Tấn công DOS DDOS DRDOS và BOTNET - [DOC Document] (2024)

Don Vn Duy - Cc k thut tn cng: DoS, DDoS, DRDoS & Botnet

Mc Lc

1Mc Lc

3I - Tn cng t chi dch v (DoS):

3I.1 - Gii thiu v DoS

3I.2 - Lch s cc cuc tn cng v pht trin ca DoS

4I.3 - Mc ch ca tn cng DoS v him ha

5I.4 - Cc hnh thc tn cng DoS c bn :

54.a - Smurf :

64.b - Buffer Overflow Attack :

74. c - Ping of death :

84.d - Teardrop :

84.e - SYN Attack:

11II - Tn cng t chi dch v phn tn (DDoS) :

11II.1 - Gii thiu DDoS :

13II.2 - Cc c tnh ca tn cng DDoS:

14II.3 - Tn cng DDoS khng th ngn chn hon ton:

14II.4 - K tn cng khn ngoan:

144.a - Agent Handler Model:

154.b - Tn cng DDoS da trn nn tng IRC:

15II.5 - Phn loi tn cng DDoS:

17II.6 - Tn cng Reflective DNS (reflective - phn chiu):

176.a - Cc vn lin quan ti tn cng Reflective DNS:

186.b - Tool tn cng Reflective DNS ihateperl.pl:

18II.7 - Cc tools s dng tn cng DDoS:

19III - DRDoS (Distributed Reflection Denial of Service)

19III.1 Gii thiu DRDOS.

20III.2 - Cch Phng chng :

212.a - Ti thiu ha s lng Agent:

222.b - Tm v v hiu ha cc Handler:

222.c - Pht hin du hiu ca mt cuc tn cng:

222.d - Lm suy gim hay dng cuc tn cng:

232.e - Chuyn hng ca cuc tn cng:

232.f - Giai on sau tn cng:

242.g - Phng chng tng qut :

25IV Botnet.

25IV.1 - Gii thiu v Bot v Botnet

251.a - Bot l g ?

251.b - Ti sao gi l mng botnet ?

251.c - IRC

27IV.2 - Bot v cc ng dng ca chng

272.a - DDoS

282.b - Spamming (pht tn th rc)

282.c - Sniffing v Keylogging

282.d - n cp nhn dng

292.e - S hu phn mm bt hp php

29IV.3 - Cc kiu bot khc nhau

293.a - GT-Bot

293.b - Agobot

303.c - DSNX

30IV.4 - Cc yu t ca mt cuc tn cng.

35IV.5 - Cch phng chng Botnet:

355.a - Thu mt dch v lc Web

355.b - Chuyn i trnh duyt

365.c - V hiu ha cc kch bn

365.d - Trin khai cc h thng pht hin xm phm v ngn chn xm phm

365.e - Bo v ni dung c to bi ngi dng

375.f - S dng cng c phn mm

37V Kt Lun :

38VI Ti Liu Tham Kho

I - Tn cng t chi dch v (DoS):I.1 - Gii thiu v DoS

- Tn cng DoS l mt kiu tn cng m mt ngi lm cho mt h thng khng th sdng, hoc lm cho h thng chm i mt cch ng k vi ngi dng bnh thng, bngcch lm qu ti ti nguyn ca h thng .- Nu k tn cng khng c kh nng thmnhp c vo h thng, th chng c gng tm cch lm cho h thng sp v khng c khnng phc v ngi dng bnh thng l tn cng Denial of Service (DoS).- Mc dtn cng DoS khng c kh nng truy cp vo d liu thc ca h thng nhng n c thlm gin on cc dch v m h thng cung cp. Nh nh ngha trn DoS khi tn cngvo mt h thng s khai thc nhng ci yu nht ca h thng tn cng, nhng mc chca tn cng DoS

I.2 - Lch s cc cuc tn cng v pht trin ca DoS

- Cc tn cng DoS bt u vo khong u nhng nm 90. u tin, chng hon tonnguyn thy, bao gm ch mt k tn cng khai thc bng thng ti a t nn nhn,ngn nhng ngi khc c phc v. iu ny c thc hin ch yu bng cch dng cc phngphp n gin nh ping floods, SYN floods v UDP floods. Sau , cc cuc tncng tr nn phc tp hn, bng cch gi lm nn nhn, gi vi thng ip v cc mykhc lm ngp my nn nhn vi cc thng ip tr li. (Smurf attack, IPspoofing).

- Cc tn cng ny phi c ng b ho mt cch th cng bi nhiu k tn cng tora mt s ph hu c hiu qu. S dch chuyn n vic t ng ho s ng b, kt hp nyv to ra mt tn cng song song ln tr nn ph bin t 1997, vi s ra i cacng c tn cng DDoS u tin c cng b rng ri, l Trinoo. N da trn tn cngUDP flood v cc giao tip master-slave (khin cc my trung gian thamgia vo trong cuc tn cng bng cch t ln chng cc chng trnh c iu khin txa). Trong nhng nm tip theo, vi cng c na c ph bin TFN (tribe floodnetwork), TFN2K, vaf Stacheldraht.

- Tuy nhin, ch t cui nm 1999 mi c nhng bo co v nhng tn cng nhvy, v ti ny c cng chng bit n ch sau khi mt cuc tn cng ln vo cc sitecng cng thng 2/2000. Trong thi gian 3 ngy, cc site Yahoo.com,amazon.com, buy.com, cnn.com v eBay.com t di s tn cng (v d nh Yahoob ping vi tc 1 GB/s). T cc cuc tn cng Dos thng xuyn sy ra V d : -Vo ngy 15 thng 8 nm 2003, Microsoft chu t tn cng DoS cc mnh v lmgin on websites trong vng 2 gi; - Vo lc 15:09 gi GMT ngy 27 thng 3nm 2003: ton b phin bn ting anh ca website Al-Jazeera b tn cng lmgin on trong nhiu gi.I.3 - Mc ch ca tn cng DoS v him ha

See Also
William Morris(24 March 1834 – 3 October 1896)

- C gng chim bng thng mng v lm h thng mng b ngp (flood), khi hthng mng s khng c kh nng p ng nhng dch v khc cho ngi dng bnhthng.

- C gng lm ngt kt ni gia hai my, v ngn chn qu trnh truy cp vodch v.

- C gng ngn chn nhng ngi dng c th vo mt dch v no

- C gng ngn chn cc dch v khng cho ngi khc c kh nng truy cpvo.

- Khi tn cng DoS xy ra ngi dng c cm gic khi truy cp vo dch v nhb:

+ Disable Network - Tt mng

+ Disable Organization - T chc khng hot ng

+ Financial Loss Ti chnh b mt

- Nh chng ta bit bn trn tn cng DoS xy ra khi k tn cng s dng htti nguyn ca h thng v h thng khng th p ng cho ngi dng bnh thng c vycc ti nguyn chng thng s dng tn cng l g:

- To ra s khan him, nhng gii hn v khng i mi ti nguyn

- Bng thng ca h thng mng (Network Bandwidth), b nh, a, v CPUTime hay cu trc d liu u l mc tiu ca tn cng DoS.

