Akuyona imfihlo ukuthi i-Intanethi iyindawo enobutha kakhulu. Uma nje uphakamisa iseva, ihlaselwa ngokushesha kanye nokuskenwa okuningi. Ngokwesibonelo ungakwazi ukulinganisa isikali salokhu kuthutha kukadoti. Eqinisweni, kuseva emaphakathi, u-99% wethrafikhi kungenzeka ube nonya.
I-Tarpit iyimbobo yesicupho esetshenziselwa ukwehlisa ijubane ekuxhumekeni okungenayo. Uma isistimu yenkampani yangaphandle ixhumeka kule mbobo, ngeke ukwazi ukuvala ngokushesha uxhumano. Kuzodingeka amoshe izinsiza zesistimu yakhe futhi alinde kuze kuphele isikhathi sokuxhuma, noma akuqedele mathupha.
Ngokuvamile, ama-tarpit asetshenziselwa ukuvikela. Le nqubo yenziwa kuqala ukuze ivikeleke ezimpethuni zekhompyutha. Futhi manje ingasetshenziswa ukucekela phansi izimpilo zabathumeli bogaxekile nabacwaningi abenza ukuskena okubanzi kwawo wonke amakheli e-IP ngokulandelana (izibonelo ku-HabrΓ©: , ).
Omunye wabaphathi bohlelo ogama lakhe linguChris Wellons ngokusobala ukhathele ukubuka leli hlazo - wabe esebhala uhlelo oluncane. , i-tarpit ye-SSH ebambezela uxhumo olungenayo. Uhlelo luvula imbobo (imbobo ezenzakalelayo yokuhlola ingu-2222) futhi izenza iseva ye-SSH, kodwa empeleni isungula uxhumano olungapheli neklayenti elingenayo kuze kube yilapho liyeka. Lokhu kungase kuqhubeke izinsuku ezimbalwa noma ngaphezulu kuze kube yilapho iklayenti liwe.
Ukufakwa kwensiza:
$ make
$ ./endlessh &
$ ssh -p2222 localhostI-tarpit esetshenziswe kahle izothatha izinsiza eziningi kumhlaseli kunakuwe. Kodwa akuyona ngisho indaba yezinsiza. Umbhali ukuthi uhlelo luyalutha. Njengamanje inamakhasimende angama-27 avaleleke, amanye exhumeke amasonto. Lapho umsebenzi usuqophelweni eliphezulu, amakhasimende angu-1378 20 avaleleka amahora angu-XNUMX!
Kumodi yokusebenza, iseva ye-Endlessh idinga ukufakwa embotsheni evamile engu-22, lapho ama-hooligans engqongqoza ngobuningi. Izincomo zokuphepha ezijwayelekile zihlale zeluleka ukuhambisa i-SSH kwenye indawo ehlukile, enciphisa ngokushesha usayizi wamalogi ngokuhleleka kobukhulu.
UChris Wellons uthi uhlelo lwakhe lusebenzisa isigaba esisodwa sokucaciswa kuphrothokholi ye-SSH. Ngokushesha ngemva kokusungulwa kokuxhumana kwe-TCP, kodwa ngaphambi kokuthi kusetshenziswe i-cryptography, zombili izinhlangothi kufanele zithumele iyunithi yezinhlamvu zokuhlonza. Futhi kukhona inothi: "Iseva INGASE ithumele eminye imigqa yedatha ngaphambi kokuthumela umugqa wenguqulo"... KANYE akukho mkhawulo kuvolumu yale datha, udinga nje ukuqala umugqa ngamunye ngawo SSH-.
Yilokhu kanye okwenziwa uhlelo lwe-Endlessh: it ithumela engapheli ukusakazwa kwedatha ekhiqizwa ngokungahleliwe, ethobela i-RFC 4253, okungukuthi, thumela ngaphambi kokuqinisekisa, futhi ulayini ngamunye uqala ngokuthi SSH- futhi angeqi izinhlamvu ezingama-255, okuhlanganisa nohlamvu lwesiphetho somugqa. Ngokuvamile, yonke into ihambisana nendinganiso.
