Akuyona imfihlo ukuthi i-Intanethi iyindawo enobutha kakhulu. Uma nje uphakamisa iseva, ihlaselwa ngokushesha kanye nokuskenwa okuningi. Ngokwesibonelo
I-Tarpit iyimbobo yesicupho esetshenziselwa ukwehlisa ijubane ekuxhumekeni okungenayo. Uma isistimu yenkampani yangaphandle ixhumeka kule mbobo, ngeke ukwazi ukuvala ngokushesha uxhumano. Kuzodingeka amoshe izinsiza zesistimu yakhe futhi alinde kuze kuphele isikhathi sokuxhuma, noma akuqedele mathupha.
Ngokuvamile, ama-tarpit asetshenziselwa ukuvikela. Le nqubo yenziwa kuqala ukuze ivikeleke ezimpethuni zekhompyutha. Futhi manje ingasetshenziswa ukucekela phansi izimpilo zabathumeli bogaxekile nabacwaningi abenza ukuskena okubanzi kwawo wonke amakheli e-IP ngokulandelana (izibonelo ku-HabrΓ©:
Omunye wabaphathi bohlelo ogama lakhe linguChris Wellons ngokusobala ukhathele ukubuka leli hlazo - wabe esebhala uhlelo oluncane.
Ukufakwa kwensiza:
$ make
$ ./endlessh &
$ ssh -p2222 localhost
I-tarpit esetshenziswe kahle izothatha izinsiza eziningi kumhlaseli kunakuwe. Kodwa akuyona ngisho indaba yezinsiza. Umbhali
Kumodi yokusebenza, iseva ye-Endlessh idinga ukufakwa embotsheni evamile engu-22, lapho ama-hooligans engqongqoza ngobuningi. Izincomo zokuphepha ezijwayelekile zihlale zeluleka ukuhambisa i-SSH kwenye indawo ehlukile, enciphisa ngokushesha usayizi wamalogi ngokuhleleka kobukhulu.
UChris Wellons uthi uhlelo lwakhe lusebenzisa isigaba esisodwa sokucaciswa SSH-
.
Yilokhu kanye okwenziwa uhlelo lwe-Endlessh: it ithumela engapheli ukusakazwa kwedatha ekhiqizwa ngokungahleliwe, ethobela i-RFC 4253, okungukuthi, thumela ngaphambi kokuqinisekisa, futhi ulayini ngamunye uqala ngokuthi SSH-
futhi angeqi izinhlamvu ezingama-255, okuhlanganisa nohlamvu lwesiphetho somugqa. Ngokuvamile, yonke into ihambisana nendinganiso.
Ngokuzenzakalelayo, uhlelo lulinda imizuzwana eyi-10 phakathi kokuthumela amaphakethe. Lokhu kuvimbela iklayenti ukuthi liphelelwe yisikhathi, ngakho iklayenti lizovaleleka unomphela.
Njengoba idatha ithunyelwa ngaphambi kokuthi kusetshenziswe i-cryptography, uhlelo lulula kakhulu. Ayidingi ukusebenzisa noma yimaphi ama-ciphers futhi isekela amaphrothokholi amaningi.
Umbhali uzame ukuqinisekisa ukuthi insiza isebenzisa ubuncane bezinsiza futhi isebenza ngaphandle kokuqashelwa emshinini. Ngokungafani nama-antivirus esimanje kanye nezinye "izinhlelo zokuphepha," akufanele ibambezele ikhompuyutha yakho. Ukwazile ukunciphisa ukusetshenziswa kwethrafikhi nenkumbulo ngenxa yokuqaliswa kwesoftware enobuqili. Uma ivele yethule inqubo ehlukile ekuxhumekeni okusha, abahlaseli abangahle baqalise ukuhlasela kwe-DDoS ngokuvula ukuxhumana okuningi ukuze kucishwe izinsiza emshinini. Intambo eyodwa ekuxhumekeni ngakunye futhi akuyona inketho engcono kakhulu, ngoba i-kernel izomosha izinsiza zokuphatha imicu.