- Tn cng vo h thng khc phc v cho mng my tnh nh: h thng iu ho, hthng in, ht hng lm mt v nhiu ti nguyn khc ca doanh nghip. Bn th tngtng khi ngun in vo my ch web b ngt th ngi dng c th truy cp vo my chkhng.

- Ph hoi hoc thay i cc thng tin cu hnh.

- Ph hoi tng vt l hoc cc thit b mng nh ngun in, iu hoI.4 - Cchnh thc tn cng DoS c bn : - Smurf

- Buffer Overflow Attack - Ping of death - Teardrop - SYNAttack4.a - Smurf :

- Smurf : l mt loi tn cng DoS in hnh. My ca attacker s gi rtnhiu lnh ping n mt s lng ln my tnh trong mt thi gian ngn, trong ach IP ngun ca gi ICMP echo s c thay th bi a ch IP ca nn nhn, Cc mytnh ny s tr li cc gi ICMP reply n my nn nhn.- Kt qu ch tn cng s phichu nhn mt t Reply gi ICMP cc ln v lm cho mng b rt hoc b chm li,khng c kh nng p ng cc dch v khc.

4.b - Buffer Overflow Attack :

- Buffer Overflow xy ra ti bt k thi im no c chng trnh ghi lngthng tin ln hn dung lng ca b nh m trong b nh.- K tn cng c th ghi lnd liu v iu khin chy cc chng trnh v nh cp quyn iu khin ca mt s chngtrnh nhm thc thi cc on m nguy him.

- Qu trnh gi mt bc th in t m file nh km di qu 256 k t c th s xyra qu trnh trn b nh m.

4. c - Ping of death :

- K tn cng gi nhng gi tin IP ln hn s lng bytes cho php ca tin IPl 65.536 bytes.- Qu trnh chia nh gi tin IP thnh nhng phn nh c thchin layer II.- Qu trnh chia nh c th thc hin vi gi IP ln hn 65.536bytes. Nhng h iu hnh khng th nhn bit c ln ca gi tin ny v s b khi ngli, hay n gin l s b gin on giao tip. - nhn bit k tn cng gi gi tinln hn gi tin cho php th tng i d dng. VD : Ping -l 65500 address -l: buffer size Khong nm 1997-1998, li ny c fix, v vy by gi n ch mangtnh lch s. 4.d - Teardrop :

Trong mng chuyn mch gi, d liu c chia thnh nhiu gi tin nh, mi gitin c mt gi tr offset ring v c th truyn i theo nhiu con ng khc nhauti ch. Ti ch, nh vo gi tr offset ca tng gi tin m d liu li c kt hpli nh ban u.

Li dng iu ny, hacker c th to ra nhiu gi tin c gi tr offset trnglp nhau gi n mc tiu mun tn cng

Kt qu l my tnh ch khng th sp xp c nhng gi tin ny v dn ti b treomy v b "vt kit" kh nng x l.

4.e - SYN Attack:

- K tn cng gi cc yu cu (request o) TCP SYN ti my ch b tn cng. xl lng gi tin SYN ny h thng cn tn mt lng b nh cho kt ni.

- Khi c rt nhiu gi SYN o ti my ch v chim ht cc yu cu x l ca mych. Mt ngi dng bnh thng kt ni ti my ch ban u thc hin Request TCPSYN v lc ny my ch khng cn kh nng p li - kt ni khng c thc hin.M hnhtn cng bng cc gi SYN

Bc 1: Client (my khch) s gi cc gi tin (packet cha SYN=1) n my chyu cu kt ni.Bc 2: Khi nhn c gi tin ny, server s gi li gi tinSYN/ACK thng bo cho client bit l n nhn c yu cu kt ni v chun b tinguyn cho vic yu cu ny. Server s ginh mt phn ti nguyn h thng nh bnh m (cache) nhn v truyn d liu. Ngoi ra, cc thng tin khc ca clientnh a ch IP v cng (port) cng c ghi nhn.Bc 3: Cui cng, client hon ttvic bt tay ba ln bng cch hi m li gi tin cha ACK cho server v tinhnh kt ni.

- Do TCP l th tc tin cy trong vic giao nhn (end-to-end) nn trongln bt tay th hai, server gi cc gi tin SYN/ACK tr li li client mkhng nhn li c hi m ca client thc hin kt ni th n vn bo lu ngun tinguyn chun b kt ni v lp li vic gi gi tin SYN/ACK cho client n khino nhn c hi p ca my client.

- Nu qu trnh ko di, server s nhanh chng tr nn qu ti, dn n tnhtrng crash (treo) nn cc yu cu hp l s b t chi khng th p ng c. C thhnh dung qu trnh ny cng ging h khi my tnh c nhn (PC) hay b treo khim cng lc qu nhiu chng trnh cng lc vy .II - Tn cng t chi dch v phntn (DDoS) :II.1 - Gii thiu DDoS :

Trn Internet tn cng Distributed Denial of Service (DDoS) hay cngi l Tn cng t chi dch v phn tn l mt dng tn cng t nhiu my tnh ti mtch, n gy ra t chi cc yu cu hp l ca cc user bnh thng. Bng cch to ranhng gi tin cc nhiu n mt ch c th, n c th gy tnh trng tng t nh hthng b shutdown.

Nhn chung, c rt nhiu bin th ca k thut tn cng DDoS nhng nu nhn digc chuyn mn th c th chia cc bin th ny thnh hai loi da trn mch ch tncng:

Lm cn kit bng thng.

Lm cn kit ti nguyn h thng.

Mt cuc tn cng t chi dch v c th bao gm c vic thc thi malwarenhm:

Lm qu ti nng lc x l, dn n h thng khng th thc thi bt k mt cng vicno khc.

Nhng li gi tc th trong microcode ca my tnh.

Nhng li gi tc th trong chui ch th, dn n my tnh ri vo trng thihot ng khng n nh hoc b .

Nhng li c th khai thc c h iu hnh dn n vic thiu thn ti nguyn hocb thrashing. VD: nh s dng tt c cc nng lc c sn dn n khng mt cng victhc t no c th hon thnh c.

Gy crash h thng.

Tn cng t chi dch v iFrame: trong mt trang HTML c th gi n mttrang web no vi rt nhiu yu cu v trong rt nhiu ln cho n khi bng thngca trang web b qu hn.

II.2 - Cc c tnh ca tn cng DDoS:

- N c tn cng t mt h thng cc my tnh cc ln trn Internet, v thng davo cc dch v c sn trn cc my tnh trong mng botnet

- Cc dch v tn cng c iu khin t nhng "primary victim" trong khi ccmy tnh b chim quyn s dng trong mng Bot c s dng tn cng thng c gi l"secondary victims".

