Akuyomfihlo ukuba i-Intanethi yindawo enobutshaba kakhulu. Nje ukuba uphakamise iseva, iphantsi kohlaselo olukhulu kunye nokuskena okuninzi. Umzekelo ungaqikelela ubungakanani bale traffic yenkunkuma. Ngapha koko, kumndilili weseva, i-99% yetrafikhi inokuba yingozi.
ITarpit lizibuko elisetyenziselwa ukucothisa udibaniso olungenayo. Ukuba inkqubo yomntu wesithathu idibanisa kweli zibuko, awuyi kukwazi ukuvala ngokukhawuleza uxhulumaniso. Kuya kufuneka achithe izixhobo zakhe zenkqubo kwaye alinde de kube lixesha lokuqhagamshelwa, okanye ayiphelise ngesandla.
Amaxesha amaninzi, iitarpits zisetyenziselwa ukukhusela. Ubuchwephesha baqale baphuhliswa ukukhusela kwiintshulube zekhompyuter. Kwaye ngoku ingasetyenziselwa ukonakalisa ubomi be-spammers kunye nabaphandi ababandakanyekayo kwi-scanning ebanzi yazo zonke iidilesi ze-IP ngokulandelelana (imizekelo kuHabrΓ©: , ).
Omnye wabalawuli benkqubo ogama linguChris Wellons ngokucacileyo wadinwa kukubukela eli hlazo-kwaye wabhala inkqubo encinci. , itarpit ye-SSH ecothisa imidibaniso engenayo. Inkqubo ivula i-port (i-port engagqibekanga yokuvavanya yi-2222) kwaye izenza umncedisi we-SSH, kodwa ngokwenene iseka uxhulumaniso olungenasiphelo kunye nomxhasi ongenayo ide inikezele. Oku kunokuqhubeka iintsuku ezininzi okanye ngaphezulu de umxhasi awe.
Ukufakelwa koncedo:
$ make
$ ./endlessh &
$ ssh -p2222 localhostItarpit ephunyezwe ngokufanelekileyo iya kuthatha izixhobo ezininzi kumhlaseli kunawe. Kodwa ayingombandela wemithombo. Umbhali ukuba inkqubo iyakhobokisa. Okwangoku inabathengi abangama-27 ababanjiweyo, abanye babo baqhagamshelwe iiveki. Kwincopho yomsebenzi, abathengi abali-1378 20 babevaleleke iiyure ezingama-XNUMX!
Kwimo yokusebenza, i-Endlessh iseva kufuneka ifakwe kwi-port eqhelekileyo ye-22, apho i-hooligans inkqonkqoza ngobuninzi. Iingcebiso ezisemgangathweni zokhuseleko zihlala zicebisa ukuhambisa i-SSH kwi-port eyahlukileyo, enciphisa ngokukhawuleza ubukhulu beelogi ngomyalelo wobukhulu.
UChris Wellons uthi inkqubo yakhe isebenzisa umhlathi omnye wengcaciso kwiSSH protocol. Ngokukhawuleza emva kokuba uxhulumaniso lwe-TCP lusekwe, kodwa ngaphambi kokuba i-cryptography isetyenziswe, amaqela omabini kufuneka athumele umtya wokuzazisa. Kwaye kukho inqaku: "Umncedisi ANGAthumela eminye imiqolo yedatha phambi kokuthumela umqolo wenguqulelo"... KUNYE akukho mda kumthamo wale data, kufuneka uqale umgca ngamnye nge SSH-.
Yile nto kanye eyenziwa yi-Endlessh program: yona ithumela nga pheleli umjelo wedatha eyenziwe ngokungenamkhethe, ethobela i-RFC 4253, oko kukuthi, thumela phambi koqinisekiso, kwaye umgca ngamnye uqala ngo SSH- kwaye ayidluli kuma-255 oonobumba, kuquka nomgca ophelayo. Ngokubanzi, yonke into ihambelana nomgangatho.
Ngokungagqibekanga, inkqubo ilinda imizuzwana eyi-10 phakathi kokuthumela iipakethi. Oku kuthintela umxhasi ukuba aphelelwe lixesha, ngoko umxhasi uya kubanjiswa ngonaphakade.
