L hng bo mt DNS trn Internet v cch phng trnh

Cui thng 7/2008 PAVit nam mt cng ty chuyn cho thu v cung cp cc dch v hosting (qun l my ch), mail server (my ch gi mail),b tn cng khin hng lot cc website khch hng khng th truy cp nhiu ngy lin tc. y l v tn cng tn min ln nht t trc n gi ti Vit Nam, gy nn hu qu rt nghim trng: cc h thng mail khng th s dng trao i, cc thng tin v cc dch v khng th cung cp n vi khch hng, rt nhiu giao dch khng th thc hin,.V tn cng ny lm thc tnh cc nh cung cp dch v Internet (ISP - Internet Service Provider) trong vic bo mt h thng tn min DNS ( Domain Name System) v cng lm cho ngi ta lin tng n l hng bo mt trong DNS m chuyn gia Dan Kaminsky - Gim c Trung tm Penentration Testing ca Hng bo mt IOActive cng b u thng 7/2008. Bi vit ny s tp trung phn tch cch thc m h thng tn min (domain) ca cc my tnh trn Internet hot ng nh th no, nguy c b tn cng ra sao cng nh mt s gii php c cc chuyn gia trong v ngoi nc khuyn co s dng trong tnh hnh hin ti. 1. Nguyn l hot ng ca DNS v l hng bo mt trn Internet H thng tn min DNS (Domain Name System), l h thng qun l v tham chiu gia a ch IP ca my tnh vi tn ca chng (gi l tn min) trn Internet. Tt c cc ng dng trn mng Internet, mi my tnh c mt a ch IP duy nht gm cc ch s kh di (v d 160.78.219.144) v rt kh nh i vi hu ht ngi dng. Do mi my tnh ngoi a ch IP cn c ng k mt ci tn kh l d nh i vi ngi dng nh www.vnexpress.net, www.yahoo.com, www.tuoitre.com.vn , Chng ta c th rt quen vi cm t ng k tn min cho mt website no , y chnh l qu trnh t tn cho mt my tnh trn Internet (my cha website ). Cc tn ny c qun l bi h thng tn min DNS ca cc t chc cung cp dch v c thm quyn. V ngi ta thit lp nguyn l hot ng tn ca mt my tnh tm n ng vi a ch ca chng. V sao phi nh x gia 2 khi nim ny? Mt iu rt n gin l a ch IP mi thc s l ni cha cc ng dng, cc dch v, thng tin s cung cp cho ngi dng, thc hin cc yu cu ca ngi dng. Tn min ch l mt ci tn ngi dng d nh m thi. iu ny ging nh tn ca mt cng ty v a ch ca cng ty vy, bn nh tn ca cng ty ri v khi mun thc hin mt cng vic no lin quan th bn phi bit chnh xc

a ch cng ty u. Tt c qu trnh tham chiu a ch ny, c cc h thng DNS thc hin t ng v lin tc. C ch lm vic: Khi bn vo trang web www.vnexpress.net, my tnh bn ang s dng s hi my ch DNS (tc cc my ch qun l cc tn min c ng k trc , thng l do cc nh cung cp dch v Internet nh VDC, FPT qun l) a ch IP ca www.vnexpress.net l bao nhiu? My ch DNS ny s thc hin tm kim cc tn min trong b nh ca mnh v nu khng thy n s hi nhng my ch DNS khc, cui cng tm ra a IP l 210.245.0.22. Khi tm thy chnh xc tn v a ch IP, mi ln bn truy cp vo cc thng tin trn website www.vnexpress.net, my tnh bn ang s dng s kt ni vi my ch ca www.vnexpress.net v p ng cc yu cu ca bn. Vi cch hot ng nh trn, hacker s tn cng bng cch can thip vo qu trnh tham chiu gia a ch IP v tn min ca my ch DNS nhm tr v mt a ch IP sai lch nm trong s kim sot ca chng. Mc ch tn cng ca mi hacker rt khc nhau: khi h thng DNS b tn cng, bn c th truy cp sang mt trang web khng mong mun (c th trang web c hi, hoc nh v PAVietnam th khi g a ch www.nhac.vui.vn bn b a sang trang www.google.com.vn,....); bn c th b vo mt trang gi mo m khng bit vi giao din hon ton ging, sau khi bn in cc thng tin c nhn nh password, t hn na l cc thng tin lin quan n th tn dng,.khi tt c cc thng tin ny c hacker s dng v bn s mt tin, mt quyn truy cp vo ti khon ca mnh,; cc website ca doanh nghip c th khng hot ng c . K thut tn cng kiu ny gi l tn cng u c b nh cache DNS (DNS cache poisoning). Cch thc tn cng DNS cache poisoning c m t nh trong hnh v My tnh ca hacker gi hng lot yu cu phn gii a ch (DNS Requests) ti my ch phn gii a ch A (y l my b tn cng). Cc tn min cn phn gii c ngi hacker tnh ton sao cho my ch A khng th tm thy trong b nh ca n v buc phi chuyn tip (Request forwarding) cc yu cu ti my ch phn gii a ch B tip theo (my A v B cng ca mt t chc hoc cc t chc khc nhau nhng c thit lp lm vic c vi nhau). Mi trao i phn gii (tc l yu cu tm ng a ch IP cho mt tn min) gia A v B c xc thc thng qua mt m s giao dch TID (Transaction ID) ngu nhin. Tthut ton sinh ra cc m s ny, c thit lp sn cho cc my phn gii a ch.

