Iinkampani ezininzi namhlanje zixhalabile malunga nokuqinisekisa ukhuseleko lolwazi lweziseko zabo, ezinye zenza oku ngesicelo samaxwebhu alawulayo, kwaye ezinye zenza oku ukususela kwisiganeko sokuqala senzeke. Iindlela zamva nje zibonisa ukuba inani leziganeko likhula, kwaye ukuhlaselwa ngokwawo kuya kuba yinkimbinkimbi. Kodwa akuyomfuneko ukuba uye kude, ingozi isondele kakhulu. Ngeli xesha ndingathanda ukuphakamisa isihloko sokhuseleko lomnikezeli we-Intanethi. Kukho izithuba kuHabrΓ© ezixubushe esi sihloko kwinqanaba lesicelo. Eli nqaku liza kugxininisa ukhuseleko kwinethiwekhi kunye namanqanaba oqhagamshelwano lwedatha.
Yaqala njani yonke le nto
Kwixesha elidlulileyo, i-Intanethi yafakwa kwigumbi elivela kumnikezeli omtsha; ngaphambili, iinkonzo ze-Intanethi zazisiwa kwigumbi kusetyenziswa itekhnoloji ye-ADSL. Kuba ndichitha ixesha elincinci ekhaya, i-Intanethi yeselula ibifunwa kakhulu kune-Intanethi yasekhaya. Ngokutshintshela kumsebenzi okude, ndagqiba ekubeni isantya se-50-60 Mb / s kwi-Intanethi yasekhaya sasinganelanga kwaye ndagqiba ekubeni ndinyuse isantya. Ngeteknoloji ye-ADSL, ngenxa yezizathu zobugcisa, akunakwenzeka ukwandisa isantya ngaphezu kwe-60 Mb / s. Kugqitywe ekubeni kutshintshelwe komnye umnikezeli ngesantya esichaziweyo esahlukileyo kunye nokunikezelwa kweenkonzo ngaphandle kwe-ADSL.
Inokuba yinto eyahlukileyo
Qhagamshelana nommeli womboneleli we-Intanethi. Abafakeli beza, bagqobhoza umngxuma kwigumbi lokuhlala, baza bafaka intambo yesiqwenga seRJ-45. Bandinika isivumelwano kunye nemiyalelo kunye nezicwangciso zenethiwekhi ezifuna ukusetwa kwi-router (i-IP ezinikeleyo, isango, i-subnet mask kunye needilesi ze-IP ze-DNS yazo), wathatha intlawulo kwinyanga yokuqala yomsebenzi kwaye washiya. Xa ndingena useto lwenethiwekhi endilunikweyo kwirutha yasekhaya, i-Intanethi yagqabhuka yangena kwigumbi. Inkqubo yokungena kokuqala komrhumi kwinethiwekhi ibonakala ilula kakhulu kum. Akukho sigunyaziso siphambili senziweyo, kwaye isichongi sam yayiyidilesi yeIP endiyinikiweyo. I-intanethi yasebenza ngokukhawuleza kwaye ngokuzinzileyo.Kwakukho i-router ye-wifi kwindlu kwaye ngodonga oluthwele umthwalo isantya soqhagamshelwano sehla kancinci. Ngenye imini, kwafuneka ndikhuphele ifayile enomlinganiselo weegigabytes ezimbini. Ndacinga, kutheni ungaqhagamshelanisi i-RJ-45 ukuya kwindlu ngokuthe ngqo kwi-PC.
Mazi ummelwane wakho
Emva kokukhuphela yonke ifayile, ndigqibe ekubeni ndibazi abamelwane abakwisokethi zokutshintsha ngcono.
Kwizakhiwo eziqeshisayo, uqhagamshelo lwe-Intanethi luhlala luvela kumnikezeli ngefiber optical, lungena kwi-wiring closet kwelinye lotshintshiselwano kwaye lusasazwe phakathi kokungena kunye namagumbi ngeentambo ze-Ethernet, ukuba sijonga umzobo wonxibelelwano lwakudala. Ewe, sele kukho iteknoloji apho i-optics iya ngqo kwindlu (GPON), kodwa oku akukabikho ngokubanzi.
Ukuba sithatha itopology eyenziwe lula kakhulu kwisikali sendlu enye, ijongeka ngolu hlobo:
Kuyavela ukuba abathengi balo mnikezeli, amanye amagumbi angabamelwane, basebenza kwinethiwekhi yendawo efanayo kwisixhobo sokutshintsha okufanayo.
Ngokuvumela ukumamela kwi-interface eqhagamshelwe ngokuthe ngqo kwinethiwekhi yomnikezeli, unokubona usasazo lwe-ARP lwetrafikhi lubhabha luvela kuyo yonke imikhosi ekwinethiwekhi.