- L dng tn cng rt kh c th pht hin bi tn cng ny c sinh ra t nhiua ch IP trn Internet.

- Nu mt a ch IP tn cng mt cng ty, n c th c chn bi Firewall. Nu nt 30.000 a ch IP khc, th iu ny l v cng kh khn.

- Th phm c th gy nhiu nh hng bi tn cng t chi dch v DoS, v iu nycng nguy him hn khi chng s dng mt h thng mng Bot trn internet thchin tn cng DoS v c gi l tn cng DDoS.

II.3 - Tn cng DDoS khng th ngn chn hon ton:

- Cc dng tn cng DDoS thc hin tm kim cc l hng bo mt trn cc my tnhkt ni ti Internet v khai thc cc l hng bo mt xy dng mng Botnet gmnhiu my tnh kt ni ti Internet.

- Mt tn cng DDoS c thc hin s rt kh ngn chn hon ton.

- Nhng gi tin n Firewall c th chn li, nhng hu ht chng u n t nhnga ch IP cha c trong cc Access Rule ca Firewall v l nhng gi tin honton hp l.

- Nu a ch ngun ca gi tin c th b gi mo, sau khi bn khng nhn c sphn hi t nhng a ch ngun tht th bn cn phi thc hin cm giao tip vi ach ngun .

- Tuy nhin mt mng Botnet bao gm t hng nghn ti vi trm nghn a chIP trn Internet v iu l v cng kh khn ngn chn tn cng.

II.4 - K tn cng khn ngoan:

Gi y khng mt k tn cng no s dng lun a ch IP iu khin mng Botnet tncng ti ch, m chng thng s dng mt i tng trung gian di y l nhng m hnhtn cng DDoS

4.a - Agent Handler Model:

K tn cng s dng cc handler iu khin tn cng

4.b - Tn cng DDoS da trn nn tng IRC:

K tn cng s dng cc mng IRC iu khin, khuych i v qun l kt ni vi ccmy tnh trong mng Botnet.

II.5 - Phn loi tn cng DDoS:

- Tn cng gy ht bng thng truy cp ti my ch.

+ Flood attack

+ UDP v ICMP Flood (flood gy ngp lt)

- Tn cng khuch i cc giao tip

+ Smurf and Fraggle attack

Tn cng DDoS vo Yahoo.com nm 2000S phn loi tn cng DDoS:

S tn cng DDoS dng khuch i giao tip:

Nh chng ta bit, tn cng Smurf l tn cng bng cch Ping n a chBroadcast ca mt mng no m a ch ngun chnh l a ch ca my cn tn cng, khiton b cc gi Reply s c chuyn ti a ch IP ca my tnh b tn cng.

II.6 - Tn cng Reflective DNS (reflective - phn chiu):

6.a - Cc vn lin quan ti tn cng Reflective DNS:

- Mt Hacker c th s dng mng botnet gi rt nhiu yu cu ti my chDNS.

- Nhng yu cu s lm trn bng thng mng ca cc my ch DNS,

- Vic phng chng dng tn cng ny c th dng Firewall ngn cm nhng giaotip t cc my tnh c pht hin ra.

- Nhng vic cm cc giao tip t DNS Server s c nhiu vn ln. Mt DNSServer c nhim v rt quan trng trn Internet.

- Vic cm cc giao tip DNS ng ngha vi vic cm ngi dng bnh thng gimail v truy cp Website.

- Mt yu cu v DNS thng chim bng 1/73 thi gian ca gi tin tr li trnmy ch. Da vo yu t ny nu dng mt Tools chuyn nghip lm tng cc yu cu timy ch DNS s khin my ch DNS b qu ti v khng th p ng cho cc ngi dngbnh thng c na.

6.b - Tool tn cng Reflective DNS ihateperl.pl:

- Ihateperl.pl l chng trnh rt nh, rt hiu qu, da trn kiu tn cngDNS-Reflective

- N s dng mt danh sch cc my ch DNS lm trn h thng mng vi cc gi yucu Name Resolution.

- Bng mt v d n c th s dng google.com resole gi ti my ch v c th itn domain thnh www.vnexperts.net hay bt k mt trang web no m k tncng mun.

- Cch s dng cng c ny rt n gin: ta ch cn to ra mt danh sch cc mych DNS, chuyn cho a ch IP ca my c nhn v thit lp s lng cc giaotip.

II.7 - Cc tools s dng tn cng DDoS:

Di y l cc Tools tn cng DDoS.

Trinoo

Tribe flood Network (TFN)

TFN2K

Stacheldraht

Shaft

Trinity

Knight

Mstream

Kaiten

Cc tools ny hon ton c th c download min ph trn Internet v lu ych l cc tools yu mang tnh Demo v tn cng DDoS m thi

III - DRDoS (Distributed Reflection Denial of Service)III.1 Giithiu DRDOS. Xut hin vo u nm 2002, l kiu tn cng mi nht, mnh nhttrong h DoS.

Nu c thc hin bi k tn cng c tay ngh th n c th h gc bt c h thng notrn th gii trong pht chc.

DRDoS l s phi hp gia hai kiu DoS v DDoS.

Mc tiu chnh ca DRDoS l chim ot ton b bng thng ca my ch, tc l lmtc nghn hon ton ng kt ni t my ch vo xng sng ca Internet v tiu haoti nguyn my ch.

Ta c Server A v Victim, gi s ta gi 1 SYN packet n Server A trongIP ngun b gi mo thnh IP ca Victim. Server A s m 1 connection v giSYN/ACK packet cho Victim v ngh rng Victim mun m connection vi mnh.V y chnh l khi nim ca Reflection ( Phn x ). Hacker s iu khin SpoofSYN generator, gi SYN packet n tt c cc TCP Server ln, lc ny cc TCPServer ny v tnh thnh Zombie cho Hacker cng tn cng Victim v lm nghnng truyn ca Victim.

Vi nhiu server ln tham gia nn server mc tiu nhanh chng b qu ti,bandwidth b chim dng bi server ln.

Tnh ngh thut l ch ch cn vi mt my tnh vi modem 56kbps, mthackerlnh ngh c th nh bi bt c my ch no trong giy lt m khng cn chim ot btc my no lm phng tin thc hin tn cng.III.2 - Cch Phng chng :C rt nhiugii php v tng c a ra nhm i ph vi cc cuc tn cng kiu DDoS. Tuy nhinkhng c gii php v tng no l gii quyt trn vn bi ton Anti-DDoS. Cc hnhthi khc nhau ca DDoS lin tc xut hin theo thi gian song song vi ccgii php i ph, tuy nhin cuc ua vn tun theo quy lut tt yu ca bo mt mytnh: Hacker lun i trc gii bo mt mt bc.C ba giai on chnh trong qutrnh Anti-DDoS:

- Giai on ngn nga: ti thiu ha lng Agent, tm v v hiu ha ccHandler

- Giai on i u vi cuc tn cng: Pht hin v ngn chn cuc tn cng, lmsuy gim v dng cuc tn cng, chuyn hng cuc tn cng.

