Izibalo zeeyure ze-24 emva kokufaka i-honeypot kwi-Digital Ocean node eSingapore
Phuma Pew! Masiqale kwangoko ngemephu yohlaselo
Imephu yethu epholileyo ibonisa ii-ASNs ezizodwa eziqhagamshelwe kwi-honeypot yethu yaseCowrie kwiiyure ezingama-24. Umthubi uhambelana noqhagamshelo lwe-SSH, kwaye obomvu uhambelana neTelnet. Oopopayi abanjalo badla ngokuchukumisa ibhodi yabalawuli benkampani, nto leyo enokunceda ekuqinisekiseni inkxaso-mali eyongezelelekileyo yokhuseleko nezixhobo. Nangona kunjalo, imephu inexabiso elithile, ibonisa ngokucacileyo ukusasazeka kwejografi kunye nentlangano yemithombo yokuhlaselwa kumsingathi wethu kwiiyure nje ze-24. Upopayi alubonisi ubungakanani betrafikhi kumthombo ngamnye.
Yintoni imephu yePew Pew?
Imephu yePew Pew - yi le , idla ngokuphila kwaye intle kakhulu. Yindlela entle yokuthengisa imveliso yakho, esetyenziswa kakubi yiNorse Corp. Inkampani yaphela kakubi: kwavela ukuba oopopayi abahle yayikuphela kwenzuzo yabo, kwaye basebenzise idatha eqhekezayo ukuhlalutya.
Yenziwe ngeLeafletjs
Kwabo bafuna ukuyila imephu yohlaselo yesikrini esikhulu kwiziko lokusebenza (umphathi wakho uya kuyithanda), kukho ithala leencwadi. . Sidibanisa kunye neplagin , inkonzo yeMaxmind GeoIP - .
WTF: yintoni le Cowrie honeypot?
I-Honeypot yinkqubo ebekwe kwinethiwekhi ngokukodwa ukutsala abahlaseli. Ukudibanisa kwinkqubo ngokuqhelekileyo akukho mthethweni kwaye kukuvumela ukuba ubone umhlaseli usebenzisa iilogi ezineenkcukacha. Iilogi azigcini nje kuphela ulwazi oluqhelekileyo loqhagamshelwano, kodwa kunye nolwazi lweseshoni olutyhilayo ubuchule, amaqhinga kunye neenkqubo (TTP) umhlaseli.
yenzelwe SSH kunye neerekhodi zoqhagamshelwano zeTelnet. Iipothi ezinjalo zivame ukufakwa kwi-Intanethi ukulandelela izixhobo, izikripthi kunye nemikhosi yabahlaseli.
Umyalezo wam kwiinkampani ezicinga ukuba aziyi kuhlaselwa: "Ujongeka nzima."
β UJames Snook
Yintoni ekwiinkuni?
Lilonke inani loqhagamshelo
Bekukho iinzame zoqhagamshelo eziphindaphindiweyo ezivela kwiinginginya ezininzi. Oku kuqhelekile, kuba izikripthi zokuhlaselwa zinoluhlu olupheleleyo lweziqinisekiso kwaye uzame iindibaniselwano ezininzi. I-Cowrie Honeypot iqwalaselwe ukuba yamkele igama lomsebenzisi kunye neendibaniselwano zegama lokugqitha. Oku kuqwalaselwe kwi umsebenzisi.db ifayile.
IJografi yokuhlaselwa
Ndisebenzisa idatha ye-Maxmind geolocation, ndibala inani loqhagamshelo kwilizwe ngalinye. IBrazil neTshayina zihamba phambili ngomda obanzi, kwaye kudla ngokubakho ingxolo eninzi evela kwiiskena ezivela kula mazwe.
Umnini block yenethiwekhi
Ukuphanda abanini beebhloko zenethiwekhi (ASN) banokuchonga imibutho enenani elikhulu lemikhosi ehlaselayo. Ewe, kwiimeko ezinjalo kufuneka uhlale ukhumbula ukuba uhlaselo oluninzi luvela kwimikhosi eyosulelekileyo. Kunengqiqo ukucinga ukuba abahlaseli abaninzi abanyange ngokwaneleyo ukuskena iNethiwekhi kwikhompyuter yasekhaya.
Vula amazibuko kwiinkqubo ezihlaselayo (idatha esuka kwiShodan.io)
Ukuqhuba uluhlu lwe-IP ngokugqwesileyo ngokukhawuleza ichonga iinkqubo ezinamazibuko avulekileyo kwaye athini la mazibuko? Lo mzobo ungezantsi ubonisa ukuxinana kwamazibuko avulekileyo ngokwelizwe nombutho. Kuya kuba nokwenzeka ukuchonga iibhloko zeenkqubo ezithotyiweyo, kodwa ngaphakathi isampuli encinci akukho nto ibalaseleyo ibonakala, ngaphandle kwenani elikhulu 500 izibuko evulekileyo e China.
