I-ProHoster > Π‘Π»ΠΎΠ³ > Ukuphatha > Iyini i-DNS Tunneling? Imiyalelo Yokuthola

Iyini i-DNS Tunneling? Imiyalelo Yokuthola

Iyini i-DNS Tunneling? Imiyalelo Yokuthola

I-DNS tunneling iphendulela isistimu yegama lesizinda ibe isikhali somgebenga. I-DNS empeleni iyincwadi yocingo enkulu ye-inthanethi. I-DNS futhi iyiphrothokholi eyisisekelo evumela abalawuli ukuthi babuze kusizindalwazi seseva ye-DNS. Kuze kube manje yonke into ibonakala icacile. Kodwa abaduni abanobuqili baye baqaphela ukuthi kungenzeka ukuxhumana nekhompyutha isisulu ngokucashile ngokujova imiyalo yokulawula kanye nedatha kuphrothokholi ye-DNS. Lona umbono ngemuva komhubhe we-DNS.

Indlela i-DNS tunneling isebenza ngayo

Iyini i-DNS Tunneling? Imiyalelo Yokuthola

Kunephrothokholi ehlukile yayo yonke into eku-inthanethi. Futhi i-DNS igcina ilula ngokuqhathaniswa umthetho olandelwayo uhlobo lwempendulo yesicelo. Uma ufuna ukubona ukuthi isebenza kanjani, ungasebenzisa i-nslookup, ithuluzi eliyinhloko lombuzo we-DNS. Ungacela ikheli ngokufaka nje igama lesizinda onentshisekelo kukho, isibonelo:

Iyini i-DNS Tunneling? Imiyalelo Yokuthola

Esimeni sethu, iphrothokholi iphendule ngekheli le-IP lesizinda. Ngokwephrothokholi ye-DNS, ngenze isicelo sekheli noma okuthiwa. "A" -uhlobo. Kukhona ezinye izinhlobo zemibuzo, futhi iphrothokholi ye-DNS izophendula ngesethi ehlukile yezinkambu zedatha, leyo, njengoba sizobona kamuva, ingasetshenziswa abaduni.

Indlela eyodwa noma enye, emnyombweni wayo, iphrothokholi ye-DNS imayelana nokuthumela isicelo kuseva kanye nempendulo yaso emuva kuklayenti. Kuthiwani uma umhlaseli engeza umlayezo ofihliwe ngaphakathi kwesicelo segama lesizinda? Isibonelo, esikhundleni sokufaka i-URL esemthethweni, izofaka idatha efuna ukuyidlulisela:

Iyini i-DNS Tunneling? Imiyalelo Yokuthola

Ake sithi umhlaseli ulawula iseva ye-DNS. Khona-ke angakwazi ukudlulisa idatha - isibonelo, idatha yomuntu siqu - futhi ngeke ngempela ibonakale. Ngemuva kwakho konke, kungani umbuzo we-DNS ungavele ube into engekho emthethweni?

Ngokulawula iseva, izigebengu ze-inthanethi zingakha izimpendulo futhi zithumele idatha emuva ohlelweni oluqondiwe. Lokhu kuzivumela ukuthi zidlulise imilayezo efihliwe emikhakheni ehlukahlukene yempendulo ye-DNS kuhlelo olungayilungele ikhompuyutha emshinini onaleli gciwane, ngemiyalo efana nokusesha ngaphakathi kwefolda ethile.

Ingxenye "ye-tunnel" yalokhu kuhlasela ukucasha idatha nemiyalo ekutholweni ngamasistimu okuqapha. Izigebengu ze-inthanethi zingasebenzisa amasethi ezinhlamvu ze-base32, i-base64, njll., noma zize zibethele idatha. Umbhalo wekhodi onjalo ngeke ubonwe yizinsiza ezilula zokuthola izinsongo ezisesha ngombhalo ongenalutho.

Futhi yilokho umhubhe we-DNS oyikho!

