{"id":476968,"date":"2023-08-09T09:05:36","date_gmt":"2023-08-09T09:05:36","guid":{"rendered":""},"modified":"2023-09-05T11:13:46","modified_gmt":"2023-09-05T11:13:46","slug":"domain-fluxing","status":"publish","type":"wiki","link":"https:\/\/oneproxy.pro\/tr\/wiki\/domain-fluxing\/","title":{"rendered":"Etki alan\u0131 ak\u0131\u015f\u0131"},"content":{"rendered":"

Fast Flux olarak da bilinen alan ad\u0131 ak\u0131\u015f\u0131, tespitten ka\u00e7\u0131nmak, yay\u0131ndan kald\u0131rmalara kar\u015f\u0131 dayan\u0131kl\u0131l\u0131\u011f\u0131 art\u0131rmak ve k\u00f6t\u00fc ama\u00e7l\u0131 veya ba\u015fka \u015fekilde istenmeyen \u00e7evrimi\u00e7i hizmetlerin s\u00fcrekli kullan\u0131labilirli\u011fini korumak amac\u0131yla bir alan ad\u0131yla ili\u015fkili IP adreslerini h\u0131zla de\u011fi\u015ftirmek i\u00e7in kullan\u0131lan bir tekniktir. Bu uygulama, siber su\u00e7lular taraf\u0131ndan k\u00f6t\u00fc ama\u00e7l\u0131 web sitelerini bar\u0131nd\u0131rmak, k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m da\u011f\u0131tmak ve kimlik av\u0131 sald\u0131r\u0131lar\u0131 ba\u015flatmak i\u00e7in yayg\u0131n olarak kullan\u0131lmaktad\u0131r.<\/p>\n

Etki Alan\u0131 ak\u0131\u015f\u0131n\u0131n k\u00f6keninin tarihi ve bundan ilk s\u00f6z.<\/h2>\n

Etki alan\u0131 ak\u0131\u015f\u0131 ilk olarak 2000'li y\u0131llar\u0131n ba\u015f\u0131nda siber g\u00fcvenlik uzmanlar\u0131n\u0131n IP adreslerine g\u00f6re k\u00f6t\u00fc ama\u00e7l\u0131 web sitelerini kara listeye alma ve engelleme \u00e7abalar\u0131na yan\u0131t olarak ortaya \u00e7\u0131kt\u0131. Siber su\u00e7lular, k\u00f6t\u00fc ama\u00e7l\u0131 altyap\u0131lar\u0131n\u0131n \u00f6mr\u00fcn\u00fc uzatman\u0131n ve g\u00fcvenlik \u00e7\u00f6z\u00fcmleri taraf\u0131ndan tespit edilmekten ka\u00e7\u0131nman\u0131n yollar\u0131n\u0131 arad\u0131k\u00e7a bu teknik \u00f6nem kazand\u0131.<\/p>\n

Etki alan\u0131 ak\u0131\u015f\u0131ndan bilinen ilk s\u00f6z, Storm Worm botnet'inin komuta ve kontrol altyap\u0131s\u0131n\u0131 s\u00fcrd\u00fcrmek i\u00e7in bu tekni\u011fi kulland\u0131\u011f\u0131 2007 y\u0131l\u0131na kadar uzan\u0131yor. Etki alan\u0131 de\u011fi\u015ftirmenin kullan\u0131lmas\u0131, botnet'in bar\u0131nd\u0131rma konumlar\u0131n\u0131 s\u00fcrekli olarak de\u011fi\u015ftirmesine olanak tan\u0131d\u0131 ve bu da g\u00fcvenlik ara\u015ft\u0131rmac\u0131lar\u0131n\u0131n ve yetkililerin onu etkili bir \u015fekilde kapatmas\u0131n\u0131 zorla\u015ft\u0131rd\u0131.<\/p>\n