Kungakho uChris Wellons akhethe inketho engasindi kakhulu ye-Endlessh: iseva enomucu owodwa poll(2)
, lapho amaklayenti ogibe engasebenzisi cishe izinsiza ezengeziwe, ngaphandle kokubala into yesokhethi ku-kernel kanye namanye amabhayithi angu-78 okulandelela ku-Endlesssh. Ukuze ugweme ukwaba amabhafa eklayenti ngalinye, i-Endlessh ivula isokhethi yokufinyelela okuqondile futhi ihumushe amaphakethe e-TCP ngokuqondile, idlule cishe lonke isitaki sesistimu yokusebenza ye-TCP/IP. Ibhafa engenayo ayidingeki nhlobo, ngoba asinantshisekelo kudatha engenayo.
Umbhali usho lokho ngesikhathi sohlelo lwakhe
import asyncio
import random
async def handler(_reader, writer):
try:
while True:
await asyncio.sleep(10)
writer.write(b'%xrn' % random.randint(0, 2**32))
await writer.drain()
except ConnectionResetError:
pass
async def main():
server = await asyncio.start_server(handler, '0.0.0.0', 2222)
async with server:
await server.serve_forever()
asyncio.run(main())
I-Asyncio ilungele ukubhala ama-tarpits. Isibonelo, le hoku izomisa iFirefox, Chrome, nanoma iliphi elinye iklayenti elizama ukuxhuma kuseva yakho ye-HTTP amahora amaningi:
import asyncio
import random
async def handler(_reader, writer):
writer.write(b'HTTP/1.1 200 OKrn')
try:
while True:
await asyncio.sleep(5)
header = random.randint(0, 2**32)
value = random.randint(0, 2**32)
writer.write(b'X-%x: %xrn' % (header, value))
await writer.drain()
except ConnectionResetError:
pass
async def main():
server = await asyncio.start_server(handler, '0.0.0.0', 8080)
async with server:
await server.serve_forever()
asyncio.run(main())
I-Tarpit iyithuluzi elihle lokujezisa iziqhwaga eziku-inthanethi. Yiqiniso, kunengozi ethile, ngokuphambene, yokudonsela ukunaka kwabo ekuziphatheni okungavamile kweseva ethile. Umuntu
Amahabhu:
I-Python, Ukuphepha Kolwazi, Isofthiwe, Ukuphathwa Kwesistimu
Tags:
SSH, Endlesssh, tarpit, tarpit, trap, asycio
I-Trap (tarpit) yokuxhumeka kwe-SSH okungenayo
Akuyona imfihlo ukuthi i-Intanethi iyindawo enobutha kakhulu. Uma nje uphakamisa iseva, ihlaselwa ngokushesha kanye nokuskenwa okuningi. Ngokwesibonelo
I-Tarpit iyimbobo yesicupho esetshenziselwa ukwehlisa ijubane ekuxhumekeni okungenayo. Uma isistimu yenkampani yangaphandle ixhumeka kule mbobo, ngeke ukwazi ukuvala ngokushesha uxhumano. Kuzodingeka amoshe izinsiza zesistimu yakhe futhi alinde kuze kuphele isikhathi sokuxhuma, noma akuqedele mathupha.
Ngokuvamile, ama-tarpit asetshenziselwa ukuvikela. Le nqubo yenziwa kuqala ukuze ivikeleke ezimpethuni zekhompyutha. Futhi manje ingasetshenziswa ukucekela phansi izimpilo zabathumeli bogaxekile nabacwaningi abenza ukuskena okubanzi kwawo wonke amakheli e-IP ngokulandelana (izibonelo ku-HabrΓ©:
Omunye wabaphathi bohlelo ogama lakhe linguChris Wellons ngokusobala ukhathele ukubuka leli hlazo - wabe esebhala uhlelo oluncane.
Ukufakwa kwensiza:
$ make
$ ./endlessh &
$ ssh -p2222 localhost
I-tarpit esetshenziswe kahle izothatha izinsiza eziningi kumhlaseli kunakuwe. Kodwa akuyona ngisho indaba yezinsiza. Umbhali
Kumodi yokusebenza, iseva ye-Endlessh idinga ukufakwa embotsheni evamile engu-22, lapho ama-hooligans engqongqoza ngobuningi. Izincomo zokuphepha ezijwayelekile zihlale zeluleka ukuhambisa i-SSH kwenye indawo ehlukile, enciphisa ngokushesha usayizi wamalogi ngokuhleleka kobukhulu.
