DNS Güçlendirme Saldırısı RisN Analizi

6. ULUSLARARASI
%é/*é*µ9(1/éçéYH.5é372/2-é
.21)(5$16,
6th INTERNATIONAL
INFORMATION SECURITY & CRYPTOLOGY
CONFERENCE
'16*oOHQGLUPH6DOGÕUÕVÕ5LVN$QDOL]L
Devrim Seral
Özet—Son zamanlarda meydana gelen oRN E\N 'D÷ÕWÕN
Servis EngellePH 6DOGÕUÕODUÕQÕQ DUGÕQGD DNS JoOHQGLUPH
VDOGÕUÕODUÕQÕQ WHWLNoL ROGX÷X bilinmektedir. %X VDOGÕUÕ WU,
GD÷ÕWÕN VHUYLV HQJHOOHPH VDOGÕUÕODUÕQÕ IDUNOÕ D÷ODUGDNL
|]\LQHOHPH\H DoÕN '16 VXQXFXODUÕ DUDFÕ RODUDN NXOODQDUDN
yerine getirmektedir. Bu sistemlerin tespit edilerek
WDQÕPODQPDODUÕ X]XQ YH ]DKPHWOL ELU LúOHPGLU %X \]GHQ EX
oDOÕúPDGD, çDOÕúPD NPHVL RODUDN .X]H\ .ÕEUÕV 7UN
CumhuriyetiQGH IDDOL\HW J|VWHUHQ ELUL NDPX ROPDN ]HUH
WRSODPGDVHNL]DGHWøQWHUQHW6HUYLV6D÷OD\ÕFÕD÷ÕNXOODQÕOPÕúWÕU
GHOLúWLULOHQ ELU EHWLNOH EX D÷ODU ]HULQGH tespit edilen
|]\LQHOHPH\H DoÕN '16 VXQXFXODUÕ ile ilgili toplanan bilgiler
VXQXOPXúYH yaratabilecekleULULVNOHURUWD\DNRQPXúWXU
Anahtar Kelimeler—''R6'16'16*oOHQGLUPH6DOGÕUÕVÕ
Abstract— DNS amplification attacks are known as
perpetrator of WRGD\¶V very huge Distributed Denial of Service
attacks. This type of attack performs distributed denial of
service attack through open recursive DNS servers located in
different locations. Discovering and identifying open recursive
DNS servers are time consuming and troublesome process.
Therefore in this study we use eight Internet Service Provider
(One of them government internet provider) networks that
operate at Turkish Republic of Northern Cyprus as a working
set. A script developed to identifying and collecting information
for open recursive DNS servers that available in these networks
and risks that sourced by these systems expressed.
Index Terms—DDoS, DNS, DNS Amplification Attack
I. *ø5øù
ø
NTERNET NXOODQÕPÕQÕQVUHNOLRODUDNDUWPDVÕLOHELUOLNWH
VHUYLV YHUHQ NXUXP YH úLUNHWOHULQ HULúLOHELOLU ROPDVÕ
JLWWLNoH GDKD GD |QHPOL ELU KDOH JHOPLúWLU 7UNL\H¶GH 2013
\ÕOÕ LON o D\OÕN G|QHPGH JHQLú EDQW øQWHUQHW DERQHVL VD\ÕVÕ
PLO\RQNLúL\LDúPÕúYHEXDERQHOHULQJLELE\NELU
NÕVPÕQÕQ 8Mbps KÕ]D NDGDU ED÷ODQWÕ VXQDQ SDNHWOHUL WHUFLK
HWWLNOHUL J|UOPúWU >@ Ayni zamanda %DQNDODUDUDVÕ .DUW
Merkezi verilerine g|UH \ÕOÕ VRQXQD NDGDU ønternet
]HULQGHQ KDUFDQPDVÕ EHNOHQHQ SDUD PLNWDUÕ PLO\DU
7/¶ye ve \DSÕODQ LúOHP PLNWDUÕQÕQ GD PLO\RQX EXOPDVÕ
beklenmektedir [2]. 'Q\DQÕQ GL÷HU ONHOHULQGH GH ,78
(International Telecommunication Union) verilerinHJ|UH
PLO\DU NLúLQLQ JHQLú EDQW øQWHUQHW ED÷ODQWÕVÕQD VDKLS ROGX÷X
bilinmektedir [3]. 'L÷HU \DQGDQ \ÕOÕ LoLQGH e-ticaretin
