NgoFebhuwari, uChristian Haschek wase-Austrian washicilela isihloko esithakazelisayo kubhulogi yakhe esinesihloko esithi . Yiqiniso, ngaba nesithakazelo kulokho okuzokwenzeka uma lolu cwaningo luphindaphindiwe, kodwa nge-Ukraine. Amasonto ambalwa okuqoqwa kolwazi ubusuku nemini, izinsuku ezimbalwa zokulungiselela isihloko, futhi phakathi nalolu cwaningo, izingxoxo nabameleli abahlukahlukene bomphakathi wethu, bese sicacisa, bese sithola okwengeziwe. Sicela ngaphansi kwe-cut...
TL; DR
Awekho amathuluzi akhethekile asetshenzisiwe ukuze kuqoqwe ulwazi (yize abantu abambalwa belulekwe ngokusebenzisa i-OpenVAS efanayo ukuze kwenziwe ucwaningo olunemininingwane futhi lube nolwazi). Ngokuvikeleka kwama-IP ahlobene ne-Ukraine (okuningi ngokuthi kunqunywe kanjani ngezansi), isimo, ngokubona kwami, sibi impela (futhi sibi ngempela kunalokho okwenzeka e-Austria). Ayikho imizamo eyenziwe noma ehlelelwe ukuxhaphaza amaseva atholakele asengozini.
Okokuqala nje: ungawathola kanjani wonke amakheli e-IP okungewezwe elithile?
Empeleni ilula kakhulu. Amakheli e-IP awakhiqizwa izwe ngokwalo, kodwa abelwe wona. Ngakho-ke, kukhona uhlu (futhi lusesidlangalaleni) lwawo wonke amazwe nawo wonke ama-IP angawo.
Wonke umuntu angakwazi bese uyihlunga i-grep Ukraine IP2LOCATION-LITE-DB1.CSV> ukraine.csv
, ikuvumela ukuthi ulethe uhlu efomini elisebenziseka kakhulu.
I-Ukraine inamakheli acishe abe ngama-IPv4 amaningi njenge-Austria, ngaphezu kwezigidi ezingu-11 11 ukuba neqiniso (uma kuqhathaniswa, i-Austria ine-640).
Uma ungafuni ukudlala ngamakheli e-IP ngokwakho (futhi akufanele!), ungasebenzisa isevisi. .
Ingabe ikhona imishini ye-Windows engafakwanga e-Ukraine enokufinyelela okuqondile ku-inthanethi?
Yiqiniso, akekho noyedwa umuntu wase-Ukraine oqaphelayo ozovula ukufinyelela okunjalo kumakhompyutha abo. Noma kuzoba njalo?
masscan -p445 --rate 300 -iL ukraine.ips -oG ukraine.445.scan && cat ukraine.445.scan | wc -lImishini ye-Windows engu-5669 enokufinyelela okuqondile kunethiwekhi yatholwa (e-Austria kukhona i-1273 kuphela, kodwa lokho kuningi).
Eshu. Ingabe kukhona phakathi kwabo okungase kuhlaselwe kusetshenziswa i-ETHERNALBLUE, eyaziwa kusukela ngo-2017? Kwakungekho neyodwa imoto enjalo e-Austria, futhi ngangithemba ukuthi yayingeke itholakale nase-Ukraine. Ngeshwa, akusizi. Sithole amakheli e-IP angu-198 angazange avale le βmboboβ ngokwawo.
I-DNS, i-DDoS kanye nokujula komgodi onogwaja
Kwanele ngeWindows. Ake sibone lokho esinakho ngamaseva e-DNS, okuyizixazululi ezivulekile futhi ezingasetshenziselwa ukuhlasela kwe-DDoS.
Isebenza into efana nale. Umhlaseli uthumela isicelo esincane se-DNS, futhi iseva esengozini iphendula isisulu ngephakethe elikhulu ngokuphindwe ka-100. Boom! Amanethiwekhi ezinkampani angawa ngokushesha kusuka kumthamo onjalo wedatha, futhi ukuhlasela kudinga umkhawulokudonsa onganikezwa yi-smartphone yesimanje. Futhi kwaba nokuhlasela okunjalo ngisho naku-GitHub.
