Ukuhlasela kweDDoS - yintoni na? Inkqubo yokuhlaselwa kweDDoS

Ukuhlaselwa, ngexesha apho abasebenzisi abakwazi ukufikelela kule ndawo okanye ezinye izixhobo, ezibizwa ngokuba yi-DDoS-attack, okanye ingxaki efana ne "Ukukhishwa kweNkonzo." Isixhobo esiphezulu sahlaselo lwe-hacker zezicelo zangexesha elifanayo zivela kwinani elikhulu leekhomputhaza emhlabeni wonke, kwaye zijoliswe ikakhulu kumaseva ezinkampani ezikhuselekile kakuhle okanye imibutho karhulumente, kaninzi kuncinci kwizinto ezingenanto zorhwebo.

Ikhompyutheni esuleleke yenkqubo yeTrojan iyafana ne "zombie", kunye nabahlaseli, isebenzisa amakhulu amaningana okanye amawaka eenkulungwane ze "Zombies" ezinjalo, kubangela ukungasebenzi kwimisebenzi (ukukhishwa kwenkonzo).

Izizathu zokuqhuba ukuhlaselwa kweDDoS zininzi. Makhe sizame ukufumanisa izinto ezithandwa kakhulu, kodwa ngexesha elifanayo uphendule imibuzo: "Ukuhlaselwa kweDDoS - yintoni na, indlela yokuzikhusela ngokwayo, yintoni imiphumo yayo kwaye yintoni na eyenziweyo?"

Khuphiswano

I-intanethi sele ibe ngumthombo weengcamango zoshishino, ukuphunyezwa kweeprojekthi ezinkulu kunye nezinye iindlela zokufumana imali eninzi, ngoko ukuhlaselwa kwe-DDOS kuqhutyelwa ukuba kulandelwe. Okokuthi, ukuba umbutho ufuna ukuwususa xa umncintiswano ebonakalayo, umane ubhekisela kwi-hacker (okanye iqela lawo) ngomsebenzi olula-ukuphazamisa umsebenzi weenkampani ezingathandekiyo ngokusebenzisa izixhobo ze-Intanethi (ukuhlaselwa kweDDoS kumncedisi okanye kwisayithi).

Ngokuxhomekeke kwiinjongo kunye neenjongo ezithile, ukuhlaselwa okunjalo kusekwe ixesha elithile kunye nokusetyenziswa kwamandla afanelekileyo.

Ukukhwabanisa

Ngokuqhelekileyo ukuhlaselwa kwe-DDoS kwisayithi kuququzelelwe kwinqanaba labacebisi ukwenzela ukukhusela inkqubo kwaye kufumaneke ukufikelela kumntu okanye kwenye idatha ebalulekileyo. Emva kokuba abahlaseli banciphisa inkqubo, banokufuna imali ethile ukubuyisela ukusebenza kwezixhobo ezihlaselwe.

Abaninzi abasomashishini be-intanethi bayavumelana neemeko ezibekwe phambili, zilungelelanisa izenzo zabo ngexesha elingenamsebenzi emsebenzini kunye nokufumana ilahleko ezinkulu - kulula ukuhlawula imali encinci kumkhwabanisi kunokuba ulahlekelwe yinzuzo ebalulekileyo kuyo yonke imihla yokuchitha ixesha.

Ukuzonwabisa

Abasebenzisi abaninzi beWebhu yehlabathi jikelele banomdla kunomdla okanye kumnandi: "Ukuhlaselwa kweDDOS - yintoni na indlela yokwenza ngayo?" Ngoko ke, akuqhelekanga kubaqalayo ukuba baququzelele ukuhlaselwa okunjalo kwizixhobo ezingenangqungquthela ngenxa yokuzivanya nokunyamezela.

Ngokubambisana nezizathu, ukuhlaselwa kwe-DDoS kuneempawu zazo zokuhlelwa.

