee xidhiidhada SSH ee soo galaya
Wax qarsoodi ah maaha in Internetku yahay deegaan colaadeed. Isla marka aad kor u qaaddo server-ka, isla markiiba waxa lagu qaadayaa weeraro waaweyn iyo sawirro badan. Tusaale ahaan
Tarpit waa deked dabin ah oo loo isticmaalo in lagu yareeyo isku xirka soo socda. Haddii nidaamka saddexaad uu ku xidhmo dekeddan, ma awoodi doontid inaad si degdeg ah u xidho xidhiidhka. Waxay ku qasbanaan doontaa inay lumiso agabkeeda nidaamkeeda oo ay sugto ilaa wakhtiga xidhiidhku ka dhacayo, ama ay gacanta ku joojiso.
Inta badan, taarbiyada waxaa loo isticmaalaa ilaalinta. Farsamadan ayaa markii ugu horreysay la sameeyay si looga ilaaliyo gooryaanka kombayutarka. Oo hadda waxaa loo isticmaali karaa in lagu burburiyo nolosha spammers iyo cilmi-baarayaasha ku hawlan iskaanka ballaaran ee dhammaan ciwaannada IP oo isku xigta (tusaale ahaan HabrΓ©:
Mid ka mid ah maamulayaasha nidaamka oo lagu magacaabo Chris Wellons ayaa sida muuqata ka daalay daawashada ceebtan - wuxuuna qoray barnaamij yar
Ku rakibida tamarta:
$ make
$ ./endlessh &
$ ssh -p2222 localhost
Daamur si fiican loo hirgeliyay ayaa ka qaadan doonta agabka weerarka soo qaaday oo ka badan intii adiga. Laakiin xitaa maaha arrin kheyraad ah. Qoraa
Habka hawlgalka, server-ka Endlessh wuxuu u baahan yahay in lagu rakibo dekedda caadiga ah ee 22, halkaas oo hooligans ay garaacaan masse. Talooyinka amniga caadiga ah waxay had iyo jeer ku talinayaan in SSH loo raro deked kale, taas oo isla markiiba yaraynaysa cabbirka logyada iyadoo loo eegayo siday u kala horreeyaan.
Chris Wellons wuxuu leeyahay barnaamijkiisu wuxuu ka faa'iidaysanayaa hal cutub oo faahfaahinta ah SSH-
.
Tani waa sida saxda ah ee uu sameeyo barnaamijka Endlessh: it diraa aan dhammaad lahayn socodka xogta si aan kala sooc lahayn loo soo saaray, kaas oo u hoggaansamaya RFC 4253, taas oo ah, soo dir ka hor inta aan la xaqiijin, oo xariiq kastaa wuxuu ku bilaabmayaa SSH-
oo aan ka badnayn 255 xaraf, oo ay ku jiraan xarriiqda dhammaatay. Guud ahaan, wax walba waa sida waafaqsan heerka.
Sida caadiga ah, barnaamijku wuxuu sugayaa 10 ilbiriqsi inta u dhaxaysa xirmooyinka dirida. Tani waxay ka hortagtaa macmiilka in uu waqti ku dhaco, sidaas darteed macmiilku wuxuu ku xirnaan doonaa weligiis.
Maadaama xogta la soo diro ka hor intaan la isticmaalin cryptografi, barnaamijku aad buu u fudud yahay. Looma baahna in la hirgeliyo wax xaraf ah waxayna taageertaa borotokoollo badan.
Qoraagu wuxuu isku dayay inuu hubiyo in utility-gu uu isticmaalo ugu yaraan agabka oo uu si buuxda ugu shaqeeyo mishiinka. Si ka duwan antivirus-yada casriga ah iyo "nidaamyada amniga" kale, waa inaysan hoos u dhigin kombuyuutarkaaga. Waxa uu ku guulaystey in uu yareeyo isticmaalka taraafikada iyo xusuusta labadaba sababtoo ah waxyar oo ka dhagar badan hirgelinta software. Haddii ay si fudud u bilawday hannaan gaar ah oo ku saabsan xiriir cusub, markaa weeraryahannada suurtagalka ah waxay bilaabi karaan weerarka DDoS iyagoo furaya xiriiro badan si ay u daaliyaan kheyraadka mashiinka. Hal dun oo xidhiidhkiiba sidoo kale maaha doorashada ugu fiican, sababtoo ah kernelku wuxuu lumin doonaa agabka maaraynta dunta.
Taasi waa sababta Chris Wellons uu u doortay ikhtiyaarka ugu fudud ee Endlessh: server-ka-xadhkaha leh poll(2)
, halkaasoo macaamiisha dabinka ku jirta ay ku cunaan wax agab ah oo dheeraad ah, iyaga oo aan xisaabin shayga godka ee kernel-ka iyo 78 bytes kale oo loogu talagalay raadinta Endlessh. Si looga fogaado in loo qoondeeyo soo-dhoweynta iyo u diridda macaamiil kasta, Endlessh waxay furaysaa godka gelitaanka tooska ah waxayna si toos ah u tarjumeysaa baakadaha TCP, iyada oo dhaaftay dhammaan nidaamka hawlgalka TCP/IP. Bakhaarka soo galaya gabi ahaanba looma baahna, sababtoo ah ma xiisayneyno xogta soo socota.
Qoraagu wuxuu sheegay in wakhtiga barnaamijkiisa
import asyncio
import random
async def handler(_reader, writer):
try:
while True:
await asyncio.sleep(10)
writer.write(b'%xrn' % random.randint(0, 2**32))
await writer.drain()
except ConnectionResetError:
pass
async def main():
server = await asyncio.start_server(handler, '0.0.0.0', 2222)
async with server:
await server.serve_forever()
asyncio.run(main())
Asyncio waxay ku habboon tahay qorista daadadka. Tusaale ahaan, jillaabkani wuxuu qaboojin doonaa Firefox, Chrome, ama macmiil kasta oo isku dayaya inuu ku xidho server-kaaga HTTP saacado badan:
import asyncio
import random
async def handler(_reader, writer):
writer.write(b'HTTP/1.1 200 OKrn')
try:
while True:
await asyncio.sleep(5)
header = random.randint(0, 2**32)
value = random.randint(0, 2**32)
writer.write(b'X-%x: %xrn' % (header, value))
await writer.drain()
except ConnectionResetError:
pass
async def main():
server = await asyncio.start_server(handler, '0.0.0.0', 8080)
async with server:
await server.serve_forever()
asyncio.run(main())
Tarpit waa aalad weyn oo lagu ciqaabo cagajuglaynta internetka. Run, waxaa jira khatar qaar ka mid ah, liddi ku ah, soo jiidashada dareenkooda habdhaqanka aan caadiga ahayn ee server gaar ah. Qof
Source: www.habr.com