Ekubeni idatha ithunyelwa ngaphambi kokuba i-cryptography isetyenziswe, inkqubo ilula kakhulu. Ayidingi kuphumeza naziphi na ii-ciphers kwaye ixhasa iiprothokholi ezininzi.
Umbhali wazama ukuqinisekisa ukuba i-utility idla ubuncinci bezibonelelo kwaye isebenza ngokungaqatshelwanga ngokupheleleyo kumatshini. Ngokungafaniyo nee-antivirus zanamhlanje kunye nezinye "iinkqubo zokhuseleko," akufuneki ukuba icothise ikhompyuter yakho. Ukwazile ukunciphisa zombini i-traffic kunye nokusetyenziswa kwememori ngenxa yokuphunyezwa kwesoftware enobuqili ngakumbi. Ukuba iqalise inkqubo eyahlukileyo kuqhagamshelo olutsha, ke abahlaseli abanokuthi baqalise uhlaselo lwe-DDoS ngokuvula uqhagamshelo oluninzi ukukhupha izixhobo kumatshini. Intambo enye ngoqhagamshelo ayilolona khetho lungcono, kuba i-kernel iya kuchitha izixhobo zokulawula imisonto.
Yiyo loo nto uChris Wellons ekhethe olona khetho lukhaphukhaphu kwi-Endlessh: iseva enomsonto omnye poll(2), apho abathengi abakwi-trap badla phantse akukho zixhobo ezongezelelweyo, zingabali into ye-socket kwi-kernel kunye nezinye i-78 bytes zokulandelela kwi-Endlesssh. Ukuze ugweme ukwaba ii-buffers zokufumana kunye nokuthumela umxhasi ngamnye, i-Endlessh ivula i-socket yokufikelela ngokuthe ngqo kwaye iguqulela iipakethi ze-TCP ngokuthe ngqo, idlula phantse yonke inkqubo yokusebenza ye-TCP / IP stack. I-buffer engenayo ayidingeki kwaphela, kuba asinamdla kwidatha engenayo.
Umbhali uthi ngexesha lenkqubo yakhe malunga nobukho bePython's asycio kunye nezinye iitarpits. Ukuba wayesazi malunga ne-asycio, wayenokusebenzisa usetyenziso lwakhe kwimigca eli-18 kuphela kwiPython:
import asyncio
import random
async def handler(_reader, writer):
try:
while True:
await asyncio.sleep(10)
writer.write(b'%xrn' % random.randint(0, 2**32))
await writer.drain()
except ConnectionResetError:
pass
async def main():
server = await asyncio.start_server(handler, '0.0.0.0', 2222)
async with server:
await server.serve_forever()
asyncio.run(main())I-Asyncio ilungele ukubhala iitarpits. Umzekelo, le hook iya kumisa iFirefox, iChrome, okanye nawuphi na omnye umxhasi ozama ukuqhagamshela kwiseva yakho yeHTTP iiyure ezininzi:
import asyncio
import random
async def handler(_reader, writer):
writer.write(b'HTTP/1.1 200 OKrn')
try:
while True:
await asyncio.sleep(5)
header = random.randint(0, 2**32)
value = random.randint(0, 2**32)
writer.write(b'X-%x: %xrn' % (header, value))
await writer.drain()
except ConnectionResetError:
pass
async def main():
server = await asyncio.start_server(handler, '0.0.0.0', 8080)
async with server:
await server.serve_forever()
asyncio.run(main())I-Tarpit sisixhobo esihle sokohlwaya abantu abaxhaphaza abantu kwi-intanethi. Enyanisweni, kukho umngcipheko, ngokuchaseneyo, ukutsala ingqalelo yabo kwindlela yokuziphatha engaqhelekanga yomncedisi othile. Umntu kunye nokuhlaselwa kweDDoS ekujoliswe kuyo kwi-IP yakho. Nangona kunjalo, ukuza kuthi ga ngoku azikabikho iimeko ezinjalo, kwaye iitarpits zisebenza kakuhle.
