Ukuhlasela kweDDoS - kuyini? Uhlelo lokuhlasela kwe-DDoS

Ukuhlaselwa, ngesikhathi abasebenzisi abakwazi ukufinyelela kuzo lezi ezinye izinsiza, okuthiwa i-DDoS-attack, noma inkinga efana nokuthi "Ukulahla Kwevisi." Isici esiyinhloko salokhu kuhlaselwa kwe-hacker yizicelo ezithile ngesikhathi esisodwa ezivela kumakhompyutha amaningi emhlabeni jikelele, futhi ziqondiswe ngokuyinhloko kumaseva ezinkampani ezivikelwe kahle noma izinhlangano zikahulumeni, kaningi kakhulu ezinsizakalweni ezingekho ngaphansi kwezebhizinisi.

Ikhompiyutha ehlonywe uhlelo lweThrojani ifana ne "zombie", nabaduni, besebenzisa amakhulu amaningana noma ngisho namashumi ezinkulungwane ze "Zombies" ezinjalo, kubangela ukungasebenzi emisebenzini yemithombo (ukuphika kwenkonzo).

Izizathu zokuqhuba ukuhlaselwa kweDDoS kungaba eziningi. Ake sizame ukukhomba abantu abathandwa kakhulu, kodwa ngesikhathi esifanayo baphendule imibuzo: "Ukuhlasela kweDDoS - ukuthi yini, indlela yokuzivikela yona, yintoni imiphumela yayo nokuthi yenzeni ukuthi yenzani?"

Ukuncintisana

I-Internet sekuyisikhathi eside imthombo wemibono yebhizinisi, ukuqaliswa kwemiklamo emikhulu nezinye izindlela zokuthola imali eningi, ngakho-ke ukuhlaselwa kwe-DDOS kungenziwa ukuhleleka. Okusho ukuthi, uma inhlangano ifuna ukuyisusa lapho umncintiswano evela khona, umane ubhekisela ku-hacker (noma iqembu lazo) ngomsebenzi olula - ukulimaza umsebenzi wenkampani ephikisayo ngokusebenzisa izinsiza ze-intanethi (i-DDoS attack on server noma indawo).

Ngokuya ngezinhloso ezithile nezinhloso, ukuhlaselwa okunjalo kuqaliswa isikhathi esithile sesikhathi kanye nokusetshenziswa kwamandla afanele.

Ukukhwabanisa

Ngokuvamile ukuhlaselwa kwe-DDoS kusayithi kuhlelwe isinyathelo sabaqashi ukuze kuvimbe uhlelo futhi bathole ukufinyelela kumuntu siqu noma kwenye idatha ebalulekile. Ngemuva kokuba abahlaseli bekhubaze uhlelo, bangadinga imali ethile ukuze babuyisele ukusebenza kwezinsiza ezihlaselwe.

Abaningi bezentengiselwano ze-Inthanethi bayavumelana nemibandela ebekwe phambili, baqondise izenzo zabo ngesikhathi sokungasebenzi emsebenzini futhi bathola ukulahlekelwa okukhulu - kulula ukukhokha imali encane kumkhwabanisi kunokuba balahlekelwe inzuzo enkulu kulo lonke usuku lokuphumula.

Ukuzijabulisa

Abasebenzisi abaningi be- World Wide Web basuke benesithakazelo ekufuneni noma kumnandi: "Ukuhlaselwa kwe-DDOS - kuyini nokuthi ungayenza kanjani?" Ngakho-ke, kuyinto engavamile kubaqalayo ukuhlela ukuhlaselwa okunjalo kwimithombo engahleliwe ngenxa yezivivinyo ezimnandi nezamandla.

Ngokuhambisana nezimbangela, ukuhlaselwa kwe-DDoS kunezici zabo zokuhlukanisa.