Etki alan\u0131 ak\u0131\u015f\u0131 hakk\u0131nda ayr\u0131nt\u0131l\u0131 bilgi. Etki alan\u0131 ak\u0131\u015f\u0131 konusunu geni\u015fletme.<\/h2>\n

Etki alan\u0131 ak\u0131\u015f\u0131 asl\u0131nda DNS tabanl\u0131 bir ka\u00e7\u0131rma tekni\u011fidir. Geleneksel web sitelerinin alan ad\u0131 ile IP adresi aras\u0131nda statik bir ili\u015fkisi vard\u0131r; bu, alan ad\u0131n\u0131n sabit bir IP adresine i\u015faret etti\u011fi anlam\u0131na gelir. Buna kar\u015f\u0131l\u0131k, etki alan\u0131 ak\u0131\u015f\u0131, bir etki alan\u0131 ad\u0131 ile birden \u00e7ok IP adresi aras\u0131nda s\u00fcrekli de\u011fi\u015fen bir ili\u015fki yarat\u0131r.<\/p>\n

Bir alan ad\u0131na ba\u011fl\u0131 tek bir IP adresine sahip olmak yerine, alan ad\u0131 ak\u0131\u015f\u0131 birden fazla IP adresi ayarlar ve DNS kay\u0131tlar\u0131n\u0131 s\u0131k s\u0131k de\u011fi\u015ftirerek, alan\u0131n h\u0131zl\u0131 aral\u0131klarla farkl\u0131 IP adreslerine \u00e7\u00f6z\u00fcmlenmesini sa\u011flar. De\u011fi\u015fim h\u0131z\u0131 birka\u00e7 dakikada bir olabilecek kadar s\u0131k olabilir, bu da geleneksel g\u00fcvenlik \u00e7\u00f6z\u00fcmlerinin k\u00f6t\u00fc ama\u00e7l\u0131 altyap\u0131ya eri\u015fimi engellemesini son derece zorla\u015ft\u0131r\u0131r.<\/p>\n

Etki alan\u0131 ak\u0131\u015f\u0131n\u0131n i\u00e7 yap\u0131s\u0131. Etki alan\u0131 ak\u0131\u015f\u0131 nas\u0131l \u00e7al\u0131\u015f\u0131r?<\/h2>\n

Etki alan\u0131 ak\u0131\u015f\u0131, dinamik ve ka\u00e7\u0131nma davran\u0131\u015f\u0131na ula\u015fmak i\u00e7in birlikte \u00e7al\u0131\u015fan birden fazla bile\u015feni i\u00e7erir. Anahtar bile\u015fenler \u015funlard\u0131r:<\/p>\n

    \n
  1. \n

    Botnet veya K\u00f6t\u00fc Ama\u00e7l\u0131 Altyap\u0131:<\/strong> Etki alan\u0131 de\u011fi\u015ftirme tekni\u011fi, ger\u00e7ek zararl\u0131 i\u00e7erik veya hizmetleri bar\u0131nd\u0131ran botnet'ler veya di\u011fer k\u00f6t\u00fc ama\u00e7l\u0131 altyap\u0131larla birlikte yayg\u0131n olarak kullan\u0131l\u0131r.<\/p>\n<\/li>\n

  2. \n

    Alan Ad\u0131 Kay\u0131t \u015eirketi ve DNS Kurulumu:<\/strong> Siber su\u00e7lular bir alan ad\u0131 kaydeder ve alan ad\u0131 ile birden fazla IP adresini ili\u015fkilendirerek DNS kay\u0131tlar\u0131n\u0131 kurar.<\/p>\n<\/li>\n

  3. \n

    Etki Alan\u0131 Ak\u0131\u015f Algoritmas\u0131:<\/strong> Bu algoritma, DNS kay\u0131tlar\u0131n\u0131n ne s\u0131kl\u0131kta de\u011fi\u015ftirilece\u011fini ve kullan\u0131lacak IP adreslerinin se\u00e7imini belirler. Algoritma genellikle botnet'in komuta ve kontrol sunucusu taraf\u0131ndan kontrol edilir.<\/p>\n<\/li>\n

