Kungiyar Masu bincike daga Jami’ar Tsinghua da ta Kalifoniya da ke Riverside sun kirkiro wani sabon hari que ba da damar sauya bayanan karya a cikin cache na uwar garken DNS, za a iya amfani da wannan don yin amfani da adireshin IP na yanki mara izini da tura kira zuwa yankin zuwa sabar maharan.
Harin ya ɓata ƙarin kariya ga sabobin DNS don toshe hanyar da aka saba amfani da ita ta cinye dutsen cache na DNS wanda aka gabatar a shekarar 2008 ta Dan Kaminsky.
Hanyar Kaminsky yana amfani da ƙananan ƙarancin filin id idery na DNS, wanda shine kawai 16 bit. Don nemo ainihin mai ganowa wanda ake buƙata don ɓoye sunan mai masauki, kawai aika kusan buƙatun 7.000 kuma daidaita kusan martani na 140.000 na bogi.
Harin ya samo asali ne don aika adadi mai yawa na fakiti masu daure ta IP zuwa warwarewar DNS tare da ids na ma'amala daban na DNS. Don hana amsar farko daga ɓoye, an ƙayyade sunan yankin da aka ɗan sauya a cikin kowane martani na bogi.
Don kariya daga irin wannan harin, Masu ƙera sabar DNS aiwatar da bazuwar lambobin tashar jiragen ruwa tushen da aka aika da buƙatun ƙuduri, wanda ya biya don girman gano mai ƙarancin (don aika amsar ƙage, ban da zaɓar mai gano 16-bit, ya zama dole a zaɓi ɗaya daga tashar jiragen ruwa dubu 64, wanda ya ƙaru yawan zaɓuɓɓuka don zaɓi zuwa 2 ^ 32).
Harin SAD DNS yana sauƙaƙa sauƙin gane tashar tashar jirgin ruwa ta hanyar amfanuwa da aikin da aka tace akan tashar jirgin ruwa. Matsalar tana bayyana kanta a duk tsarin aiki (Linux, Windows, macOS da FreeBSD) kuma yayin amfani da sabobin DNS daban-daban (BIND, Unbound, dnsmasq).
An yi iƙirarin cewa 34% na dukkanin bude solvers suna kai hari, kazalika 12 daga cikin manyan ayyuka 14 da aka gwada na DNS, da suka hada da 8.8.8.8 (Google), 9.9.9.9 (Quad9), da kuma sabis na 1.1.1.1 (CloudFlare), da kuma 4 daga 6 da aka gwada hanyoyin daga masu sayarwa masu daraja.
Matsalar ta faru ne saboda kebantaccen tsari na fakitin amsawa na ICMP, que ba ka damar ƙayyade damar shiga tashar jiragen ruwa mai aiki kuma ba'a amfani dashi akan UDP. Wannan fasalin yana ba ka damar yin saurin bincika buɗe tashoshin UDP da ƙetare kariya bisa ga zaɓi na bazuwar tashar tashoshin hanyar sadarwa, rage adadin zaɓuɓɓukan ƙarfin zalunci zuwa 2 ^ 16 + 2 ^ 16 maimakon 2 ^ 32.
Tushen matsalar ita ce hanyar da za ta taƙaita ƙarfin jigilar kaya lambar fakitin ICMP akan tarin cibiyar sadarwar, wanda ke amfani da ƙimar lissafin lissafi, wanda daga nan ne farawa yake farawa. Wannan kwatancen ya zama gama gari ga duk zirga-zirga, gami da zirga-zirgar karya daga maharin da kuma hakikanin zirga-zirga. Ta tsohuwa, akan Linux, amsoshin ICMP an iyakance su zuwa fakiti 1000 a dakika guda. Ga kowane buƙatun da ya isa tashar tashar sadarwar da aka rufe, cibiyoyin sadarwar na ƙara ƙirar ta 1 kuma ta aika fakitin ICMP tare da bayanai daga tashar da ba za a iya riskar ta ba.
Don haka idan ka aika fakiti 1000 zuwa tashar jiragen ruwa daban-daban, duk waɗannan an rufe, uwar garken zai ƙuntata aika da martani na ICMP na dakika daya kuma maharin na iya tabbatar da cewa babu bude mashigai a tsakanin tashar binciken 1000. Idan an aika fakiti zuwa buɗe tashar, sabar ba zata dawo da martani na ICMP ba kuma ƙimar ƙirar ba za ta canza ba, wato, bayan an aika fakiti 1000, ba za a kai iyakar ƙimar amsawa ba.
Tunda ana yin fakiti na karya daga IP na karya, maharin ba zai iya karbar martani na ICMP ba, amma godiya ga jimillar lissafin, bayan kowane fakiti 1000 na karya, yana iya aika bukatar zuwa tashar da ba ta wanzu daga ainihin IP kuma ya kimanta isowa na amsar; idan amsar tazo, to a ɗayan fakiti 1000. Kowane dakika, mai kai hari zai iya aika fakitin bogi 1000 zuwa tashoshi daban-daban kuma da sauri ya tantance abin da ya toshe hanyar bude tashar, sannan ya takaita zabin kuma ya tantance takamaiman tashar.
Kernel na Linux yana magance matsalar tare da facin da ke bazuwar sigogin don iyakance tsananin aikawa fakitin ICMP, wanda ke gabatar da hayaniya da rage zubewar bayanai ta hanyar tashoshin gefe.
Source: https://www.saddns.net/