1. Umkhawulokudonsa . Namuhla cishe wonke amakamelo wekhompyutha ahlomele inethiwekhi yendawo noma ixhunywe ku-intanethi kuphela. Ngakho-ke, amacala okukhukhula kwenethiwekhi - inqwaba yemibuzo enesimiso esingenakulungile nesingenalutho kumithombo ethile noma imishini - ivame ukusetshenziswa ngenhloso yokwehluleka kwayo noma ukuhluleka (iziteshi zokuxhumana, ama- hard disks, imemori, njll).
2. Ukhathala kwesistimu . Ukuhlasela okunjalo kwe-DDoC kwisiphakeli se-Samp kwenziwa ukuthatha imemori engokwenyama, isikhathi se-CPU nezinye izinsiza zesistimu, ngenxa yokungabi nalutho okungenalo ikhono lokusebenza ngokugcwele.
3. I-Loop . Ukuqinisekiswa kwedatha okungapheli kanye neminye imijikelezo esebenza "kumbuthano" kubangele into ukuba ichithe eziningi zezinsiza, ngaleyo ndlela ivala imemori ekuqedeni kwayo ngokuphelele.
4. Ukuhlaselwa kwamanga . Inhlangano enjalo ihloswe ekuqaliseni amanga izinhlelo zokuvikela, ekugcineni ziphumela ekuvimbelweni kwezinsiza ezithile.
5. I-protocol ye-HTTP . Ababheki bezingcingo bathumela amaphakethe we-HTTP aphansi amakhono nge-encryption ekhethekile, imithombo ngokwemvelo ayiboni ukuthi ukuhlasela kwe-DDoS kuhlelwe kuyo, uhlelo lwevava, ukwenza umsebenzi walo, luthumela amaphakethe omthamo omkhulu kakhulu ekuphenduleni, ngaleyo ndlela igqoke umkhawulokudonsa wesisulu, okuholela Nakulokhu kokuhluleka kwezinsizakalo.
6. Ukuhlasela kwe-Smurf . Lena enye yezinhlobo eziyingozi kakhulu. I-hacker ithumela iphakethe le-ICMP elikhohlisayo kumuntu ohlukumezekile, lapho ikheli lesisulu libuyiselwa khona ikheli lomhlaseli, futhi wonke ama-node aqala ukuthumela impendulo kwisicelo se-ping. Lokhu kuhlaselwa kwe-DDoS uhlelo oluhlose ukusebenzisa inethiwekhi enkulu, okungukuthi, isicelo esicutshungulwa ngamakhompyutha angu-100 sizoqiniswa izikhathi ezingu-100.
7. Isikhukhula se-UDP . Lolu hlobo lokuhlaselwa lufana nolunye oludlule, kodwa esikhundleni se-ICMP-amaphakheji, abahlaseli basebenzisa amaphakheji we-UDP. Okuyinhloko yale ndlela ukubuyisela ikheli le-IP lomuntu oyisisulu ngekheli le-hacker bese ulayisha ngokugcwele umkhawulokudonsa, okuzoholela ohlelweni lwe-crash.
8. Isikhukhula se-SYN . Abahlaseli bazama ngesikhathi esifanayo baqale inombolo enkulu ye-TCP-uxhumano ngokusebenzisa isiteshi se-SYN ngekheli elingalungile noma elingabikho lokubuyela. Ngemuva kwemizamo eminingi enjalo, imigqa eminingi yokusebenza ilayini ukuxhumanisa inkinga futhi kuphela ngemva kwemizamo eminingi yokuyivala. Ukugeleza kwesiteshi se-SYN kukhulu kakhulu, futhi kungekudala, ngemva kwemizamo eminingi enjalo, inhloko yezisulu inqabe ukuvula ukuxhumana okusha, ivimbela umsebenzi wenethiwekhi yonke.
9. "Amaphakheji amakhulu . " Lolu hlobo lokuphendula lo mbuzo: "Kuyini ukuhlasela kwe-DDoC yesiphakeli?" Abahlaseli bathumela amaphakethe kumaseva womsebenzisi, kodwa ukugcwalisa kwe-bandwidth akukwenzeka, isenzo siqondiswa kuphela ku-CPU isikhathi. Ngenxa yalokho, amaphakheji anjalo aholela ekuhlulekeni ohlelweni, futhi, futhi, uphika ukufinyelela kwimithombo yawo.
10. Ifayela lokungena . Uma isistimu kanye nesistimu yokujikeleza inezimbobo zokuphepha, abahlaseli bangathumela amaphakethe amakhulu, ngaleyo ndlela bathatha yonke isikhala samahhala kuma-hard disks wesiphakeli.
11. Ikhodi yohlelo . Abahlaseli abanokuhlangenwe nakho okubanzi bangafunda ngokugcwele isakhiwo seseva lesisulu futhi basebenzise izilungiswa ezikhethekile (Uhlelo lweDDoS lokuhlasela - lokuxhaphaza). Ukuhlaselwa okunjalo kuhloswe ngokuyinhloko kumaphrojekthi wezokuhweba avikelekile kahle amabhizinisi nezinhlangano zezindawo nezindawo ezehlukene. Abahlaseli bathola izikhala ekhompyutheni yohlelo bese baqhuba imiyalelo engavumelekile noma amanye ama-algorithms angavamile aholela ekuvinjweni okuphuthumayo kwesistimu noma isevisi.