  4. \n

    Komuta ve Kontrol (C&C) Sunucusu:<\/strong> C&C sunucusu etki alan\u0131 de\u011fi\u015ftirme s\u00fcrecini d\u00fczenler. Botnet'teki botlara, belirli aral\u0131klarla alan ad\u0131 i\u00e7in hangi IP adreslerinin kullan\u0131laca\u011f\u0131n\u0131 bildiren talimatlar g\u00f6nderir.<\/p>\n<\/li>\n

  5. \n

    Botlar:<\/strong> Botnet i\u00e7indeki, C&C sunucusu taraf\u0131ndan kontrol edilen, g\u00fcvenli\u011fi ihlal edilmi\u015f makineler, DNS sorgular\u0131n\u0131 ba\u015flatmaktan ve k\u00f6t\u00fc ama\u00e7l\u0131 i\u00e7eri\u011fi bar\u0131nd\u0131rmaktan sorumludur.<\/p>\n<\/li>\n<\/ol>\n

    Bir kullan\u0131c\u0131 k\u00f6t\u00fc ama\u00e7l\u0131 etki alan\u0131na eri\u015fmeye \u00e7al\u0131\u015ft\u0131\u011f\u0131nda, DNS sorgusu etki alan\u0131yla ili\u015fkili birden fazla IP adresinden birini d\u00f6nd\u00fcr\u00fcr. DNS kay\u0131tlar\u0131 h\u0131zla de\u011fi\u015fti\u011finden, kullan\u0131c\u0131n\u0131n g\u00f6rd\u00fc\u011f\u00fc IP adresi de de\u011fi\u015fmeye devam ediyor ve bu da k\u00f6t\u00fc ama\u00e7l\u0131 i\u00e7eri\u011fe eri\u015fimin etkili bir \u015fekilde engellenmesini zorla\u015ft\u0131r\u0131yor.<\/p>\n

    Etki alan\u0131 ak\u0131\u015f\u0131n\u0131n temel \u00f6zelliklerinin analizi.<\/h2>\n

    Etki alan\u0131 ak\u0131\u015f\u0131, onu k\u00f6t\u00fc niyetli akt\u00f6rler i\u00e7in tercih edilen bir teknik haline getiren \u00e7e\u015fitli temel \u00f6zelliklere sahiptir:<\/p>\n

      \n
    1. \n

      Tespitten Ka\u00e7\u0131nma:<\/strong> Etki alan\u0131 ak\u0131\u015f\u0131, IP adreslerini s\u00fcrekli de\u011fi\u015ftirerek, geleneksel IP tabanl\u0131 kara listelerden ve imza tabanl\u0131 alg\u0131lama sistemlerinden ka\u00e7\u0131n\u0131r.<\/p>\n<\/li>\n

    2. \n

      Y\u00fcksek Esneklik:<\/strong> Tek bir IP adresinin kapat\u0131lmas\u0131 k\u00f6t\u00fc ama\u00e7l\u0131 hizmete eri\u015fimi kesintiye u\u011fratmayaca\u011f\u0131ndan, teknik, yay\u0131ndan kald\u0131rma \u00e7abalar\u0131na kar\u015f\u0131 y\u00fcksek esneklik sa\u011flar.<\/p>\n<\/li>\n

    3. \n

      S\u00fcrekli Kullan\u0131labilirlik:<\/strong> Etki alan\u0131 ak\u0131\u015f\u0131, k\u00f6t\u00fc ama\u00e7l\u0131 altyap\u0131n\u0131n s\u00fcrekli kullan\u0131labilirli\u011fini sa\u011flayarak botnet operasyonlar\u0131n\u0131n kesintisiz olarak devam edebilmesini sa\u011flar.<\/p>\n<\/li>\n