WULO\RQ GRODUOÕN ELU E\NO÷H XODúDFD÷Õ WDKPLQ
edilmektedir [4]. %X ELOJLOHU ÕúÕ÷ÕQGD GQ\DQÕQ ELUoRN
ONHVLQGH Jerek NDPX JHUHNVH |]HO úLUNHWOHUin oHYULPLoL
hizmet VD\ÕVÕQÕ VUHNOL DUWÕUGÕ÷Õ NXúNX J|WUPH] ELU
JHUoHNWLU. BX NDGDU ID]OD HNRQRPLN E\NO÷H YH NXOODQÕFÕ
'HYULP 6HUDO 8OXVODUDUDVÕ .ÕEUÕV hQLYHUVLWHVL 0KHQGLVOLN )DNOWHVL
%LOLúLP 6LVWHPOHUL 0KHQGLVOL÷L /HINRúD-.ÕEUÕV¶WD |÷UHWLP \HVLGLU Hmail: [email protected])
20-21 September /Eylül 2013 | Ankara / TURKEY
VD\ÕVÕQD XODúDQ oHYULPLoL VHUYLVOHUH rekabetten, pazar
SD\ODúÕPÕQGDQ ve hatta siyasi yada politik nedenlerle sorun
oÕNDUPDN LVWH\HQOHULQ EXOXQPDVÕ NDoÕQÕOPD] ROPDNWDGÕU
øQWHUQHW]HULQGHQYerilen servislere HULúLPLHQJHOOHPHNLoLQ
NXOODQÕODQ HQ \D\JÕQ \|QWHPOHUGHQ ELUL Hizmet Engelleme
SDOGÕUÕODUÕGÕU (Denial of Service). %X WUGHNL VDOGÕUÕODUGD
VDOGÕUJDQ hizmeti veren sistemin D÷ ND\QDNODUÕQÕ yaGD GL÷HU
ND\QDNODUÕQÕ KDIÕ]D LúOHPFL GLVN YV WNHWHUHN JHUoHN
VLVWHP NXOODQÕFÕODUÕQÕQ øQWHUQHW VHUYLVOHULQH HULúLPLQL
engellemektedir [5]. Hizmet (QJHOOHPH 6DOGÕUÕODUÕQÕQ
JQP]GH HQ \D\JÕQ RODQÕ 'D÷ÕWÕN Hizmet Engelleme
6DOGÕUÕODUÕGÕU Distributed Denial of Service). 'D÷ÕWÕN
+L]PHW (QJHOOHPH 6DOGÕUÕODUÕ |]HOOLNOH |]HO úLUNHWOHUH VDDWWH
¶GDQ EDúOD\DQ PLNWDUODUGD mali ND\ÕSODUD QHGHQ
olabilmektedir [6]. %X WU VDOGÕUÕODU kurumlara mali
ND\ÕSODUÕQ\DQÕQGDayUÕFDSUHVWLMND\EÕQDda \RODoPDNWDGÕU
%X VDOGÕUÕODUÕQ QH WU VLVWHPOHUGHQ ND\QDNODQGÕ÷ÕQÕ ELOPHN
VDOGÕUÕODUÕ |QOHPHN \DGD HQJHOOHQHELOPHVLQH \DUGÕPFÕ
ROPDNWDGÕU gUQH÷LQ &ORXGIODUH úLUNHWLQLQ ELU PúWHULVLQH
\ÕOÕQÕQ (\OO D\ÕQGD *ESV E\NO÷H XODúDQ YH
'D÷ÕWÕN +L]PHW (QJHOOHPH 6DOGÕUÕVÕQÕQ ELU WU RODQ '16
*oOHQGLUPH (Domain Name System Amplification)
VDOGÕUÕVÕ ROGX÷X ILUPD WDUDIÕQGDQ WHVSLW HGLOPLúWLU [7]. DNS
*oOHQGLUPH VDOGÕUÕODUÕ LOH LOJLOL |QHPOL ELU X\DUÕGD 0DUW
¶GH Amerika BirleúLN 'HYOHWOHUL &(57¶GHQ &RPSXWHU
Emergency Readiness Team) JHOPLúWLU [8]. %X oDOÕúPDQÕQ
WHPHO DPDFÕ øQWHUQHW VHUYLVOHULQGH FLGGL NHVLQWL\H \RO
DoDELOHFHN '16 *oOHQGLUPH VDOGÕUÕVÕ KDNNÕQGD ELOJL
VXQDUDNEXVDOGÕUÕQÕQWHWLNoLRODUDNNXOODQGÕ÷Õ|]\LQHOHPH\e
DoÕN D÷ DODQ o|]POHPH VLVWHPOHUL LOH LOJLOL oDOÕúPD NPHVL
RODUDNNXOODQÕODQVHNL]DGHWøQWHUQHW6HUYLV6D÷OD\ÕFÕD÷ÕQGDQ
elde edilen bulgular SD\ODúÕODFDNWÕU. Makalenin bundan
VRQUDNL E|OPOHUL úX úHNLOGHGLU %|OPGH DNS
*oOHQGLUPH VDOGÕUÕVÕQÕQ oDOÕúPD \|QWHPL HOH DOÕQDFDN, 3.
%|OPGHEXVDOGÕUÕWUQQDUDFÕRODUDNNXOODQGÕ÷ÕDoÕNDODQ
DGÕ o|]FOHUL WHVSLWHWPHNLoLQJHOLúWLULOHQEHWLN YHoDOÕúPD
NPHVL DQODWÕODFDN %|OPGH HOGH HGLOHQ YHULOHU
SD\ODúÕODUDN ve son olarak 6RQXo NÕVPÕQGD EX EXOJXOar
GH÷HUOHQGLULOHFHNWLU.