Umnikezeli wagqiba ekubeni angazikhathazi kakhulu ngokwahlula inethiwekhi ibe ngamacandelo amancinci, ngoko ke i-traffic traffic esuka kwi-hosts ye-253 inokuhamba ngaphakathi kokutshintsha enye, ingabalwa abo bacinyiweyo, ngaloo ndlela bavala i-bandwidth yesiteshi.
Emva kokuskena inethiwekhi sisebenzisa i-nmap, sigqibe inani leenginginya ezisebenzayo ukusuka kuyo yonke indawo yeedilesi, uguqulelo lwesoftware kunye namazibuko avulekileyo okutshintsha okuphambili:
Kwaye iphi i-ARP apho kunye ne-ARP-spoofing
Ukwenza ezinye iintshukumo, kwasetyenziswa i-ettercap-graphical utility; kukho ii-analogue zangoku, kodwa le software itsala umzobo wayo wamandulo kunye nokusebenziseka ngokulula.
Kwikholamu yokuqala kukho iidilesi ze-IP zazo zonke ii-routers eziphendule kwi-ping, okwesibini ziidilesi zabo zomzimba.
Idilesi yendawo yodwa; ingasetyenziselwa ukuqokelela ulwazi malunga nendawo yejografi ye-router, njl., ngoko iya kufihlwa ngeenjongo zeli nqaku.
Injongo ye-1 yongeza isango eliphambili kunye nedilesi 192.168.xxx.1, injongo ye-2 yongeza enye yezinye iidilesi.
Sizazisa kwisango njengenginginya kunye nedilesi 192.168.xxx.204, kodwa ngedilesi yethu ye-MAC. Emva koko sizibonakalisa kumzila womsebenzisi njengesango kunye nedilesi 192.168.xxx.1 kunye ne-MAC yayo. Iinkcukacha zobuthathaka beprothokholi ye-ARP zixoxwa ngokweenkcukacha kwamanye amanqaku alula kuGoogle.
Njengesiphumo sabo bonke ubuqhetseba, sinetrafikhi evela kwiinginginya ezidlula kuthi, sele sivumele ukuthunyelwa kwepakethi ngaphambili:
Ewe, i-https sele isetyenziswa phantse kuyo yonke indawo, kodwa inethiwekhi isagcwele ezinye iiprothokholi ezingakhuselekanga. Ngokomzekelo, i-DNS efanayo kunye ne-DNS-spoofing attack. Inyani yokuba uhlaselo lwe-MITM lunokwenziwa lukhokelela kuhlaselo oluninzi. Izinto ziba mbi ngakumbi xa kukho iqela elinesibini leenginginya ezisebenzayo ezikhoyo kwinethiwekhi. Kuyafaneleka ukuqwalasela ukuba eli licandelo labucala, kungekhona inethiwekhi yenkampani, kwaye ayinguye wonke umntu onamanyathelo okukhusela okufumanisa kunye nokuchasana nokuhlaselwa okuhambelanayo.
Indlela yokuyiphepha
Umboneleli kufuneka abe nexhala malunga nale ngxaki; ukuseta ukhuseleko ngokuchasene nohlaselo olunjalo kulula kakhulu, kwimeko yokutshintsha okufanayo kweCisco.
Ukwenza uHlolo lwe-ARP oluNgqongileyo (DAI) luya kuthintela idilesi ye-MAC yesango elikhulu ekubeni yonakale. Ukwaphula i-domain yosasazo ibe ngamacandelo amancinci kuthintele ubuncinci itrafikhi ye-ARP ukuba ingasasazeki kuzo zonke iinginginya ngokulandelelana kunye nokunciphisa inani leenginginya ezinokuhlaselwa. Umxhasi, naye, unokuzikhusela kwizinto ezinjalo ngokuseta i-VPN ngqo kwi-router yakhe yasekhaya; uninzi lwezixhobo sele luxhasa lo msebenzi.
ezifunyanisiweyo
Okunokwenzeka, ababoneleli abakukhathaleli oku; zonke iinzame zijolise ekwandiseni inani labathengi. Esi sixhobo asibhalwanga ukubonisa uhlaselo, kodwa ukukukhumbuza ukuba nenethiwekhi yomnikezeli wakho ayinakukhuseleka kakhulu ekugqithiseni idatha yakho. Ndiqinisekile ukuba baninzi ababoneleli benkonzo ye-Intanethi abancinci abangenzanga nto ngaphandle kokuba kuyimfuneko ukuqhuba izixhobo zenethiwekhi ezisisiseko.
umthombo: www.habr.com