UChris Wellons uthi uhlelo lwakhe lusebenzisa isigaba esisodwa sokucaciswa SSH-
.
Yilokhu kanye okwenziwa uhlelo lwe-Endlessh: it ithumela engapheli ukusakazwa kwedatha ekhiqizwa ngokungahleliwe, ethobela i-RFC 4253, okungukuthi, thumela ngaphambi kokuqinisekisa, futhi ulayini ngamunye uqala ngokuthi SSH-
futhi angeqi izinhlamvu ezingama-255, okuhlanganisa nohlamvu lwesiphetho somugqa. Ngokuvamile, yonke into ihambisana nendinganiso.
Ngokuzenzakalelayo, uhlelo lulinda imizuzwana eyi-10 phakathi kokuthumela amaphakethe. Lokhu kuvimbela iklayenti ukuthi liphelelwe yisikhathi, ngakho iklayenti lizovaleleka unomphela.
Njengoba idatha ithunyelwa ngaphambi kokuthi kusetshenziswe i-cryptography, uhlelo lulula kakhulu. Ayidingi ukusebenzisa noma yimaphi ama-ciphers futhi isekela amaphrothokholi amaningi.
Umbhali uzame ukuqinisekisa ukuthi insiza isebenzisa ubuncane bezinsiza futhi isebenza ngaphandle kokuqashelwa emshinini. Ngokungafani nama-antivirus esimanje kanye nezinye "izinhlelo zokuphepha," akufanele ibambezele ikhompuyutha yakho. Ukwazile ukunciphisa ukusetshenziswa kwethrafikhi nenkumbulo ngenxa yokuqaliswa kwesoftware enobuqili. Uma ivele yethule inqubo ehlukile ekuxhumekeni okusha, abahlaseli abangahle baqalise ukuhlasela kwe-DDoS ngokuvula ukuxhumana okuningi ukuze kucishwe izinsiza emshinini. Intambo eyodwa ekuxhumekeni ngakunye futhi akuyona inketho engcono kakhulu, ngoba i-kernel izomosha izinsiza zokuphatha imicu.
Kungakho uChris Wellons akhethe inketho engasindi kakhulu ye-Endlessh: iseva enomucu owodwa poll(2)
, lapho amaklayenti ogibe engasebenzisi cishe izinsiza ezengeziwe, ngaphandle kokubala into yesokhethi ku-kernel kanye namanye amabhayithi angu-78 okulandelela ku-Endlesssh. Ukuze ugweme ukwaba amabhafa eklayenti ngalinye, i-Endlessh ivula isokhethi yokufinyelela okuqondile futhi ihumushe amaphakethe e-TCP ngokuqondile, idlule cishe lonke isitaki sesistimu yokusebenza ye-TCP/IP. Ibhafa engenayo ayidingeki nhlobo, ngoba asinantshisekelo kudatha engenayo.
Umbhali usho lokho ngesikhathi sohlelo lwakhe
import asyncio
import random
async def handler(_reader, writer):
try:
while True:
await asyncio.sleep(10)
writer.write(b'%xrn' % random.randint(0, 2**32))
await writer.drain()
except ConnectionResetError:
pass
async def main():
server = await asyncio.start_server(handler, '0.0.0.0', 2222)
async with server:
await server.serve_forever()
asyncio.run(main())
I-Asyncio ilungele ukubhala ama-tarpits. Isibonelo, le hoku izomisa iFirefox, Chrome, nanoma iliphi elinye iklayenti elizama ukuxhuma kuseva yakho ye-HTTP amahora amaningi:
import asyncio
import random
async def handler(_reader, writer):
writer.write(b'HTTP/1.1 200 OKrn')
try:
while True:
await asyncio.sleep(5)
header = random.randint(0, 2**32)
value = random.randint(0, 2**32)
writer.write(b'X-%x: %xrn' % (header, value))
await writer.drain()
except ConnectionResetError:
pass
async def main():
server = await asyncio.start_server(handler, '0.0.0.0', 8080)
async with server:
await server.serve_forever()
asyncio.run(main())
I-Tarpit iyithuluzi elihle lokujezisa iziqhwaga eziku-inthanethi. Yiqiniso, kunengozi ethile, ngokuphambene, yokudonsela ukunaka kwabo ekuziphatheni okungavamile kweseva ethile. Umuntu
Source: www.habr.com