Ake sibone ukuthi akhona yini amaseva anjalo e-Ukraine.
masscan -pU 53 -iL ukraine.ips -oG ukraine.53.scan && cat ukraine.53.scan | wc -lIsinyathelo sokuqala ukuthola lezo ezinechweba elivulekile 53. Ngenxa yalokho, sinohlu lwamakheli e-IP angu-58, kodwa lokhu akusho ukuthi wonke angasetshenziselwa ukuhlasela kwe-DDoS. Isidingo sesibili kufanele kuhlangatshezwane naso, okungukuthi kufanele zibe yizixazululi ezivulekile.
Ukuze senze lokhu, singasebenzisa umyalo olula wokumba futhi sibone ukuthi singakwazi "ukumba" ukumba + ukuhlolwa okufushane.openresolver.com TXT @ip.of.dns.server. Uma ngabe iseva iphendule ngokuthi kutholwe isixazululi esivulekile, singase sibhekwe njengethagethi yokuhlasela. Izixazululi ezivulekile zenza cishe ama-25%, afana ne-Austria. Ngokwenani eliphelele, lokhu cishe ku-0,02% wawo wonke ama-IP wase-Ukraine.
Yini enye ongayithola e-Ukraine?
Ngiyajabula ukuthi ubuze. Kulula (futhi okuthakazelisa kakhulu kimina uqobo) ukubuka i-IP enechweba elivulekile 80 nokuthi yini esebenzayo kuyo.
iseva yewebhu
260 ama-IP ase-Ukraine aphendula ku-port 849 (http). Amakheli angu-80 aphendule kahle (isimo esingu-125) esicelweni esilula se-GET esingasithumela isiphequluli sakho. Okunye kukhiqize iphutha elilodwa noma elinye. Kuyathakazelisa ukuthi amaseva angu-444 akhiphe isimo se-200, futhi izimo ezingavamile kube ngu-853 (isicelo sokugunyazwa kommeleli) kanye ne-500 engeyona ejwayelekile ngokuphelele (i-IP engekho "ohlwini olumhlophe") ukuze uthole impendulo eyodwa.
I-Apache ibusa ngokuphelele - amaseva ayi-114 ayayisebenzisa. Inguqulo endala engiyithole e-Ukraine yi-544, ekhishwe ngo-Okthoba 1.3.29, 29 (!!!). i-nginx isendaweni yesibili ngamaseva angu-2003.
Amaseva ayi-11 asebenzisa i-WinCE, eyakhululwa ngo-1996, futhi aqeda ukuyichibiyela ngo-2013 (kunezi-4 kuphela zalezi e-Austria).
Iphrothokholi ye-HTTP/2 isebenzisa amaseva angama-5, i-HTTP/144 - 1.1, HTTP/256 - 836.
Amaphrinta... ngoba... kungani kungenjalo?
2 HP, 5 Epson kanye ne-4 Canon, ezifinyeleleka kunethiwekhi, ezinye zazo ngaphandle kokugunyazwa.
ama-webcams
Akuzona izindaba ukuthi e-Ukraine kunamakhamera amaningi ewebhu asakaza ngokwawo ku-inthanethi, aqoqwe ngezinsiza ezahlukahlukene. Okungenani amakhamera angu-75 azisakaza ku-inthanethi ngaphandle kokuvikelwa. Ungababheka .
Yini okulandelayo?
I-Ukraine yizwe elincane, njenge-Austria, kodwa linezinkinga ezifanayo namazwe amakhulu emkhakheni we-IT. Kudingeka sithuthukise ukuqonda okungcono kokuthi yini ephephile nokuthi yini eyingozi, futhi abakhiqizi bemishini kufanele banikeze ukulungiselelwa okuphephile kokuqala kwemishini yabo.
Ngaphezu kwalokho, ngiqoqa izinkampani zozakwethu (), engakusiza uqinisekise ubuqotho bengqalasizinda yakho ye-IT. Isinyathelo esilandelayo engihlela ukusenza ukubuyekeza ukuphepha kwamawebhusayithi e-Ukraine. Ungashintshi!
Source: www.habr.com