NgoFebhuwari, uChristian Haschek wase-Austrian washicilela isihloko esithakazelisayo kubhulogi yakhe esinesihloko esithi
TL; DR
Awekho amathuluzi akhethekile asetshenzisiwe ukuze kuqoqwe ulwazi (yize abantu abambalwa belulekwe ngokusebenzisa i-OpenVAS efanayo ukuze kwenziwe ucwaningo olunemininingwane futhi lube nolwazi). Ngokuvikeleka kwama-IP ahlobene ne-Ukraine (okuningi ngokuthi kunqunywe kanjani ngezansi), isimo, ngokubona kwami, sibi impela (futhi sibi ngempela kunalokho okwenzeka e-Austria). Ayikho imizamo eyenziwe noma ehlelelwe ukuxhaphaza amaseva atholakele asengozini.
Okokuqala nje: ungawathola kanjani wonke amakheli e-IP okungewezwe elithile?
Empeleni ilula kakhulu. Amakheli e-IP awakhiqizwa izwe ngokwalo, kodwa abelwe wona. Ngakho-ke, kukhona uhlu (futhi lusesidlangalaleni) lwawo wonke amazwe nawo wonke ama-IP angawo.
Wonke umuntu angakwazi
I-Ukraine inamakheli acishe abe ngama-IPv4 amaningi njenge-Austria, ngaphezu kwezigidi ezingu-11 11 ukuba neqiniso (uma kuqhathaniswa, i-Austria ine-640).
Uma ungafuni ukudlala ngamakheli e-IP ngokwakho (futhi akufanele!), ungasebenzisa isevisi.
Ingabe ikhona imishini ye-Windows engafakwanga e-Ukraine enokufinyelela okuqondile ku-inthanethi?
Yiqiniso, akekho noyedwa umuntu wase-Ukraine oqaphelayo ozovula ukufinyelela okunjalo kumakhompyutha abo. Noma kuzoba njalo?
masscan -p445 --rate 300 -iL ukraine.ips -oG ukraine.445.scan && cat ukraine.445.scan | wc -l
Imishini ye-Windows engu-5669 enokufinyelela okuqondile kunethiwekhi yatholwa (e-Austria kukhona i-1273 kuphela, kodwa lokho kuningi).
Eshu. Ingabe kukhona phakathi kwabo okungase kuhlaselwe kusetshenziswa i-ETHERNALBLUE, eyaziwa kusukela ngo-2017? Kwakungekho neyodwa imoto enjalo e-Austria, futhi ngangithemba ukuthi yayingeke itholakale nase-Ukraine. Ngeshwa, akusizi. Sithole amakheli e-IP angu-198 angazange avale le βmboboβ ngokwawo.
I-DNS, i-DDoS kanye nokujula komgodi onogwaja
Kwanele ngeWindows. Ake sibone lokho esinakho ngamaseva e-DNS, okuyizixazululi ezivulekile futhi ezingasetshenziselwa ukuhlasela kwe-DDoS.
Isebenza into efana nale. Umhlaseli uthumela isicelo esincane se-DNS, futhi iseva esengozini iphendula isisulu ngephakethe elikhulu ngokuphindwe ka-100. Boom! Amanethiwekhi ezinkampani angawa ngokushesha kusuka kumthamo onjalo wedatha, futhi ukuhlasela kudinga umkhawulokudonsa onganikezwa yi-smartphone yesimanje. Futhi kwaba nokuhlasela okunjalo
Ake sibone ukuthi akhona yini amaseva anjalo e-Ukraine.
masscan -pU 53 -iL ukraine.ips -oG ukraine.53.scan && cat ukraine.53.scan | wc -l
Isinyathelo sokuqala ukuthola lezo ezinechweba elivulekile 53. Ngenxa yalokho, sinohlu lwamakheli e-IP angu-58, kodwa lokhu akusho ukuthi wonke angasetshenziselwa ukuhlasela kwe-DDoS. Isidingo sesibili kufanele kuhlangatshezwane naso, okungukuthi kufanele zibe yizixazululi ezivulekile.
Ukuze senze lokhu, singasebenzisa umyalo olula wokumba futhi sibone ukuthi singakwazi "ukumba" ukumba + ukuhlolwa okufushane.openresolver.com TXT @ip.of.dns.server. Uma ngabe iseva iphendule ngokuthi kutholwe isixazululi esivulekile, singase sibhekwe njengethagethi yokuhlasela. Izixazululi ezivulekile zenza cishe ama-25%, afana ne-Austria. Ngokwenani eliphelele, lokhu cishe ku-0,02% wawo wonke ama-IP wase-Ukraine.
Yini enye ongayithola e-Ukraine?
Ngiyajabula ukuthi ubuze. Kulula (futhi okuthakazelisa kakhulu kimina uqobo) ukubuka i-IP enechweba elivulekile 80 nokuthi yini esebenzayo kuyo.
iseva yewebhu
260 ama-IP ase-Ukraine aphendula ku-port 849 (http). Amakheli angu-80 aphendule kahle (isimo esingu-125) esicelweni esilula se-GET esingasithumela isiphequluli sakho. Okunye kukhiqize iphutha elilodwa noma elinye. Kuyathakazelisa ukuthi amaseva angu-444 akhiphe isimo se-200, futhi izimo ezingavamile kube ngu-853 (isicelo sokugunyazwa kommeleli) kanye ne-500 engeyona ejwayelekile ngokuphelele (i-IP engekho "ohlwini olumhlophe") ukuze uthole impendulo eyodwa.
I-Apache ibusa ngokuphelele - amaseva ayi-114 ayayisebenzisa. Inguqulo endala engiyithole e-Ukraine yi-544, ekhishwe ngo-Okthoba 1.3.29, 29 (!!!). i-nginx isendaweni yesibili ngamaseva angu-2003.
Amaseva ayi-11 asebenzisa i-WinCE, eyakhululwa ngo-1996, futhi aqeda ukuyichibiyela ngo-2013 (kunezi-4 kuphela zalezi e-Austria).
Iphrothokholi ye-HTTP/2 isebenzisa amaseva angama-5, i-HTTP/144 - 1.1, HTTP/256 - 836.
Amaphrinta... ngoba... kungani kungenjalo?
2 HP, 5 Epson kanye ne-4 Canon, ezifinyeleleka kunethiwekhi, ezinye zazo ngaphandle kokugunyazwa.
ama-webcams
Akuzona izindaba ukuthi e-Ukraine kunamakhamera amaningi ewebhu asakaza ngokwawo ku-inthanethi, aqoqwe ngezinsiza ezahlukahlukene. Okungenani amakhamera angu-75 azisakaza ku-inthanethi ngaphandle kokuvikelwa. Ungababheka
Yini okulandelayo?
I-Ukraine yizwe elincane, njenge-Austria, kodwa linezinkinga ezifanayo namazwe amakhulu emkhakheni we-IT. Kudingeka sithuthukise ukuqonda okungcono kokuthi yini ephephile nokuthi yini eyingozi, futhi abakhiqizi bemishini kufanele banikeze ukulungiselelwa okuphephile kokuqala kwemishini yabo.
Ngaphezu kwalokho, ngiqoqa izinkampani zozakwethu (
Source: www.habr.com