II. DNS *hd/(1'ø50( SALDIRISI
%XE|OPGH|QFH'16VLVWHPLQLQoDOÕúPDVÕLOHLOJLOLJHQHO
ELOJL YHULOHFHN GDKD VRQUD '16 *oOHQGLUPH VDOGÕUÕVÕQÕQ
oDOÕúPD\|QWHPLDQODWÕODFDNWÕU
A. DNS Nedir?
DNS øQWHUQHWLQoDOÕúPDVÕQÕVD÷OD\DQJL]Oi kahramanlardan
biridir. DNS sisteminin WHPHO J|UHYL LVWHPFLOHUGHQ JHOHQ
DODQ DGÕ \DGD VLVWHP LVLPOHULQL ELOJLVD\DUODUÕQ DQOD\DFD÷Õ
DGUHVOHUH oHYLUPHNWLU [9]. Ayni zamanda gelen adres
ELOJLOHULQL LVLPOHUH GH oHYLUHELOLU %X VLVWHPOHU LVWHPFL
VXQXFX PLPDULVLQGH oDOÕúÕU YH LVWHN YH FHYDS ELOJLVLQL 8'3
83
Proceedings/Bildiriler Kitabı
6th INTERNATIONAL
INFORMATION SECURITY & CRYPTOLOGY
CONFERENCE
(UVHU'DWDJUDP3URWRFROSURWRNRONXOODQDUDN WDúÕU
'16VLVWHPOHULQLQ¶OL\ÕOODUGDQLWLEDUHQNXOODQÕOPD\D
EDúODQPDVÕQGDQ VRQUD VUHNOL RODUDN \HQLOHQPLú YH EX
DODQGD LON X\JXODPD %6' VLVWHPOHUL ]HULQGH JHOLúWirilen
%,1'\D]ÕOÕPÕROPXúWXU>@
B. '16*oOHQGLUPH6DOGÕUÕVÕ1HGLU"
øQWHUQHW NXOODQÕFÕ VD\ÕVÕ YH WUDIL÷LQLQ ¶OÕ \ÕOODUGD
DUWPD\DEDúODPDVÕ ile birlikte DNS sistemleri JLWWLNoH|QHP
ND]DQPÕúWÕU. %XQGDQ GROD\Õ DNS sistemlerinin oDOÕúPD
GR÷DVÕQGDQ JHOHQ DoÕNODU oÕNPD\D EDúODPÕúWÕU \ÕOÕQGD
Atkins ve Austein RFC 3833 belgesinde DNS sisteminin
]D\ÕIOÕNODUÕQÕQ analiziQL \DSPÕúODUGÕU >@ Bu belgenin
+L]PHW (QJHOOHPH 6DOGÕUÕODUÕ NÕVPÕQGD '16 *oOHQGLUPH
VDOGÕUÕVÕQÕQ \DSÕODELOHFH÷LQH GDLU ELOJL YHUPLúOerdir. 2006
\ÕOÕQGD \DSÕODQ GL÷HU bir oDOÕúPDGD '16 *oOHQGLUPH
VDOGÕUÕVÕQÕQ QDVÕO \DSÕODELOHFH÷L LOH LOJLOL D\UÕQWÕOÕ ELOJL
YHULOPLúWLU>@
'16*oOHQGLUPH6DOGÕUÕVÕLONHRODUDN6PXUIVDOGÕUÕVÕQÕQ
bir benzerini ,&03 LVWH÷L \HULQH DNS istek paketleri
kullanarak yerine getirmektedir [13]. '16 *oOHQGLUPH
6DOGÕUÕVÕQÕQ QDVÕO \DSÕOGÕ÷ÕQÕ ELU VHQDU\R LOH DQODWPDN GDKD
kolay olacakWÕU ùHNLO ¶GH '16 *oOHQGLUPH 6DOGÕUÕ
VHQDU\RVXQGD J|VWHULOGL÷L JLEL VDOGÕUJDQÕQ Botnet [14]
]HULQGHQbinlerce bilgisayarÕNRQWUROHWWL÷LQL %RWQHW¶HGDKLO
olan FLKD]ODUÕQ ND\QDN DGUHVOHULQL NXUEDQÕQ DGUHVL RODUDN
GH÷LúWLUHUHN binlerce DNS sorgusunu GÕúDUÕ |]\LQHOL
VRUJXODPD\D DoÕN '16 VXQXFXODUÕQD J|QGHUGL÷LQL
YDUVD\DOÕP %|\OH ELU VDOGÕUÕGD KHU ELU '16 LVWH÷LQLQ %\WH¶OÕN SDNHW ER\XWXQGD J|QGHULOHELOHFH÷LQL YDUVD\DUVDN
VRUJXODPD\DSÕODQVXQXFXODUH÷HU('16>@IRUPDWÕQGDLVH
FHYDEÕQER\XWX%\WH¶Õ DúDELOLU%XVD\HGH%\WH¶OÕN
ELULVWHNNDWJoOHQHUHNNXUEDQÕQDGUHVLQHJHULG|QHELOLU.
%|\OHFH %RWQHW ]HULQGHNL VDOGÕUÕ\D GDKLO RODQ KHU ELU
PDNLQHQLQ UHWWL÷L LVWH÷LQ NDWÕ NDGDU WUDILN NXUEDQÕQ
]HULQH\|QOHQGLULOHELOPHNWHGLU [16].
