RangeAmp - Taxane ah weerarro CDN ah oo wax ka qabta madaxa Range HTTP

Darkcrizt

Daqiiqado 4

Koox cilmi baarayaal ah oo ka socda Jaamacadda Peking, Jaamacadda Tsinghua iyo Jaamacadda Texas ee Dallas sii daayay macluumaad ku saabsan shaqadaada la qabtay si aad awood ugu yeelato inaad aqoonsato fasal cusub oo weerarada DoS ah oo ay ugu magac dareen "RangeAmp" iyo kuwaas oo ku saleysan adeegsiga madaxa Range HTTP si loo abaabulo ballaadhinta taraafikada iyada oo loo marayo shabakadda gudbinta waxyaabaha (CDN).

Nuxurka habka arrintu waxay tahay, sababtoo ah qufulka ka shaqeynta madaxyada Range ee CDNs badan, weeraryahan waxaad ka codsan kartaa baayl fayl weyn iyada oo loo marayo CDN, laakiin CDN wuxuu kala soo bixi doonaa feylka oo dhan ama xog aad u ballaaran oo ka soo baxda serverka loo socdo keydinta.

Heerka kordhinta taraafikada inta lagu jiro weerarka noocan ah, sida ku cad CDN, waa 724 illaa 43330 jeer, taas oo loo isticmaali karo in lagu raro culeyska taraafikada CDN ee soo galaya ama lagu yareeyo baaxada marinka kanaalka ugu dambeeya ee isgaarsiinta goobta dhibanaha.

Madaxa Range wuxuu u oggolaanayaa macmiilka inuu go'aamiyo baaxadda boosaska faylka ku jira taas oo la rakibayo halkii laga soo celin lahaa faylka oo dhan.

Tusaale ahaan, macmiilku wuu cayiman karaa "Range: bytes = 0-1023" oo adeeguhu wuxuu soo gudbin doonaa oo keliya 1024 bytes ee ugu horreeya xogta. Muuqaalkaani waa mid baahi badan loo qabo marka la soo degsanayo feylasha waaweyn: isticmaaluhu wuu hakad gelin karaa soo dejinta ka dibna wuu ka sii wadi karaa booska la joojiyay. Markii la qeexayo "bytes = 0-0", jaangooyuhu wuxuu qorayaa in la siiyo baytka ugu horreeya faylka, "bytes = -1" - kan ugu dambeeya, "bytes = 1-" - laga bilaabo 1 bayt ilaa dhammaadka faylka. Waxaad ku wareejin kartaa safaf kala duwan hal cinwaan, tusaale ahaan "Range: bytes = 0-1023.8192-10240".

Sidoo kale, ikhtiyaar weerar labaad ayaa la soo jeediyey (waxaa loo yaqaan 'RangeAmp Overlapping Byte Ranges (OBR) attack), oo loogu talagalay in lagu kordhiyo culeyska shabakadda marka taraafikada loo sii gudbiyo CDN kale, oo loo isticmaalo wakiil ahaan (tusaale ahaan, marka Cloudflare uu u dhaqmo sidii hore (FCDN) iyo Akamai wuxuu u dhaqmaa sidii gadaal (BCDN)). Qaabku wuxuu u eg yahay weerarkii ugu horreeyay, laakiin wuxuu ku kooban yahay CDN-yada wuxuuna kuu oggolaanayaa inaad kordhiso taraafikada markaad marin ka heleyso CDN-yada kale, kordhinta culeyska kaabayaasha iyo yaraynta tayada adeegga.

Fikradda ayaa ah in weeraryahanku u diro kaladuwanaansho badan dalabka CDN, sida "bytes = 0-, 0-, 0 - ...", "bytes = 1-, 0-, 0 - ..." ama "bytes = - 1024,0-, 0 -…«.

Codsiyada waxaa kujira tiro badan oo ah safafka "0-", taas oo tilmaamaysa soo celinta faylka laga soo bilaabo xoq ilaa dhamaadka. Sababtoo ah kala-soocid aan sax ahayn markii ugu horreysay ee CDN ay tixraacdo tan labaad, feyl dhammaystiran ayaa lagu soo celiyaa koox kasta oo "0-" ah (jaangooyooyinku isuguma urursan yihiin, laakiin waa la isku amrayaa si isdaba-joog ah) haddii isku-darka iyo isgoysyada kaladuwan ay ku jiraan codsigii weerarka ee markii hore la gudbiyay Heerka kordhinta taraafikada ee weerarka noocaas ah wuxuu u dhexeeyaa 53 ilaa 7432 jeer.

Daraasadu waxay baartay habdhaqanka 13 CDNs: Akamai, Alibaba Cloud, Azure, CDN77, CDNsun, Cloudflare, CloudFront, Fastly, G-Core Labs, Huawei Cloud, KeyCDN, StackPath, iyo Tencent Cloud.

"Nasiib darro, inkasta oo aan dhowr jeer u dirnay e-maylo isla markaana aan isku daynay inaan la xiriirno adeegyadooda macaamiisha, StackPath wax jawaab celin ah kama bixin," ayay yiraahdeen kooxda cilmi-baarista.

Guud ahaan, waxaan ku dadaalnay intii karaankayaga ah inaan si masuuliyadi ku dheehan tahay u soo tabinno nuglaanta isla markaana aan u siino xallinta yaraynta. Bixiyeyaasha CDN ee la xiriira ayaa heystay ku dhowaad toddobo bilood si ay u hirgeliyaan farsamooyinka yareynta ka hor inta aan la daabicin dukumiintigaan. "

Dhammaan CDN-yada dib loo eegay ayaa loo oggol yahay nooca ugu horreeya ee weerarka server-ka bartilmaameedka ah. Nooca labaad ee weerarka CDN wuxuu noqday mid u nugul adeegyada 6, kuwaas oo afar kamid ah ay u noqon karaan isdhexgal ahaan weerarka (CDN77, CDNsun, Cloudflare iyo StackPath) iyo seddex kaalin dhamaadka-dhamaadka (Akamai, Azure) iyo StackPath).

Faa'iidada ugu sareysa waxaa lagu gaaraa Akamai iyo StackPath, taas oo kuu oggolaaneysa inaad tilmaamto in ka badan 10 oo darajo oo cinwaanka Darajada ah.

Milkiilayaasha CDN ayaa la ogeysiiyey dayacanka qiyaastii 7 bilood kahor iyo waqtiga shaacinta dadweynaha, 12 ka mid ah 13 CDN ayaa xaliyay dhibaatooyinka la tilmaamay ama muujiyay rabitaankooda xalinta.

source: https://www.liubaojun.org


Ka tag faalladaada

cinwaanka email aan la daabacin doonaa. Beeraha loo baahan yahay waxaa lagu calaamadeeyay la *

*

*

  1. Ka mas'uul ah xogta: AB Internet Networks 2008 SL
  2. Ujeedada xogta: Xakamaynta SPAM, maaraynta faallooyinka.
  3. Sharci: Oggolaanshahaaga
  4. Isgaarsiinta xogta: Xogta looma gudbin doono dhinacyada saddexaad marka laga reebo waajibaadka sharciga ah.
  5. Kaydinta xogta: Macluumaadka ay martigelisay Shabakadaha Occentus (EU)
  6. Xuquuqda: Waqti kasta oo aad xadidi karto, soo ceshan karto oo tirtiri karto macluumaadkaaga.