Iqembu labacwaningi abavela e-Vrije Universiteit Amsterdam kanye ne-ETH Zurich lenze indlela yokuhlasela inethiwekhi. (I-Network Cache ATtack), evumela, kusetshenziswa izindlela zokuhlaziya idatha ngokusebenzisa iziteshi zezinkampani zangaphandle, ukunquma ukude okhiye abacindezelwe umsebenzisi ngenkathi usebenza kuseshini ye-SSH. Inkinga ivela kuphela kumaseva asebenzisa ubuchwepheshe (Ukufinyelela kwememori okude) kanye (I-Data-Direct I/O).
Intel , ukuthi ukuhlasela okunzima ukukusebenzisa ekusebenzeni, njengoba kudinga ukufinyelela komhlaseli kunethiwekhi yendawo, izimo eziyinyumba kanye nenhlangano yokuxhumana kosokhaya kusetshenziswa ubuchwepheshe be-RDMA kanye ne-DDIO, evame ukusetshenziswa kumanethiwekhi angawodwa, isibonelo, lapho ikhompuyutha amaqoqo ayasebenza. Udaba lulinganiselwe oluncane (CVSS 2.6, ) futhi kunikezwa isincomo sokungavumeli i-DDIO ne-RDMA kumanethiwekhi endawo lapho i-perimeter yezokuphepha inganikezwanga futhi ukuxhumeka kwamaklayenti angathembekile kuvunyelwe. I-DDIO isetshenziswe ku-Intel server processors kusukela ngo-2012 (Intel Xeon E5, E7 kanye ne-SP). Amasistimu asuselwe kumaphrosesa avela ku-AMD nabanye abakhiqizi awathintwa inkinga, ngoba awakusekeli ukugcinwa kwedatha edluliswa ngenethiwekhi kunqolobane ye-CPU.
Indlela esetshenziselwa ukuhlasela ifana nokuba sengozini "", okukuvumela ukuthi uguqule okuqukethwe kwezingcezu ngazinye ku-RAM ngokukhohlisa amaphakethe enethiwekhi kumasistimu ane-RDMA. Inkinga entsha iwumphumela womsebenzi wokunciphisa ukubambezeleka lapho kusetshenziswa indlela ye-DDIO, eqinisekisa ukuxhumana okuqondile kwekhadi lenethiwekhi namanye amadivaysi e-peripheral ne-cache yokucubungula (enqubweni yokucubungula amaphakethe ekhadi lenethiwekhi, idatha igcinwa kunqolobane futhi ibuyiswe kunqolobane, ngaphandle kokufinyelela kumemori).
Ngenxa ye-DDIO, inqolobane yokucubungula iphinde ihlanganise idatha ekhiqizwe ngesikhathi somsebenzi wenethiwekhi enonya. Ukuhlasela kwe-NetCAT kusekelwe eqinisweni lokuthi amakhadi enethiwekhi agcina idatha ngenkuthalo, kanye nesivinini sokucutshungulwa kwephakethe kumanethiwekhi endawo anamuhla kwanele ukuba nomthelela ekugcwalisweni kwenqolobane futhi anqume ubukhona noma ukungabikho kwedatha kunqolobane ngokuhlaziya ukubambezeleka phakathi nedatha. ukudlulisa.
Uma usebenzisa izikhathi ezisebenzisanayo, njenge-SSH, iphakethe lenethiwekhi lithunyelwa ngokushesha ngemva kokuba ukhiye ucindezelwe, i.e. ukubambezeleka phakathi kwamaphakethe kuhlobana nokubambezeleka phakathi kwama-keystrokes. Usebenzisa izindlela zokuhlaziya izibalo futhi ucabangela ukuthi ukubambezeleka phakathi kwama-keystrokes ngokuvamile kuncike endaweni kakhiye kukhibhodi, kungenzeka ukuphinda udale ulwazi olufakiwe ngamathuba athile. Isibonelo, abantu abaningi bavamise ukubhala u-"s" ngemva kuka-"a" ngokushesha kakhulu kuno-"g" ngemva kuka-"s".
Ulwazi olufakwe kunqolobane yokucubungula luvumela umuntu ukuthi ahlulele isikhathi esiqondile samaphakethe athunyelwe ikhadi lenethiwekhi lapho ecubungula ukuxhumana okufana ne-SSH. Ngokukhiqiza ukugeleza kwethrafikhi ethile, umhlaseli anganquma isikhathi lapho idatha entsha ivela kunqolobane ehlotshaniswa nomsebenzi othile ohlelweni. Ukuhlaziya okuqukethwe kwenqolobane, indlela isetshenziswa , okubandakanya ukugcwalisa inqolobane ngesethi yereferensi yamanani kanye nokulinganisa isikhathi sokufinyelela kuwo lapho egcwaliswa kabusha ukuze kunqunywe izinguquko.
Kungenzeka ukuthi indlela ehlongozwayo ingasetshenziswa ukunquma hhayi kuphela izinkinobho zokhiye, kodwa nezinye izinhlobo zedatha eyimfihlo efakwe kunqolobane ye-CPU. Ukuhlasela kungenziwa noma ngabe i-RDMA ikhutshaziwe, kodwa ngaphandle kwe-RDMA ukusebenza kwayo kuyancishiswa futhi ukubulawa kuba nzima kakhulu. Kungenzeka futhi ukusebenzisa i-DDIO ukuhlela ishaneli yokuxhumana eyimfihlo esetshenziselwa ukudlulisa idatha ngemva kokuba iseva isengozini, yeqa izinhlelo zokuphepha.
Source: opennet.ru