Chuyn tip yu cu

Yu cu DNS

My phn gii a ch A (DNS server)

X
Phn hi

My phn gii a ch B (DNS server)

My tnh ca Hacker Phn hi gi Tuy nhin, im yu y chnh l vic s TID ny ch l mt s 16 bit (gi tr nh hn 65535) v mi trao i gia A v B u din ra trn mt cng c nh ca A. S d ni y l mt im yu bi v vi phm vi gi tr nh hn 65535 v cng giao dch c nh th hacker c th bit c chnh xc m s giao dch no ang c trao i gia A v B. Sau , trc khi my A kp nhn cc gi tin tr li rng a ch IP ca tn min m n yu cu tm kim t my B, hacker s gi lin tip cc gi tin gi mo (fake response) bn tin tr li ca my B (tc l mt a ch IP do hacker qun l) ti cng c nh ni trn ca A. Ch cn mt trong cc gi tin gi mo ny c TID trng vi TID m my A ang ch l my A chp nhn. Lc ny, gi tin tr li tht t my B (response) s khng c my A x l na, m my A s gi tr li cho my ngi dng mt a ch IP sai lch (ca hacker). Nh vy chng ta c th thy, chnh s trao i gia cc my ch DNS trong qu trnh phn gii tn min l mt l hng cc hacker can thip vo, kt qu l tr v cc ng dng khng mong mun ca khch hng, hoc cc ng dng n cp thng tin m khch hng khng h bit. Theo nh gi ca Dan Kaminsky c n 84% my ch m ng kim tra u dnh phi l hng nguy him ny. Cn hin ti cn 31% server c nguy c b tn cng v Vit Nam, tnh trng cc my ch DNS vn c nguy c b tn cng rt cao. 2. Tnh trng cc my ch DNS Vit Nam Ngay khi pht hin ra l hng ny, cc chuyn gia trn th gii lm vic vi nhau tm ra cc phng php sa li. Cc hng phn mm u c cung cp bng v li cho phn

