I-Domain Name System (DNS) ifana nencwadi yefowuni eguqulela amagama asebenziseka lula njenge "ussc.ru" kwiidilesi ze-IP. Ekubeni umsebenzi we-DNS ukhona phantse kuzo zonke iiseshini zonxibelelwano, kungakhathaliseki ukuba yeyiphi iprotocol. Ke, ukungena kwe-DNS ngumthombo oxabisekileyo wedatha yeengcali zokhuseleko lolwazi, okubavumela ukuba babone izinto ezingaqhelekanga okanye bafumane idatha eyongezelelweyo malunga nenkqubo ephantsi kophando.
Ngo-2004, uFlorian Weimer ucebise indlela yokugawulwa kwemithi ebizwa ngokuba yiPassive DNS, ekuvumela ukuba ubuyisele imbali yotshintsho lwedatha ye-DNS ngokukwazi ukukhomba kunye nokukhangela, okunokubonelela ngokufikelela kule datha ilandelayo:
- Igama lesizinda
- Idilesi ye-IP yegama lesizinda eliceliweyo
- Umhla kunye nexesha lokuphendula
- Uhlobo lwempendulo
- njalo njalo.
Idatha ye-Passive DNS iqokelelwa kwiiseva ze-DNS eziphindaphindayo ngeemodyuli ezakhelwe ngaphakathi okanye ngokuthintela iimpendulo ezivela kwiiseva ze-DNS ezinoxanduva lommandla.
Umzobo 1. Passive DNS (ithathwe kwisiza )
Isici sePassive DNS kukuba akukho mfuneko yokubhalisa idilesi ye-IP yomthengi, enceda ukukhusela ubumfihlo bomsebenzisi.
Okwangoku, kukho iinkonzo ezininzi ezibonelela ngokufikelela kwidatha yePassive DNS:
Inkampani
Ukhuseleko lokujonga kude
VirusTotal
Riskiq
Ukhuseleko
Iindlela zoKhuseleko
ServerAdmin
Ukufikelela
Ngesicelo
Ayifuni ubhaliso
Ubhaliso lusimahla
Ngesicelo
Ayifuni ubhaliso
Ngesicelo
API
Nikela
Nikela
Nikela
Nikela
Nikela
Nikela
Ubukho bomthengi
Nikela
Nikela
Nikela
Akakho
Akakho
Akakho
Ukuqala kokuqokelelwa kwedatha
2010 ngonyaka
2013 ngonyaka
2009 ngonyaka
Ibonisa kuphela iinyanga ezi-3 zokugqibela
2008 ngonyaka
2006 ngonyaka
Itheyibhile 1. Iinkonzo ezinokufikelela kwi-Passive DNS data
Sebenzisa Amatyala ePassive DNS
Ukusebenzisa i-Passive DNS unokwakha uqhagamshelwano phakathi kwamagama esizinda, iiseva ze-NS kunye needilesi ze-IP. Oku kukuvumela ukuba wakhe iimephu zeenkqubo eziphantsi kofundo kwaye ulandelele utshintsho kwimephu enjalo ukusuka kubhaqo lokuqala ukuya kwixesha langoku.
I-Passive DNS yenza kube lula ukubona ukungahambi kakuhle kwetrafikhi. Ngokomzekelo, ukulandelela utshintsho kwiindawo ze-NS kunye neerekhodi zohlobo lwe-A kunye ne-AAAA ikuvumela ukuba uchonge iziza ezinobungozi ezisebenzisa indlela ye-flux ekhawulezayo, eyenzelwe ukufihla i-C & C ekufumaneni nasekuvimbeni. Ngenxa yokuba amagama edomeyini asemthethweni (ngaphandle kwalawo asetyenziselwa ukulinganisa umthwalo) akayi kutshintsha iidilesi zabo ze-IP rhoqo, kwaye uninzi lweendawo ezisemthethweni azifane zitshintshe iiseva zabo zeNS.
I-DNS ye-Passive, ngokuchasene nokukhangela ngokuthe ngqo kwi-subdomains usebenzisa izichazi-magama, ikuvumela ukuba ufumane nawona magama angaqhelekanga e-domain, umzekelo "222qmxacaiqaaaaazibq4aaidhmbqaaa0undefined7140c0.p.hoff.ru". Kwakhona ngamanye amaxesha ikuvumela ukuba ufumane uvavanyo (kunye neendawo ezisengozini) zewebhusayithi, izixhobo zomphuhlisi, njl.
Ukuphanda ikhonkco kwi-imeyile usebenzisa i-Passive DNS
Okwangoku, i-spam yenye yeendlela eziphambili apho umhlaseli angena kwikhompyutheni yexhoba okanye ebe ulwazi oluyimfihlo. Makhe sizame ukuhlola ikhonkco kwileta enjalo usebenzisa i-Passive DNS ukuvavanya ukusebenza kwale ndlela.
