Ucwaningo lwakamuva lubonisa ukuthi kungenzeka kanjani ukuhlonza ukuxhumana okusebenzisa i-OpenVPN

Darkcrizt

Imizuzu ye-4

I-VPN Fingerprinting

Indlela yokuthola iseshini ye-OpenVPN

Ezihlokweni ezimayelana nokuvikeleka nokuba sengozini engizabe lapha kubhulogi, zivame ukusho ukuthi ayikho isistimu, i-hardware noma ukuqaliswa okuphephile, njengoba kungakhathaliseki ukuthi ibiza kangakanani ithembekile ngo-100%, izindaba mayelana nokukhubazeka okutholiwe kusibonisile. okuphambene ..

Isizathu sokubalula lokhu ukuthi muva nje a iqembu labacwaningi kusuka eNyuvesi yaseMichigan yenze ucwaningo ekuhlonzeni uxhumano lwe-VPN olusekelwe ku-OpenVPN, okusibonisa ukuthi ukusetshenziswa kwama-VPN akuqinisekisi ukuthi isibonelo sethu kunethiwekhi sivikelekile.

Indlela esetshenziswa abacwaningi ibizwa ngokuthi "Izigxivizo zeminwe ze-VPN", eqapha ithrafikhi yezokuthutha nakucwaningo olwenziwe Kutholwe izindlela ezintathu ezisebenzayo zokukhomba iphrothokholi ye-OpenVPN phakathi kwamanye amaphakethe enethiwekhi, angasetshenziswa ezinhlelweni zokuhlolwa kwethrafikhi ukuvimba amanethiwekhi abonakalayo asebenzisa i-OpenVPN.

Ezivivinyweni ezenziwe kunethiwekhi yomhlinzeki we-inthanethi i-Merit, enabasebenzisi abangaphezu kwesigidi, ibonise lokho Lezi zindlela zingakhomba u-85% wezikhathi ze-OpenVPN ngezinga eliphansi lezinto ezingamanga. Ukuze kwenziwe izivivinyo, kusetshenziswe isethi yamathuluzi athole ithrafikhi ye-OpenVPN ngesikhathi sangempela ngemodi yokungenzi lutho futhi yaqinisekisa ukunemba komphumela ngokuhlola okusebenzayo neseva. Ngesikhathi sokuhlolwa, i-analyzer edalwe abacwaningi iphathe ukugeleza kwethrafikhi ngamandla acishe abe ngu-20 Gbps.

Izindlela zokuhlonza ezisetshenzisiwe zisekelwe ekubonweni kwamaphethini athile we-OpenVPN kumaheda ephakethe angabhalwanga, osayizi bephakethe le-ACK nezimpendulo zeseva.

  • Ku Okokuqala, ixhunywe nephethini kunkambu "yekhodi yokusebenza".»kusihloko sephakethe ngesikhathi sesiteji sokuxoxisana, esishintsha ngokubikezela ngokuya ngokucushwa koxhumano. Ukuhlonza kufinyelelwa ngokuhlonza ukulandelana okuthile kwezinguquko ze-opcode kumaphakethe ambalwa okuqala okugeleza kwedatha.
  • Indlela yesibili isekelwe kusayizi othize wamaphakethe we-ACK esetshenziswa ku-OpenVPN phakathi nesiteji sokuxoxisana. Ukuhlonza kwenziwa ngokuqaphela ukuthi amaphakethe e-ACK osayizi onikeziwe avela kuphela ezingxenyeni ezithile zeseshini, njengalapho kuqaliswa uxhumano lwe-OpenVPN lapho iphakethe lokuqala le-ACK ngokuvamile liyiphakethe ledatha lesithathu elithunyelwa kuseshini.
  • El Indlela yesithathu ibandakanya ukuhlola okusebenzayo ngokucela ukusethwa kabusha koxhumano, lapho iseva ye-OpenVPN ithumela iphakethe elithile le-RST njengempendulo. Okubalulekile, lokhu kuhlola akusebenzi uma usebenzisa imodi ye-tls-auth, njengoba iseva ye-OpenVPN iziba izicelo ezivela kumakhasimende angagunyaziwe nge-TLS.

Imiphumela yocwaningo ibonise ukuthi umhlaziyi ukwazile ukuhlonza ngempumelelo ukuxhumana kwe-OpenVPN okungu-1.718 kokungu-2.000 okusungulwe iklayenti eliwumgunyathi kusetshenziswa ukulungiselelwa okujwayelekile kwe-OpenVPN okungu-40. Indlela isebenze ngempumelelo kwezingu-39 kwezingu-40 ezihloliwe. Ukwengeza, phakathi nezinsuku eziyisishiyagalombili zokuhlolwa, ingqikithi yamaseshini e-OpenVPN angu-3.638 akhonjwe kuthrafikhi yezokuthutha, lapho izikhathi ezingu-3.245 zaqinisekiswa njengezivumelekile.

Kubalulekile ukukuqaphela lokho Indlela ehlongozwayo inomkhawulo ophezulu wezinto ezingamanga ama-oda amathathu obukhulu amancane kunezindlela zangaphambilini ezisuselwe ekusetshenzisweni komshini wokufunda. Lokhu kuphakamisa ukuthi izindlela ezakhiwe abacwaningi baseNyuvesi yaseMichigan zinembe kakhulu futhi zisebenza kahle ekuhlonzeni ukuxhumana kwe-OpenVPN kuthrafikhi yenethiwekhi.

Ukusebenza kwezindlela zokuvikela ukuhogela kwethrafikhi ye-OpenVPN ezinsizeni zezentengiso kwahlaziywa ngokuhlolwa okuhlukene. Ezinsizeni ezingama-41 ze-VPN ezihloliwe ezisebenzisa izindlela zokuvala zethrafikhi ze-OpenVPN, ithrafikhi ikhonjwe ezimeni ezingama-34. Amasevisi angazange abonwe asebenzise izendlalelo ezengeziwe phezulu kwe-OpenVPN ukufihla ithrafikhi, njengokudlulisa ithrafikhi ye-OpenVPN ngomhubhe owengeziwe obethelwe. Iningi lezinsizakalo zakhombe ngempumelelo ukuhlanekezelwa kwethrafikhi ye-XOR esetshenzisiwe, izendlalelo ezengeziwe ze-obfuscation ngaphandle kokuphediswa kwethrafikhi okungahleliwe okwanele, noma ukuba khona kwezinsizakalo ze-OpenVPN ezingafihli kuseva efanayo.

Uma ungathanda ukufunda okwengeziwe ngayo, ungathintana nemininingwane kokuthi isixhumanisi esilandelayo.


Shiya umbono wakho

Ikheli lakho le ngeke ishicilelwe. Ezidingekayo ibhalwe nge *

*

*

  1. Ubhekele imininingwane: Miguel Ángel Gatón
  2. Inhloso yedatha: Lawula Ugaxekile, ukuphathwa kwamazwana.
  3. Ukusemthethweni: Imvume yakho
  4. Ukuxhumana kwemininingwane: Imininingwane ngeke idluliselwe kubantu besithathu ngaphandle kwesibopho esisemthethweni.
  5. Isitoreji sedatha: Idatabase ebanjwe yi-Occentus Networks (EU)
  6. Amalungelo: Nganoma yisiphi isikhathi ungakhawulela, uthole futhi ususe imininingwane yakho.