1. Bandwidth . Namhlanje phantse yonke ikamelo lekhompyutha lixhotywe kunye nenethiwekhi yendawo okanye ixhunyiwe kwi-intanethi. Ngako oko, iziganeko zezikhukhula zenethiwekhi - inqwaba yemibuzo kunye nenkqubo engafanelekanga eyakhiweyo kunye nenjongo engabonakaliyo kwizibonelelo ezithile okanye izixhobo - zisetyenziselwa ukulungiselela ukungaphumeleli okanye ukuhluleka kwayo (iziteshi zonxibelelwano, iidiski ezinzima, imemori, njl).
2. Ukudinwa kwenkqubo . Ukuhlaselwa kweDDoC enjalo kwi-Samp server isebenza ukubamba imemori engokwenyama, ixesha le-CPU kunye nezinye izibonelelo zenkqubo, ngenxa yokungabikho kwento ehlaseleyo engenakho ukusebenza ngokugcwele.
3. Loop . Ukuqinisekiswa kweengxelo ze-Infinite kunye neminye imijikelezo esebenzayo "kwisangqa" eyenza into ukuba ichithe ezininzi izixhobo, ngaloo ndlela ivala imemori ekuphelelweni kwayo ngokupheleleyo.
4. Ukuhlaselwa ngamanga . Injalo inhlangano ijoliswe ekukhuseleni amanga iinkqubo zokukhusela, ekugqibeleni ziphumo ekuthintela izibonelelo ezithile.
5. HTTP protocol . I-Hackers ithumela iiphakethe ze-HTTP ezisezantsi ezinokubhaliweyo okhethekileyo, imithombo ngokwemvelo ayiboni ukuba ukuhlaselwa kweDDoS ihlelwe kuyo, inkqubo yeseva, eyenza umsebenzi wayo, ithumela amapakethe enamandla amakhulu ekuphenduleni, ngaleyo ndlela igqithise ibhulophu yexhoba, eliphumela Kwakhona ukuhluleka kweenkonzo.
6. Ukuhlasela kweSmurf . Le yenye yezona zityalo eziyingozi. I-hacker ithumela ipakethi ye-ICMP inkohliso kwixhoba, apho idilesi yexhoba ithatyathwa yile dilesi yehlaseli, kwaye zonke iziqalo ziqala ukuthumela impendulo kwisicelo se-ping. Ukuhlaselwa kweDDoS yinkqubo enenjongo yokusebenzisa inethwekhi enkulu, okokuthi, isicelo esenziwa ngama-computer e-100 siya kuqiniswa ngamaxesha angama-100.
7. Umkhukula we-UDP . Olu hlobo lokuhlaselwa lufana nolunye oludlulileyo, kodwa esikhundleni se-ICMP-phakheji, abahlaseli basebenzisa iiphakheji ze-UDP. Ingundoqo yale ndlela ibuyisela idilesi ye-IP yexhoba kunye nedilesi ye-hacker kwaye ilayishe ngokugcwele umda we-bandwidth, oya kubangela ukuba kuqhutywe inkqubo.
8. Umkhukula we-SYN . Abahlaseli bazama ukukhawuleza ukuqala inani elikhulu le-TCP-uqhagamshelo nge-SYN-channel kunye nedilesi yokubuyisela engafanelekanga okanye engekho ngokupheleleyo. Emva kwemizamo emininzi enjalo, ezininzi iinkqubo zokusebenza umgca uxhumano lweengxaki kwaye emva nje kwemizamo embalwa yokuyivala. Ukuhamba komzila we-SYN kukhulu kakhulu, kwaye kungekudala, emva kwemizamo eninzi enjalo, ixhoba eliyintloko liyenqabela ukuvula unxibelelwano olutsha, ukuvimba umsebenzi wonxibelelwano wonke.
9. "Iiphakheji ezinkulu . " Olu hlobo lokuphendula umbuzo: "Yintoni ukuhlaselwa kwe-DDoC yomncedisi?" Abahlaseli bathumela amapakethi kumncedisi womsebenzisi, kodwa ukutshatyalaliswa kwe-bandwidth akwenzeki, isenzo sichazwa kuphela kwi-CPU. Ngenxa yoko, iiphakheji zikhokelela ekusileleni kwinkqubo, kwaye, kwakhona, ukuphika ukufikelela kwizibonelelo zayo.
10. Iifayile zokungena . Ukuba i-quota kunye nenkqubo yokujikeleza inemigodi yokuphepha, abahlaseli bangathumela iipakethi ezinkulu, ngoko bathabatha yonke indawo yamahhala kwiidiski ezikhuni ze-server.
11. Inkqubo yenkqubo . Hackers abanolwazi olunzulu bangafunda ngokugcwele isakhiwo se-server yesisulu baze baqalise i-algorithms ekhethekileyo (inkqubo ye-DDoS attack-exploit program). Olu hlaselo lujoliswe ikakhulu kwiiprojekthi zorhwebo ezikhuselweyo kakuhle kunye nemibutho yamacandelo ahlukeneyo kunye nemimandla. Abahlaseli bafumana izikhefu kwikhowudi yeprogram kwaye baqhuba imiyalelo engafanelekanga okanye ezinye izilungiso eziqhelekileyo ezikhokelela ekutshintsheni ngokukhawuleza kwenkqubo okanye inkonzo.