6. ULUSLARARASI
%é/*é*µ9(1/éçéYH.5é372/2-é
.21)(5$16,
x '16 VXQXFXODU H÷HU |]\LQHOHPH LúOHPLQL WP
LVWHPFLOHUH DoÕN WXWPDN ]RUXQGD\VD ELU LVWHPFLGHQ
JHOHQ LVWHN VD\ÕVÕ EHOLUOL RUDQÕQ ]HULQGH ROPDVÕ
durumda o istemciye cevap vermeyi kesebilir.
x øVWHPFLOHUHøQWHUQHWHULúLPLYHUHQVHUYLVVD÷OD\ÕFÕODUÕQ
IP KLOHNDUOÕ÷ÕQÕ VSRRILQJ
|QOH\LFL \|QWHPOHU
X\JXODPDVÕ
III. g=<ø1(/(0(<( $d,. DNS SUNUCU 7(63ø7ø
%X E|OPGH |]\LQHOHPH\H DoÕN '16 VXQXFXODUÕ tespit
etmek LoLQ JHOLúWLULOHQ EHWLN YH oDOÕúPD NPHVL HOH
DOÕQDFDNWÕU.
A. Yöntem
'16 *oOHQGLUPH 6DOGÕUÕODUÕQD olanak veren en temel
neden |]\LQHOHPH\H DoÕN '16 VXQXFXODUGÕU øQWHUQHW
]HULQGHNL KHUKDQJL %RWQHW D÷ÕQGDQ \DQOÕú \DSÕODQGÕUPD
\DGD EDúND QHGHQOHUOH VRUJX \DSDQ WP FLKD]ODUD
|]\LQHOHPHOLRODUDNFHYDSYHUHQEXWUGHNL'16VXQXFXODUÕ
GR÷UXGDQ EX 'D÷ÕWÕN 6HUYLV(QJHOOHPH6DOGÕUÕVÕQD\DUGÕPFÕ
ROPDNWDGÕU %X \]GHQ ùHNLO ¶GH DNÕú úHPDVÕ YHULOHQ ELU
EHWLN\DUGÕPÕLOHEXWUGHVDOGÕUÕODUDRODQDNYHUHQVunucular
ED]Õ|]HOOLNOHULQHJ|UHWHVSLWHGLOPLúOHUGLU
ùHNLOg]\LQHOHPH\HDoÕN'16VXQXFXODUÕWHVSLWHGHQEHWL÷LQDNÕúúHPDVÕ
ùHNLO'16*oOHQGLUPH6DOGÕUÕVHQDU\RVX
C. '16*oOHQGLUPH6DOGÕUÕVÕ 1DVÕO(QJHOOHQHELOLU"
'16 *oOHQGLUPH 6DOGÕUÕODUÕ DúD÷ÕGD YHULOHQ \|QWHPOHUOH
engellenebilir [12]:
x g]\LQHOHPH \DSDQ '16 VXQXFXODUÕQ VDGHFH KL]PHW
YHULOHQ LVWHPFL ,3 EORNODUÕQD FHYDS YHUHFHN úHNLOGH
\DSÕODQGÕUÕOPDVÕ
Proceedings/Bildiriler Kitabı
84
g]\LQHOHPH\H DoÕN '16 VXQXFXODUÕ WHVSLW HGHQ EHWL÷LQ
oDOÕúPDDGÕPODUÕDúD÷ÕGDNLJLELGLU
a) Betik, hedef olarak verilen sistemin DNS sorgu
portuna (UDP/53) NHQGLNRQWUROQGHROPDVÕPPNQ
ROPD\DQELUDODQDGÕLoLQgULVFRUJ'16LVWHPFLVL
LOH VRUJX J|QGHULU (÷HU KHGHI VLVWHP '16
VRUJXODUÕQD |]\LQHOHPHOL RODUDN FHYDS YHUL\RUVD EX
VLVWHP VDOGÕUÕ LoLQ X\JXQ RODUDN LúDUHWOHQLU &HYDS
YHUPL\RUVD EHWLN GL÷HU VLVWHPOHUL NRQWUROH GHvam
eder.
b) g]\LQHOHPHOL RODUDN FHYDS DOÕQDQ KHGHI VLVWHPLQ
GL÷HU NDUDNWHULVWLNOHULQL WHVSLW HWPHN LoLQ QPDS >17]
20-21 September /Eylül 2013 | Ankara / TURKEY
6. ULUSLARARASI
%é/*é*µ9(1/éçéYH.5é372/2-é
.21)(5$16,
6th INTERNATIONAL
INFORMATION SECURITY & CRYPTOLOGY
CONFERENCE
port tarama uygXODPDVÕ LOH ED]Õ |QHPOL SRUWODUÕ
WDUDQDUDNDOÕQDQVRQXoODUND\GHGLOLU
c) '16 VRUJXODPD DUDoODUÕ LOH &+$26 VÕQÕIÕ
NXOODQÕODUDNH÷HUPPNQVH'16VXQXFXQXQVUP
tespit edilir [18].
d) Yine hedef sunucunun HTTP (Hyper Text Transfer
3URWRFRO SRUWX DoÕNVD ZHE VXQXFXQXQ WU WHVSLW
edilir.
