{"id":865,"date":"2015-09-06T10:52:14","date_gmt":"2015-09-06T07:52:14","guid":{"rendered":"https:\/\/furkansandal.com\/bu-bir-dns-yazisidir\/"},"modified":"2015-09-06T11:20:02","modified_gmt":"2015-09-06T08:20:02","slug":"bu-bir-dns-yazisidir","status":"publish","type":"post","link":"https:\/\/furkansandal.com\/bu-bir-dns-yazisidir\/","title":{"rendered":"DNS Sald\u0131r\u0131 \u00c7e\u015fitleri ve Korunma T\u00fcrleri"},"content":{"rendered":"
<\/div>\n
\u0130nternet\u2019i kullan\u0131labilir hale getiren ve bir anlamda belkemi\u011fini olu\u015fturan DNS (Domain Name Server \u2013 Alanad\u0131 Sunucular\u0131) sald\u0131rganlar i\u00e7in de \u00f6nemli hedeflerdir.<\/span><\/div>\n
\u00a0<\/span><\/div>\n
\"\"<\/a><\/div>\n
\u00a0<\/span><\/div>\n
<\/div>\n
<\/div>\n
A\u015fa\u011f\u0131daki ekran g\u00f6r\u00fcnt\u00fcs\u00fcnde g\u00f6r\u00fclebilece\u011fi gibi \u00f6rnek olarak ele ald\u0131\u011f\u0131m yerlerden birisi web sayfas\u0131n\u0131 basit port taramalar\u0131na kar\u015f\u0131 korumaktad\u0131r. NMAP\u2019in hi\u00e7 bir parametre kullan\u0131lmadan yap\u0131lan taramalarda kulland\u0131\u011f\u0131 1000 port filtreli durumda ve sadece internet sayfas\u0131n\u0131n hizmet verebilmesi i\u00e7in ihtiya\u00e7 duydu\u011fu portlar g\u00f6rece a\u00e7\u0131k.<\/span><\/div>\n
\u00a0<\/span><\/div>\n
\"\"<\/a><\/div>\n
\u00a0<\/span><\/div>\n
Filmlerde g\u00f6sterilenin aksine hackerlar kolay yolu ararlar, bu durumda bu portlar\u0131 filtreleyen g\u00fcvenlik cihaz\u0131n\u0131 atlatmaya u\u011fra\u015fmaktansa daha kolay istismar edebilecekleri sald\u0131r\u0131 y\u00fczeyleri arayacaklard\u0131r. Sistem y\u00f6neticisi olarak kapatamad\u0131\u011f\u0131m\u0131z 3 ana nokta, do\u011fal alarak sald\u0131rganlar\u0131n ba\u015fl\u0131ca tercihleri olacakt\u0131r bunlar;<\/span><\/div>\n
\u00a0<\/span><\/div>\n
E-posta hizmeti: Sosyal m\u00fchendislik sald\u0131r\u0131lar\u0131 i\u00e7in \u00f6nemli vekt\u00f6rlerdir. E-posta sunucular\u0131n\u0131n do\u011fru konfig\u00fcre edilmedi\u011fi durumlarda ise sald\u0131rganlar, kurum e-posta kaynaklar\u0131n\u0131 kullanarak hem \u00fc\u00e7\u00fcnc\u00fc \u015fah\u0131slara sald\u0131rabilir (istenmeyen e-posta g\u00f6nderimi ve oltalama sald\u0131r\u0131lar\u0131), hem de kurumsal a\u011f, sistemler ve yap\u0131 hakk\u0131nda bilgi elde edebilirler.\u00a0 <\/span><\/div>\n
Web sayfalar\u0131 (web uygulamalar\u0131): Web sayfalar\u0131 \u00fczerindeki zafiyetleri istismar eden sald\u0131rganlar kurum bilgilerini ele ge\u00e7irebilir, itibar ve para kayb\u0131na yol a\u00e7abilir.\u00a0 <\/span><\/div>\n
<\/div>\n
DNS Tehditleri<\/b><\/span><\/div>\n
Sald\u0131rganlar DNS sunucular\u0131n\u0131 kullanarak 4 temel sald\u0131r\u0131 t\u00fcr\u00fcn\u00fc ger\u00e7ekle\u015ftirebilir.<\/span><\/div>\n