Umlando wokuhlaselwa ngomhubhe we-DNS

Yonke into inesiqalo, okuhlanganisa nomqondo wokuduna iphrothokholi ye-DNS ngezinjongo zabaduni. Ngokwazi kwethu, eyokuqala ingxoxo ukuhlasela okunjalo kwenziwa ngu-Oskar Pearson ohlwini lwamakheli e-Bugtraq ngo-April 1998.

Ngo-2004, umhubhe we-DNS wethulwa ku-Black Hat njengendlela yokukhohlisa esethulweni sika-Dan Kaminsky. Ngakho, lo mbono wakhula ngokushesha waba ithuluzi langempela lokuhlasela.

Namuhla, umhubhe we-DNS usesikhundleni esiqinile kumephu izinsongo ezingaba khona (futhi ama-blogger ezokuphepha avame ukucelwa ukuthi akuchaze).

Uke wezwa mayelana I-sea Turtle ? Lona umkhankaso oqhubekayo wezigebengu ze-inthanethi - okungenzeka ukuthi zixhaswe uhulumeni - ukuthatha amaseva asemthethweni e-DNS ukuze aqondise kabusha izicelo ze-DNS kumaseva azo. Lokhu kusho ukuthi izinhlangano zizothola amakheli e-IP "amabi" akhomba amakhasi ewebhu mbumbulu aphethwe izigebengu ze-inthanethi, njenge-Google noma i-FedEx. Kulesi simo, abahlaseli bazokwazi ukuthola ama-akhawunti namaphasiwedi abasebenzisi abawafaka ngokungazi kumasayithi omgunyathi anjalo. Lokhu akuwona umhubhe we-DNS, kodwa omunye umphumela omubi wokulawulwa kwe-hacker yamaseva e-DNS.

DNS Tunneling Izinsongo

Iyini i-DNS Tunneling? Imiyalelo Yokuthola

I-DNS tunneling ifana nenkomba yokuqala kwesigaba sezindaba ezimbi. Usho ziphi? Sesike sakhuluma ngabambalwa, kodwa ake siwahlele:

  • Okukhipha idatha (ukuhluzwa) - i-hacker idlulisela ngokuyimfihlo idatha ebalulekile nge-DNS. Lena akuyona neze indlela ephumelela kakhulu yokudlulisa ulwazi kusuka kukhompyutha eyisisulu - ngokucabangela zonke izindleko kanye namakhodi - kodwa iyasebenza, futhi ngesikhathi esifanayo - ngobuhlakani!
  • I-Command and Control (C2 ngamafuphi) - Abaduni basebenzisa iphrothokholi ye-DNS ukuthumela imiyalo elula yokulawula, yithi, nge i-trojan yokufinyelela kude (I-Trojan yokufinyelela kude, iRAT ngamafuphi).
  • Ishunela i-IP-Over-DNS - lokhu kungase kuzwakale njengokuhlanya, kodwa kukhona izinsiza ezisebenzisa isitaki se-IP phezu kwezicelo nezimpendulo zephrothokholi ye-DNS. Lokhu kwenza ukudluliswa kwedatha kusetshenziswa i-FTP, i-Netcat, i-ssh, njll. umsebenzi olula uma kuqhathaniswa. Kubi kakhulu!

Ukutholwa Kwe-DNS Tunnel

Iyini i-DNS Tunneling? Imiyalelo Yokuthola

Kunezindlela ezimbili eziyinhloko zokuthola ukuhlukunyezwa kwe-DNS: ukuhlaziywa komthwalo kanye nokuhlaziywa kwethrafikhi.

ngesikhathi ukuhlaziywa komthwalo iqembu elivikelayo libheka okudidayo kudatha ethunyelwa emuva naphambili engatholwa ngezindlela zezibalo: amagama osokhaya abukeka eyinqaba, uhlobo lwerekhodi le-DNS elingasetshenziswa kaningi, noma umbhalo wekhodi ongajwayelekile.

ngesikhathi ukuhlaziywa kwethrafikhi inani lezicelo ze-DNS esizindeni ngasinye lilinganiselwa ngokuqhathaniswa nezinga elimaphakathi. Abahlaseli abasebenzisa umhubhe we-DNS bazokhiqiza ithrafikhi eningi kuseva. Ngokombono, iphakeme kakhulu kunomlayezo ojwayelekile we-DNS. Futhi idinga ukulandelelwa!