Ngokuzenzakalelayo, uhlelo lulinda imizuzwana eyi-10 phakathi kokuthumela amaphakethe. Lokhu kuvimbela iklayenti ukuthi liphelelwe yisikhathi, ngakho iklayenti lizovaleleka unomphela.
Njengoba idatha ithunyelwa ngaphambi kokuthi kusetshenziswe i-cryptography, uhlelo lulula kakhulu. Ayidingi ukusebenzisa noma yimaphi ama-ciphers futhi isekela amaphrothokholi amaningi.
Umbhali uzame ukuqinisekisa ukuthi insiza isebenzisa ubuncane bezinsiza futhi isebenza ngaphandle kokuqashelwa emshinini. Ngokungafani nama-antivirus esimanje kanye nezinye "izinhlelo zokuphepha," akufanele ibambezele ikhompuyutha yakho. Ukwazile ukunciphisa ukusetshenziswa kwethrafikhi nenkumbulo ngenxa yokuqaliswa kwesoftware enobuqili. Uma ivele yethule inqubo ehlukile ekuxhumekeni okusha, abahlaseli abangahle baqalise ukuhlasela kwe-DDoS ngokuvula ukuxhumana okuningi ukuze kucishwe izinsiza emshinini. Intambo eyodwa ekuxhumekeni ngakunye futhi akuyona inketho engcono kakhulu, ngoba i-kernel izomosha izinsiza zokuphatha imicu.
Kungakho uChris Wellons akhethe inketho engasindi kakhulu ye-Endlessh: iseva enomucu owodwa poll(2), lapho amaklayenti ogibe engasebenzisi cishe izinsiza ezengeziwe, ngaphandle kokubala into yesokhethi ku-kernel kanye namanye amabhayithi angu-78 okulandelela ku-Endlesssh. Ukuze ugweme ukwaba amabhafa eklayenti ngalinye, i-Endlessh ivula isokhethi yokufinyelela okuqondile futhi ihumushe amaphakethe e-TCP ngokuqondile, idlule cishe lonke isitaki sesistimu yokusebenza ye-TCP/IP. Ibhafa engenayo ayidingeki nhlobo, ngoba asinantshisekelo kudatha engenayo.
Umbhali usho lokho ngesikhathi sohlelo lwakhe mayelana nokuba khona kwe-asycio yePython namanye ama-tarpits. Ukube wayazi nge-asycio, ubengasebenzisa isisetshenziswa sakhe emigqeni eyi-18 kuphela kuPython:
import asyncio
import random
async def handler(_reader, writer):
try:
while True:
await asyncio.sleep(10)
writer.write(b'%xrn' % random.randint(0, 2**32))
await writer.drain()
except ConnectionResetError:
pass
async def main():
server = await asyncio.start_server(handler, '0.0.0.0', 2222)
async with server:
await server.serve_forever()
asyncio.run(main())I-Asyncio ilungele ukubhala ama-tarpits. Isibonelo, le hoku izomisa iFirefox, Chrome, nanoma iliphi elinye iklayenti elizama ukuxhuma kuseva yakho ye-HTTP amahora amaningi:
import asyncio
import random
async def handler(_reader, writer):
writer.write(b'HTTP/1.1 200 OKrn')
try:
while True:
await asyncio.sleep(5)
header = random.randint(0, 2**32)
value = random.randint(0, 2**32)
writer.write(b'X-%x: %xrn' % (header, value))
await writer.drain()
except ConnectionResetError:
pass
async def main():
server = await asyncio.start_server(handler, '0.0.0.0', 8080)
async with server:
await server.serve_forever()
asyncio.run(main())I-Tarpit iyithuluzi elihle lokujezisa iziqhwaga eziku-inthanethi. Yiqiniso, kunengozi ethile, ngokuphambene, yokudonsela ukunaka kwabo ekuziphatheni okungavamile kweseva ethile. Umuntu kanye nokuhlasela okuhlosiwe kwe-DDoS ku-IP yakho. Kodwa-ke, kuze kube manje azikho izimo ezinjalo, futhi ama-tarpits asebenza kahle.