Ukuhlaselwa kweDDoS: yintoni na indlela yokuzivikela ngayo

Izindlela zokukhusela kwi-DDoS-attack, kukho ezininzi. Kwaye zonke ziyakwazi ukwahlula zibe zine: i-passive, active, i-reactionary kunye neyokukhusela. Ngale nto nathi siza kuthetha ngakumbi ngokubanzi.

Ukuthintela

Kuyimfuneko ukukhusela izizathu, zona ezinokubangela ukuhlaselwa kweDDoS. Olu hlobo lunokuquka ukungathandeki komntu, ukungafani komthetho, ukhuphiswano kunye nezinye izinto ezibangela ingqalelo "ukwandiswa" kuwe, ishishini lakho, njl.

Ukuba uyaphendula ngexesha kulezi zinto kwaye udwebe izigqibo ezifanelekileyo, unokuphepha ezininzi iimeko ezingathandekiyo. Le ndlela ingabonwa, kunoko, kwisisombululo solawulo lweengxaki , kunokuba kuluhlu lwezobugcisa lo mbandela.

Amanyathelo okuphendula

Ukuba ukuhlaselwa kwezixhobo zakho kuqhubeka, kufuneka ufumane umthombo weengxaki zakho - umthengi okanye umqhubi, - usebenzisa zombini umbane kunye nezobugcisa zempembelelo. Ezinye iifemu zibonelela ngeenkonzo ukuze zifumane abaxhasi ngendlela yobuchwepheshe. Ngokusekelwe kwiziqinisekiso zeengcali ezibhekiselele kulo mbandela, umntu akafumani nje kuphela umonakalo osebenzisa i-DDoS, kodwa naye umthengi ngokwakhe.

Ukukhusela iSoftware

Ezinye iincwadi ze-hardware kunye ne-software, kunye nemveliso yazo, zinokunika izicombululo ezimbalwa, kwaye ukuhlaselwa kwe-DDoS kwisayithi kuya kunikwa. Njengoko umkhuseli wezobuchwepheshe angenza njengomncedisi omncinci ohlukeneyo, enenjongo yokulwa nokuhlaselwa kwe-DDoS encinci naphakathi.

Isisombululo siphelele kumashishini amancinci naphakathi. Kwiinkampani ezinkulu, amashishini kunye nee-arhente zikaburhulumenteni, kukho izakhiwo ze-hardware ezipheleleyo zokulwa nokuhlaselwa kwe-DDoS, leyo, kunye nexabiso eliphezulu, ineempawu ezikhuselekileyo zokukhusela.

U kucoca

Ukuthintela nokucoca ngokucophelela kwendlela yokungena kuyoyi kunciphisa kuphela amathuba okuhlaselwa. Kwezinye iimeko, ukuhlaselwa kweDDoC kwiseva kunokupheliswa ngokupheleleyo.

Kukho iindlela ezimbini eziphambili zokucoca itrafikhi: umlilo kunye neendlela ezipheleleyo.

Ukucoca kunye neelwimi (ACL) kukuvumela ukuba uhlunge iiprosoft protocol ngaphandle kokuphulwa komsebenzi we-TCP kwaye unganciphisi isivinini sokufikelela kwisixhobo esivikelwe. Nangona kunjalo, ukuba abahlaseli basebenzise iibhodnetshi okanye izicelo eziphezulu, ke le ndlela ayiyi kusebenza.

Iimfumbala zikhuseleke kangcono kuhlaselo lweDDoS, kodwa i-disadvantage kuphela yileyo kuphela yintanethi yabucala kwaye engekho yorhwebo.

Mirror

Ingundoqo yile ndlela kukulungiselela zonke izithuthi ezingenayo zomhlaseli. Unokwenza oku ngokuthi unamaseva anamandla kunye neengcali ezikhangekileyo eziya kuthi zilungele ukuhambisa i-traffic, kodwa ziyakwazi ukukhubaza izixhobo zomhlaseli.

Indlela ayisebenziyo xa kukho iziphene kwiinkonzo zenkqubo, iikhowudi zesofthiwe kunye nezinye izicelo zethungelwano.