Iindawo zokuhlala:
I-Python, ukhuseleko lolwazi, iSoftware, ulawulo lweNkqubo
tags:
SSH, Endlessh, tarpit, tarpit, trap, asycio
I-Trap (tarpit) yoqhagamshelwano lwe-SSH olungenayo
Akuyomfihlo ukuba i-Intanethi yindawo enobutshaba kakhulu. Nje ukuba uphakamise iseva, iphantsi kohlaselo olukhulu kunye nokuskena okuninzi. Umzekelo ungaqikelela ubungakanani bale traffic yenkunkuma. Ngapha koko, kumndilili weseva, i-99% yetrafikhi inokuba yingozi.
ITarpit lizibuko elisetyenziselwa ukucothisa udibaniso olungenayo. Ukuba inkqubo yomntu wesithathu idibanisa kweli zibuko, awuyi kukwazi ukuvala ngokukhawuleza uxhulumaniso. Kuya kufuneka achithe izixhobo zakhe zenkqubo kwaye alinde de kube lixesha lokuqhagamshelwa, okanye ayiphelise ngesandla.
Amaxesha amaninzi, iitarpits zisetyenziselwa ukukhusela. Ubuchwephesha baqale baphuhliswa ukukhusela kwiintshulube zekhompyuter. Kwaye ngoku ingasetyenziselwa ukonakalisa ubomi be-spammers kunye nabaphandi ababandakanyekayo kwi-scanning ebanzi yazo zonke iidilesi ze-IP ngokulandelelana (imizekelo kuHabrΓ©: , ).
Omnye wabalawuli benkqubo ogama linguChris Wellons ngokucacileyo wadinwa kukubukela eli hlazo-kwaye wabhala inkqubo encinci. , itarpit ye-SSH ecothisa imidibaniso engenayo. Inkqubo ivula i-port (i-port engagqibekanga yokuvavanya yi-2222) kwaye izenza umncedisi we-SSH, kodwa ngokwenene iseka uxhulumaniso olungenasiphelo kunye nomxhasi ongenayo ide inikezele. Oku kunokuqhubeka iintsuku ezininzi okanye ngaphezulu de umxhasi awe.
Ukufakelwa koncedo:
$ make
$ ./endlessh &
$ ssh -p2222 localhostItarpit ephunyezwe ngokufanelekileyo iya kuthatha izixhobo ezininzi kumhlaseli kunawe. Kodwa ayingombandela wemithombo. Umbhali ukuba inkqubo iyakhobokisa. Okwangoku inabathengi abangama-27 ababanjiweyo, abanye babo baqhagamshelwe iiveki. Kwincopho yomsebenzi, abathengi abali-1378 20 babevaleleke iiyure ezingama-XNUMX!
Kwimo yokusebenza, i-Endlessh iseva kufuneka ifakwe kwi-port eqhelekileyo ye-22, apho i-hooligans inkqonkqoza ngobuninzi. Iingcebiso ezisemgangathweni zokhuseleko zihlala zicebisa ukuhambisa i-SSH kwi-port eyahlukileyo, enciphisa ngokukhawuleza ubukhulu beelogi ngomyalelo wobukhulu.
UChris Wellons uthi inkqubo yakhe isebenzisa umhlathi omnye wengcaciso kwiSSH protocol. Ngokukhawuleza emva kokuba uxhulumaniso lwe-TCP lusekwe, kodwa ngaphambi kokuba i-cryptography isetyenziswe, amaqela omabini kufuneka athumele umtya wokuzazisa. Kwaye kukho inqaku: "Umncedisi ANGAthumela eminye imiqolo yedatha phambi kokuthumela umqolo wenguqulelo"... KUNYE akukho mda kumthamo wale data, kufuneka uqale umgca ngamnye nge SSH-.
Yile nto kanye eyenziwa yi-Endlessh program: yona ithumela nga pheleli umjelo wedatha eyenziwe ngokungenamkhethe, ethobela i-RFC 4253, oko kukuthi, thumela phambi koqinisekiso, kwaye umgca ngamnye uqala ngo SSH- kwaye ayidluli kuma-255 oonobumba, kuquka nomgca ophelayo. Ngokubanzi, yonke into ihambelana nomgangatho.