- Giai on sau khi cuc tn cng xy ra: thu thp chng c v rt kinhnghim

Cc giai on chi tit trong phng chng DDoS:

SHAPE \* MERGEFORMAT

2.a - Ti thiu ha s lng Agent:- T pha User: mt phng php rt tt nngnga tn cng DDoS l tng internet user s t phng khng b li dng tn cng hthng khc. Mun t c iu ny th thc v k thut phng chng phi c ph bin rngri cho cc internet user. Attack-Network s khng bao gi hnh thnh nukhng c user no b li dng tr thnh Agent. Cc user phi lin tc thc hincc qu trnh bo mt trn my vi tnh ca mnh. H phi t kim tra s hin din caAgent trn my ca mnh, iu ny l rt kh khn i vi user thng thng.

- Mt s gii php tch hp sn kh nng ngn nga vic ci t code nguy himthng o hardware v software ca tng h thng. V pha user h nn ci t vupdat lin tc cc software nh antivirus, anti_trojan v server patchca h iu hnh.

- T pha Network Service Provider: Thay i cch tnh tin dch v truycp theo dung lng s lm cho user lu n nhng g h gi, nh vy v mt thc tngcng pht hin DDoS Agent s t nng cao mi User. 2.b - Tm v v hiu ha ccHandler:Mt nhn t v cng quan trng trong attack-network l Handler, nuc th pht hin v v hiu ha Handler th kh nng Anti-DDoS thnh cng l rtcao. Bng cch theo di cc giao tip gia Handler v Client hay handlerva Agent ta c th pht hin ra v tr ca Handler. Do mt Handler qun lnhiu, nn trit tiu c mt Handler cng c ngha l loi b mt lng ng k ccAgent trong Attack Network.

2.c - Pht hin du hiu ca mt cuc tn cng:C nhiu k thut c p dng:

- Agress Filtering: K thut ny kim tra xem mt packet c tiu chunra khi mt subnet hay khng da trn c s gateway ca mt subnet lun bit ca ch IP ca cc my thuc subnet. Cc packet t bn trong subnet gi rangoi vi a ch ngun khng hp l s b gi li iu tra nguyn nhn. Nu k thutny c p dng trn tt c cc subnet ca internet th khi nhim gi mo a ch IPs khng cn tn ti.

- MIB statistics: trong Management Information Base (SNMP) caroute lun c thng tin thng k v s bin thin trng thi ca mng. Nu ta gimst cht ch cc thng k ca protocol mng. Nu ta gim st cht ch cc thng kca Protocol ICMP, UDP v TCP ta s c kh nng pht hin c thi im bt u cacuc tn cng to qu thi gian vng cho vic x l tnh hung.

2.d - Lm suy gim hay dng cuc tn cng:Dng cc k thut sau:

- Load balancing: Thit lp kin trc cn bng ti cho cc server trngim s lm gia tng thi gian chng chi ca h thng vi cuc tn cng DDoS. Tuynhin, iu ny khng c ngha lm v mt thc tin v quy m ca cuc tn cng lkhng c gii hn.

- Throttling: Thit lp c ch iu tit trn router, quy nh mt khong tihp l m server bn trong c th x l c. Phng php ny cng c th c dng ngnchn kh nng DDoS traffic khng cho user truy cp dch v. Hn ch ca kthut ny l khng phn bit c gia cc loi traffic, i khi lm dch v b ginon vi user, DDoS traffic vn c th xm nhp vo mng dch v nhng vi s lnghu hn.

- Drop request: Thit lp c ch drop request nu n vi phm mt s quynh nh: thi gian delay ko di, tn nhiu ti nguyn x l, gy deadlock. Kthut ny trit tiu kh nng lm cn kit nng lc h thng, tuy nhin n cng giihn mt s hot ng thng thng ca h thng, cn cn nhc khi s dng.

2.e - Chuyn hng ca cuc tn cng:Honeyspots: Mt k thut ang c nghincu l Honeyspots. Honeyspots l mt h thng c thit k nhm nh la attackertn cng vo khi xm nhp h thng m khng ch n h thng quan trng thc s.

Honeyspots khng ch ng vai tr L Lai cu cha m cn rt hiu qu trongvic pht hin v x l xm nhp, v trn Honeyspots thit lp sn cc c ch gimst v bo ng.

Ngoi ra Honeyspots cn c gi tr trong vic hc hi v rt kinh nghim tAttacker, do Honeyspots ghi nhn kh chi tit mi ng thi ca attackertrn h thng. Nu attacker b nh la v ci t Agent hay Handler lnHoneyspots th kh nng b trit tiu ton b attack-network l rt cao.

2.f - Giai on sau tn cng:Trong giai on ny thng thng thc hin cccng vic sau:

-Traffic Pattern Analysis: Nu d liu v thng k bin thin lngtraffic theo thi gian c lu li th s c a ra phn tch. Qu trnh phn tchny rt c ch cho vic tinh chnh li cc h thng Load Balancing vThrottling. Ngoi ra cc d liu ny cn gip Qun tr mng iu chnh li cc quytc kim sot traffic ra vo mng ca mnh.

- Packet Traceback: bng cch dng k thut Traceback ta c th truyngc li v tr ca Attacker (t nht l subnet ca attacker). T k thutTraceback ta pht trin thm kh nng Block Traceback t attacker kh huhiu. gn y c mt k thut Traceback kh hiu qu c th truy tm ngun gc cacuc tn cng di 15 pht, l k thut XXX.

- Bevent Logs: Bng cch phn tch file log sau cuc tn cng, qun trmng c th tm ra nhiu manh mi v chng c quan trng.

2.g - Phng chng tng qut :1. Khi bn pht hin my ch mnh b tn cng hynhanh chng truy tm a ch IP v cm khng cho gi d liu n my ch. 2. Dngtnh nng lc d liu ca router/firewall loi b cc packet khng mong mun,gim lng lu thng trn mng v ti ca my ch. 3. S dng cc tnh nng cho phpt rate limit trn router/firewall hn ch s lng packet vo h thng. 4.Nu b tn cng do li ca phn mm hay thit b th nhanh chng cp nht cc bnsa li cho h thng hoc thay th. 5. Dng mt s c ch, cng c, phn mm chngli TCP SYN Flooding. 6. Tt cc dch v khc nu c trn my ch gim ti v cth p ng tt hn. Nu c c th nng cp cc thit b phn cng nng cao kh nng png ca h thng hay s dng thm cc my ch cng tnh nng khc phn chia ti. 7.Tm thi chuyn my ch sang mt a ch khc. IV Botnet.

