1. Solve DOS attack production cases: Monitor the number of concurrent connections of an IP or PV reaches 100 in a short time according to the number of web logs or network connections, that is, call the firewall command to block the corresponding IP, and monitor the frequency every 5 minutes.
1. Scripting
[root@Centos8 ~]# cat deny.dos.sh #!/bin/bash LINK=100 while true;do ss -nt | awk -F"[[:space:]]+|:" '/^ESTAB/{print $(NF-2)}' | sort | tr "]" " " | uniq -c | while read count ip;do # Use read to assign values of standard output to count and ip variables. if [ $count -gt $LINK ];then iptables -A INPUT -s $ip -j REJECT echo "$ip Access denied\ " >> /root/test.txt fi done done
[root@Centos8 ~]# crontab -l PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin */5 * * * * /root/deny.dos.sh #Define a 5-minute step to execute the script every five minutes
2. Exercise Attack
[root@localhost ~]# ls anaconda-ks.cfg a.out flood flood_connect.c original-ks.cfg [root@localhost ~]# ./flood 10.0.0.8 Starting flood connect attack on 10.0.0.8 port 80 ^CAborted (made 0 successful connects)
3. View the firewall
[root@Centos8 ~]# iptables -vnL Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 2583 143K REJECT all -- * * 10.0.0.27 0.0.0.0/0 reject-with icmp-port-unreachable
2. Process of key exchange
2.1 Symmetric Encryption Algorithm
Symmetric encryption: Encryption and decryption use the same key. The encrypted ciphertext is used in the transmission process. During the data exchange process, the user will get the ciphertext decoded by the same key.
Characteristic:
Encryption and decryption use the same key with high efficiency
Divide the original data into fixed-size blocks and encrypt them one by one
Defects:
Too many keys
Key Distribution
Data source cannot be confirmed
2.2 Asymmetric Encryption Algorithms
Receiver generates public key/key pair: P and S, public key P, and secret key S. The sender encrypts the message M using the receiver's public key to send P(M) to the receiver receiver and decrypts it using the key S: M=S(P(M)).
2.3 Integrated Encryption
Method 1:Pb{Sa[hash(data)]+data} process
The sender ensures the integrity of the data by hashing the original text, generates a digital signature by encrypting the 128-byte digest of the original text with its own private key, packages the original text and the digital signature, and sends them to the recipient by tcp protocol with the recipient's public key encryption. The recipient decrypts the received cryptographic text with its own private key to get the digital signature and the text. By comparing the hash algorithm of the original text with a 128-byte digest obtained by decrypting the digital signature from the sender's public key, the data is guaranteed to be tampered with during transmission.
Method 2: Symmetric key {Sa[hash(data)]+data}+Pb(symmetric key)
3. Communication process of https
HTTPS protocol: is the combination of "http protocol" and "SSL/TLS protocol". HTTP over SSL or HTTP over TLS, which encrypts the text data of the http protocol and transmits it as binary
3.1 Structure
3.2 HTTPS working process
- Client Initiates HTTPS Request
The user enters an https web address in the browser and connects to port 443 of the server. - Server-side configuration
Servers that use the HTTPS protocol must have a set of digital certificates, either made by themselves or applied to the organization. The difference is that self-issued certificates require client verification to pass before they can continue to be accessed, whereas certificates applied for by trusted companies do not pop up a prompt page. This set of certificates is actually a public key and a private key. - Transfer the server's certificate to the client.
Certificates are actually public keys and contain a lot of information, such as the certificate issuing authority, expiration time, and so on. - Client Resolution Validation Server Certificate
This part of the work is done by the client's TLS, which first verifies whether the public key is valid, such as the issuing authority, expiration time, etc. If an exception is found, a warning box will pop up indicating that there is a problem with the certificate. If the certificate is OK, a random value is generated. The random value is then asymmetrically encrypted with the public key in the certificate. - Client will transfer encrypted information to server
This part transmits the random value encrypted by the certificate, so that the server can get this random value, and then the communication between client and server can be encrypted and decrypted by this random value. - Service-side decryption
After the server decrypts the encrypted information sent by the client with the server private key, it gets the random value from the client. - Server encrypts information and sends it
The server symmetrically encrypts the data using random values and sends it to the client. - Client receives and decrypts information
Clients use previously generated random values to decrypt the data coming from the service segment and obtain the decrypted content.
4. Use awk to get the first column of / ettc/passwd file separated by colons
[root@Centos8 ~]# awk -F: '{print $1}' /etc/passwd root bin daemon adm lp sync shutdown halt mail operator games ftp nobody dbus systemd-coredump systemd-resolve tss polkitd unbound sssd chrony sshd rngd lw rtkit pipewire postfix