Ngokungagqibekanga, inkqubo ilinda imizuzwana eyi-10 phakathi kokuthumela iipakethi. Oku kuthintela umxhasi ukuba aphelelwe lixesha, ngoko umxhasi uya kubanjiswa ngonaphakade.
Ekubeni idatha ithunyelwa ngaphambi kokuba i-cryptography isetyenziswe, inkqubo ilula kakhulu. Ayidingi kuphumeza naziphi na ii-ciphers kwaye ixhasa iiprothokholi ezininzi.
Umbhali wazama ukuqinisekisa ukuba i-utility idla ubuncinci bezibonelelo kwaye isebenza ngokungaqatshelwanga ngokupheleleyo kumatshini. Ngokungafaniyo nee-antivirus zanamhlanje kunye nezinye "iinkqubo zokhuseleko," akufuneki ukuba icothise ikhompyuter yakho. Ukwazile ukunciphisa zombini i-traffic kunye nokusetyenziswa kwememori ngenxa yokuphunyezwa kwesoftware enobuqili ngakumbi. Ukuba iqalise inkqubo eyahlukileyo kuqhagamshelo olutsha, ke abahlaseli abanokuthi baqalise uhlaselo lwe-DDoS ngokuvula uqhagamshelo oluninzi ukukhupha izixhobo kumatshini. Intambo enye ngoqhagamshelo ayilolona khetho lungcono, kuba i-kernel iya kuchitha izixhobo zokulawula imisonto.
Yiyo loo nto uChris Wellons ekhethe olona khetho lukhaphukhaphu kwi-Endlessh: iseva enomsonto omnye poll(2), apho abathengi abakwi-trap badla phantse akukho zixhobo ezongezelelweyo, zingabali into ye-socket kwi-kernel kunye nezinye i-78 bytes zokulandelela kwi-Endlesssh. Ukuze ugweme ukwaba ii-buffers zokufumana kunye nokuthumela umxhasi ngamnye, i-Endlessh ivula i-socket yokufikelela ngokuthe ngqo kwaye iguqulela iipakethi ze-TCP ngokuthe ngqo, idlula phantse yonke inkqubo yokusebenza ye-TCP / IP stack. I-buffer engenayo ayidingeki kwaphela, kuba asinamdla kwidatha engenayo.
Umbhali uthi ngexesha lenkqubo yakhe malunga nobukho bePython's asycio kunye nezinye iitarpits. Ukuba wayesazi malunga ne-asycio, wayenokusebenzisa usetyenziso lwakhe kwimigca eli-18 kuphela kwiPython:
import asyncio
import random
async def handler(_reader, writer):
try:
while True:
await asyncio.sleep(10)
writer.write(b'%xrn' % random.randint(0, 2**32))
await writer.drain()
except ConnectionResetError:
pass
async def main():
server = await asyncio.start_server(handler, '0.0.0.0', 2222)
async with server:
await server.serve_forever()
asyncio.run(main())I-Asyncio ilungele ukubhala iitarpits. Umzekelo, le hook iya kumisa iFirefox, iChrome, okanye nawuphi na omnye umxhasi ozama ukuqhagamshela kwiseva yakho yeHTTP iiyure ezininzi:
import asyncio
import random
async def handler(_reader, writer):
writer.write(b'HTTP/1.1 200 OKrn')
try:
while True:
await asyncio.sleep(5)
header = random.randint(0, 2**32)
value = random.randint(0, 2**32)
writer.write(b'X-%x: %xrn' % (header, value))
await writer.drain()
except ConnectionResetError:
pass
async def main():
server = await asyncio.start_server(handler, '0.0.0.0', 8080)
async with server:
await server.serve_forever()
asyncio.run(main())I-Tarpit sisixhobo esihle sokohlwaya abantu abaxhaphaza abantu kwi-intanethi. Enyanisweni, kukho umngcipheko, ngokuchaseneyo, ukutsala ingqalelo yabo kwindlela yokuziphatha engaqhelekanga yomncedisi othile. Umntu kunye nokuhlaselwa kweDDoS ekujoliswe kuyo kwi-IP yakho. Nangona kunjalo, ukuza kuthi ga ngoku azikabikho iimeko ezinjalo, kwaye iitarpits zisebenza kakuhle.
umthombo: www.habr.com