{"id":7594,"date":"2016-05-06T09:09:27","date_gmt":"2016-05-06T07:09:27","guid":{"rendered":"https:\/\/ihs.com.tr\/blog\/?p=7594"},"modified":"2016-05-06T09:09:27","modified_gmt":"2016-05-06T07:09:27","slug":"kotu-amacli-yazilim-davranisi-dns-kayitlarindan-nasil-anlasilir","status":"publish","type":"post","link":"https:\/\/www.ihs.com.tr\/blog\/kotu-amacli-yazilim-davranisi-dns-kayitlarindan-nasil-anlasilir\/","title":{"rendered":"K\u00f6t\u00fc Ama\u00e7l\u0131 Yaz\u0131l\u0131m Davran\u0131\u015f\u0131 DNS Kay\u0131tlar\u0131ndan Nas\u0131l Anla\u015f\u0131l\u0131r"},"content":{"rendered":"

K\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131mlar\u0131n \u00e7o\u011funun Amerikan domainlerinden ve ABD internet sa\u011flay\u0131c\u0131lar\u0131ndan gelmesi \u015fa\u015f\u0131rt\u0131c\u0131 bir durum de\u011fil. Ancak, yak\u0131n tarihte yay\u0131nlanan Q4 Infoblox DNS Tehdit Endeksi<\/a>\u2019ne g\u00f6re k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131mlar\u0131n \u00e7o\u011funun altyap\u0131s\u0131, sald\u0131rganlar ba\u015fka yerlerde ya\u015fasa bile ABD veya Almanya\u2019da yer al\u0131yor. \u00a0<\/span><\/p>\n

Bu bulgulara biraz temkinli yakla\u015fmak gerekiyor \u00e7\u00fcnk\u00fc Infoblox\u2019\u0131n esas i\u015fi korumal\u0131 DNS hizmetleri. Yine de sonu\u00e7lara biraz daha yak\u0131ndan bakmakta fayda var.<\/span><\/p>\n

Siber su\u00e7lular k\u00f6t\u00fc ama\u00e7l\u0131 faaliyetleri i\u00e7in DNS hizmetlerinden faydalan\u0131yorlar. Fidye yaz\u0131l\u0131mlar yazmak, oltalama ve DOS sald\u0131r\u0131lar\u0131 yapmak ve domain g\u00f6lgeleme gibi ba\u015fka aktivitelerde bulunmak i\u00e7in ge\u00e7erli domainleri \u00e7alabiliyor veya ger\u00e7ek domainlere benzeyen (googel.com gibi) yeni domainler olu\u015fturabiliyorlar.<\/span><\/p>\n

Infoblox yapt\u0131\u011f\u0131 ara\u015ft\u0131rma i\u00e7in internet sa\u011flay\u0131c\u0131lar\u0131ndan, h\u00fck\u00fcmet birimlerinden ve a\u011f operat\u00f6rlerinden veri toplayarak k\u00f6t\u00fc ama\u00e7l\u0131 DNS aktivitelerini<\/strong> kategorize etmi\u015f. Bu bilgiye g\u00f6re k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m i\u00e7eren domainlerin %72\u2019si ABD\u2019de, %20\u2019si Almanya\u2019da bulunmakta.<\/span><\/p>\n

Raporda ABD\u2019deki hosting altyap\u0131s\u0131na<\/strong> girip k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m yerle\u015ftirmenin bir hayli kolay oldu\u011fu s\u00f6yleniyor ve \u201cBir domainin ABD veya Almanya\u2019da host edilmesi o domainin g\u00fcvenli oldu\u011fu anlam\u0131na gelmiyor,\u201d ifadesine yer veriliyor.<\/span><\/p>\n

Raporda ele al\u0131nan sorunlardan biri ise internet sa\u011flay\u0131c\u0131lar\u0131n\u0131n yasal mercilerden gelen temizleme taleplerine cevap vermede yava\u015f kalmalar\u0131.<\/span><\/p>\n

