Ngobunye ubusuku obuhle basentwasahlobo, lapho ngingafuni ukuya ekhaya, futhi isifiso esingenakuvinjelwa sokuphila nokufunda sasiluma futhi sivutha njengensimbi eshisayo, kwavela umqondo wokukhetha isici esilingayo esilahlekile ku-firewall ebizwa ngokuthi "Inqubomgomo ye-IP DOS".
Ngemuva kokunakekelwa kokuqala nokujwayelana nebhukwana, ngilimise ngemodi Pass-and-Log, ukubheka ukuphuma ngokujwayelekile kanye nokuba usizo okungabazisayo kwalesi silungiselelo.
Ngemva kwezinsuku ezimbalwa (ukuze izibalo ziqongelele, yebo, hhayi ngoba ngikhohliwe), ngabheka izingodo futhi, ngidansa ngaleso sikhathi, ngishaya izandla zami - kwakukhona amarekhodi anele, ungadlali nxazonke. Kungase kubonakale sengathi ngeke kube lula - vula inqubomgomo ukuze uvimbele zonke izikhukhula, ukuskena, ukufakwa kuvulwe uhhafu amaseshini ngokuvinjelwa kwehora futhi ulale ngokuthula ngokuqaphela ukuthi umngcele uvaliwe. Kodwa unyaka wama-34 wokuphila wanqoba i-maximalism yobusha futhi endaweni ethile ngemuva kobuchopho kwazwakala izwi elincanyana: “Masiphakamise izinkophe zethu futhi sibone ukuthi amakheli kabani i-firewall yethu esiyithandayo ebonwa njengezikhukhula ezinonya? Hhayi-ke, ngokulandela umbhedo."
Siqala ukuhlaziya idatha etholiwe ohlwini lwezinto ezididayo. Ngisebenzisa amakheli ngombhalo olula I-Powershell futhi amehlo akhubeka phezu kwezinhlamvu ezijwayelekile google.
Ngicikica amehlo ami futhi ngicwayiza cishe imizuzu emihlanu ukuze ngiqiniseke ukuthi angizicabangi izinto - empeleni, ohlwini lwalabo i-firewall ebabheka njengezikhukhula ezinonya, uhlobo lokuhlasela yileli - udp izikhukhula, amakheli enkampani enhle.
Nginwaya ikhanda lami, kanyekanye ngimisa ukuthwebula kwephakethe kusixhumi esibonakalayo sangaphandle ukuze ngihlaziywe. Imicabango ekhanyayo igijima ekhanda lami: “Kwenzeka kanjani ukuthi into ethile ingene ku-Google Scope? Futhi yilokhu engikutholile? Yebo, lokhu, imiklomelo, ukuhlonishwa kanye nokhaphethi obomvu, kanye nekhasino yayo ene-blackjack futhi, kahle, uyaqonda..."
Ihlaziya ifayela elitholiwe I-Wireshark-ohm.
Yebo, ngempela kusuka ekhelini elivela kububanzi -Google Amaphakethe e-UDP alandwa kusukela ku-port 443 ukuya endaweni engahleliwe kudivayisi yami.
Kodwa, linda kancane... Lapha inqubo ishintsha ukusuka UDP on I-GQUIC.
Semyon Semenych...
Ngokushesha ngikhumbula umbiko ovela Ukulayisha Okuphezulu Alexandra Tobolya «UDP ngokumelene I-TCP noma ikusasa lesitaki senethiwekhi"().
Ngakolunye uhlangothi, ukudumala okuncane kuyangena - akukho laurels, akukho ukuhlonishwa kwakho, master. Ngakolunye uhlangothi, inkinga icacile, kusasele ukuqonda ukuthi kuphi futhi kungakanani ukumba.
Imizuzu embalwa yokuxhumana ne-Good Corporation - futhi yonke into ihamba kahle. Emzamweni wokuthuthukisa isivinini sokulethwa kokuqukethwe, inkampani -Google yamemezela iphrothokholi emuva ngo-2012 I-QUIC, okuvumela ukuthi ususe okuningi kokushiyeka kwe-TCP (yebo, yebo, yebo, kulezi zihloko - и Bakhuluma ngendlela yokuguquguquka ngokuphelele, kodwa, ake sithembeke, ngifuna izithombe ezinamakati zilayishe ngokushesha, hhayi zonke lezi ziguquko zokuqaphela nokuthuthuka). Njengoba ucwaningo olwengeziwe luye lwabonisa, izinhlangano eziningi manje sezishintshela kulolu hlobo lwenketho yokulethwa kokuqukethwe.
Inkinga esimweni sami futhi, ngicabanga, hhayi kuphela esimweni sami, ukuthi ekugcineni kunamaphakethe amaningi kakhulu futhi i-firewall iwabona njengesikhukhula.
Kube nezixazululo ezimbalwa:
1. Engeza ohlwini lokungabandakanyi lwe Inqubomgomo ye-DoS Ububanzi bamakheli ku-firewall -Google. Lapho nje ecabanga ngohlu lwamakheli okungenzeka ukuthi angawenza, iso lakhe laqala ukudikiza ngovalo - umqondo wabekwa eceleni njengohlanya.
2. Khulisa umkhawulo wokuphendula we inqubomgomo yezikhukhula ye-udp - futhi hhayi u-comme il faut, kodwa kuthiwani uma othile ononya ngempela engena.
3. Vimbela izingcingo ezivela kunethiwekhi yangaphakathi nge UDP on 443 port out.
Ngemva kokufunda kabanzi mayelana nokuqaliswa nokuhlanganiswa I-QUIC в i-Google Chrome Inketho yokugcina yamukelwe njengenkomba yesenzo. Iqiniso liwukuthi, ethandwa yiwo wonke umuntu yonke indawo futhi ngokungenasihawu (angiqondi ukuthi kungani, kungcono ukuba nekhanda elibomvu elizikhukhumezayo Firefox-ovskaya muzzle izothola amagigabhayithi asetshenzisiwe e-RAM), i-Google Chrome ekuqaleni izama ukusungula ukuxhumana kusetshenziswa okuzuzwe kanzima I-QUIC, kodwa uma isimangaliso singenzeki, bese sibuyela ezindleleni ezifakazelwe njenge TLS, nakuba enamahloni kakhulu ngakho.
Dala okungenayo kwesevisi ku-firewall I-QUIC:
Setha umthetho omusha futhi siwubeke endaweni ethile ephakeme kuketango.
Ngemva kokuvula umthetho ohlwini lweziphambeko, ukuthula nokuthula, ngaphandle kwabaphula umthetho abanonya ngempela.
Siyabonga wonke umuntu ngokunaka kwenu.
Izinsiza ezisetshenzisiwe:
1.
2.
3.
4.
Source: www.habr.com