B. Betik dDOÕúPD.PHVL
g]\LQHOHPH\H DoÕN '16 VXQXFXODUÕ WHVSLW HWPHN ]DKPHWOL
YH X]XQ VUHQ ELU LúOHP ROPDVÕQGDQ GROD\Õ, EHWL÷LQ oDOÕúma
NPHVL olarak .X]H\ .ÕEUÕV 7UN &XPKXUL\HWL VÕQÕUODUÕ
LoLQGH IDDOL\HW J|VWHUHQ ELUL NDPX ROPDN ]HUH sekiz adet
øQWHUQHW6HUYLV6D÷OD\ÕFÕø66D÷ÕNXOODQÕOPÕúWÕU dDOÕúPDQÕQ
\DSÕOGÕ÷Õ EX D÷ODU PRELO øQWHUQHW KDEHUOHúPH GÕúÕQGDNL
\DNODúÕN RODUDN WP JHQLú EDQW øQWHUQHW DERQHOHULQL
NDSVDPDNWDGÕU Toplamda test edilen IP DGUHVLVD\ÕVÕ
DGHWROPXúWXU%HWLNoDOÕúPDVÕNRQWUROOELUúHNLOGH\DSÕODUDN
WHVW \DSÕODQ D÷ODUÕQ EX LúOHPL VDOGÕUÕ \DGD NHúLI RODUDN
DOJÕODPDPDVÕVD÷ODQPD\DoDOÕúÕOPÕúWÕU
TABLO I
$d,.32576$<,/$5,
Port
ftp
6D\Õ
138
telnet
111
ssh
51
smtp
http
14
157
Ms-term
server
Netbios
23
8
<LQH ùHNLO ¶GH DoÕN RODQ SRUWODUÕQ GL÷HUOHULQH J|UH
\]GHOLN GD÷OÕPÕ YHULOPLúWLU Bu bilJLOHU ÕúÕ÷ÕQGD
g]\LQHOHPH\HDoÕN'16VXQXFXLoHUHQEXVLVWHPOHUGH8'3
GÕúÕQGDD\UÕFDKWWSYHIWSGDKDVRQUDWHOQHWSRUWXQXQDoÕN
ROGX÷X WHVSLW HGLOPLúWLU KWWSWHOQHW YH VVK SRUWODUÕ EX
VLVWHPOHULQ X]DNWDQ \|QHWLOHELOLU \DGD \|QHWLOPH\H PVDLW
ROGXNODUÕQÕJ|VWHUPHNWHGLU)73SRUWXQXQDoÕNROPDVÕGDEX
VLVWHPOHULQ VDGHFH EDVLW X]DNWDQ \|QHWLOHELOLU VLVWHPOHU
ROPDGÕNODUÕQÕ EXQXQ \DQÕQGD NXUXOXP ELOJLOHULQLQ ya da
GH÷LúWLULOHELOLU ZHE VD\IDODUÕ JLEL KL]PHWOHU GH
YHUHELOGLNOHULQLJ|VWHUPHNWHGLU
IV. g=<ø1(/(0(<( $d,. DNS SUNUCU
BULGULARI
*HOLúWLULOHQ EHWLN LOH WRSODQDQ YHULOHU EX E|OPGH
verilecektir.
A. g]\LQHOHPH\H$oÕN'166XQXFXVX2UDQODUÕ
%|OP III¶GH D\UÕQWÕVÕ YHULOHQ EHWLN LOH \DSÕODQ DQDOL]OHU
VRQUDVÕWRSODPGD,3¶GHQROXúDQYHGH÷LúLNER\XWODUGD
D÷ODU LoHUHQ VHNL] D÷GD EXOXQDQ VLVWHPOHUGHQ VDGHFH ¶VL
\DGD ¶VL g]\LQHOHPH\H DoÕN '16 VXQXFX RODUDN
oDOÕúPDNWDGÕU%XRUDQùHNLO¶GHJ|VWHULOPLúWLU
ùHNLO6LVWHPOHU]HULQGHDoÕNRODQSRUWODU
C. HTTP Portu AoÕN6LVWHPOHUGHdDOÕúDQ:HE6XQXFX
7UOHUL
+773SRUWX7&3DoÕNRODQVLVWHPOHU ]HULQGH+773
LVWH÷LQHYHULOHQFHYDSEDúOÕ÷Ձ]HULQGH\DSÕODQDQDOL]VRQXFX
tespit edilen web VXQXFXWUOHUL7DEOR,,¶GHYHULOPLúWLU
TABLO II
:(%6818&87h5/(5ø
7U
Rom
Pager
Mini
httpd
MSIIS
Uc
httpd
Apache
Router
OS
Light
httpd
6D\Õ
41
22
12
7
5
45
2
ùHNLO¶GH:HEVXQXFXWUOHULQLQ\]GHOHULJ|VWHULOPHNWHGLU
ùHNLOg]\LQHOHPH\HDoÕN'16VXQXFXRUDQÕ
B. g]\LQHOHPH\H$oÕN6LVWHPOHUh]HULQGHNL'L÷HU$oÕN
Portlar
DGHW PDNLQH ]HULQGH '16 GÕúÕQGD oDOÕúDQ GL÷HU
VHUYLVOHUL GH WHVSLW HGHELOPHN ]HUH QPDS >@ SRUW WDUDPD
X\JXODPDVÕ LOH HQ ID]OD NXOODQÕODQ 7&3SRUWODUÕQGDQ¶GHQ
¶H NDGDU YH SRUWODUÕ ]HULQGH WDUDPD
\DSÕOPÕúWÕU Ayni zamanda YH 8'3 SRUWODUÕ GD
WDUDQPDVÕQD UD÷PHQ 8'3 SURWRNROQQ GR÷DVÕ JHUH÷L EX