Infoblox ge\u00e7mi\u015fte DNS tehditleri endeksinde s\u00fcrekli tekrar eden ani art\u0131\u015flar g\u00f6zlemlemi\u015f. Teorilerine g\u00f6re siber su\u00e7lular bilgi toplamak ve yeni sald\u0131r\u0131lar haz\u0131rlamak i\u00e7in daha sakin zamanlar\u0131 tercih ediyor. Ne var ki endeks 2015\u2019in son \u00e7eyre\u011finde s\u00fcrekli artarak rekor seviyeye yakla\u015fm\u0131\u015f.<\/span><\/p>\n

Raporda \u201cBu durum geli\u015fmi\u015f ve e\u015fzamanl\u0131 sald\u0131r\u0131lar d\u00f6neminin ba\u015flad\u0131\u011f\u0131n\u0131 ve endeksi daha \u00f6nce hi\u00e7 g\u00f6r\u00fclmemi\u015f noktalara getirebilece\u011fini g\u00f6steriyor,\u201d deniyor.<\/span><\/p>\n

\"DNS<\/a><\/p>\n

Tehdit endeksindeki bu art\u0131\u015f\u0131n di\u011fer muhtemel sebeplerinden biri de Angler<\/strong> gibi exploit kitlerinin say\u0131s\u0131ndaki art\u0131\u015f ve son zamanlarda iyice pop\u00fclerle\u015fen RIG<\/strong> isimli eski bir kitin art\u0131k daha fazla kullan\u0131l\u0131yor olmas\u0131. Bu kitler yeni kurbanlar\u0131 hedef almay\u0131 ve yeni teknikler uygulayarak daha az becerili sald\u0131rganlar \u00fczerinden k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131mlar\u0131<\/a> yaymay\u0131 daha da kolayla\u015ft\u0131r\u0131yor.<\/span><\/p>\n

Infoblox raporunda \u201cBu durum exploit kitleri yenilendik\u00e7e ge\u00e7mi\u015f y\u0131llarda g\u00f6r\u00fclen tehditlerin \u00f6n\u00fcm\u00fczdeki y\u0131llar i\u00e7erisinde yeni bi\u00e7imlerde geri gelebilece\u011fini g\u00f6steriyor,\u201d ifadesiyle kullan\u0131c\u0131lar\u0131 uyar\u0131yor. Raporda \u201cExploit kitleri ve di\u011fer k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131mlar bir \u00fclkede geli\u015ftirilip ba\u015fka bir \u00fclkede sat\u0131labiliyor ve \u00fc\u00e7\u00fcnc\u00fc bir \u00fclkeden d\u00f6rd\u00fcnc\u00fc bir \u00fclkedeki sistemlere sald\u0131rmak i\u00e7in kullan\u0131labiliyor,\u201d ifadelerine yer verilmi\u015f.<\/span><\/p>\n

Rapordan \u00e7\u0131kar\u0131lacak ders bu exploit kitleriyle \u00e7ok fazla \u015fey yap\u0131labilece\u011fi. G\u00fcvenlik uzmanlar\u0131 mutlaka domainlerini ve DNS sunucular\u0131n\u0131 iyi bir \u015fekilde korumal\u0131 ve herhangi bir istismar olup olmad\u0131\u011f\u0131n\u0131 s\u00fcrekli takip etmeli. Geli\u015fmi\u015f tehditleri b\u00fcy\u00fck bir sorun haline gelmeden tespit edebilen \u00e7\u00f6z\u00fcmlere yat\u0131r\u0131m yapmakta da fayda var.<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"

K\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131mlar\u0131n \u00e7o\u011funun Amerikan domainlerinden ve ABD internet sa\u011flay\u0131c\u0131lar\u0131ndan gelmesi \u015fa\u015f\u0131rt\u0131c\u0131 bir durum de\u011fil. Ancak, yak\u0131n tarihte yay\u0131nlanan Q4 Infoblox DNS…<\/p>\n","protected":false},"author":3,"featured_media":7595,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-7594","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-haberler"],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/posts\/7594","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/comments?post=7594"}],"version-history":[{"count":4,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/posts\/7594\/revisions"}],"predecessor-version":[{"id":7615,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/posts\/7594\/revisions\/7615"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/media\/7595"}],"wp:attachment":[{"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/media?parent=7594"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/categories?post=7594"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/tags?post=7594"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}