www.nhipsongcongnghe.

net

7 Pham Tru Phong Nga Tan Cong T Choi Dch Vu

Tn cng DDOS s lun l mi e da hng u n cc h thng trn th gii. V k thut, hu nh chng ta c th hy vng attacker s dng nhng cng c v c hiu bit km ci v cc protocol c th nhn bit v lai tr cc traffic gy nn cuc sng. Mt iu m cc chuyn gia ai cng tha nhn, l nu DDOS c thc hin bi mt hacker c trnh , th vic chng l khng th. Cch y 4 nm, gii hacker chnh quy th gii khai t k thut tn cng ny v chm dt mi hot ng nghin cu-trnh din hay pht tn cng c do chnh bn thn h cng nhn thy mc nguy him v khng cng bng ca kiu tn cng ny. i vi hacker ng cp th Hacking is get root. Vi mt h tng mng ht sc yu km, cng vi nn thng mi in t mi c hnh thnh, DDOS s l mt mi nguy hi rt ln cho internet Vit Nam. Commaz ku gi s hp tc v h tr ca tt c thnh vin cng ng internet Vit Nam, hy c mt ci nhn v hnh ng tht chn chn, DDOS l mt hnh ng ht sc v ngha v mi mt.

Tan cong t choi dch vu (DoS) la cac cuoc tan cong tren he thong mang nham ngan can nhng truy xuat ti mot dch vu. Tan cong DoS pha huy dch vu mang bang cach lam tran ngap so lng ket noi, qua tai server hoac chng trnh chay tren server, tieu ton tai nguyen cua server, hoac ngan chan ngi dung hp le truy nhap ti dch vu mang.
1/8

www.nhipsongcongnghe.net

Co rat nhieu cac phng cach e thc hien cac cuoc tan cong t choi dch vu, v the cung co rat nhieu cach phan loai DoS. Cach phan loai pho bien thng dung da vao giao thc trong hnh thc tan cong cua DoS, v du nh tran ngap ICMP vi Smurf, Ping of Death, khai thac iem yeu cua TCP trong hoat ong cua giao thc va phan manh goi tin vi SYN flood, LanD attacks, TearDrop hay tren mc dch vu nh vi Flash Crowds ( Viet Nam thng biet en vi ten X-flash). Phan loai theo phng thc tan cong, DoS co the c thc hien bang mot vai goi tin n le gi thang ti server gay roi loan hoat ong (nh slammer worm), hoac kch hoat e gi t nhieu nguon (t choi dch vu phan tan DdoS). Tan cong co the thc hien tren mang Internet (s dung ngay cac web server), hoac broadcast trong mang ben trong (insider attacks nh vi Blaster worm), tren mang P2P (P2P index poinsioning) hay Wireless (WLAN authentication rejection attack- spoof sender). Tuy nhien, co the thay cac cach phan loai tren da chu yeu vao cach nhn t s phat sinh tan cong, va v the, khong he thong hoa c phng thc phong tranh.

2/8

www.nhipsongcongnghe.net

Mot cach chung nhat, co 7 pham tru cac to chc can xem xet khi oi pho vi cac moi e doa ve DoS nh sau:

1. Phong nga cac iem yeu cua ng dung (Application Vulnerabilities)

Cac iem yeu trong tang ng dung co the b khai thac gay loi tran bo em dan en dch vu b cham t. Loi chu yeu c tm thay tren cac ng dung mang noi bo cua Windows, tren cac

chng trnh webserver, DNS, hay SQL database. Cap nhat ban va (patching) la mot trong nhng yeu cau quan trong cho viec phong nga. Trong thi gian cha the cap nhat toan bo mang, he thong phai c bao ve bang ban va ao (virtual patch). Ngoai ra, he thong can ac biet xem xet nhng yeu cau trao oi noi dung gia client va server, nham tranh cho server chu tan cong qua cac thanh phan gian tiep (v du SQL injection).

3/8

www.nhipsongcongnghe.net

2. Phong nga viec tuyen mo zombie

Zombie la cac oi tng c li dung tr thanh thanh phan phat sinh tan cong. Mot so trng hp ien hnh nh thong qua rootkit (Sony hay Symantec), hay cac thanh phan hoat ong nh kem trong mail, hoac trang web, v du nh s dung cac file jpeg khai thac loi cua phan mem x ly anh, cac oan ma nh kem theo file flash, hoac trojan cai at theo phishing, hay thong qua viec lay lan worm (Netsky, MyDoom, Sophos). e phong chong, he thong mang can co nhng cong cu theo doi va loc bo noi dung (content filtering) nham ngan viec tuyen mo zombie cua hacker.

