Izibalo zamahora angu-24 ngemva kokufaka ibhodwe lezinyosi endaweni eyi-Digital Ocean e-Singapore
Phuma Phansi! Ake siqale ngokushesha ngemephu yokuhlasela
Imephu yethu epholile kakhulu ibonisa ama-ASN ahlukile axhume ku-honeypot yethu ye-Cowrie phakathi namahora angu-24. Okuphuzi kuhambisana noxhumo lwe-SSH, futhi okubomvu kuhambisana ne-Telnet. Opopayi abanjalo bavame ukuhlaba umxhwele ibhodi labaqondisi benkampani, elingasiza ekutholeni uxhaso oluthe xaxa lokuvikela nezisetshenziswa. Kodwa-ke, imephu inenani elithile, ikhombisa ngokusobala ukusatshalaliswa kwezindawo kanye nenhlangano kwemithombo yokuhlasela kumsingathi wethu emahoreni angama-24 nje kuphela. Ukugqwayiza akubonisi inani lethrafikhi elisuka kumthombo ngamunye.
Liyini imephu yePew Pew?
Imephu ye-Pew Pew Ingabe , ivamise ukugqwayiza futhi ibe yinhle kakhulu. Kuyindlela enhle yokuthengisa umkhiqizo wakho, osetshenziswa kabi yiNorse Corp. Inkampani yaphela kabi: kwavela ukuthi ukugqwayiza okuhle kwaba yinzuzo yabo kuphela, futhi basebenzise idatha eyizicucu ukuze bayihlaziye.
Kwenziwe ngeLeafletjs
Kulabo abafuna ukuklama imephu yokuhlasela yesikrini esikhulu esikhungweni sokusebenza (umphathi wakho uzoyithanda), kukhona umtapo wolwazi. . Siyihlanganisa ne-plugin , isevisi ye-Maxmind GeoIP - .
I-WTF: iyini le-honeypot ye-Cowrie?
I-Honeypot iwuhlelo olufakwa kunethiwekhi ngokukhethekile ukuze luhehe abahlaseli. Ukuxhumeka kusistimu ngokuvamile akukho emthethweni futhi kukuvumela ukuthi uthole umhlaseli usebenzisa amalogi anemininingwane. Amalogi awagcini nje kuphela imininingwane yokuxhumana evamile, kodwa nolwazi lweseshini oluvezayo amasu, amaqhinga kanye nezinqubo (TTP) isigebengu.
senzelwe Amarekhodi okuxhumeka kwe-SSH ne-Telnet. Ama-honeypots anjalo avame ukufakwa ku-inthanethi ukuze alandele amathuluzi, imibhalo kanye nezindimbane zabahlaseli.
Umlayezo wami oya ezinkampanini ezicabanga ukuthi ngeke zihlaselwe: "Ubukeka kanzima."
β UJames Snook
Yini esezingodo?
Inani lenombolo yoxhumo
Kube nemizamo yokuxhumana ephindaphindiwe evela kubasingathi abaningi. Lokhu kuvamile, njengoba imibhalo yokuhlasela inohlu olugcwele lwemininingwane futhi uzame izinhlanganisela ezimbalwa. I-Cowrie Honeypot ilungiselelwe ukwamukela inhlanganisela ethile yegama lomsebenzisi nephasiwedi. Lokhu kulungiselelwe ku umsebenzisi.db ifayela.
IJografi yokuhlaselwa
Ngisebenzisa idatha ye-Maxmind geolocation, ngibale inombolo yoxhumo oluvela ezweni ngalinye. IBrazil neShayina zihamba phambili ngebanga elibanzi, futhi kuvame ukuba nomsindo omkhulu ovela kuma-scanner aqhamuka kulawa mazwe.
Umnikazi webhulokhi yenethiwekhi
Ukucwaninga abanikazi bamabhulokhi enethiwekhi (ASN) kungakhomba izinhlangano ezinenani elikhulu labasingathi abahlaselayo. Yiqiniso, ezimweni ezinjalo kufanele uhlale ukhumbula ukuthi ukuhlaselwa okuningi kuvela kubabungazi abanegciwane. Kunengqondo ukucabanga ukuthi abahlaseli abaningi abazona izilima ngokwanele ukuskena Inethiwekhi kusuka kukhompuyutha yasekhaya.