Ukuhlasela kwe-DDoS: ukuthi kuyini nokuthi ungazivikela kanjani

Izindlela zokuvikelwa ekuhlaselweni kwe-DDoS, kuningi. Futhi zonke zingahlukaniswa zibe izingxenye ezine: okungahambi kahle, okusebenzayo, okuphendulayo nokuvimbela. Mayelana nokuthi sizoxoxa ngani ngokuningiliziwe.

Ukuvimbela

Kubalulekile ukuvimbela izimbangela ngokwayo, ezingabangela ukuhlasela kweDDoS. Lolu hlobo lungabandakanya ukungathandeki komuntu siqu, ukungezwani komthetho, ukuncintisana nezinye izinto ezibangela ukunakwa "okunyuswe" kuwe, ibhizinisi lakho, njll.

Uma uphendula ngesikhathi kulezi zici bese udweba iziphetho ezifanele, ungagwema izimo eziningi ezingathandeki. Le ndlela ingabhekwa, kunalokho, kwisisombululo sokuphatha inkinga, kunokuba uhlangothi lwezobuchwepheshe lenkinga.

Izinyathelo zokuphendula

Uma ukuhlaselwa kwemithombo yakho kuqhubeka, udinga ukuthola umthombo wezinkinga zakho - ikhasimende noma umenzi we-executor, - usebenzisa kokubili ukwehluleka kwezomthetho kanye nekhono lobuchwepheshe. Amanye amafemu ahlinzeka ngezinsizakalo ukuze athole abagibeli ngendlela yobuchwepheshe. Ngokusekelwe ezifundweni zezobuchwepheshe eziphathelene nalolu daba, umuntu angatholi kuphela umqaphi osebenzisa i-DDoS attack, kodwa futhi ikhasimende ngokwakhe.

Ukuvikelwa kwe-Software

Amanye abathengisi be-hardware nabesofthiwe, kanye nemikhiqizo yabo, banganikeza izixazululo ezimbalwa eziphumelelayo, futhi ukuhlaselwa kwe-DDoS kusayithi kuzokwehliswa. Njengomvikeli wezobuchwepheshe angenza njengeseva encane ehlukile, ehlose ukulwa nokuhlaselwa okuncane kwe-DDoS.

Lesi sombululo siphelele amabhizinisi amancane naphakathi. Kuzinkampani ezinkulu, amabhizinisi kanye nama-ejensi kahulumeni, kunezinhlaka eziningi ze-hardware zokulwa nokuhlaselwa kwe-DDoS, okuyinto, kanye nenani eliphakeme, elinemfanelo enhle yokuvikelwa.

Ukuhlunga

Ukuvimba nokuhlunga ngokucophelela kwe-traffic engenayo ngeke kunciphise amathuba okuhlaselwa. Kwezinye izimo, ukuhlaselwa kwe-DDoC kuseva kungaqedwa ngokuphelele.

Kunezindlela ezimbili eziyinhloko zokuhlunga i-traffic: izibhamu kanye nomzila ogcwele ngezinhlu.

Ukuhlunga ngezinhlu (i-ACL) kukuvumela ukuba uhlunge izivumelwano eziyisibili ngaphandle kokuphulwa komsebenzi we-TCP futhi unganciphisi isivinini sokufinyelela ensizeni evikelwe. Kodwa-ke, uma abaduni bebenzisa ama-botnets noma izicelo eziphezulu, khona-ke le ndlela ngeke iphumelele.

Izibhamu zivikeleka kangcono ekuhlaselweni kwe-DDoS, kodwa ukukhubazeka kwabo kuphela ukuthi bangamanethiwekhi angasese nabangewona ezohwebo.

Isibuko

Okuyinhloko yale ndlela ukuqondisa kabusha yonke imoto engenayo yomhlaseli emuva. Ungakwenza lokhu ngokuba nezinsizakalo ezinamandla nabachwepheshe abanekhono abazophinde baqondise kabusha imoto, kodwa futhi bazokwazi ukukhubaza imishini yomhlaseli.

Indlela ayisebenzi uma kukhona amaphutha kumasevisi wesistimu, amakhodi wesofthiwe nezinye izinhlelo zokusebenza zenethiwekhi.