\u00a0<\/span><\/div>\n
Bilgi Toplama: \u00d6z\u00fcnde bir sald\u0131r\u0131 olmasa da hedef hakk\u0131nda bilgi toplamak ge\u00e7erli sald\u0131r\u0131lar\u0131 belirlemek, planlamak ve y\u00fcr\u00fctmek i\u00e7in \u00f6nemlidir. Sald\u0131rganlar hedefin d\u0131\u015far\u0131ya bakan a\u011f\u0131n\u0131 nas\u0131l d\u00fczenledi\u011fi ve y\u00f6netti\u011fini DNS \u00fczerinden bilgi toplayarak anlayabilir. <\/span><\/div>\n
\u00a0<\/span><\/div>\n
Hizmet d\u0131\u015f\u0131 b\u0131rakma: Alanad\u0131 sunucusuna kapasitesinin \u00e7ok \u00fcst\u00fcnde talep g\u00f6nderen sald\u0131rganlar hedef DNS sunucusunun i\u015f g\u00f6rmez hale gelmesine neden olabilir. <\/span><\/div>\n
\u00a0<\/span><\/div>\n
Sahte kaynaktan talep g\u00f6nderme: Yanl\u0131\u015f ayarlanm\u0131\u015f bir alanad\u0131 sunucusu ba\u015fka bir hedefe hizmet d\u0131\u015f\u0131 b\u0131rakma sald\u0131r\u0131s\u0131 d\u00fczenlenmek i\u00e7in kullan\u0131labilir. Sald\u0131rganlar\u0131n hedef a\u011fdan geliyor gibi d\u00fczenleyip g\u00f6nderece\u011fi paketlere cevap veren alanad\u0131 sunucusu istemeden kar\u015f\u0131daki sunucuyu hizmet veremez hale getirebilir. <\/span><\/div>\n
\u00a0<\/span><\/div>\n
\"\"<\/a><\/div>\n
\u00a0<\/span><\/div>\n
\u00a0<\/span><\/div>\n
Kay\u0131t y\u00f6nlendirme: Kurumdan \u00e7\u0131kan DNS taleplerini kendi kontrol\u00fcndeki bir sunucuya y\u00f6nlendiren sald\u0131rgan bu sayede kullan\u0131c\u0131lar\u0131 zararl\u0131 i\u00e7erik bar\u0131nd\u0131ran bir siteye veya sosyal m\u00fchendislik sald\u0131r\u0131lar\u0131na uygun olarak haz\u0131rlad\u0131\u011f\u0131 ba\u015fka bir siteye y\u00f6nlendirebilir. <\/span><\/div>\n
<\/div>\n
Yukar\u0131da portlar\u0131n\u0131 korudu\u011funuz bildi\u011fimiz hedefin Alanad\u0131 Sunucusuna sald\u0131rgan g\u00f6z\u00fcyle bakacak olursak a\u015fa\u011f\u0131daki bilgileri elde edebildi\u011fimizi g\u00f6rebiliriz.<\/span><\/div>\n
<\/div>\n
DNSSEC kurulu de\u011fil<\/b><\/span><\/div>\n
DNSSEC kullan\u0131lmad\u0131\u011f\u0131 durumlarda sald\u0131rganlar DNS trafi\u011fini yakalay\u0131p de\u011fi\u015ftirebilirler. A\u015fa\u011f\u0131daki 4 grafik DNSSEC kullanmayan bir sunucuya y\u00f6nelik d\u00fczenlenebilecek etkili bir sald\u0131r\u0131y\u0131 \u00f6zetlemektedir. <\/span><\/div>\n
<\/div>\n
Ad\u0131m 1: Kurban taray\u0131c\u0131n\u0131n adres \u00e7ubu\u011funa gitmekistedi\u011fimsite.com yazar ve taray\u0131c\u0131 bu sitenin IP adresini tespit edebilmek i\u00e7in DNS sunucusuna bir sorgu g\u00f6nderir. <\/span><\/div>\n
\u00a0<\/span><\/div>\n
\"\"<\/a><\/div>\n
<\/div>\n
Ad\u0131m 2: DNS sunucusu gerekli bilgilendirmeyi yaparak kurban\u0131 gitmek istedi\u011fi siteye y\u00f6nlendirir. <\/span><\/div>\n
\u00a0<\/span><\/div>\n