Amahabhu:
I-Python, Ukuphepha Kolwazi, Isofthiwe, Ukuphathwa Kwesistimu
Tags:
SSH, Endlesssh, tarpit, tarpit, trap, asycio
I-Trap (tarpit) yokuxhumeka kwe-SSH okungenayo
Akuyona imfihlo ukuthi i-Intanethi iyindawo enobutha kakhulu. Uma nje uphakamisa iseva, ihlaselwa ngokushesha kanye nokuskenwa okuningi. Ngokwesibonelo ungakwazi ukulinganisa isikali salokhu kuthutha kukadoti. Eqinisweni, kuseva emaphakathi, u-99% wethrafikhi kungenzeka ube nonya.
I-Tarpit iyimbobo yesicupho esetshenziselwa ukwehlisa ijubane ekuxhumekeni okungenayo. Uma isistimu yenkampani yangaphandle ixhumeka kule mbobo, ngeke ukwazi ukuvala ngokushesha uxhumano. Kuzodingeka amoshe izinsiza zesistimu yakhe futhi alinde kuze kuphele isikhathi sokuxhuma, noma akuqedele mathupha.
Ngokuvamile, ama-tarpit asetshenziselwa ukuvikela. Le nqubo yenziwa kuqala ukuze ivikeleke ezimpethuni zekhompyutha. Futhi manje ingasetshenziswa ukucekela phansi izimpilo zabathumeli bogaxekile nabacwaningi abenza ukuskena okubanzi kwawo wonke amakheli e-IP ngokulandelana (izibonelo ku-HabrΓ©: , ).
Omunye wabaphathi bohlelo ogama lakhe linguChris Wellons ngokusobala ukhathele ukubuka leli hlazo - wabe esebhala uhlelo oluncane. , i-tarpit ye-SSH ebambezela uxhumo olungenayo. Uhlelo luvula imbobo (imbobo ezenzakalelayo yokuhlola ingu-2222) futhi izenza iseva ye-SSH, kodwa empeleni isungula uxhumano olungapheli neklayenti elingenayo kuze kube yilapho liyeka. Lokhu kungase kuqhubeke izinsuku ezimbalwa noma ngaphezulu kuze kube yilapho iklayenti liwe.
Ukufakwa kwensiza:
$ make
$ ./endlessh &
$ ssh -p2222 localhostI-tarpit esetshenziswe kahle izothatha izinsiza eziningi kumhlaseli kunakuwe. Kodwa akuyona ngisho indaba yezinsiza. Umbhali ukuthi uhlelo luyalutha. Njengamanje inamakhasimende angama-27 avaleleke, amanye exhumeke amasonto. Lapho umsebenzi usuqophelweni eliphezulu, amakhasimende angu-1378 20 avaleleka amahora angu-XNUMX!
Kumodi yokusebenza, iseva ye-Endlessh idinga ukufakwa embotsheni evamile engu-22, lapho ama-hooligans engqongqoza ngobuningi. Izincomo zokuphepha ezijwayelekile zihlale zeluleka ukuhambisa i-SSH kwenye indawo ehlukile, enciphisa ngokushesha usayizi wamalogi ngokuhleleka kobukhulu.
UChris Wellons uthi uhlelo lwakhe lusebenzisa isigaba esisodwa sokucaciswa kuphrothokholi ye-SSH. Ngokushesha ngemva kokusungulwa kokuxhumana kwe-TCP, kodwa ngaphambi kokuthi kusetshenziswe i-cryptography, zombili izinhlangothi kufanele zithumele iyunithi yezinhlamvu zokuhlonza. Futhi kukhona inothi: "Iseva INGASE ithumele eminye imigqa yedatha ngaphambi kokuthumela umugqa wenguqulo"... KANYE akukho mkhawulo kuvolumu yale datha, udinga nje ukuqala umugqa ngamunye ngawo SSH-.
Yilokhu kanye okwenziwa uhlelo lwe-Endlessh: it ithumela engapheli ukusakazwa kwedatha ekhiqizwa ngokungahleliwe, ethobela i-RFC 4253, okungukuthi, thumela ngaphambi kokuqinisekisa, futhi ulayini ngamunye uqala ngokuthi SSH- futhi angeqi izinhlamvu ezingama-255, okuhlanganisa nohlamvu lwesiphetho somugqa. Ngokuvamile, yonke into ihambisana nendinganiso.