I-Scan yokukhwabanisa

Lolu hlobo lokuvikelwa luhloswe ukulungisa ukuxhaphazwa, ukuqeda amaphutha kwizinhlelo zokusebenza zewebhu kanye nezinhlelo, kanye nezinye izinsizakalo ezithinta ithrekhi yenethiwekhi. Le ndlela ayinasidingo ekuhlaselweni kwezikhukhula, ezihloswe ikakhulukazi kulezi zinhlekelele.

Imithombo yanamuhla

Ukuvikelwa okungu-100% okule ndlela ayikwazi. Kodwa ikuvumela ukuba usebenze ngokuphumelelayo eminye imisebenzi (noma isethi yalezo) ukuvimbela ukuhlaselwa kwe-DDoS.

Ukusabalalisa kwezinhlelo nezinsiza

Ukuphinda izinsiza nezinhlelo zokusabalalisa kuzovumela abasebenzisi ukuthi basebenze nedatha yakho, noma ngabe ngaleso sikhathi ukuhlaselwa kwe-DDoS kwenziwa kwiseva yakho. Ukuze usatshalaliswe, ungasebenzisa izinsiza ezihlukahlukene zeseva noma zenethiwekhi, futhi kunconywa ukuba uhlukanise amasevisi ngokomzimba kuwo onke ama-backup systems (izikhungo zedatha).

Le ndlela yokuvikela iyasebenza kunazo zonke namuhla, uma nje kwakhiwa umklamo oqondile wokuklama.

Ukugwema

Isici esiyinhloko sale ndlela yikhiqizo nokuhlukaniswa kwezinto ezihlaselwe (igama lesizinda noma i-IP-ikheli), okusho ukuthi zonke izinsiza zokusebenza ezisendaweni eyodwa kumele zihlukaniswe futhi zitholwe kumakheli wenethiwekhi yesithathu, noma ngisho nasensimini yomunye umbuso. Lokhu kuzosinda noma yikuphi ukuhlasela futhi kulondoloze isakhiwo sangaphakathi se-IT.

Imisebenzi yokuvikela ekuhlaselweni kwe-DDoS

Njengoba utshele konke mayelana nosizi olunjengeDDoS-ukuhlasela (ukuthi yikuphi nokuthi ungayibhekana kanjani nayo), singakwazi ukunikeza iseluleko esisodwa sokugcina. Izinhlangano eziningi kakhulu zinikeza izinsizakalo zazo ukuvimbela nokuvimbela ukuhlasela okunjalo. Ngokuyinhloko, lezi zinkampani zisebenzisa izinyathelo eziningi nezinyathelo ezihlukahlukene zokuvikela ibhizinisi lakho kusuka ekuhlaselweni okuningi kwe-DDoS. Ochwepheshe nabachwepheshe bebhizinisi basebenza lapho, ngakho-ke, uma isisetshenziswa sakho sithandekayo kuwe, inketho engcono kakhulu (noma engabizi) iya kwenye yezinkampani ezinjalo.

Ukuhlasela kwe-DDOS kwenziwa kanjani ngezandla zomuntu siqu?

Wazi, wabe esehlomile - isimiso esifanele. Kodwa khumbula ukuthi inhlangano yenzalo yokuhlasela kwe-DDoS yodwa noma ngeqembu labantu yisenzo sobugebengu, ngakho-ke lokhu kuhlinzekwa ngolwazi kuphela.

Abenzi be-IT baseMelika ngokuvimbela usongo baye bahlela uhlelo lokuhlola ukuzinza kwemithwalo ye-server kanye nekhono lokuqhuba ukuhlaselwa kwe-DDoS ngabangaphakathi, nokuqedwa okulandelayo kwalokhu kuhlaselwa.

Ngokwemvelo, izingqondo "ezishisayo" ziphendulele lesi sikhali ngokumelene nabathuthukisi ngokwabo nangokumelene nalokho abalwa ngakho. Igama lekhodi lomkhiqizo ngu-LOIC. Lolu hlelo lutholakala ngokukhululekile futhi, ngokuyisisekelo, aluvunyelwe umthetho.

Ukusebenzisana nokusebenza kwalolu hlelo kulula, kungasetshenziswa yinoma ubani onentshisekelo ku-DDoS-attack.

Ungakwenza kanjani konke ngokwakho? Emigqeni yesikhombikubona, kwanele ukufaka izisulu ze-IP, bese ufaka izintambo ze-TCP ne-UDP nenombolo yezicelo. Ngemuva kwalokho - emva kokucindezela inkinobho ebalulekile, ukuhlaselwa kwaqala!

Noma yiziphi izinsiza ezinkulu, ngeke zihlupheke kule software, kodwa ezincane zingase zithole ezinye izinkinga.