SRUWODUÕQ GXUXPX KDNNÕQGD WDP DQODPÕ\OD GR÷UX ELU ELOJL
DOÕQDPDPÕúWÕU Tablo I¶GHQPDSLOHWHVWHGLOHQYHDoÕNROGX÷X
WHVSLWHGLOHQ7&3SRUWODUÕQVD\ÕODUÕJ|VWHULOPHNWHGLU
20-21 September /Eylül 2013 | Ankara / TURKEY
+773 JHUL G|Qú EDúOÕN ELOJLVLQGHQ VDGHFH VLVWHPLQ
ZHEVXQXFXWU|÷UHQLOHELOPLúWLU$QFDNLVtek sonucu cevap
RODUDNJHOHQVD\IDYHULOHUL]HULQGH\DSÕODQDQDOL]OHDGHW
VLVWHPLQ GH 0LNURWLN 5RXWHU26 LúOHWLP VLVWHPL ]HULQGH
oDOÕúWÕ÷Õ WHVSLW HGLOPLúWLU %XUDGD GLNNDW oHNLFL RODQ :HE
VXQXFXWUOHUL5RP3DJHU0LQL-KWWSGYH5RXWHU26úHNOLQGH
VÕUDODQPDNWDGÕU .HQGLQL 5RP3DJHU \DGD PLQL-httpd olarak
WDQÕWDQ VLVWHPOHU ]HULQH UDVWJHOH ZHE LVWHPFL LOH ED÷ODQWÕ
\DSÕOGÕ÷ÕQGD EX FLKD]ODUÕQ $'6/ PRGHP FLKD]ODUÕ \DGD
J|POVLVWHPOHUROGX÷XJ|UOPúWU5RXWHU26LVHJHQHOGH
NDEORVX] VLVWHPOHUGH NXOODQÕODQ |]HO J|PO VLVWHPOHULQ
LúOHWLPVLVWHPLGLU
85
Proceedings/Bildiriler Kitabı
'L÷HU
10
6. ULUSLARARASI
%é/*é*µ9(1/éçéYH.5é372/2-é
.21)(5$16,
6th INTERNATIONAL
INFORMATION SECURITY & CRYPTOLOGY
CONFERENCE
ùHNLO6LVWHPOHU]HULQGHoDOÕúDQ'16VUPOHULQLQRUDQODUÕ
ùHNLO6LVWHPOHU]HULQGHoDOÕúDQ+773VXQXFXWUOHUL
D. DNS sürümü kontrolü
'16VRUJXODPDDUDoODUÕLOH&+$26VÕQÕIÕNXOODQDUDN'16
SRUWX 8'3 DoÕN RODQ FLKD]ODUÕQ VUP ELOJLVL EHWLN LOH
VRUJXODQPÕúWÕU Tablo III¶GH WHVSLW HGLOHELOHQ VXQXFX WUOHUL
J|VWHULOPHNWHGLU 7HVSLW HGLOHQ VXQXFX WUOHULQH J|UH EX
FLKD]ODUÕQ ¶VL 8QL[ \DGD WUHYL FLKD]ODU YH ,6& Bind
VUPQ oDOÕúWÕUGÕ÷Õ J|UOPHNWHGLU øNL DGHW VXQXFX LVH
0LFURVRIW ILUPDVÕQÕQ ,,6 '16 VXQXFXVXQX oDOÕúWÕUPDNWDGÕU
Dns-masq sunucular ise '16 VRUJXODUÕQÕ \|Qlendirerek
\DSDQJHQHOGHJYHQOLNGXYDUÕVLVWHPOHUL]HULQGHNXOODQÕODQ
sistemlerdir. Geriye kalan '16 VXQXFXODUÕ ise, Bind
GÕúÕQGD PXKWHPHOHQ |]HO RODUDN J|PO VLVWHPOHU LoLQ
WDVDUODQPÕúELU'16VXQXFXVXoDOÕúWÕUPDNWDGÕU
7(ù(..h5
%X oDOÕúPDGD sistemlerini ve øQWHUQHW ED÷ODQWÕVÕQÕ
NXOODQPDPD L]LQ YHUHQ VD\ÕQ 0HKPHW $OSWUN¶H WHúHNNU
ederim.
KAYNAKLAR
TABLO III
'166818&87h5/(5ø
6HNW|UHO$UDúWÕUPDYH6WUDWHML*HOLúWLUPH%DúNDQOÕ÷Õ0DUW
ho$\OÕN3D]DU9HULOHUL5DSRUX>dHYULPLoL@%D÷ODQWÕDGUHVL
http://www.tk.gov.tr/kutuphane_ve_veribankasi/pazar_verileri/ucayli
k13_1.pdf
[2] %DQNDODUDUDVÕ .DUW 0HUNH]L +D]LUDQ +D]LUDQ $\OÕN
%OWHQL
>dHYULPLoL@
%D÷ODQWÕ
DGUHVL
http://www.bkm.com.tr/basin/bultenler/aylik_bulten_052013.pdf
[3] ,78 ,&7 )DFW )LJXUHV >dHYULPLoL@ %D÷ODQWÕ DGUHVL
http://www.itu.int/en/ITUD/Statistics/Documents/facts/ICTFactsFigures2013.pdf
[4] T. Fredriksson (2013,Nisan). E-commerce and Development Key
Trends
and
Issues
[Sunum].
