I-Domain Name System (DNS) ifana nencwadi yocingo ehumusha amagama asebenziseka kalula njenge-"ussc.ru" ibe amakheli e-IP. Njengoba umsebenzi we-DNS ukhona cishe kuzo zonke izikhathi zokuxhumana, kungakhathaliseki ukuthi iphrothokholi iyini. Ngakho-ke, ukungena kwe-DNS kuwumthombo obalulekile wedatha yochwepheshe bezokuphepha kolwazi, okubavumela ukuthi babone okudidayo noma bathole idatha eyengeziwe mayelana nesistimu esacwaningwayo.
Ngo-2004, uFlorian Weimer uhlongoze indlela yokugawula ebizwa ngokuthi i-Passive DNS, ekuvumela ukuthi ubuyisele umlando wezinguquko zedatha ye-DNS ngekhono lokukhomba nokusesha, okunganikeza ukufinyelela kudatha elandelayo:
- Igama lesizinda
- Ikheli le-IP legama lesizinda eliceliwe
- Idethi nesikhathi sokuphendula
- Uhlobo lwempendulo
- nokunye.
Idatha ye-Passive DNS iqoqwa kusuka kuziphakeli ze-DNS eziphindaphindayo ngamamojula akhelwe ngaphakathi noma ngokungenela izimpendulo ezivela kumaseva e-DNS anesibopho sezoni.
Umfanekiso 1. I-Passive DNS (ethathwe kusayithi )
Isici se-Passive DNS ukuthi asikho isidingo sokubhalisa ikheli le-IP leklayenti, elisiza ukuvikela ubumfihlo bomsebenzisi.
Okwamanje, kunezinsizakalo eziningi ezinikeza ukufinyelela kudatha ye-Passive DNS:
Firm
I-Farsight Security
VirusTotal
I-Riskiq
I-SafeDNS
I-SecurityTrails
Cisco
Ukufinyelela
Ngesicelo
Akudingi ukubhaliswa
Ukubhalisa kumahhala
Ngesicelo
Akudingi ukubhaliswa
Ngesicelo
API
Phrezenta
Phrezenta
Phrezenta
Phrezenta
Phrezenta
Phrezenta
Ukutholakala kweklayenti
Phrezenta
Phrezenta
Phrezenta
No
No
No
Ukuqala kokuqoqwa kwedatha
Unyaka we-2010
Unyaka we-2013
Unyaka we-2009
Ibonisa kuphela izinyanga ezi-3 ezedlule
Unyaka we-2008
Unyaka we-2006
Ithebula 1. Amasevisi anokufinyelela kudatha ye-Passive DNS
Sebenzisa I-Case for Passive DNS
Usebenzisa i-Passive DNS ungakha ukuxhumana phakathi kwamagama wesizinda, amaseva e-NS namakheli e-IP. Lokhu kukuvumela ukuthi wakhe amamephu wezinhlelo ezisacwaningwayo futhi ulandelele izinguquko kumephu enjalo kusukela ekutholweni kokuqala ukuya esikhathini samanje.
I-Passive DNS iphinda ikwenze kube lula ukubona iziphazamiso zethrafikhi. Isibonelo, ukulandelela izinguquko ezindaweni ze-NS namarekhodi ohlobo A kanye ne-AAAA kukuvumela ukuthi ubone amasayithi anonya asebenzisa indlela ye-flux esheshayo, eklanyelwe ukufihla i-C&C ukuthi ingatholwa futhi ivinjwe. Ngoba amagama esizinda asemthethweni (ngaphandle kwalawo asetshenziselwa ukulinganisa umthwalo) ngeke ashintshe amakheli awo e-IP kaningi, futhi izindawo eziningi ezisemthethweni azivamile ukushintsha amaseva azo e-NS.
I-Passive DNS, ngokungafani nosesho oluqondile lwezizinda ezingaphansi kusetshenziswa izichazamazwi, ikuvumela ukuthi uthole ngisho namagama esizinda angajwayelekile, isibonelo β222qmxacaiqaaaaazibq4aaidhmbqaaa0undefined7140c0.p.hoff.ruβ. Futhi kwesinye isikhathi ikuvumela ukuthi uthole izindawo zokuhlola (kanye nezisengozini) zewebhusayithi, izinto zonjiniyela, njll.
Icwaninga isixhumanisi esivela ku-imeyili kusetshenziswa i-Passive DNS
Okwamanje, ugaxekile ungenye yezindlela eziyinhloko umhlaseli angena ngazo kukhompuyutha yesisulu noma antshontshe ulwazi oluyimfihlo. Ake sizame ukuhlola isixhumanisi esivela encwadini enjalo sisebenzisa i-Passive DNS ukuze sihlole ukusebenza kwale ndlela.