Ngokuzenzakalelayo, uhlelo lulinda imizuzwana eyi-10 phakathi kokuthumela amaphakethe. Lokhu kuvimbela iklayenti ukuthi liphelelwe yisikhathi, ngakho iklayenti lizovaleleka unomphela.
Njengoba idatha ithunyelwa ngaphambi kokuthi kusetshenziswe i-cryptography, uhlelo lulula kakhulu. Ayidingi ukusebenzisa noma yimaphi ama-ciphers futhi isekela amaphrothokholi amaningi.
Umbhali uzame ukuqinisekisa ukuthi insiza isebenzisa ubuncane bezinsiza futhi isebenza ngaphandle kokuqashelwa emshinini. Ngokungafani nama-antivirus esimanje kanye nezinye "izinhlelo zokuphepha," akufanele ibambezele ikhompuyutha yakho. Ukwazile ukunciphisa ukusetshenziswa kwethrafikhi nenkumbulo ngenxa yokuqaliswa kwesoftware enobuqili. Uma ivele yethule inqubo ehlukile ekuxhumekeni okusha, abahlaseli abangahle baqalise ukuhlasela kwe-DDoS ngokuvula ukuxhumana okuningi ukuze kucishwe izinsiza emshinini. Intambo eyodwa ekuxhumekeni ngakunye futhi akuyona inketho engcono kakhulu, ngoba i-kernel izomosha izinsiza zokuphatha imicu.
Kungakho uChris Wellons akhethe inketho engasindi kakhulu ye-Endlessh: iseva enomucu owodwa poll(2), lapho amaklayenti ogibe engasebenzisi cishe izinsiza ezengeziwe, ngaphandle kokubala into yesokhethi ku-kernel kanye namanye amabhayithi angu-78 okulandelela ku-Endlesssh. Ukuze ugweme ukwaba amabhafa eklayenti ngalinye, i-Endlessh ivula isokhethi yokufinyelela okuqondile futhi ihumushe amaphakethe e-TCP ngokuqondile, idlule cishe lonke isitaki sesistimu yokusebenza ye-TCP/IP. Ibhafa engenayo ayidingeki nhlobo, ngoba asinantshisekelo kudatha engenayo.
Umbhali usho lokho ngesikhathi sohlelo lwakhe mayelana nokuba khona kwe-asycio yePython namanye ama-tarpits. Ukube wayazi nge-asycio, ubengasebenzisa isisetshenziswa sakhe emigqeni eyi-18 kuphela kuPython:
import asyncio
import random
async def handler(_reader, writer):
try:
while True:
await asyncio.sleep(10)
writer.write(b'%xrn' % random.randint(0, 2**32))
await writer.drain()
except ConnectionResetError:
pass
async def main():
server = await asyncio.start_server(handler, '0.0.0.0', 2222)
async with server:
await server.serve_forever()
asyncio.run(main())I-Asyncio ilungele ukubhala ama-tarpits. Isibonelo, le hoku izomisa iFirefox, Chrome, nanoma iliphi elinye iklayenti elizama ukuxhuma kuseva yakho ye-HTTP amahora amaningi:
import asyncio
import random
async def handler(_reader, writer):
writer.write(b'HTTP/1.1 200 OKrn')
try:
while True:
await asyncio.sleep(5)
header = random.randint(0, 2**32)
value = random.randint(0, 2**32)
writer.write(b'X-%x: %xrn' % (header, value))
await writer.drain()
except ConnectionResetError:
pass
async def main():
server = await asyncio.start_server(handler, '0.0.0.0', 8080)
async with server:
await server.serve_forever()
asyncio.run(main())I-Tarpit iyithuluzi elihle lokujezisa iziqhwaga eziku-inthanethi. Yiqiniso, kunengozi ethile, ngokuphambene, yokudonsela ukunaka kwabo ekuziphatheni okungavamile kweseva ethile. Umuntu kanye nokuhlasela okuhlosiwe kwe-DDoS ku-IP yakho. Kodwa-ke, kuze kube manje azikho izimo ezinjalo, futhi ama-tarpits asebenza kahle.
Source: www.habr.com