Koox cilmi-baarayaal ah oo ka socda Jaamacadda Tel Aviv iyo Xarunta Cilmi-baarista ee Herzliya (Israel) habka cusub ee weerarka (), oo kuu oggolaanaya inaad u isticmaasho wax kasta oo xaliya DNS sida cod-weyneeye taraafikada, siinta heerka kordhinta ilaa 1621 jeer marka loo eego tirada xirmooyinka (codsi kasta oo loo diro xaliyaha, waxaad ku guuleysan kartaa 1621 codsi oo loo diro server-ka dhibbanaha) iyo ilaa 163 jeer xagga gaadiidka.
Dhibaatadu waxay la xiriirtaa waxyaabaha gaarka ah ee borotokoolka waxayna saamaysaa dhammaan server-yada DNS ee taageera habaynta su'aalaha soo noqnoqda, oo ay ku jiraan (CVE-2020-8616) (CVE-2020-12667) (CVE-2020-10995) и (CVE-2020-12662), iyo sidoo kale adeegyada DNS dadweynaha ee Google, Cloudflare, Amazon, Quad9, ICANN iyo shirkado kale. Hagaajinta waxaa lala xiriiriyay horumariyeyaasha server-ka DNS, kuwaas oo isku mar sii daayay cusbooneysiin si loo hagaajiyo nuglaanta alaabtooda. Ilaalinta weerarka waxaa lagu fuliyay siidaynta
, , , .
Weerarku wuxuu ku saleysan yahay qofka weerarka geystay isagoo isticmaalaya codsiyo tixraacaya tiro badan oo ah diiwaanno khiyaali ah oo NS ah oo aan horay loo arag, kuwaas oo go'aaminta magaca loo wakiishay, laakiin iyada oo aan la cayimin diiwaannada koollada ee macluumaadka ku saabsan ciwaannada IP-yada ee server-yada NS ee jawaabta. Tusaale ahaan, weeraryahanku waxa uu soo diraa su'aal si uu u xalliyo magaca sd1.attacker.com isaga oo xakameynaya server-ka DNS ee mas'uulka ka ah barta weerarka.com. Iyada oo laga jawaabayo codsiga xaliyaha ee server-ka DNS ee weerarka, jawaab ayaa la soo saaray taas oo u igmanaysa go'aaminta ciwaanka sd1.attacker.com ee server-ka DNS dhibbanaha iyada oo la muujinayo diiwaannada NS ee jawaabta iyada oo aan faahfaahinin server-yada IP NS. Maadaama server-ka NS-ka ee aan soo sheegnay aan horay loola kulmin oo aan ciwaanka IP-ga la cayimin, xaliyahu waxa uu isku dayaa in uu go'aamiyo ciwaanka IP-ga ee serfarka NS isaga oo u diraya su'aal server-ka DNS dhibbanaha ee u adeegaya barta bartilmaameedka ah (victim.com).
Dhibaatadu waxay tahay in weeraryahanku uu kaga jawaabi karo liis aad u weyn oo ah server-yada NS-da oo aan soo noqnoqon oo leh magacyo-hoosaadyada dhibbanaha khiyaaliga ah ee aan jirin (fake-1.victim.com, fake-2.victim.com,... fake-1000. dhibane.com). Xaliyuhu wuxuu isku dayi doonaa inuu codsi u diro server-ka DNS dhibbanaha, laakiin wuxuu heli doonaa jawaab ah in domain-ka aan la helin, ka dib wuxuu isku dayi doonaa inuu go'aamiyo serverka NS ee ku xiga liiska, iyo wixii la mid ah ilaa uu isku dayo dhammaan Diiwaanada NS ee uu taxay qofka weerarka gaystay. Marka la eego, hal cod oo weerar ah, xaliyahu waxa uu soo diri doona tiro badan oo codsiyo ah si loo go'aamiyo martigaliyayaasha NS. Maadaama magacyada server-ka NS loo soo saaray si aan kala sooc lahayn oo ay tixraacaan subdomains-hoosaadyada aan jirin, lagama soo saaro khasnadda oo codsi kasta oo ka yimaada weeraryahanku wuxuu keenaa codsiyo badan oo server-ka DNS ah oo u adeegaya bogga dhibbanaha.
Cilmi baadhayaashu waxay daraasad ku sameeyeen heerka nuglaanta ee xaliyayaasha DNS ee dadweynaha dhibaatada waxayna go'aamiyeen in marka loo diro su'aalaha CloudFlare xallinta (1.1.1.1), ay suurtogal tahay in la kordhiyo tirada xirmooyinka (PAF, Factor Amplification Factor) 48 jeer, Google (8.8.8.8) - 30 jeer, FreeDNS (37.235.1.174) - 50 jeer, OpenDNS (208.67.222.222) - 32 jeer. Tilmaamayaal badan oo la dareemi karo ayaa loo arkaa
Heerka 3 (209.244.0.3) - 273 jeer, Quad9 (9.9.9.9) - 415 jeer
SafeDNS (195.46.39.39) - 274 jeer, Verisign (64.6.64.6) - 202 jeer,
Ultra (156.154.71.1) - 405 jeer, Comodo Secure (8.26.56.26) - 435 jeer, DNS.Watch (84.200.69.80) - 486 jeer, iyo Norton ConnectSafe (199.85.126.10) - 569 jeer Adeegayaasha ku saleysan BIND 9.12.3, isbarbardhigga codsiyada awgeed, heerka faa'iidada wuxuu gaari karaa ilaa 1000. Knot Resolver 5.1.0, heerka faa'iidada waa qiyaastii dhowr jeer (24-48), tan iyo markii la go'aamiyay Magacyada NS waxaa loo fuliyaa si isdaba joog ah waxayna ku xiran yihiin xadka gudaha ee tirada tillaabooyinka xallinta magaca loo oggol yahay hal codsi.
Waxaa jira laba xeeladood oo difaac ah. Nidaamyada leh DNSSEC Isticmaal si looga hortago khasnado DNS ah oo dhaafa sababtoo ah codsiyada waxaa lagu soo diraa magacyo aan toos ahayn. Nuxurka habka waa in la dhaliyo jawaabo taban iyada oo aan lala xiriirin server-yada DNS ee awoodda leh, iyada oo la adeegsanayo hubinta kala duwan ee DNSSEC. Habka ugu fudud ayaa ah in la xaddido tirada magacyada ee lagu qeexi karo marka la shaqeynayo hal codsi oo la wakiishay, laakiin habkani wuxuu keeni karaa dhibaatooyin qaar ka mid ah qaabeynta jira sababtoo ah xadka laguma qeexin nidaamka.
Source: opennet.ru