ProHoster > Blog > litaba tsa inthanete > Tlhaselo ea NXNSAttack e amang bohle ba rarollang DNS

Tlhaselo ea NXNSAttack e amang bohle ba rarollang DNS

Sehlopha sa bafuputsi ba tsoang Univesithing ea Tel Aviv le Setsi sa Interdisciplinary se Herzliya (Israel) ntshetswa pele mokhoa o mocha oa tlhaselo NXNSAtack (PDF), e u lumellang hore u sebelise li-resoluer leha e le life tsa DNS e le li-amplifiers tsa sephethephethe, ho fana ka sekhahla sa ho holisa ho fihla ho makhetlo a 1621 ho latela palo ea lipakete (bakeng sa kopo e 'ngoe le e' ngoe e romelloang ho mohatelli, u ka fihlela likopo tse 1621 tse rometsoeng ho seva sa motho ea hlokofalitsoeng) le makhetlo a 163 ho latela sephethephethe.

Bothata bo amana le likarolo tse ikhethang tsa protocol mme e ama li-server tsohle tsa DNS tse tšehetsang ts'ebetso ea lipotso tse iphetang, ho kenyeletsoa. FUMANA (CVE-2020-8616) Tsebo (CVE-2020-12667) PowerDNS (CVE-2020-10995) Windows DNS Server и E se nang moeli (CVE-2020-12662), hammoho le litšebeletso tsa sechaba tsa DNS tsa Google, Cloudflare, Amazon, Quad9, ICANN le lik'hamphani tse ling. Tokiso e ne e hokahantsoe le baetsi ba li-server tsa DNS, bao ka nako e le 'ngoe ba lokiselitseng lintlafatso ho lokisa kotsi ea lihlahisoa tsa bona. Tšireletso ea tlhaselo e kentsoeng litokollong
E sa lekanyetsoang 1.10.1, Seroli sa Lefito 5.1.1, PowerDNS Recursor 4.3.1, 4.2.2, 4.1.16, TLAMA 9.11.19, 9.14.12, 9.16.3.

Tlhaselo e ipapisitse le mohlaseli ea sebelisang likopo tse buang ka palo e kholo ea lirekoto tsa NS tse iqapetsoeng tse neng li sa bonoe, tseo lebitso la tsona le abetsoeng, empa ntle le ho hlakisa lirekoto tsa sekhomaretsi tse nang le tlhahisoleseling mabapi le liaterese tsa IP tsa li-server tsa NS karabong. Ka mohlala, mohlaseli o romela potso ho rarolla lebitso sd1.attacker.com ka ho laola seva sa DNS se ikarabellang bakeng sa sebaka sa attacker.com. Ho arabela kopo ea mohlahlobi ho seva sa DNS sa mohlaseli, ho fanoa ka karabelo e fanang ka qeto ea aterese ea sd1.attacker.com ho seva sa DNS sa motho ea hlasetsoeng ka ho bontša lirekoto tsa NS karabong ntle le ho qaqisa li-server tsa IP NS. Kaha seva sa NS se boletsoeng ha se so kopane le aterese ea eona ea IP e sa hlalosoang, mofetoleli o leka ho fumana aterese ea IP ea seva sa NS ka ho romella potso ho seva sa DNS sa motho ea hlasetsoeng se sebeletsang sebaka se lebisitsoeng (victim.com).

Tlhaselo ea NXNSAttack e amang bohle ba rarollang DNS

Bothata ke hore mohlaseli a ka arabela ka lethathamo le leholo la li-server tsa NS tse sa pheteheng tse nang le mabitso a seng a le teng a iqapetsoeng a mahlatsipa (fake-1.victim.com, fake-2.victim.com,... fake-1000. victim.com). Mofetoheli o tla leka ho romela kopo ho seva sa DNS ea motho ea hlokofalitsoeng, empa o tla fumana karabo ea hore sebaka sa marang-rang ha sea fumanoa, ka mor'a moo se tla leka ho tseba hore na seva se latelang sa NS se lethathamong, joalo-joalo ho fihlela se lekile tsohle. Lirekoto tsa NS tse thathamisitsoeng ke mohlaseli. Ka hona, bakeng sa kopo ea mohlaseli a le mong, mohanyetsi o tla romela palo e kholo ea likopo ho tseba hore na mabotho a NS. Kaha mabitso a li-server tsa NS a hlahisoa ka mokhoa o sa reroang 'me a bua ka li-subdomain tse seng teng, ha li fumanehe ho tsoa ho cache mme kopo e' ngoe le e 'ngoe e tsoang ho mohlaseli e hlahisa likopo tse ngata ho seva sa DNS se sebeletsang sebaka sa phofu.

Tlhaselo ea NXNSAttack e amang bohle ba rarollang DNS

Bafuputsi ba ithutile tekanyo ea ho ba kotsing ea bahlaseli ba DNS ea sechaba bothateng mme ba etsa qeto ea hore ha u romela lipotso ho CloudFlare solver (1.1.1.1), hoa khoneha ho eketsa palo ea lipakete (PAF, Packet Amplification Factor) ka makhetlo a 48, Google (8.8.8.8) - makhetlo a 30, FreeDNS (37.235.1.174) - makhetlo a 50, OpenDNS (208.67.222.222) - makhetlo a 32. Matšoao a hlokomelehang haholoanyane a hlokomeloa bakeng sa
Level3 (209.244.0.3) - makhetlo a 273, Quad9 (9.9.9.9) - makhetlo a 415
SafeDNS (195.46.39.39) - makhetlo a 274, Verisign (64.6.64.6) - linako tse 202,
Ultra (156.154.71.1) - 405 linako, Comodo Secure (8.26.56.26) - 435 linako, DNS.Watch (84.200.69.80) - 486 linako, le Norton ConnectSafe (199.85.126.10) - makhetlo a 569. Bakeng sa li-server tse thehiloeng ho BIND 9.12.3, ka lebaka la ho lumellana ha likopo, boemo ba phaello bo ka fihla ho 1000. Ho Knot Resolver 5.1.0, boemo ba phaello bo ka ba makhetlo a mashome a 'maloa (24-48), ho tloha ha ho etsoa qeto ea Mabitso a NS a etsoa ka tatellano 'me a itšetlehile ka moeli oa ka hare ho palo ea mehato ea ho rarolla mabitso e lumelletsoeng bakeng sa kopo e le' ngoe.

Ho na le mekhoa e 'meli e meholo ea tšireletso. Bakeng sa litsamaiso tse nang le DNSSEC sisintsweng sebelisa EA-8198-RF ho thibela DNS cache bypass hobane likopo li romelloa ka mabitso a sa reroang. Moko oa mokhoa ona ke ho hlahisa likarabelo tse mpe ntle le ho ikopanya le li-server tsa DNS tse nang le matla, u sebelisa tlhahlobo ea mefuta-futa ka DNSSEC. Mokhoa o bonolo ke oa ho fokotsa palo ea mabitso a ka hlalosoang ha ho sebetsoa kopo e le 'ngoe e abetsoeng, empa mokhoa ona o ka baka mathata ka litlhophiso tse ling tse teng hobane meeli ha e hlalosoe protocol.

Source: opennet.ru

Eketsa ka tlhaloso