S lc lch s :

- Cui th k 19 cng nh u thin nin k mi nh du bc pht trin nhanh,mnh ca mt s chin lc tn cng khc bit nhm vo h thng mng. DDoS, tcDistributed Denial of Services, hnh thc tn cng t chi dch v phn tnkht ting ra i. Tng t vi ngi anh em DoS (tn cng t chi dch v), DDoS cpht tn rt rng, ch yu nh tnh n gin nhng rt kh b d tm ca chng. c nhiukinh nghim i ph c chia s, vi khi lng kin thc khng nh v n, nhng ngynay DDoS vn ang l mt mi e do nghim trng, mt cng c nguy him cahacker. Chng ta hy cng tm hiu v DDoS v sn phm k tha t n: cc cuc tncng botnet.

IV.1 - Gii thiu v Bot v Botnet

1.a - Bot l g ? : l nhng chng trnh tng t Trojan backdoor cho phpk tn cng s dng my ca h nh l nhng Zoombie ( my tnh thy ma my tnh bchim quyn iu khin hon ton ) v chng ch ng kt ni vi mt Server d dngiu khin , cc bn lu ch ch ng l mt c im khc ca bot so vi trojanbackdoor . Chnh v s ch ng ny m my tnh b ci t chng kt ni tr nn chmchp , mt c im gip ta d dng nhn din bot .

1.b - Ti sao gi l mng botnet ? : mng botnet l mt mng rt ln gmhng trm hng ngn my tnh Zombie kt ni vi mt my ch mIRC ( InternetReplay Chat ) hoc qua cc my ch DNS nhn lnh t hacker mt cch nhanhnht . Cc mng bot gm hng ngn thnh vin l mt cng c l tng cho cc cucchin tranh mu nh DDOS , spam, ci t cc chng trnh qung co ..

1.c - IRC -IRC l tn vit tt ca Internet Relay Chat. l mt giao thcc thit k cho hot ng lin lc theo kiu hnh thc tn gu thi gian thc (v dRFC 1459, cc bn update RFC 2810, 2811, 2812, 2813) da trn kin trcclient-server. Hu ht mi server IRC u cho php truy cp min ph, khng ki tng s dng. IRC l mt giao thc mng m da trn nn tng TCP(Transmission Control Protocol - Giao thc iu khin truyn vn), i khic nng cao vi SSL (Secure Sockets Layer - Tng socket bo mt). -Mtserver IRC kt ni vi server IRC khc trong cng mt mng. Ngi dng IRC cth lin lc vi c hai theo hnh thc cng cng (trn cc knh) hoc ring t (mti mt). C hai mc truy cp c bn vo knh IRC: mc ngi dng (user) v mc iuhnh (operator). Ngi dng no to mt knh lin lc ring s tr thnh ngi iuhnh. Mt iu hnh vin c nhiu c quyn hn (tu thuc vo tng kiu ch do ngiiu hnh ban u thit lp ) so vi ngi dng thng thng.-Cc bot IRC c coi nhmt ngi dng (hoc iu hnh vin) thng thng. Chng l cc quy trnh daemon, cth chy t ng mt s thao tc. Qu trnh iu khin cc bot ny thng thng datrn vic gi lnh thit lp knh lin lc do hacker thc hin, vi mc ch chnhl ph hoi. Tt nhin, vic qun tr bot cng i hi c ch thm nh v cp php. Vth, ch c ch s hu chng mi c th s dng. -Mt thnh phn quan trng ca ccbot ny l nhng s kin m chng c th dng pht tn nhanh chng ti my tnhkhc. Xy dng k hoch cn thn cho chng trnh tn cng s gip thu c kt qu tthn vi thi gian ngn hn (nh xm phm c nhiu my tnh hn chng hn). Mt s nbot kt ni vo mt knh n ch lnh t k tn cng th c gi l mt botnet. -Cch ycha lu, cc mng zombie (mt tn khc ca my tnh b tn cng theo kiu bot)thng c iu khin qua cng c c quyn, do chnh nhng k chuyn b kho c tnhpht trin. Tri qua thi gian, chng hng ti phng thc iu khin t xa. IRCc xem l cng c pht ng cc cuc tn cng tt nht nh tnh linh hot, d s dngv c bit l cc server chung c th c dng nh mt phng tin lin lc. IRCcung cp cch thc iu khin n gin hng trm, thm ch hng nghn bot cng lcmt cch linh hot. N cng cho php k tn cng che y nhn dng tht ca mnh vimt s th thut n gin nh s dng proxy nc danh hay gi mo a ch IP. Songcng chnh bi vy m chng li du vt cho ngi qun tr server ln theo.-Trong hu ht cc trng hp tn cng bi bot, nn nhn ch yu l ngi dng mytnh n l, server cc trng i hc hoc mng doanh nghip nh. L do l bi mytnh nhng ni ny khng c gim st cht ch v thng h hon ton lp bo v mng.Nhng i tng ngi dng ny thng khng xy dng cho mnh chnh sch bo mt, hocnu c th khng hon chnh, ch cc b mt s phn. Hu ht ngi dng my tnh c nhnkt ni ng truyn ADSL u khng nhn thc c cc mi nguy him xung quanh vkhng s dng phn mm bo v nh cc cng c dit virus hay tng la c nhn.IV.2- Bot v cc ng dng ca chng

-Kh nng s dng bot v cc ng dng ca chng cho my tnh b chim quyn iukhin hon ton ph thuc vo sc sng to v k nng ca k tn cng. Chng ta hyxem mt s ng dng ph bin nht. 2.a - DDoS -Cc botnet c s dng thng xuyntrong cc cuc tn cng Distributed Denial of Service (DDoS). Mt k tncng c th iu khin s lng ln my tnh b chim quyn iu khin ti mt trm txa, khai thc bng thng ca chng v gi yu cu kt ni ti my ch. Nhiu mngtr nn ht sc ti t sau khi hng chu cc cuc tn cng kiu ny. V trong mt strng hp, th phm c tm thy ngay khi ang tin hnh cuc ph hoi (nh cc cucchin dotcom). Tn cng t chi dch v phn tn (DDoS) -Tn cng DDoS l mtbin th ca Foolding DoS (Tn cng t chi dch v trn). Mc ch ca hnh thcny l gy trn mng ch, s dng tt c bng thng c th. K tn cng sau s c tonb lng bng thng khng l trn mng lm trn website ch. l cch pht ng tncng tt nht t c nhiu my tnh di quyn kim sot. Mi my tnh s a ra bngthng ring (v d vi ngi dng PC c nhn ni ADSL). Tt c s c dng mt ln, vnh , phn tn c cuc tn cng vo website ch. Mt trong cc kiu tn cng phbin nht c thc hin thng qua s dng giao thc TCP (mt giao thc hng ktni), gi l TCP syn flooding (trn ng b TCP). Cch thc hot ng ca chng lgi ng thi cng lc mt s lng khng l yu cu kt ni TCP ti mt Web Server(hoc bt k dch v no khc), gy trn ti nguyn server, dn n trn bng thngv ngn khng cho ngi dng khc m kt ni ring ca h. Qu l n gin nhng thc snguy him! Kt qu thu c cng tng t khi dng giao thc UDP (mt giao thckhng kt ni).- Gii tin tc cng b ra kh nhiu thi gian v cng sc u t nhmnng cao cch thc tn cng ca chng. Hin nay, ngi dng mng my tnh nh chngta ang phi i mt vi nhiu k thut tinh vi hn xa so kiu tn cng DDoStruyn thng. Nhng k thut ny cho php k tn cng iu khin mt s lng cc kln my tnh b chim quyn iu khin (zombie) ti mt trm t xa m n gin ch cndng giao thc IRC.2.b - Spamming (pht tn th rc)

