SAD DNS: kurwisa kwekutsiva data rekunyepedzera muDNS cache

Boka re Vatsvagiri veTsinghua University uye University of California kuRiverside vakagadzira mhando nyowani yekurwisa , que inobvumira kutsiva kwedhata renhema muDNS server cache, iyo inogona kushandiswa kukanganisa iyo IP kero yedanho rekumisikidza uye kuendesa zvakare mafoni kune iyo duraini kune anorwisa server.

Kurwiswa kuno pfuura nekuwedzera kuchengetedzwa kumaseva eDNS kuvharira yakasarudzika DNS cache chepfu nzira yakarongwa muna 2008 naDan Kaminsky.

Iyo Kaminsky nzira inonyengera kuregedza saizi yeiyo DNS query id munda, inova chete 16 zvishoma. Kuti uwane chinongedzo chakakodzera chinodikanwa kufambisa zita revaenzi, ingotumira zvingangoita zviuru zvinomwe uye unoteedzera mhinduro dzinenge zana nemakumi mana.

Kurwiswa kunovira nekutumira nhamba huru yemanyepo mapaketi akasungwa IP kune iyo solver yeDNS ine akasiyana maDNS ekutengesa id Kudzivirira mhinduro yekutanga kubva pakachengetedzwa, zita rakashandurwa domain rinotsanangurwa mumhinduro yega yega.

Kuchengetedza kubva kurudzi urwu rwekurwisa, DNS server vagadziri yaita kugoverwa kwakasarudzika kwenhamba port port sosi kunobva kutumirwa zvikumbiro zvekugadzirisa, izvo zvakabhadhara hukuru hukuru hwekuzivisa (kutumira mhinduro yekunyepedzera, mukuwedzera pakusarudza chinongedzo che16-bit, zvaifanirwa kusarudza imwe yemachiteshi zviuru makumi matanhatu nezvina, izvo zvakawedzera huwandu sarudzo dzesarudzo kusvika 64 ^ 2).

Kurwisa SAD DNS inorerutsa nyore kuzivikanwa kwechiteshi nekutora mukana weakafefetwa chiitiko pane network network. Dambudziko rinozviratidza mune ese masisitimu anoshanda (Linux, Windows, macOS uye FreeBSD) uye kana uchishandisa akasiyana maSeva eDNS (BIND, Unbound, dnsmasq).

Zvinonzi 34% yeavo vese solvers akavhurika anorwiswa, pamwe ne12 pamakumi gumi nematanhatu epamusoro akaedzwa maDNS masevhisi, anosanganisira 14 (Google), 8.8.8.8 (Quad9.9.9.9), uye 9 (CloudFlare) masevhisi, pamwe ne1.1.1.1 kubva pavatanhatu vakaedzwa ma routers kubva kune vane mbiri vatengesi.

Dambudziko iri riri nekuda kwekusarudzika kweICMP yekupindura packet fomati, , que inobvumidza iwe kuona kupinda kune anoshanda network mapoti uye haina kushandiswa pamusoro peUDP. Iyi ficha inokutendera iwe kuti ukurumidze kuongorora yakavhurika UDP zviteshi uye nekunyatso pfuura kudzivirirwa kunoenderana nesarudzo yakasarudzika yenzvimbo network network, ichideredza huwandu hwesarudzo dzechisimba kusvika 2 ^ 16 + 2 ^ 16 pachinzvimbo che2 ^ 32.

Kunobva dambudziko iri mashandiro ekudzora kusimba kwekutumira huwandu hwe ICMP mapakeji pane iyo network stack, iyo inoshandisa inofungidzirwa counter kukosha, kubva iko kumberi kukwenya kunotanga. Iyi pakaunda yakajairika kune ese traffic, kusanganisira yekunyepedzera traffic kubva kune anorwisa uye chaiyo traffic. Nokusingaperi, paLinux, ICMP mhinduro dzinogumira kune mapakeji chiuru pasekondi. Kune chikumbiro chega chega chinosvika pavhavha yenetiji yakavharika, iyo neti stack inowedzera iyo counter ne1 uye inotumira iyo ICMP packet ine data kubva kune isingasvikike chiteshi.

Saka kana iwe ukatumira 1000 mapaketi kune akasiyana network network, ese akavharwa, sevha ichadzora kutumirwa kweICMP mhinduro kwechipiri chechipiri uye anorwisa anogona kuve nechokwadi chekuti hapana zviteshi zvakavhurika pakati pezviteshi 1000 zvakatsvaga. Kana pakiti rikatumirwa kuchiteshi chakavhurika, sevha haidzore mhinduro yeICMP uye kukosha kwekaunda hakuzoshanduke, ndiko kuti, mushure mekunge mapaketi 1000 atumirwa, muganho wekupindura hausvike.

Sezvo mapakeji enhema akaitwa kubva kuIP yekunyepedzera, uyo anorwisa haakwanise kugamuchira mhinduro dze ICMP, asi nekuda kwekambani yese, mushure memapakeji ese e1000 emanyepo, anogona kutumira chikumbiro kune chiteshi chisipo kubva kune chaicho IP uye ongorora kusvika kwemhinduro; kana mhinduro ikauya, saka mune imwe yemapakeji chiuru. Sekondi yega yega, anorwisa anokwanisa kutumira mapeketi ekunyepera chiuru kuzviteshi zvakasiyana uye nekukurumidza kuona kuti ndechipi chivhariso chechiteshi chakavhurika, wobva wadimbudzira sarudzo uye woona chiteshi chakati.

Iyo Linux kernel inogadzirisa dambudziko nechigamba chinomisikidza paramende kudzikamisa kusimba kwekutumira mapaketi eICMP, ayo anounza ruzha uye anoderedza kudonhedza dhata kuburikidza nematanho epadivi.

mabviro: https://www.saddns.net/


Izvo zviri muchinyorwa zvinoomerera pamisimboti yedu ye tsika dzekunyora. Kuti utaure chikanganiso tinya pano.

Iva wekutanga kutaura

Siya yako yekutaura

Your kero e havazobvumirwi ichibudiswa.

*

*

  1. Inotarisira data: AB Internet Networks 2008 SL
  2. Chinangwa cheiyo data: Kudzora SPAM, manejimendi manejimendi.
  3. Legitimation: Kubvuma kwako
  4. Kutaurirana kwedata
  5. Dhata yekuchengetedza: Dhatabhesi inobatwa neOccentus Networks (EU)
  6. Kodzero: Panguva ipi neipi iwe unogona kudzora, kupora uye kudzima ruzivo rwako