\"\"<\/a><\/div>\n
\u00a0<\/span><\/div>\n
<\/div>\n
Ad\u0131m 3: DNSSEC olmamas\u0131ndan faydalanan sald\u0131rgan DNS sorgular\u0131na m\u00fcdahale eder.<\/span><\/div>\n
\u00a0<\/span><\/div>\n
\"\"<\/a><\/div>\n
\u00a0<\/span><\/div>\n
<\/div>\n
Ad\u0131m 4: Kurban gitmekistedi\u011fimsite.com adresini yazmas\u0131na ra\u011fmen fark\u0131nda olmadan sald\u0131rgan taraf\u0131ndan haz\u0131rlanm\u0131\u015f siteye y\u00f6nlendirilir. <\/span><\/div>\n
\u00a0<\/span><\/div>\n
\"\"<\/a><\/div>\n
\u00a0<\/span><\/div>\n
\u00a0<\/span><\/div>\n
\u00a0<\/span>Cisco ve Lync kullan\u0131m\u0131<\/span><\/div>\n
A\u015fa\u011f\u0131daki ekran g\u00f6r\u00fcnt\u00fcs\u00fcnde g\u00f6r\u00fcld\u00fc\u011f\u00fc gibi \u00f6rnek olarak ele ald\u0131\u011f\u0131m \u015firket Cisco video konferans sistemi oldu\u011funu tahmin etti\u011fim (vcse. \u0130le ba\u015flayan aland\u0131 ve 5060\/5061 portlar\u0131n\u0131 ipucu olarak de\u011ferlendirerek y\u00fcr\u00fctt\u00fc\u011f\u00fcm bir tahmin) ve Microsoft LYNC\u2019i haberle\u015fme i\u00e7in kullan\u0131yorlar.<\/span><\/div>\n
\u00a0<\/span><\/div>\n
\"\"<\/a><\/div>\n
\u00a0<\/span><\/div>\n
\u0130lgin\u00e7 altalanadlar\u0131<\/span><\/div>\n
Smtp., test. Vpn. Gibi sald\u0131rgan a\u00e7\u0131s\u0131ndan ilgi \u00e7ekici olabilecek bir ka\u00e7 altalanad\u0131n\u0131n yan\u0131nda hedefin kulland\u0131\u011f\u0131 IP adresleri aral\u0131klar\u0131 hakk\u0131nda da bilgi sahibi olduk. <\/span><\/div>\n
\u00a0<\/span><\/div>\n
\"\"<\/a><\/div>\n
\u00a0<\/span><\/div>\n
\u00a0<\/span><\/div>\n
DNS g\u00fcvenli\u011fi konusunda \u00fclke olarak ne durumda oldu\u011fumuzu anlamak i\u00e7in 21 Bakanl\u0131k DNS sunucular\u0131 \u00fczerinde yapt\u0131\u011f\u0131m \u00e7al\u0131\u015fmada g\u00f6rd\u00fc\u011f\u00fcm \u015funlar oldu;<\/span><\/div>\n
<\/div>\n
21 Bakanl\u0131k i\u00e7erisinde;<\/span><\/div>\n
20 tanesinde DNSSEC kullan\u0131lmad\u0131\u011f\u0131n\u0131,<\/span><\/div>\n
5 tanesinin DNS sunucusunun d\u0131\u015far\u0131dan gelen isteklere cevap verdi\u011fi i\u00e7in ba\u015fka hedeflere kar\u015f\u0131 hizmet d\u0131\u015f\u0131 b\u0131rakma sald\u0131r\u0131lar\u0131nda kullan\u0131labilece\u011fini,<\/span><\/div>\n
3 tanesinde Microsoft Lync kullan\u0131ld\u0131\u011f\u0131n\u0131,<\/span><\/div>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

8 tanesinin internet \u00fczerinden telefon g\u00f6r\u00fc\u015fmesi yapt\u0131\u011f\u0131n\u0131 sadece DNS sorgular\u0131 arac\u0131l\u0131\u011f\u0131yla tespit etmek m\u00fcmk\u00fcn olmu\u015ftur. <\/span><\/div>\n
\u00a0<\/span><\/div>\n
DNS g\u00fcvenli\u011fi i\u00e7in \u00f6neriler:<\/b><\/span><\/div>\n