- Botnet l mt cng c l tng cho cc spammer (k pht tn th rc). Chng, ang v s c dng va trao i a ch e-mail thu thp c, va iu khin c chpht tn th rc theo cng mt cch vi kiu tn cng DDoS. Th rc c gi tibotnet, sau phn phi qua cc bot v t pht tn ti my tnh ang b chim quyniu khin. Tt c spammer u ly tn nc danh v mi hu qu th my tnh b ph hoignh chu.2.c - Sniffing v Keylogging

- Cc bot cng c th c s dng mt cch hiu qu nng cao ngh thut c in cahot ng sniffing. Nu theo di lu lng d liu truyn i, bn c th xc nh ccon s kh tin lng thng tin c truyn ti. c th l thi quen ca ngi dng,trng ti gi TCP v mt s thng tin th v khc (nh mt khu, tn ngi dng).Cng tng t nh vy vi keylogging, mt hnh thc thu thp tt c thng tin trnbn phm khi ngi dng g vo my tnh (nh e-mail, password, d liu ngn hng,ti khon PayPal,). 2.d - n cp nhn dng

- Cc phng thc c cp trn cho php k tn cng iu khin botnet thu thpmt lng thng tin c nhn khng l. Nhng d liu c th c dng xy dng nhn dnggi mo, sau li dng c th truy cp ti khon c nhn hoc thc hin nhiu hotng khc (c th l chun b cho nhiu cuc tn cng khc) m ngi gnh chu hu qukhng ai khc chnh l ch nhn ca cc thng tin . 2.e - S hu phn mm bt hpphp

- y l hnh thc cui cng, nhng cha phi l kt thc. Cc my tnh b tn cngtheo kiu bot c th c dng nh mt kho lu tr ng ti liu bt hp php (phn mmn cp bn quyn, tranh nh khiu dm,). D liu c lu tr trn cng trong khingi dng ADSL khng h hay bit. - Cn rt nhiu, rt nhiu kiu ng dng khcna c pht trin da trn botnet (nh tr tin cho mi ln kch chut s dng mtchng trnh, phishing, hijacking kt ni HTTP/HTTPS), nhng lit k ra cht c l s phi mt hng gi. Bn thn bot ch l mt cng c vi kh nng lp ghp vthch ng d dng cho mi hot ng i hi t quyn kim sot n ln mt s lng ln mytnh. IV.3 - Cc kiu bot khc nhau

- Nhiu kiu bot c xy dng v cho php download c cung cp nhan nhnkhp Internet. Mi kiu c nhng thnh phn c bit ring. Chng ta s xem xtmt s bot ph bin nht v tho nhng thnh phn chnh v cc yu t phn bit cachng.3.a - GT-Bot - Tt c cc bot GT (Global Threat) u da trn kiuclient IRC ph bin dnh cho Windows gi l mIRC. Ct li ca cc bot ny lxy dng tp hp script (kch bn) mIRC, c dng iu khin hot ng ca h thng txa. Kiu bot ny khi chy mt phin client nng cao vi cc script iu khinv dng mt ng dng th hai, thng thng l HideWindows n mIRC trc ngi dngmy tnh ch. Mt file DLL b sung s thm mt s thnh phn mi vo mIRC ccscript c th chi phi nhiu kha cnh khc nhau trn my tnh b chim quyn iukhin. 3.b - Agobot - Agobot l mt trong nhng kiu bot ph bin nht thngc cc tay b kho (craker) chuyn nghip s dng. Chng c vit trn nn ngn ngC++ v pht hnh di dng bn quyn GPL. im th v Agobot l m ngun. c modulho mc cao, Agobot cho php thm chc nng mi vo d dng. N cng cung cpnhiu c ch n mnh trn my tnh ngi dng. Thnh phn chnh ca Agobot gm:NTFS Alternate Data Stream (Xp lun phin dng d liu NTFS), AntivirusKiller (b dit chng trnh chng virus) v Polymorphic Encryptor Engine(c ch m ho hnh dng). Agobot cung cp tnh nng sp xp v sniff lu lng.Cc giao thc khc ngoi IRC cng c th c dng iu khin kiu bot ny. 3.c -DSNX - Dataspy Network X (DSNX) cng c vit trn nn ngn ng C++ v mngun da trn bn quyn GPL. kiu bot ny c thm mt tnh nng mi l kin trcplug-in n gin.

3.d - SDBot - SDBot c vit trn nn ngn ng C v cng s dng bn quynGPL. Khng ging nh Agobot, m ngun ca kiu bot ny rt r rng v bn thnphn mm c mt lng gii hn chc nng. Nhng SDBot rt ph bin v c pht trinra nhiu dng bin th khc nhau.

IV.4 - Cc yu t ca mt cuc tn cng.Hnh 1 th hin cu trc ca mt botnetin hnh:

Hnh 1: Cu trc ca mt botnet in hnh

u tin k tn cng s pht tn trojan horse vo nhiu my tnh khc nhau. Ccmy tnh ny tr thnh zombie (my tnh b chim quyn iu khin) v kt ni tiIRC server nghe thm nhiu lnh sp ti. Server IRC c th l mt my cng cngmt trong cc mng IRC, nhng cng c th l my chuyn dng do k tn cng ci tln mt trong cc my b chim quyn iu khin.

Cc bot chy trn my tnh b chim quyn iu khin, hnh thnh mtbotnet.

Mt v d c th

Hot ng ca k tn cng c th chia thnh bn giai on khc nhau: + To + Cuhnh + Tn cng + iu khin - Giai on To ph thuc ln vo k nng v i hi ca ktn cng. Nu l ngi b kho chuyn nghip, h c th cn nhc gia vic vit m botring hoc n gin ch l m rng, tu bin ci c. Lng bot c sn l rt ln v khnng cu hnh cao. Mt s cn cho php thao tc d dng hn qua mt giao dinho. Giai on ny khng c g kh khn, thng dnh cho nhng k mi vo ngh. -Giai on Cu hnh l cung cp server IRC v knh thng tin. Sau khi ci t lnmt my tnh c kim sot, bot s kt ni ti host c chn. u tin k tn cng nhpd liu cn thit vo gii hn quyn truy cp bot, bo v an ton cho knh v cuicng cung cp mt danh sch ngi dng c cp php (nhng ngi c th iu khinbot). giai on ny, bot c th c iu chnh su hn, nh nh ngha phng thc tncng v ch n.