Vula izimbobo kumasistimu ahlaselayo (idatha evela ku-Shodan.io)
Ukusebenzisa uhlu lwe-IP ngokusebenzisa okuhle kakhulu ikhomba ngokushesha izinhlelo ezinamachweba avulekile futhi ayini la machweba? Isibalo esingezansi sibonisa ukugcwala kwezimbobo ezivulekile ngezwe nangenhlangano. Kungenzeka ukukhomba amabhlogo wezinhlelo ezisengozini, kodwa ngaphakathi isampula encane akukho okuvelele okubonakalayo, ngaphandle kwenani elikhulu Amachweba angama-500 avulekile eChina.
Ukuthola okuthakazelisayo inani elikhulu lamasistimu e-Brazil analo ayivuliwe 22, 23 noma amanye amachweba, ngokusho kukaCensys noShodan. Ngokusobala lokhu ukuxhumana okuvela kumakhompyutha abasebenzisi bokugcina.
Amabhothi? Akudingekile
Idatha emachwebeni 22 no-23 babonisa into engavamile ngalolo suku. Ngacabanga ukuthi ukuskena okuningi nokuhlaselwa kwephasiwedi kuvela kuma-bots. Umbhalo usabalele ezimbobeni ezivulekile, ukuqagela amagama ayimfihlo, futhi uzikopishele kusuka kusistimu entsha futhi uyaqhubeka nokusabalala kusetshenziswa indlela efanayo.
Kodwa lapha ungabona ukuthi kuphela inani elincane labasingathi abathwebula i-telnet abanembobo engu-23 evulekele ngaphandle. Lokhu kusho ukuthi amasistimu afakwa ebucayini ngenye indlela, noma abahlaseli basebenzisa imibhalo mathupha.
Izixhumanisi zasekhaya
Okunye okutholwe okuthokozisayo kwakuyinani elikhulu labasebenzisi basekhaya kusampula. Ngokusebenzisa ukubheka emuva Ngihlonze ukuxhumana okungu-105 kumakhompyutha athile asekhaya. Ngoxhumo oluningi lwasekhaya, ukubheka emuva kwe-DNS kukhombisa igama lomethuleli ngamagama athi dsl, ikhaya, ikhebula, ifayibha, njalonjalo.
Funda Futhi Uhlole: Phakamisa Elakho Ibhodwe Lezinyosi
Ngisanda kubhala isifundo esifushane sendlela yokwenza . Njengoba sekushiwo, esimweni sethu sasebenzisa i-Digital Ocean VPS eSingapore. Ngamahora angu-24 okuhlaziya, izindleko zazingamasenti ambalwa ngokoqobo, futhi isikhathi sokuhlanganisa isimiso sasiyimizuzu engu-30.
Esikhundleni sokusebenzisa i-Cowrie ku-inthanethi futhi ubambe wonke umsindo, ungazuza ku-honeypot kunethiwekhi yangakini. Setha njalo isaziso uma izicelo zithunyelwa kwezinye izimbobo. Lona umhlaseli ongaphakathi kwenethiwekhi, noma isisebenzi esinelukuluku lokwazi, noma ukuskena kokuba sengozini.
okutholakele
Ngemva kokubuka izenzo zabahlaseli esikhathini esingamahora angu-XNUMX, kuba sobala ukuthi akunakwenzeka ukukhomba umthombo ocacile wokuhlaselwa kunoma iyiphi inhlangano, izwe, noma ngisho nesistimu yokusebenza.
Ukusatshalaliswa okubanzi kwemithombo kubonisa ukuthi umsindo wokuskena uhlala njalo futhi awuhlobene nomthombo othile. Noma ubani osebenza ku-inthanethi kumele aqinisekise ukuthi uhlelo lwakhe amazinga amaningana okuphepha. Isixazululo esivamile nesisebenzayo se ssh isevisi izothuthela echwebeni eliphezulu okungahleliwe. Lokhu akusiqedi isidingo sokuvikelwa okuqinile kwephasiwedi nokuqapha, kodwa okungenani kuqinisekisa ukuthi izingodo azivalwanga ukuskena njalo. Ukuxhumeka kwezimbobo eziphezulu kungenzeka kube ukuhlaselwa okuqondiwe, okungase kube nentshisekelo kuwe.
Ngokuvamile izimbobo ze-telnet ezivulekile zikuma-router noma ezinye izisetshenziswa, ngakho azikwazi ukuhanjiswa kalula ziye endaweni ephakeme. ΠΈ iyona ndlela kuphela yokuqinisekisa ukuthi lezi zinsizakalo zine-firewalled noma zikhutshaziwe. Uma kungenzeka, akufanele usebenzise i-Telnet nhlobo; le mithetho yomthetho ayibhalwanga. Uma uyidinga futhi ungakwazi ukwenza ngaphandle kwayo, yiqaphe ngokucophelela futhi usebenzise amaphasiwedi aqinile.
Source: www.habr.com