Alanad\u0131 sunucunuzun g\u00fcvenli\u011fini sa\u011flamak i\u00e7in kullanabilece\u011finiz tek bir hap ne yaz\u0131k ki yoktur. Bilgi g\u00fcvenli\u011fiyle ilgili di\u011fer b\u00fct\u00fcn konularda oldu\u011fu gibi gizlilik, b\u00fct\u00fcnl\u00fck ve eri\u015filebilirlik ba\u015fl\u0131klar\u0131 ayr\u0131 olarak de\u011ferlendirilmelidir. G\u00fcvenlik seviyesini h\u0131zl\u0131ca artt\u0131rman\u0131z\u0131 sa\u011flayacak baz\u0131 \u00f6neriler \u015funlar olabilir;<\/span><\/div>\n
DNS sunucunuz sadece kurumunuza hizmet etmelidir ve DNS sunucunuza sadece yetkisi olanlar eri\u015febilmelidir.<\/span><\/div>\n
DNS taleplerinin trafi\u011finin denetlenmesi gereklidir: Bu sayede hem DNS\u2019e gelebilecek sald\u0131r\u0131lar\u0131 fark eder hem de \u00a0sald\u0131rganlar\u0131n DNS t\u00fcneli benzeri y\u00f6ntemlerle kurum d\u0131\u015f\u0131na veri ka\u00e7\u0131rd\u0131\u011f\u0131n\u0131 tespit edebilirsiniz.<\/span><\/div>\n
DNS sunucular\u0131n\u0131z g\u00fcncel tutulmal\u0131d\u0131r: Di\u011fer b\u00fct\u00fcn sistemlerde oldu\u011fu gibi DNS yaz\u0131l\u0131mlar\u0131 i\u00e7in g\u00fcvenlik g\u00fcncellemeleri ve yamalar\u0131 yay\u0131nlan\u0131r, bunlar\u0131n zaman\u0131nda kurulmas\u0131 \u00e7ok \u00f6nemlidir. <\/span><\/div>\n
<\/div>\n
DNS sunucunuz \u00fczerinde \u00e7al\u0131\u015fan servisleri s\u0131n\u0131rlay\u0131n: DNS sunucunuz \u00fczerinde FTP, HTTP, SMTP gibi hizmetleri kald\u0131rmakta fayda var.<\/span><\/div>\n","protected":false},"excerpt":{"rendered":"

\u0130nternet\u2019i kullan\u0131labilir hale getiren ve bir anlamda belkemi\u011fini olu\u015fturan DNS (Domain Name Server \u2013 Alanad\u0131 Sunucular\u0131) sald\u0131rganlar i\u00e7in de \u00f6nemli…<\/p>\n","protected":false},"author":1,"featured_media":483,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_mi_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","footnotes":""},"categories":[6,1,9,10,3,7,11,4],"tags":[78,76,88,89,26,83,81,79,82,77,80,84,85,87,86],"aioseo_notices":[],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/furkansandal.com\/wp-content\/uploads\/2015\/08\/linux-ubuntu-wallpapers-31.jpeg?fit=1600%2C1200&ssl=1","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p6BM7I-dX","amp_enabled":true,"_links":{"self":[{"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/posts\/865"}],"collection":[{"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/comments?post=865"}],"version-history":[{"count":0,"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/posts\/865\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/media\/483"}],"wp:attachment":[{"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/media?parent=865"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/categories?post=865"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/tags?post=865"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}