Ukuxhatshazwa

Olu hlobo lokukhusela lujolise ekulungiseni ukusetyenziswa, ukuphelisa iziphene kwi-Web applications kunye neenkqubo, kunye nezinye iinkonzo ezinoxanduva lwezothutho. Le ndlela ayiluncedo nxamnye nokuhlaselwa kwezikhukhula, ezijoliswe ngokukodwa kwezi zinto ezibuthathaka.

Izixhobo zanamhlanje

Ukukhuselwa kwe-100% ukuqinisekisa le ndlela ayikwazi. Kodwa ikuvumela ukuba uqhube kakuhle ngeminye imisebenzi (okanye isethi yabo) ukukhusela i-DDoS-attack.

Ukusasazwa kweenkqubo kunye nezibonelelo

Ukuphinda izixhobo kunye neenkqubo zokuhambisa iza kubangela ukuba abasebenzisi basebenze kunye nedatha yakho, nokuba ngaba loo mzuzu ukuhlaselwa kweDDoS kuqhutywe kwiseva yakho. Ukusabalalisa, ungasebenzisa izixhobo ezahlukeneyo zeeseva okanye inethiwekhi, kwaye kunconywa ukuba udibanise iinkonzo ngokomzimba ngeenkqubo ezahlukeneyo zokugcina (amaziko eenkcukacha).

Le ndlela yokukhusela iyona ndlela iphumelele kakhulu kumhla, ngaphandle kokuba isakhiwo esilungileyo sakhiwo senziwe.

Ukungabikho

Into ebalulekileyo yale ndlela yiphumo kunye nokuhlukana kwento ehlaselwe (igama lesizinda okanye idilesi ye-IP), oko kukuthi zonke izixhobo zokusebenza ezikwindawo enye kufuneka zihlulwe kwaye zibekwe kwiidilesi zenethiwekhi zenkampani yesithathu, okanye kwintsimi yombuso. Oku kuza kusinda naluphi na ukuhlaselwa kwaye ulondoloze isakhiwo sangaphakathi se-IT.

IiNkonzo zokukhusela kwi-DDoS-attack

Xa sele ndixelele konke malunga nobunzima obufana nokuhlaselwa kwe-DDoS (yintoni na indlela yokujongana ngayo nayo), sinokunika ingcebiso enye. Imibutho emikhulu kakhulu inika iinkonzo zayo ukunqanda nokukhusela ukuhlaselwa okunjalo. Ngokukodwa, ezi nkampani zisebenzisa iindidi zamanyathelo kunye neendlela ezahlukeneyo zokukhusela ishishini lakho kwiintlobo ezininzi zokuhlaselwa kweDDoS. Iingcali kunye neengcali zoshishino zisebenza apho, ngoko ke, ukuba isistim sakho sithandekayo kuwe, inketho engcono kakhulu (nangona ayithethi) iya kwelinye leenkampani.

Ukuhlasela kweDDOS kwenziwa njani ngezandla zomntu?

Yazi, kwaye ixhobile-imigaqo efanelekileyo. Kodwa khumbula ukuba umbutho ngokuzikhethela ukuhlaselwa kwe-DDoS yodwa okanye ngeqela labantu liphulo-mthetho, ngoko ke le ngcaciso inikezelwa ngolwazi kuphela.

Abenzi be-IT baseMerika ekukhuseleni usongelo baye baqulunqa inkqubo yokuvavanya ukuzinza kwemithwalo ye-server kunye nokukwazi ukuqhuba ukuhlaselwa kwe-DDoS ngabangenayo, kunye nokupheliswa kwalolu hlaselo.

Ngokwemvelo, iingqondo "ezitshisa" ziphendule le sixhobo ngokuchasene nabathuthukisi ngokwabo kunye nento abalwa ngayo. Igama lekhowudi yomkhiqizo ngu-LOIC. Le nkqubo ifumaneka ngokukhululekile kwaye, ngokusemthethweni, ayinqatshelwe ngumthetho.

Ukusebenzisana nokusebenza kwenkqubo kulula, inokusetyenziswa ngumntu onomdla kwi-DDoS-attack.

Yintoni yokwenza konke wena? Kwimizila yesikhombiselwano, kwanele ukufaka amaxhoba e-IP, kwaye faka iintambo ze-TCP kunye ne-UDP kunye nenani lezicelo. Njalo - emva kokuxininisa iqhosha elixabisekileyo, ukuhlaselwa kwaqala!

Naziphi na izixhobo ezinzulu, ngokuqinisekileyo, aziyi kuhlupheka ngenxa yale software, kodwa ezincinci zinokufumana iingxaki.