- Giai on Tn cng l s dng nhiu k thut khc nhau pht tn bot, c trctip v gin tip. Hnh thc trc tip c th l khai thc l hng ca h iu hnhhoc dch v. Cn gin tip thng l trin khai mt s phn mm khc phc v chocng vic en ti, nh s dng file HTML d dng khai thc l hng InternetExplorer, s dng mt s phn mm c hi khc phn phi qua cc mng ngang hnghoc qua trao i file DCC (Direct ClienttoClient) trn IRC. Tn cng trctip thng c thc hin t ng thng qua cc su (worm). Tt c cng vic nhng suny phi lm l tm kim mng con trong h thng c l hng v chn m bot vo. Mih thng b xm phm sau s tip tc thc hin chng trnh tn cng, cho php k tncng ghi li ti nguyn dng trc v c c nhiu thi gian tm kim nn nhn khc.- C ch c dng phn phi bot l mt trong nhng l do chnh gy nn ci gi l tpnhiu nn Internet. Mt s cng chnh c dng cho Windows, c th l Windows2000, XP SP1 (xem Bng 1). Chng dng nh l ch ngm yu thch ca hacker, vrt d tm ra mt my tnh Windows cha c cp nht bn v y hoc khng ci t phnmm tng la. Trng hp ny cng rt ph bin vi ngi dng my tnh gia nh v ccdoanh nghip nh, nhng i tng thng b qua vn bo mt v lun kt ni Internetbng thng rng.

Cng Dch v42 WINS (Host Name Server)80 HTTP (l hng IIS hayApache)135 RPC (Remote Procedure Call) 137 NetBIOS Name Service 139NetBIOS Session Service 445 MicrosoftDSService1025 WindowsMessenger 1433 MicrosoftSQLServer 2745 Bagle worm backdoor3127MyDoom worm backdoor 3306 MySQL UDF (User Definable Functions) 5000UPnP (Universal Plug and Play)Danh sch cc cng gn vi l hng dch v-Giai on iu khin gm mt s hot ng thc hin sau khi bot c ci t ln my chtrong mt th mc chn. khi ng vi Windows, bot update cc kho ng k, thngthnglKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\.- Vic u tin bot thc hin sau khi c ci t thnh cng l kt ni ti mtserver IRC v lin kt vi knh iu khin thng qua s dng mt mt khu.Nickname trn IRC c to ngu nhin. Sau , bot trng thi sn sng ch lnh tng dng ch. K tn cng cng phi s dng mt mt khu kt ni ti botnet. iu nyl cn thit khng ai khc c th s dng mng botnet c cung cp.

- IRC khng ch cung cp phng tin iu khin hng trm bot m cn cho phpk tn cng s dng nhiu k thut khc nhau n nhn dng thc ca chng. iu khinvic i ph trc cc cuc tn cng tr nn kh khn. Nhng may mn l, do c im tnhin ca chng, cc botnet lun to ra lu lng ng ng, to iu kin d dng cth d tm nh mt s kiu mu hay m hnh bit. iu gip cc qun tr vin IRC phthin v can thip kp thi, cho php h g b cc mng botnet v nhng s lm dngkhng ng c trn h thng ca h. - Trc tnh hnh ny, nhng k tn cng buc phingh ra cch thc khc, ci tin k thut C&C (Control and Command - iukhin qua lnh) thnh botnet hardening. k thut mi ny, cc bot thng c cuhnh kt ni vi nhiu server khc nhau, s dng mt hostname nh x ng. Nh ,k tn cng c th chuyn bot sang server mi d dng, vn hon ton nm quynkim sot ngay c khi bot b pht hin. Cc dch v DNS ng nh dyndns.com hayno-IP.com thng c dng trong kiu tn cng ny. DNS ng - Mt DNS ng (nhRFC 2136) l mt h thng lin kt tn min vi a ch IP ng. Ngi dng kt niInternet qua modem, ADSL hoc cp thng khng c a ch IP c nh. Khi mt itng ngi dng kt ni ti Internet, nh cung cp dch v mng (ISP) s gn mt ach IP cha c s dng ly ra t vng c chn. a ch ny thng c gi nguyn cho tikhi ngi dng ngng s dng kt ni . - C ch ny gip cc hng cung cp dch vmng (ISP) tn dng c ti a kh nng khai thc a ch IP, nhng cn tr i tngngi dng cn thc hin mt s dch v no qua mng Internet trong thi giandi, song khng phi s dng a ch IP tnh. gii quyt vn ny, DNS ng c chora i. Hng cung cp s to cho dch v mt chng trnh chuyn dng, gi tn hiuti c s d liu DNS mi khi a ch IP ca ngi dng thay i.- n hot ng, knhIRC c cu hnh gii hn quyn truy cp v n thao tc. Cc m hnh IRC in hnhcho knh botnet l: +k (i hi phi nhp mt khu khi dng knh); +s (khng chin th trn danh sch cc knh cng cng); +u (ch c ngi iu hnh (operator)l c hin th trn danh sch ngi dng); +m (ch c ngi dng trng thi s dng mthanh +v mi c th gi tin n knh). Hu ht mi chuyn gia tn cng u dngserver IRC c nhn, m ho tt c lin lc trn knh dn. Chng cng c khuynhhng s dng nhiu bin th c nhn ho ca phn mm IRC server, c cu hnh nghetrn cc cng ngoi tiu chun v s dng phin bn c chnh sa ca giao thc, mtIRC client thng thng khng th kt ni vo mng.IV.5 - Cch phng chngBotnet:

- Botnet l mt mi e da ang ngy mt lan rng, tuy nhin chng ta cnhiu cch i ph gim c cc tc hi gy ra t n, chng ti s gii thiu 6 cch khchuyn nghip c th chng tr li c botnet.

5.a - Thu mt dch v lc Web- Dch v lc Web l mt trong nhng cch ttnht u tranh vi bot. Cc dch v ny qut website khi thy xut hin hnh vikhng bnh thng hoc c cc hnh ng m nguy him v kha site t ngi dng.

- Websense, Cyveillance v FaceTime Communications l cc v d inhnh. Tt c s kim tra Internet theo thi gian thc tm cc website b nghing c hnh ng nguy him nh ti JavaScript v cc tr la o khc ngoi ranhgii ca vic duyt web thng thng. Cyveillance v Support Intelligencecng cung cp dch v cho bit v cc t chc website v ISP pht hin l cmalware, v vy cc my ch b tn cng c th c sa cha kp thi.