Umfanekiso 2. I-imeyili yogaxekile
Isixhumanisi esisuka kule ncwadi siholele kusayithi magnit-boss.rocks, ezinikele ukuqoqa ngokuzenzakalelayo amabhonasi futhi yamukele imali:
Umfanekiso 3. Ikhasi lisingathwe kusizinda magnit-boss.rocks
Ukutadisha le sayithi, ngisebenzise , osekunamakhasimende angu-3 aselungile , ΠΈ .
Okokuqala, sizothola wonke umlando waleli gama lesizinda, ngoba lokhu sizosebenzisa umyalo:
pt-client pdns βumbuzo magnet-boss.rocks
Lo myalo uzobonisa ulwazi mayelana nazo zonke izinqumo ze-DNS ezihlobene naleli gama lesizinda.
Umfanekiso 4. Impendulo evela ku-Riskiq API
Ake sibeke impendulo evela ku-API efomini elibonakalayo:
Umfanekiso 5. Konke okufakiwe okuvela empendulweni
Ukuze uthole olunye ucwaningo, sithathe amakheli e-IP lapho leli gama lesizinda lixazululwa khona ngesikhathi incwadi itholwa ngo-01.08.2019/92.119.113.112/85.143.219.65, amakheli anjalo e-IP amakheli alandelayo XNUMX kanye no-XNUMX.
Ukusebenzisa umyalo:
pt-client pdns --query
ungathola wonke amagama esizinda ahlotshaniswa nalawa makheli e-IP.
Ikheli lasesizindeni se-intanethi 92.119.113.112 linamagama esizinda ahlukile angu-42 axazulula leli kheli le-IP, phakathi kwawo kunalawa magama alandelayo:
- uzibuthe-boss.club
- igrovie-avtomaty.me
- pro-x-audit.xyz
- zep3-www.xyz
- nokunye
Ikheli lasesizindeni se-intanethi 85.143.219.65 linamagama esizinda ahlukile angu-44 axazulula leli kheli le-IP, phakathi kwawo kunalawa magama alandelayo:
- cvv2.name (isayithi lokuthengisa idatha yekhadi lesikweletu)
- ama-imeyili.world
- www.mailru.space
- nokunye
Ukuxhumana nalawa magama esizinda kuphakamisa ubugebengu bokweba imininingwane ebucayi, kodwa sikholelwa kubantu abalungile, ngakho-ke ake sizame ukuthola ibhonasi yama-ruble angu-332? Ngemva kokuchofoza inkinobho ethi "YEBO", isayithi lisicela ukuthi sidlulise ama-ruble angu-501.72 ekhadini ukuze sivule i-akhawunti futhi sisithumele kusayithi as-torpay.info ukuze sifake idatha.
Umfanekiso 6. Ikhasi lasekhaya lesayithi ac-pay2day.net
Kubukeka njengesayithi elisemthethweni, kunesitifiketi se-https, futhi ikhasi eliyinhloko linikeza ukuxhuma le sistimu yokukhokha kusayithi lakho, kodwa, maye, zonke izixhumanisi zokuxhuma azisebenzi. Leli gama lesizinda lixazulula ikheli le-IP elingu-1 kuphela - 190.115.19.74. Nayo, inamagama esizinda ahlukile angu-1475 axazulula leli kheli le-IP, okuhlanganisa namagama afana nalawa:
- ac-pay2day.net
- ac-payfit.com
- as-manypay.com
- i-fletkass.net
- as-magicpay.com
- nokunye
Njengoba sibona, i-Passive DNS ikuvumela ukuthi uqoqe ngokushesha nangempumelelo idatha mayelana nensiza esifundweni futhi wakhe uhlobo lwezigxivizo zeminwe ezikuvumela ukuthi uvule lonke uhlelo lokweba idatha yomuntu siqu, kusukela ekutholeni kwayo kuya endaweni okungenzeka ukuthi uyidayisele.
Umfanekiso 7. Imephu yesistimu esacwaningwayo
Akuyona yonke into emnandi ngendlela esingathanda ngayo. Isibonelo, uphenyo olunjalo lungahluleka kalula ku-CloudFlare noma kumasevisi afanayo. Futhi ukusebenza kahle kwesizindalwazi esiqoqiwe kuncike kakhulu enanini lezicelo ze-DNS ezidlula kumojuli yokuqoqa idatha ye-Passive DNS. Kodwa nokho, i-Passive DNS ingumthombo wolwazi olwengeziwe lomcwaningi.
Umbhali: Uchwepheshe we-Ural Center for Security Systems
Source: www.habr.com