Umzobo 2. I-imeyile ye-spam
Ikhonkco kule leta yakhokelela kwindawo magnit-boss.rocks, eyanikezela ukuqokelela ngokuzenzekelayo iibhonasi kunye nokufumana imali:
Umzobo 3. Iphepha elibanjwe kwi-domain magnit-boss.rocks
Ukufundisisa le ndawo, ndasebenzisa , esele inabathengi aba-3 abasele belungile , ΠΈ .
Okokuqala, siya kufumanisa yonke imbali yeli gama lesizinda, kuba siza kusebenzisa lo myalelo:
pt-client pdns βumbuzo magnet-boss.rocks
Lo myalelo uzakubonisa ulwazi malunga nazo zonke izisombululo zeDNS ezinxulumene neli gama lesizinda.
Umzobo 4. Impendulo esuka kwi-Riskiq API
Masibeke impendulo evela kwi-API ibe yifom ebonakalayo ngakumbi:
Umzobo 5. Onke amangeno asuka kwimpendulo
Uphando olongezelelweyo, sithathe iidilesi ze-IP apho eli gama lesizinda lisonjululwe ngexesha leleta ifunyenwe ngo-01.08.2019/92.119.113.112/85.143.219.65, ezo dilesi ze-IP zezi dilesi zilandelayo XNUMX kunye XNUMX.
Ukusebenzisa umyalelo:
pt-client pdns --umbuzo
ungafumana onke amagama ethambeka adityaniswe nezi dilesi ze IP.
Idilesi ye-IP engu-92.119.113.112 inamagama angama-42 awodwa wesizinda asombulula le dilesi ye-IP, phakathi kwawo ngala magama alandelayo:
- umazibuthe-bos.club
- igrovie-avtomaty.me
- pro-x-audit.xyz
- zep3-www.xyz
- nabanye
Idilesi ye-IP 85.143.219.65 inamagama angama-44 awodwa wesizinda asombulula le dilesi ye-IP, phakathi kwawo ngala magama alandelayo:
- cvv2.name (indawo yokuthengisa idatha yekhadi letyala)
- emails.world
- www.mailru.space
- nabanye
Uqhagamshelwano ngala magama esizinda lubonisa i-phishing, kodwa sikholelwa kubantu abalungileyo, ngoko makhe sizame ukufumana ibhonasi ye-332 ruble? Emva kokuchofoza iqhosha elithi "YES", isayithi isicela ukuba sidlulise i-ruble ye-501.72 ukusuka ekhadini ukuze sivule i-akhawunti kwaye usithumele kwisayithi as-torpay.info ukufaka idatha.
Umfanekiso 6. Iphepha lasekhaya lesayithi ac-pay2day.net
Kubonakala ngathi indawo yomthetho, kukho isatifikethi se-https, kwaye iphepha eliphambili linikezela ukudibanisa le nkqubo yokuhlawula kwindawo yakho, kodwa, maye, zonke izixhumanisi zokudibanisa azisebenzi. Eli gama lesizinda lisombulula kuphela kwidilesi ye-IP eyi-1 - 190.115.19.74. Yona, yona, inamagama e-domain ayi-1475 awodwa asombulula le dilesi ye-IP, kuquka namagama anje:
- ac-pay2day.net
- ac-payfit.com
- as-manypay.com
- fletkass.net
- as-magicpay.com
- nabanye
Njengoko sibona, i-Passive DNS ikuvumela ukuba uqokelele idatha ngokukhawuleza nangokufanelekileyo malunga nesixhobo esiphantsi kwesifundo kwaye ude wakhe uhlobo lweminwe ekuvumela ukuba utyhile iskimu esipheleleyo sokweba idatha yobuqu, ukusuka kwirisithi yayo ukuya kwindawo ekunokwenzeka ukuba uthengise kuyo.
Umzobo 7. Imephu yenkqubo ephantsi kophando
Ayiyiyo yonke into emnandi njengoko singathanda. Umzekelo, olo phando lunokusilela ngokulula kwi-CloudFlare okanye iinkonzo ezifanayo. Kwaye ukusebenza kwedatha eqokelelweyo kuxhomekeke kakhulu kwinani lezicelo ze-DNS ezidlula kwimodyuli yokuqokelela idatha yePassive DNS. Kodwa nangona kunjalo, iPassive DNS ngumthombo wolwazi olongezelelweyo kumphandi.
Umbhali: Ingcali yeZiko le-Ural leeNkqubo zoKhuseleko
umthombo: www.habr.com