%D÷ODQWÕ
DGUHVL
http://www.wto.org/english/tratop_e/devel_e/wkshop_apr13_e/fredrik
sson_ecommerce_e.pdf
[5] CMU-CERT (1997,Ekim). Denial Of Service Attacks >dHYULPLoL@
%D÷ODQWÕDGUHVLhttp://www.cert.org/tech_tips/denial_of_service.html
[6] Neustar (2013,Nisan). 2012 Annual DDOS Attack and Impact
Survey: A Year-to-Year AnalyVLV >dHYULPLoL@ %D÷ODQWÕ DGUHVL
http://www.neustar.biz/enterprise/docs/whitepapers/ddosprotection/2012-ddos-attacks-report.pdf
[7] M. Prince (2012(\OO+RZWROXQFKD*ESV DDoS, and How to
6WRS
2QH
>dHYULPLoL@
%D÷ODQWÕ
DGUHVL
http://blog.cloudflare.com/65gbps-ddos-no-problem
[8] US-CERT (2013,Mart). Alert (TA13-088A) DNS Amplification
DWWDFNV
>dHYULPLoL@
%D÷ODQWÕ
DGUHVL
http://www.uscert.gov/ncas/alerts/TA13-088A
[9] 3 0RFNDSHWULV .DVÕP 'RPDLQ 1DPHV – Concepts and
)DFLOLWLHV
>dHYULPLoL@
%D÷ODQWÕ
DGUHVL
http://tools.ietf.org/html/rfc882
[10] Douglas Brian Terry, Mark Painter, David W. Riggle and Songnian
Zhou, The Berkeley Internet Name Domain Server, Proceedings
USENIX Summer Conference, Salt Lake City, Utah, Haziran1984,
Sayfa 23-31.
[11] D. Atkins, R $XVWHLQ $÷XVtos). Threat Analysis of the
Domain Name System (DNS) >dHYULPLoL@ %D÷ODQWÕ DGUHVL
http://tools.ietf.org/html/rfc3833
[1]
Sunucu
Bind
9.3.x
Bind
9.5.x
Bind
9.7
Dns
masq
MS-IIS
6UP
Yok
6D\Õ
28
24
2
7
2
424
ùHNLO ¶GD g]\LQHOHPH\H DoÕN '16 VXQXFXODUÕQ WHVSLW
HGLOHQ'16VUPOHULQLQ\]GHOHUL J|VWHULOPHNWHGLU
V. 6218d
%X oDOÕúPDGD ..7&¶GH IDDOL\HW J|VWHUHQ ELUL NDPX
toplamGD VHNL] DGHW E\N øQWHUQHW 6HUYLV 6D÷OD\ÕFÕ D÷ÕQD
GDKLO RODQ ,3 QXPDUDVÕ ]HULQGH 'D÷ÕWÕN '16
*oOHQGLUPH 6DOGÕUÕVÕQD \DUGÕPFÕ RODELOHFHN g]\LQHOHPHOL
'16oD÷UÕVÕQDDoÕN'16VXQXFXODUÕWHVSLWHGLOPLúWLUTespit
edilen |]\LQHOHPH\H DoÕN DNS sunuculDUÕ KHU QH NDGDU GD
EWQLoLQGH¶OLNELURUDQGDROVD da, EXFLKD]ODUÕQKHUELUL
]HULQGHQ EHOLUOHQPLú ELU NXUEDQD GR÷UX 0ESV VDOGÕUÕ
\DSÕODELOLUVH, NXUEDQ ]HULQGH \DNODúÕN 0ESV¶OLN ELU
'D÷ÕWÕN 6HUYLV (QJHOOHPH 6DOGÕUÕVÕ JHUoHNOHúWLULOHELOLU %X
b\NONWH JHUoHNOHúWLULOHELOHFHN ELU VDOGÕUÕ FR÷UDI\DPÕ]GD
oR÷XúLUNHWYHNXUXPXQEDúHGHPH\HFH÷LELUWUDILNPLNWDUÕQÕ
ifade etmektedir. 'L÷HU \DQGDQ |]\LQHOHPH\H DoÕN '16
sistemlerinin, QH WU FLKD]ODU ROGXNODUÕ JHOLúWLULOHQ ELU EHWLN
ile tespit edilmeye oDOÕúÕOPÕúWÕU dDOÕúPDQÕQ G|UGQF
E|OPQGH D\UÕQWÕODUÕ GD YHULOGL÷L ]HUH |]\LQHOHPH\H DoÕN
'16 VXQXFXODUÕQ oRN E\N ELU NÕVPÕ |Q WDQÕPOÕ RODUDN
GÕúDUÕ GR÷UX '16 oD÷UÕVÕQD L]LQ YHUHQ J|PO VLVWHPOHUGLU
%XQODUÕQ GÕúÕQGD NDODQ '16 VXQXFXODUÕ LVH RSHUDW|UOHU