5.b - Chuyn i trnh duyt- Mt cch khc ngn chn s xm nhp ca bot lkhng nn s dng mt trnh duyt. Internet Explorer hay Mozilla Firefox lhai trnh duyt ph bin nht v v vy chng cng l cc trnh duyt m malwaretp trung tn cng ti. Chng ta c th dng Apple Safari, Google Chrome,Opera, Netscape, ... Tng t nh vy i vi cc h iu hnh. Theo thng k thMacs l h iu hnh an ton vi botnet bi v hu ht chng u nhm vo Windows.Ngoi c th s dng h iu hnh h *nix ngn chn cc phn mm m c nh virus,trojan, spyware , sworm .... v cc phn mm m c ny ch chy trn h iu hnhph bin nht l Windows.

5.c - V hiu ha cc kch bn- Mt cch na l v hiu ha trnh duyt khi cckch bn ni chung (script), iu ny c th gy kh khn cho mt s nhn vin sdng ng dng ty chnh v da trn nn web trong cng vic ca h.

5.d - Trin khai cc h thng pht hin xm phm v ngn chn xm phm- Mtphng php khc l iu chnh cc IDS v ISP chng c th tm kim c cc hot ngtng t nh botnet.

- V d, mt my tnh no bt ng gp vn s c trn Internet Relay Chat lhon ton ng nghi ng. Cng ging nh vic kt ni vo cc a ch IP xa hoc a chDNS khng hp l. Tuy vn ny l kh pht hin nhng chng ta c cch pht gickhc khi pht hin thy s thu ht bt ng trong lu lng SSL trn mt my tnh,c bit trong cc cng khng bnh thng. iu c th l knh m botnet chim quyniu khin b kch hot.

- Chnh v vy chng ta cn mt ISP kim tra v nhng hnh vi khng bnhthng ch th cnh bo cc tn cng da trn HTTP v th tc gi t xa, Telnet- vgi mo giao thc gii php a ch, cc tn cng khc. Mc d vy chng ta phi nnch rng nhiu b cm bin ISP s dng pht hin da trn ch k, iu ngha l cc tncng ch c b sung vo c s d liu khi no chng c pht hin. Chnh v vy ccISP phi cp nht kp thi nhn ra c cc tn cng ny, bng khng b pht hin skhng cn gi tr.

5.e - Bo v ni dung c to bi ngi dng- Cc hot ng website ca ring bncng phi c bo v trnh tr thnh k tng phm khng ch tm i vi nhng k vitmalware. Cc blog cng cng v forum ca cng ty nn c hn ch ch dng vnbn.

- Nu site ca bn cn cho cc thnh vin trao i file th n phi c thitlp cho php cc kiu file c gii hn v m bo an ton, v d vi cc file c uim rng .jpeg hoc .mp3. (Tuy vy nhng k vit malware cng bt u nhm vo itng ngi chi MP3)

5.f - S dng cng c phn mm

- Nu bn pht hin thy my tnh b tim nhim m h thng khng c cch no ttnht gii quyt vi tnh hung ny. Bn khng phi lo s iu v cc cng ty nhSymantec xc nhn rng h c th pht hin v xa sch s tim nhim rootkit nguyhim nht. Cng ty ny a ra mt cng ngh mi trong Veritas, VxMS (Dch v bnha Veritas Veritas Mapping Service), a ra b qut chng virus b quaWindows File System API, thnh phn c iu khin bi h iu hnh c th gy ral hng bi mt rootkit. VxMS truy cp trc tip vo cc file th ca h thngWindows NT File System. Bn cnh cc hng phn mm chng virus khc cng angc gng trong vic chng li rootkit ny gm c McAfee v FSecure.

V Kt Lun : Nhn chung, tn cng t chi dch v khng qu kh thc hin,nhng rt kh phng chng do tnh bt ng v thng l phng chng trong th b ngkhi s vic ri. Vic i ph bng cch tng cng phn cng cng l gii php tt,nhng thng xuyn theo di pht hin v ngn chn kp thi ci gi tin IP t ccngun khng tin cy l hu hiu nht.

Ty m hnh, quy m c th ca h thng m c cc bin php bo v, phng chngkhc nhau.

Cc k thut trn ang v vn l vn nn nguy hi ln cho nn Internet toncu. C rt nhiu vic phi lm v chun b kim sot c chng. Chng ta phi cnhng bc i c th v mnh m hn cng khng ch loi hnh tn cng ny.

VI Ti Liu Tham Kho1 - Books:

[1] Tactical Perimeter Defense

[2] Slide An Ton Mng Th.s T Nguyn Nht Quang.

2 Internet :

[1] www.hvaonline.net

[2] - www.ceh.vn

[3] - www.24hcongnghe.net

[4] - www.wikipedia.org

Throttling

Drop Request

DDoS

Countermeasures

Detect and

Neutralize

handler

Detect and Prevent Agent

Detect/Prevent

Potential Attack

Mitigate/Stop

Attack

Deflect Attack

Post attack Forensic

Egress Filtering

MIB Statistic

Invidual

user

Network Service Provider

Install Software Patch

Build in defense

Cost

Traffic Pattern Analysis

Packet Traceback

Event Log

Honeyspots

Shadow Real Network

Study Attack

Load Balancing

36

Tấn công DOS DDOS DRDOS và BOTNET - [DOC Document] (2024)

References

Top Articles
Lebanese Baba Ganoush ~ Vegan Recipe
50 Weight Watchers Recipes
Ramy Abou Ghayda MD, MPH Doctor Profile & Reviews
MyChart | University Hospitals
8 Best Outer Banks NC Restaurants | Must-Try OBX Northern Beach Restaurants
The 10 Best Outerbanks Restaurants for Dining | Love the OBX
300Rmb To Usd
Pa Speedtest Rcn Net
UmbreitDigital – E-Books zum Download für PC, Mac, E-Reader und Tablet-PC
martha benavides esposa de lupe esparza
Latest Posts
Keto Cheat Sheet To Get Into Ketosis With Easy Recipes
Easy Poached Eggs Recipe
Article information

Author: Madonna Wisozk

Last Updated:

Views: 6511

Rating: 4.8 / 5 (48 voted)

Reviews: 95% of readers found this page helpful

Author information

Name: Madonna Wisozk

Birthday: 2001-02-23

Address: 656 Gerhold Summit, Sidneyberg, FL 78179-2512

Phone: +6742282696652

Job: Customer Banking Liaison

Hobby: Flower arranging, Yo-yoing, Tai chi, Rowing, Macrame, Urban exploration, Knife making

Introduction: My name is Madonna Wisozk, I am a attractive, healthy, thoughtful, faithful, open, vivacious, zany person who loves writing and wants to share my knowledge and understanding with you.