Ukufumana umdla linani elikhulu leenkqubo eBrazil ezinazo ayivulanga 22, 23 okanye amanye amazibuko, ngokutsho kukaCensys noShodan. Kuyabonakala ukuba ezi ziqhagamshelo ezivela kwiikhompyuter zabasebenzisi bokugqibela.
Iibhotshi? Akunyanzelekanga
Iinkcukacha kuba izibuko 22 yaye 23 babonisa into engaqhelekanga ngaloo mini. Ndicinge ukuba uninzi lweskena kunye nohlaselo lwe-password luvela kwi-bots. Iskripthi sisasazeka phezu kwamazibuko avulekileyo, ukuqagela amagama agqithisiweyo, kwaye uzikopishe ngokwawo kwinkqubo entsha kwaye uyaqhubeka nokusasazeka usebenzisa indlela efanayo.
Kodwa apha ungabona ukuba kuphela inani elincinci lenginginya eziskena i telnet enezibuko 23 elivulwe ngaphandle.. Oku kuthetha ukuba iinkqubo mhlawumbi zinomngcipheko ngenye indlela, okanye abahlaseli baqhuba izikripthi ngesandla.
Unxibelelwano lwasekhaya
Enye into ebangela umdla yayilinani elikhulu labasebenzisi basekhaya kwisampulu. Ngokusebenzisa umva ukujonga Ndichonge uqhagamshelo lwe-105 kwiikhompyuter ezithile zasekhaya. Kunxibelelwano oluninzi lwasekhaya, ujongo lwe-DNS olubuyela umva lubonisa igama lenginginya ngamagama athi dsl, ikhaya, intambo, ifayibha, njalo njalo.
Funda kwaye uPhonononge: Phakamisa eyakho imbiza yobusi
Kutshanje ndibhale isifundo esifutshane sendlela yokwenza . Njengoko sele kukhankanyiwe, kwimeko yethu sasebenzisa i-Digital Ocean VPS eSingapore. Kwiiyure ezingama-24 zokuhlalutya, iindleko zaziziisenti ezimbalwa ngokoqobo, kwaye ixesha lokudibanisa inkqubo yayiyimizuzu engama-30.
Esikhundleni sokusebenzisa i-Cowrie kwi-intanethi kwaye ubambe yonke ingxolo, unokuxhamla kwi-honeypot kwinethiwekhi yakho yasekhaya. Ukuseta rhoqo isaziso ukuba izicelo zithunyelwa kumazibuko athile. Oku mhlawumbi umhlaseli ngaphakathi kuthungelwano, okanye umsebenzi curious, okanye sesichengeni scan.
ezifunyanisiweyo
Emva kokubukela izenzo zabahlaseli kwixesha leeyure ze-24, kuyacaca ukuba akunakwenzeka ukuchonga umthombo ocacileyo wokuhlaselwa kuyo nayiphi na inhlangano, ilizwe, okanye inkqubo yokusebenza.
Ukusasazwa okubanzi kwemithombo kubonisa ukuba ingxolo yokuskena ayitshintshi kwaye ayidibanisi nomthombo othile. Nabani na osebenza kwi-Intanethi kufuneka aqinisekise ukuba inkqubo yakhe amanqanaba amaninzi okhuseleko. Isisombululo esiqhelekileyo nesisebenzayo se SSH inkonzo izakuya kwizibuko eliphezulu elingenamkhethe. Oku akuphelisi imfuno yokhuseleko olungqongqo lwephasiwedi kunye nokubeka iliso, kodwa ubuncinci kuqinisekisa ukuba iilogi azivalwanga kukuskena rhoqo. Uqhagamshelwano oluphezulu lwezibuko lunokuthi lube luhlaselo olujoliswe kuyo, olunokuba lunomdla kuwe.
Amazibuko e-telnet ahlala evuliwe akwii-router okanye ezinye izixhobo, ngoko ke azinakususwa ngokulula kwizibuko eliphezulu. ΠΈ kuphela kwendlela yokuqinisekisa ukuba ezi nkonzo zivaliwe okanye zivaliwe. Ukuba kuyenzeka, akufanele usebenzise iTelnet kwaphela; le protocol ayiguqulelwanga ngokuntsonkothileyo. Ukuba uyayidinga kwaye awukwazi ukuyenza ngaphandle kwayo, ke uyibeke iliso ngononophelo kwaye usebenzise iiphasiwedi ezinamandla.
umthombo: www.habr.com