I-DNS tunneling ijika inkqubo yegama lesizinda ibe sisixhobo sabaduni. I-DNS yincwadi enkulu yefowuni ye-Intanethi. I-DNS ikwayiprothokholi esisiseko evumela abalawuli ukuba babuze iseva yedatha ye-DNS. Ukuza kuthi ga ngoku yonke into ibonakala icacile. Kodwa abahlaseli abanobuqili baqonda ukuba banokunxibelelana ngasese nekhompyuter yexhoba ngokufaka imiyalelo yolawulo kunye nedatha kwiprotocol ye-DNS. Le ngcamango isisiseko se-DNS tunneling.
Indlela i-DNS tunneling isebenza ngayo
Yonke into kwi-Intanethi ineprotocol yayo eyahlukileyo. Kwaye inkxaso ye-DNS ilula
Kwimeko yethu, iprotocol iphendule ngedilesi ye-IP yesizinda. Ngokwemigaqo ye-DNS protocol, ndenze isicelo sedilesi okanye into ebizwa ngokuba yisicelo. "A" uhlobo. Kukho ezinye iintlobo zezicelo, kwaye iprotocol ye-DNS iya kuphendula ngesethi eyahlukileyo yedatha yedatha, leyo, njengoko siza kubona kamva, ingasetyenziswa ngabaduni.
Enye indlela okanye enye, kwisiseko sayo, iprotocol ye-DNS ijongene nokudlulisa isicelo kumncedisi kunye nempendulo yayo kumthengi. Kuthekani ukuba umhlaseli wongeza umyalezo ofihliweyo ngaphakathi kwesicelo segama lesizinda? Umzekelo, endaweni yokufaka i-URL esemthethweni ngokupheleleyo, uya kufaka idatha afuna ukuyihambisa:
Masithi umhlaseli ulawula iseva ye-DNS. Iyakwazi ukuthumela idatha-idatha yomntu, umzekelo-ngaphandle kokuba ifunyenwe. Ngapha koko, kutheni umbuzo we-DNS unokuthi ngequbuliso ube yinto engekho mthethweni?
Ngokulawula umncedisi, abahlaseli banokwenza iimpendulo kwaye bathumele idatha kwindlela ekujoliswe kuyo. Oku kubavumela ukuba bagqithise imiyalezo efihliweyo kwimimandla eyahlukeneyo yempendulo ye-DNS kwi-malware kumatshini owosulelekileyo, kunye nemiyalelo efana nokukhangela ngaphakathi kwifolda ethile.
I "tunneling" inxalenye yolu hlaselo
Kwaye le yi-DNS tunneling!
Imbali yohlaselo lwe-DNS tunneling
Yonke into inesiqalo, kubandakanya nombono wokuqweqwedisa iprotocol ye-DNS ngeenjongo zokugqekeza. Njengoko sinokutsho, eyokuqala
Ngo-2004, i-DNS tunneling yaziswa kwi-Black Hat njengendlela yokukhwabanisa kwintetho kaDan Kaminsky. Ke, umbono wakhula ngokukhawuleza waba sisixhobo sokuhlasela sokwenyani.
Namhlanje, i-DNS tunneling ikwindawo yokuzithemba kwimephu
Ngaba uvile malunga
Izoyikiso zokuhambisa i-DNS
I-DNS tunneling ifana nesalathisi sokuqala kwesigaba seendaba ezimbi. Eziphi? Sele sithethile ngezininzi, kodwa masizimise:
- Imveliso yedatha (exfiltration) -I-hacker idlulisela ngokufihlakeleyo idatha ebalulekileyo kwi-DNS. Oku ngokuqinisekileyo akuyona indlela efanelekileyo kakhulu yokudlulisa ulwazi kwikhompyutheni yexhoba - ngokuqwalasela zonke iindleko kunye ne-encodings - kodwa isebenza, kwaye ngexesha elifanayo - ngokufihlakeleyo!
- Umyalelo noLawulo (isifinyezo C2) -abahlaseli basebenzisa iprotocol yeDNS ukuthumela imiyalelo elula yokulawula, yithi,
itrojan yokufikelela kude (I-Remote Access Trojan, i-RAT efinyeziweyo). - IP-Over-DNS Tunneling -Oku kunokuvakala ngathi kuyaphambana, kodwa kukho izinto eziluncedo ezisebenzisa istaki se-IP ngaphezulu kwezicelo zeprotocol yeDNS kunye neempendulo. Yenza ukudluliselwa kwedatha usebenzisa i-FTP, i-Netcat, i-ssh, njl. umsebenzi olula noko. Kuyoyikeka kakhulu!