WDUDIÕQGDQ\DQOÕúRODUDN\DGDJHUHNVLQLPGHQGROD\Õ
Proceedings/Bildiriler Kitabı
\DSÕODQGÕUÕOPÕú VXQXFXODUGÕU %X VDOGÕUÕ WUQQ EDúDUÕOÕ
ROPDPDVÕLoLQDOÕQDFDNELULQFL|QOHP, RSHUDW|UOHULQNHQGLD÷
DGUHVOHULQL WDúÕPD\DQ DQFDN NHQGL D÷ODUÕQGDQ ND\QDNODQDQ
D÷ WUDILNOHULQL HQJHOOHPHOHUL LNLQFLVL LVH RSHUDW|UOHU
WDUDIÕQGDQ VRQ NXOODQÕFÕODUD VDWÕODQ \DGD YHULOHQ FLKD]ODUÕQ
\DSÕODQGÕUPD \DSÕOÕUNHQ \HUHO D÷ GÕúÕQGD '16 VRUJXODUÕQD
FHYDSYHUPHVLQLQHQJHOOHQPHVLLOHRODFDNWÕU
86
20-21 September /Eylül 2013 | Ankara / TURKEY
6th INTERNATIONAL
INFORMATION SECURITY & CRYPTOLOGY
CONFERENCE
6. ULUSLARARASI
%é/*é*µ9(1/éçéYH.5é372/2-é
.21)(5$16,
[12] R. Vaughn, G. Evron (2006). “DNS amplification attacks,”.
>dHYULPLoL@ %D÷ODQWÕ DGUHVL http://www.isotf.org/news/DNSAmplification-Attacks.pdf
[13] CMU-CERT (1998,Ocak). Alert (CA-1998-01) Smurf IP Denial-of6HUYLFH
$WWDFNV
>dHYULPLoL@
%D÷ODQWÕ
DGUHVL
http://www.cert.org/advisories/CA-1998-01.html
[14] % 0F&DUW\ ³%RWQHWV ELJ DQG ELJJHU´ Security & Privacy, IEEE
(Volume:1 , Issue: 4 ), s. 87-90, Haziran-$÷XVWRV 2003.
[15] P. Vixie, $÷XVWRV “Extension mechanisms for DNS
('16´
5)&-
>dHYULPLoL@
%D÷ODQWÕ
DGUHVL
http://www.ietf.org/rfc/rfc2671.txt
[16] S. Changhua, L. Bin, S. Lei, "Efficient and low-cost hardware
defense against DNS amplification attacks," in Proc. IEEE Global
7HOHFRPPXQLFDWLRQV&RQI*/2%(&20
$UDOÕNSS-5.
[17] G. F. Lyon. “Nmap Network Scanning: The Official Nmap Project
Guide to Network Discovery and Security Scanning” Insecure, 2009.
[18] S.Woolf, D. Conrad (2007, Haziran). Requirements for Mechanism
,GHQWLI\LQJ D 1DPH 6HUYHU ,QVWDQFH >dHYULPLoL@ %D÷ODQWÕ DGUHVL
http://tools.ietf.org/html/rfc4892
Devrim Seral \ÕOÕQGD .ÕEUÕV¶ÕQ /HINRúD úHKULQGH GR÷GX /LVDQV
H÷LWLPLQL$QNDUD¶GDEXOXQDQ*D]LhQLYHUVLWHVL7HNQLN(÷LWLP)DNOWHVLQGH
\ÕOÕQGD WDPDPODGÕNWDQ VRQUD D\QL QLYHUVLWHQLQ )HQ %LOLPOHUL
(QVWLWVQGHQ \ÕOÕQGD 0DVWHU YH \ÕOÕQGD 'RNWRU XQYDQODUÕQÕ
DODUDN PH]XQ ROGX 'RNWRUD H÷LWLPLQL VUGUG÷ VÕUDGD D\QÕ ]DPDQGD
özel seNW|UGH ELOLúLP DODQÕQGD 6LVWHP 0KHQGLVL YH øQWHUQHW 0KHQGLVL
RODUDN oDOÕúWÕ ùXEDW D\ÕQGD 8OXVODUDUDVÕ .ÕEUÕV hQLYHUVLWHVL
0KHQGLVOLN )DNOWHVLQGH |÷UHWLP J|UHYOLVL RODUDN DNDGHPLV\HQOLN
KD\DWÕQD JHUL G|QG ùX DQGD D\QL QLYHUVLWHQLQ %LOLúLP 6LVtemleri
0KHQGLVOL÷LE|OPEDúNDQOÕ÷ÕQÕVUGUPHNWHGLU
'U6HUDOøúOHWLP6LVWHPOHUL<N'HQJHOHPH$÷JYHQOL÷LJLELNRQXODUGD
oDOÕúPDNWD YH D\QL ]DPDQGD $VVRFLDWLRQ IRU &RPSXWLQJ 0DFKLQHU\ YH
,(((\HVLGLU
20-21 September /Eylül 2013 | Ankara / TURKEY
87
Proceedings/Bildiriler Kitabı