mm my ch DNS ca h. Ti Vit Nam (tnh t u thng 7/2008) mc d cc bn v c pht hnh nhng tt c cc my ch DNS ca cc ISP Vit Nam nh FPT, VDC, Vietel,...u cha c v li. iu ny c ngha l tt c nhng ai (ngi dng c nhn, doanh nghip, t chc,) s dng dch v Internet (dial-up, ADSL hay leased line) ca cc ISP ny u c th b tn cng. in hnh nh v PAVit Nam, theo mt v lnh o ca cng ty ny, th vn xy ra do my ch pha FPT mt mt khu nn khng th phn gii c cc tn min. Tuy nhin nguyn nhn ch thc c phi nh vy khng th khng ai bit, v cng c phi do hacker tn cng vo c qu trnh phn gii tn min ca cc my ch DNS PAVit Nam? V ch c chnh nhng nh ISP mi bit iu g thc s xy ra. Mc ch ca v tn cng PA VitNam ch mang tnh cht cnh co cho cc nh qun l dch v Internet nn mc thit hi mi dng vic a sang cc website khc nh yahoo.com, google.com,) v sau y vi ngy th PAVitnam thit lp li vic phn gii ng cc website ny Thng 8/2008 Trung tm ng cu s c my tnh VNCERT (B Thng tin v Truyn thng) va pht i thng ip cnh bo nguy c tin tc li dng l hng ny ti 150 doanh nghip v cc phng tin truyn thng. c bit, VNCERT xp l hng ny mc , mc cnh bo cao nht vi nguy c an ninh mng c th lm gin on hot ng h thng mng Vit Nam (3 mc nguy c - vng - xanh). 3. V l hng DNS v mt s khuyn ngh cho ngi dng Trn th gii, ngay khi l hng ny c cng b, cc nh sn xut v cc t chc tm cch xy dng cc phn mm v l hng ny, nhng mt iu ng tic l song song vi n trn Internet cng xut hin phn mm khai thc l hng ny. Ngy 1/8/2008, Apple cho bit, sa li ca my ch BIND (Berkeley Internet Name Domain) DNS trong cc h iu hnh Mac OS X 10.4.11, Mac OS X Server 10.4.11, Mac OS X 10.5.4 v Mac OS X Server 10.5.4. Trc y cc hng khc nh Cisco, Microsoft a ra ming v ngay khi s tn ti ca l hng ny c tit l hm 8/7/2008. Chng ta c th hiu ming v l mt phn mm hoc mt on m c lp trnh qu trnh trao i phn gii tn min c bo mt hn v cc hacker khng th hoc rt kh n cp thng tin . Tuy nhin chng ta phi chp nhn mt iu l khng c g l tuyt i, ngay khi cc ming v ny c trin khai, hacker c th li tm ra nhng ch s h tn cng.

Ti Vit Nam, ngay sau cnh bo ca VNCERT, cng nh nh gi c mc nguy him ca l hng cht ngi ny cc nh cung cp dch v Internet nh VDC, Viettel, FPT... u khng nh cp nht bn v mi nht bt l hng trnh cho h thng my ch DNS ng trc nguy c b tin tc tn cng trn din rng Trung tm an ninh mng Bch khoa (Bkis) pht hnh chng trnh gip cc doanh nghip kim tra xem c l hng trong h thng my ch DNS hay khng (25/7). Sau hn mt ngy a ra chng trnh ny, ng Nguyn T Qung, Gim c Bkis cho bit c 167 doanh nghip kim tra h thng my ch DNS ca h bng chng trnh ca Bkis, trong s c 62% doanh nghip cha v l hng DNS Cn v pha ngi dng - tc l cc c nhn, doanh nghip c my ch t ti cc nh cung cp trn, c mt s khuyn ngh gim ti thiu s ri ro: i vi nhng ngi s dng, d l c nhn hay doanh nghip, th nn s dng tn min .vn. Bi ngoi vn c php lut Vit Nam bo v, th khi c nhng v vic tng t xy ra, chng ta s d dng v nhanh chng x l bi vic qun l h thng tn min .vn s ngay ti Vit Nam, do Trung tm Internet Vit Nam (VNNIC) trc tip x l mi s c. Khi chng ta d lin lc, d lm vic vi cc nh qun l hn. Trc khi chn nh cung cp dch v, chng ta cn phi tm hiu k chnh sch bo mt ca h v c s so snh tm ra n v tt nht. Trong trng hp c li, ngi qun tr mng cn xc nh h thng DNS ang s dng l phn mm ca nh sn xut no (Microsoft, Red Hat, hay Cisco) v chn bn v tng ng. Ngi dng c nhn nu truy cp website quen thuc nhng gp hin tng khng bnh thng cn yu cu h tr k thut ca ISP cng nh ci phn mm dit virus mi nht trnh nguy c b ly nhim cc chng trnh c hi.

Kt lun: Internet cng pht trin th cuc chin gia nhng k tn cng cc ng dng v ngi dng ngy cng c quan tm, gii quyt trit - du rng rt kh khn. Cc doanh nghip, c nhn cn thn trng hn trong vic kim sot cc thao tc ca mnh trn mng, ch ng cp nht cc thng tin, cc ng dng bo mt. i khi vic ny cn c tnh ton ngay t u khi chng ta bt u la chn tn min t ng .