Koox cilmi-baarayaal ah oo ka socda Jaamacadda Tel Aviv iyo Xarunta Cilmi-baarista ee Herzliya (Israel)
Dhibaatadu waxay la xiriirtaa waxyaabaha gaarka ah ee borotokoolka waxayna saamaysaa dhammaan server-yada DNS ee taageera habaynta su'aalaha soo noqnoqda, oo ay ku jiraan
Weerarku wuxuu ku saleysan yahay qofka weerarka geystay isagoo isticmaalaya codsiyo tixraacaya tiro badan oo ah diiwaanno khiyaali ah oo NS ah oo aan horay loo arag, kuwaas oo go'aaminta magaca loo wakiishay, laakiin iyada oo aan la cayimin diiwaannada koollada ee macluumaadka ku saabsan ciwaannada IP-yada ee server-yada NS ee jawaabta. Tusaale ahaan, weeraryahanku waxa uu soo diraa su'aal si uu u xalliyo magaca sd1.attacker.com isaga oo xakameynaya server-ka DNS ee mas'uulka ka ah barta weerarka.com. Iyada oo laga jawaabayo codsiga xaliyaha ee server-ka DNS ee weerarka, jawaab ayaa la soo saaray taas oo u igmanaysa go'aaminta ciwaanka sd1.attacker.com ee server-ka DNS dhibbanaha iyada oo la muujinayo diiwaannada NS ee jawaabta iyada oo aan faahfaahinin server-yada IP NS. Maadaama server-ka NS-ka ee aan soo sheegnay aan horay loola kulmin oo aan ciwaanka IP-ga la cayimin, xaliyahu waxa uu isku dayaa in uu go'aamiyo ciwaanka IP-ga ee serfarka NS isaga oo u diraya su'aal server-ka DNS dhibbanaha ee u adeegaya barta bartilmaameedka ah (victim.com).
Dhibaatadu waxay tahay in weeraryahanku uu kaga jawaabi karo liis aad u weyn oo ah server-yada NS-da oo aan soo noqnoqon oo leh magacyo-hoosaadyada dhibbanaha khiyaaliga ah ee aan jirin (fake-1.victim.com, fake-2.victim.com,... fake-1000. dhibane.com). Xaliyuhu wuxuu isku dayi doonaa inuu codsi u diro server-ka DNS dhibbanaha, laakiin wuxuu heli doonaa jawaab ah in domain-ka aan la helin, ka dib wuxuu isku dayi doonaa inuu go'aamiyo serverka NS ee ku xiga liiska, iyo wixii la mid ah ilaa uu isku dayo dhammaan Diiwaanada NS ee uu taxay qofka weerarka gaystay. Marka la eego, hal cod oo weerar ah, xaliyahu waxa uu soo diri doona tiro badan oo codsiyo ah si loo go'aamiyo martigaliyayaasha NS. Maadaama magacyada server-ka NS loo soo saaray si aan kala sooc lahayn oo ay tixraacaan subdomains-hoosaadyada aan jirin, lagama soo saaro khasnadda oo codsi kasta oo ka yimaada weeraryahanku wuxuu keenaa codsiyo badan oo server-ka DNS ah oo u adeegaya bogga dhibbanaha.
Cilmi baadhayaashu waxay daraasad ku sameeyeen heerka nuglaanta ee xaliyayaasha DNS ee dadweynaha dhibaatada waxayna go'aamiyeen in marka loo diro su'aalaha CloudFlare xallinta (1.1.1.1), ay suurtogal tahay in la kordhiyo tirada xirmooyinka (PAF, Factor Amplification Factor) 48 jeer, Google (8.8.8.8) - 30 jeer, FreeDNS (37.235.1.174) - 50 jeer, OpenDNS (208.67.222.222) - 32 jeer. Tilmaamayaal badan oo la dareemi karo ayaa loo arkaa
Heerka 3 (209.244.0.3) - 273 jeer, Quad9 (9.9.9.9) - 415 jeer
SafeDNS (195.46.39.39) - 274 jeer, Verisign (64.6.64.6) - 202 jeer,
Ultra (156.154.71.1) - 405 jeer, Comodo Secure (8.26.56.26) - 435 jeer, DNS.Watch (84.200.69.80) - 486 jeer, iyo Norton ConnectSafe (199.85.126.10) - 569 jeer Adeegayaasha ku saleysan BIND 9.12.3, isbarbardhigga codsiyada awgeed, heerka faa'iidada wuxuu gaari karaa ilaa 1000. Knot Resolver 5.1.0, heerka faa'iidada waa qiyaastii dhowr jeer (24-48), tan iyo markii la go'aamiyay Magacyada NS waxaa loo fuliyaa si isdaba joog ah waxayna ku xiran yihiin xadka gudaha ee tirada tillaabooyinka xallinta magaca loo oggol yahay hal codsi.
Waxaa jira laba xeeladood oo difaac ah. Nidaamyada leh DNSSEC
Source: opennet.ru