DNS Tunnel Izinsiza

Uma ufuna ukwenza isivivinyo sakho sokungena futhi ubone ukuthi inkampani yakho ingathola futhi iphendule kahle kangakanani emsebenzini onjalo, kunezinsiza ezimbalwa zalokhu. Wonke angadonsa ngemodi IP phezu kwe-DNS:

  • I-iodine - itholakala kumapulatifomu amaningi (Linux, Mac OS, FreeBSD neWindows). Ikuvumela ukuthi ufake igobolondo le-SSH phakathi kwekhompuyutha eqondiwe nokulawula. Nansi enhle umhlahlandlela ekusetheni nasekusebenziseni i-Iodine.
  • I-OzymanDNS iphrojekthi ye-DNS yokudonsa kaDan Kaminsky, ebhalwe nge-Perl. Ungaxhuma nayo nge-SSH.
  • I-DNSCat2 "Umhubhe we-DNS ongakugulisi." Idala isiteshi esibethelwe se-C2 sokulayisha/ukulanda amafayela, ukuvula amagobolondo, njll.

DNS Monitoring Izinsiza

Ngezansi kunohlu lwezinsiza ezimbalwa ezizoba wusizo ekutholeni ukuhlaselwa komhubhe:

  • dnsHunter - Imojula yePython ebhalelwe iMercenaryHuntFramework neMercenary-Linux. Ifunda amafayela e-.pcap, ikhiphe imibuzo ye-DNS, futhi yenza ukufaniswa kwendawo ukuze isize ekuhlaziyeni.
  • hlanganisa kabusha_dns iyinsiza yePython efunda amafayela we-.pcap futhi idlulise imilayezo ye-DNS.

I-Micro FAQ ku-DNS Tunneling

Ulwazi oluwusizo ngendlela yemibuzo nezimpendulo!

Q: Kuyini umhubhe?
MAYELANA: Kuyindlela nje yokudlulisa idatha ngephrothokholi ekhona. Iphrothokholi eyisisekelo ihlinzeka ngeshaneli noma umhubhe ozinikele, obese usetshenziselwa ukufihla ulwazi oludluliswayo ngempela.

Q: Kwenziwa nini ukuhlasela kokuqala komhubhe we-DNS?
MAYELANA: Asazi! Uma wazi, sicela usazise. Ngokwazi kwethu konke, ingxoxo yokuqala yokuhlasela yaqalwa ngu-Oscar Pearsan ohlwini lwamakheli e-Bugtraq ngo-April 1998.

Q: Yikuphi ukuhlaselwa okufana nomhubhe we-DNS?
MAYELANA: I-DNS ikude nenqubo yomthetho kuphela engasetshenziselwa umhubhe. Isibonelo, i-Command and Control (C2) uhlelo olungayilungele ikhompuyutha ngokuvamile isebenzisa i-HTTP ukuze imaski isiteshi sokuxhumana. Njengokwenza i-DNS tunneling, i-hacker ifihla idatha yakhe, kodwa kulokhu kubonakala sengathi ithrafikhi evela kusiphequluli sewebhu esivamile esifinyelela kusayithi elikude (elilawulwa umhlaseli). Lokhu kungase kunganakwa ngokuqapha izinhlelo uma zingalungiselelwe ukubonwa usongo ukusetshenziswa kabi kwephrothokholi ye-HTTP ngezinjongo ze-hacker.

Ungathanda ukuthi sikusize ngokutholwa kwe-DNS Tunnel? Bheka imojuli yethu I-Varonis Edge bese uzama mahhala idemo!

Source: www.habr.com

Engeza amazwana