Ƙungiyar masu bincike daga Jami'ar California a Riverside sun fito Kwanakin baya sabon bambance-bambancen harin SAD DNS wanda ke aiki duk da kariyar da aka kara a bara don toshewa rashin lafiyar CVE-2020-25705.
Sabuwar hanyar ita ce gabaɗaya kama da raunin da ya faru a bara kuma kawai an bambanta ta hanyar amfani da nau'in fakiti daban-daban ICMP don tabbatar da tashar jiragen ruwa na UDP masu aiki. Harin da ake shirin kaiwa yana ba da damar canza bayanan dummy a cikin cache na sabar DNS, wanda za a iya amfani da shi don zubar da adireshin IP na wani yanki na sabani a cikin cache da kuma tura kira zuwa yankin zuwa uwar garken maharin.
Hanyar da aka tsara tana aiki ne kawai akan tarin hanyar sadarwar Linux Saboda haɗin kai da keɓanta na injin sarrafa fakitin ICMP a cikin Linux, yana aiki azaman tushen leak ɗin bayanai waɗanda ke sauƙaƙe ƙayyadaddun lambar tashar tashar UDP da uwar garken ke amfani da ita don aika buƙatun waje.
A cewar masu binciken da suka gano matsalar. Lalacewar yana shafar kusan kashi 38% na buɗaɗɗen warwarewar akan hanyar sadarwa, gami da shahararrun ayyukan DNS kamar OpenDNS da Quad9 (9.9.9.9). Don software na uwar garken, ana iya kai harin ta amfani da fakiti kamar BIND, Unbound, da dnsmasq akan uwar garken Linux. Sabar DNS da ke gudana akan tsarin Windows da BSD ba sa nuna matsalar. Dole ne a yi amfani da spoofing na IP don samun nasarar kammala hari. Wajibi ne a tabbatar da cewa ISP na maharin baya toshe fakiti tare da adireshin IP mai tushe.
A matsayin tunatarwa, harin SAD DNS yana ba da damar kariya ta kewayawa da aka ƙara zuwa sabobin DNS don toshe hanyar guba ta cache na gargajiya gabatar a 2008 da Dan Kaminsky.
Hanyar Kaminsky tana sarrafa girman ƙarancin filin ID na DNS, wanda shine kawai 16 ragowa. Don nemo madaidaicin mai gano ma'amalar DNS da ake buƙata don zubar da sunan mai watsa shiri, kawai aika buƙatun kusan 7.000 kuma a kwaikwayi kusan martanin karya 140.000. Harin ya kai ga aika babban adadin fakitin IP na bogi zuwa tsarin Ƙaddamar da DNS tare da masu gano ma'amala na DNS daban-daban.
Domin kariya daga irin wannan harin. Masu kera uwar garken DNS aiwatar da rarraba bazuwar lambobin tashar tashar sadarwa tushen daga abin da ake aika buƙatun ƙuduri, wanda ya ƙunshi girman girman da bai isa ba. Bayan aiwatar da kariyar don aika da martani, ban da zaɓin mai ganowa 16-bit, ya zama dole don zaɓar ɗaya daga cikin tashar jiragen ruwa 64, wanda ya haɓaka adadin zaɓuɓɓukan zaɓi zuwa 2 ^ 32.
Hanyar SAD DNS yana ba ku damar sauƙaƙe ƙayyadaddun lambar tashar tashar cibiyar sadarwa da rage kai hari zuwa tsarin gargajiya na Kaminsky. Mai kai hari zai iya ƙayyade samun dama ga tashar jiragen ruwa na UDP masu aiki da marasa amfani ta hanyar cin gajiyar bayanan leken asiri game da ayyukan tashar jiragen ruwa lokacin sarrafa fakitin martani na ICMP.
Tushen bayanin da ke ba ku damar gano tashoshin jiragen ruwa na UDP da sauri ya faru ne saboda aibi a cikin lambar don sarrafa fakitin ICMP tare da rarrabuwa (tutar da ake buƙata ta ICMP) ko buƙatun turawa (tutar tura ICMP). Aika irin waɗannan fakitin yana canza yanayin cache akan tarin cibiyar sadarwa, yana sa ya yiwu, dangane da martanin uwar garken, don sanin wane tashar tashar UDP ke aiki kuma wacce ba ta.
Canje-canjen da ke toshe bayanan bayanan an karɓi su cikin kernel na Linux a ƙarshen Agusta (An haɗa gyara a cikin kernel 5.15 da sabuntawar Satumba na rassan LTS na kwaya.) Maganin shine canzawa zuwa amfani da SipHash hash algorithm a cikin caches na cibiyar sadarwa maimakon Jenkins Hash.
A ƙarshe, idan kuna da sha'awar sanin ƙarin abubuwa game da shi, kuna iya tuntuɓar cikakkun bayanai a cikin mahaɗin mai zuwa.