Ukubona itonela ye-DNS
Kukho iindlela ezimbini eziphambili zokufumanisa ukusetyenziswa kakubi kwe-DNS: uhlalutyo lomthwalo kunye nohlalutyo lwendlela.
e uhlalutyo lomthwalo Iqela elikhuselayo lijonga izinto ezingaqhelekanga kwidatha ethunyelwa ngasemva naphambili enokubonwa ngeendlela zobalo: amagama amamkeli akhangeleka engaqhelekanga, uhlobo lwerekhodi ye-DNS olungasetyenziswa rhoqo, okanye ukukhowudwa okungaqhelekanga.
e uhlalutyo lwendlela Inani lezicelo ze-DNS kwi-domain nganye liqikelelwa xa lithelekiswa nomndilili wamanani. Abahlaseli abasebenzisa i-DNS tunneling baya kuvelisa inani elikhulu le-traffic kumncedisi. Ngokwethiyori, iphezulu kakhulu kunotshintshiselwano lwemiyalezo yeDNS eqhelekileyo. Kwaye oku kufuneka kulandelelwe!
DNS itonela eziluncedo
Ukuba ufuna ukwenza eyakho ipentest kwaye ubone ukuba inkampani yakho inokubona kwaye isabele kangakanani na kulo msebenzi, kukho izinto ezininzi eziluncedo zoku. Zonke ziyakwazi ukukhwela itonela kwimowudi IP-Over-DNS:
Iodine -ifumaneka kumaqonga amaninzi (Linux, Mac OS, FreeBSD kunye neWindows). Ikuvumela ukuba ufake iqokobhe le-SSH phakathi kwethagethi kunye nolawulo lweekhompyuter. Yinto entle leyoisikhokelo ekusetheni nasekusebenziseni i-Iodine.OzymanDNS -Iprojekthi ye-DNS tunneling evela kuDan Kaminsky, ebhalwe kwiPerl. Ungaqhagamshela kuyo nge-SSH.DNSCat2 "Itonela ye-DNS engakugulisi." Yenza isitishi esifihliweyo seC2 sokuthumela/ukukhuphela iifayile, ukusungula amaqokobhe, njl.
DNS esweni eziluncedo
Apha ngezantsi kukho uluhlu lwezinto ezininzi eziya kuba luncedo ekuboneni uhlaselo lwetonela:
dnsHunter -Imodyuli yePython ebhalelwe iMercenaryHuntFramework kunye neMercenary-Linux. Ifunda iifayile ze-pcap, ikhupha imibuzo ye-DNS kwaye yenza imephu ye-geolocation ukunceda ekuhlalutyeni.hlanganisana kwakhona_dns β into eluncedo yePython efunda iifayile zepcap kwaye ihlalutye imiyalezo yeDNS.
Micro FAQ kwi DNS tunneling
Ulwazi oluluncedo ngendlela yemibuzo neempendulo!
Umbuzo: Yintoni itonela?
O: Yindlela elula yokudlulisa idatha kwiprotocol ekhoyo. Iprothokholi esisiseko ibonelela ngomjelo ozinikeleyo okanye itonela, ethi ke isetyenziswe ukufihla ulwazi olusasazwayo.
Umbuzo: Kwenziwa nini uhlaselo lokuqala lwe-DNS lwetonela?
O: Asazi! Ukuba uyazi, nceda usazise. Ngokolwazi lwethu, ingxoxo yokuqala yohlaselo yaqaliswa ngu-Oscar Piersan kuludwe lweposi lweBugtraq ngoAprili 1998.
Umbuzo: Luluphi uhlaselo olufana ne-DNS tunneling?
O: I-DNS ikude kwiprothokholi ekukuphela kwayo enokusetyenziswa ukwenza itonela. Umzekelo, umyalelo kunye nolawulo (C2) i-malware ihlala isebenzisa i-HTTP ukufihla ijelo lonxibelelwano. Njengoko i-DNS tunneling, i-hacker ifihla idatha yakhe, kodwa kule meko ibonakala ngathi i-traffic evela kwi-browser yewebhu eqhelekileyo ifikelela kwindawo ekude (elawulwa ngumhlaseli). Oku kunokungaqatshelwa ngokubeka iliso iinkqubo ukuba azibunjwanga ukuba zibone
Ngaba ungathanda ukuba sincede ekubhaqweni kwetonela ye-DNS? Jonga imodyuli yethu
umthombo: www.habr.com