4/8

www.nhipsongcongnghe.net

3. Ngan nga kenh phat ong tan cong s dung cong cu

Co rat nhieu cac cong cu t ong tan cong DoS, chu yeu la tan cong phan tan DDoS nh TFN, TFN2000 (Tribe Flood Network) tan cong da tren nguyen ly Smurf, UDP, SYN, hay ICMP; Trinoo cho UDP flood; Stacheldraht cho TCP ACK, TCP NULL, HAVOC, DNS flood, hoac tran ngap TCP vi packets headers ngau nhien. Cac cong cu nay co ac iem can phai co cac kenh phat ong e zombie thc hien tan cong ti mot ch cu the. He thong can phai co s giam sat va ngan nga cac kenh phat ong o.

4. Ngan chan tan cong tren bang thong

Khi mot cuoc tan cong DdoS c phat ong, no thng c phat hien da tren s thay oi ang ke trong thanh phan cua lu lng he thong mang. V du mot he thong mang ien hnh co the co 80% TCP va 20% UDP va ICMP. Thong ke nay neu co thay oi ro ret co the la dau hieu cua mot cuoc tan cong. Slammer worm se lam tang lu lng UDP, trong khi Welchi worm se tao ra ICMP flood. Viec phan tan lu lng gay ra bi cac worm o gay tac hai len router, firewall, hoac c s ha tang mang. He thong can co nhng cong cu giam sat va ieu phoi

5/8

www.nhipsongcongnghe.net

bang thong nham giam thieu tac hai cua tan cong dang nay.

5. Ngan chan tan cong qua SYN

SYN flood la mot trong nhng tan cong co nhat con ton tai c en hien tai, du tac hai cua no khong giam. iem can ban e phong nga viec tan cong nay la kha nang kiem soat c so lng yeu cau SYN-ACK ti he thong mang.

6. Phat hien va ngan chan tan cong ti han so ket noi

Ban than cac server co mot so lng ti han ap ng cac ket noi ti no. Ngay ban than firewall (ac biet vi cac firewall co tnh nang stateful inspection), cac ket noi luon c gan lien vi bang trang thai co gii han dung lng. a phan cac cuoc tan cong eu sinh so lng ket noi ao thong qua viec gia mao. e phong nga tan cong dang
6/8

www.nhipsongcongnghe.net

nay, he thong can phan tch va chong c spoofing. Gii han so lng ket noi t mot nguon cu the ti server (quota). 7. Phat hien va ngan chan tan cong ti hantoc o thiet lap ket noi Mot trong nhng iem cac server thng b li dung la kha nang cac bo em gii han gianh cho toc o thiet lap ket noi, dan en qua tai phai chu s thay oi ot ngot ve so lng sinh ket noi. ay viec ap dung bo loc e gii han so lng ket noi trung bnh rat quan trong. Mot bo loc se xac nh ngng toc o ket noi cho tng oi tng mang. Thong thng, viec nay c o bang so lng ket noi trong thi gian nhat nh e cho phep s dao ong trong lu lng.

Cac phan tch tren c da tren nhng ngam nh c ban sau trong viec bao ve he thong.
1. o la cac thiet b bao ve can c at tren luong thong tin va thc hien trc tiep viec ngan nga. ieu nay xuat phat t ly do cho toc o cua mot cuoc tan cong (v du khoang 10.000 ang ky thanh vien tren 1s hng ti 1 server, hoac phat tan worm vi toc o 200s tren he thong mang Ethernet 100M). Vi toc o nh vay, cach thc phong nga dang phat hien thong bao ngan chan (Host Shun va TCP Reset) khong con phu hp.

7/8

www.nhipsongcongnghe.net

2. Cac cuoc tan cong t choi dch vu chu yeu nham ti kha nang x ly cua he thong mang ma au tien la cac thiet b an ninh thong tin. Nang lc x ly cua IPS hoac cac thanh phan content filtering la mot trong nhng iem can chu y, ac biet s on nh trong viec x ly ong thi cac loai lu lng hon tap vi kch thc goi tin thay oi. 3. Cac cuoc tan cong luon c tch hp (blend attacks) vi s tong hp cac phng thc khac nhau. Chnh v vay, tam quan trong cua viec phong nga nhng dau hieu lay nhiem n gian la bc au tien e ngan chan nhng cuoc tan cong t choi dch vu. Trong he thong tong the ve security, e oi pho vi cac cuoc tan cong t choi dch vu, th thanh phan IPS c coi la quan trong nhat tnh trong suot vi ngi dung, nen viec phan tch cac luong thong tin trao oi gia server va ngi dung khong b anh hng bi cac luong tan cong hng thang en no. Di ay la tom tat nhng bao cao cua NSS, to chc kiem tra nh kha nang cac thiet b mang trong moi trng gia lap tan cong cho cac thiet b IPS cua cac hang hang au.

8/8