    4. \n

      Art\u0131kl\u0131k:<\/strong> Birden fazla IP adresi, yedek bar\u0131nd\u0131rma konumlar\u0131 g\u00f6revi g\u00f6rerek, baz\u0131 IP adresleri engellense bile k\u00f6t\u00fc ama\u00e7l\u0131 hizmetin eri\u015filebilir kalmas\u0131n\u0131 sa\u011flar.<\/p>\n<\/li>\n<\/ol>\n

      Alan Ak\u0131s\u0131 T\u00fcrleri<\/h2>\n

      Etki alan\u0131 ak\u0131\u015f\u0131 iki ana t\u00fcre ayr\u0131labilir: Tek Ak\u0131<\/strong> Ve \u00c7ift Ak\u0131<\/strong>.<\/p>\n

      Tek Ak\u0131<\/h3>\n

      Single Flux'ta alan ad\u0131 s\u00fcrekli olarak de\u011fi\u015fen bir IP adresi k\u00fcmesine \u00e7\u00f6z\u00fcmlenir. Ancak alan ad\u0131n\u0131n yetkili ad sunucusu sabit kal\u0131r. Bu, alan ad\u0131na ait NS (Ad Sunucusu) kay\u0131tlar\u0131n\u0131n de\u011fi\u015fmedi\u011fi ancak IP adreslerini belirten A (Adres) kay\u0131tlar\u0131n\u0131n s\u0131kl\u0131kla g\u00fcncellendi\u011fi anlam\u0131na gelir.<\/p>\n

      \u00c7ift Ak\u0131<\/h3>\n

      Double Flux, hem alanla ili\u015fkili IP adreslerini hem de alan\u0131n yetkili ad sunucusunu s\u00fcrekli de\u011fi\u015ftirerek ka\u00e7\u0131rma tekni\u011fini bir ad\u0131m daha ileri g\u00f6t\u00fcr\u00fcr. Bu, ek bir karma\u015f\u0131kl\u0131k katman\u0131 ekleyerek k\u00f6t\u00fc ama\u00e7l\u0131 altyap\u0131n\u0131n izlenmesini ve bozulmas\u0131n\u0131n daha da zor olmas\u0131n\u0131 sa\u011flar.<\/p>\n

      Domain fluxing'in kullan\u0131m yollar\u0131, kullan\u0131ma ili\u015fkin sorunlar ve \u00e7\u00f6z\u00fcmleri.<\/h2>\n

      Etki Alan\u0131 Fluxing'in Kullan\u0131m\u0131:<\/strong><\/p>\n

        \n
      1. \n

        K\u00f6t\u00fc Ama\u00e7l\u0131 Yaz\u0131l\u0131m Da\u011f\u0131t\u0131m\u0131:<\/strong> Siber su\u00e7lular, Truva atlar\u0131, fidye yaz\u0131l\u0131mlar\u0131 ve casus yaz\u0131l\u0131mlar gibi k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m da\u011f\u0131tan web sitelerini bar\u0131nd\u0131rmak i\u00e7in etki alan\u0131 de\u011fi\u015ftirmeyi kullan\u0131r.<\/p>\n<\/li>\n

      2. \n

        Kimlik Av\u0131 Sald\u0131r\u0131lar\u0131:<\/strong> Oturum a\u00e7ma kimlik bilgileri ve kredi kart\u0131 ayr\u0131nt\u0131lar\u0131 gibi hassas bilgileri \u00e7almak \u00fczere tasarlanan kimlik av\u0131 web siteleri, kara listeye al\u0131nmamak i\u00e7in genellikle alan ad\u0131 de\u011fi\u015ftirmeyi kullan\u0131r.<\/p>\n<\/li>\n

      3. \n

        Botnet Kontrol ve Kontrol Altyap\u0131s\u0131:<\/strong> Etki alan\u0131 ak\u0131\u015f\u0131, botnet'lerin komuta ve kontrol altyap\u0131s\u0131n\u0131 bar\u0131nd\u0131rmak i\u00e7in kullan\u0131l\u0131r ve g\u00fcvenli\u011fi ihlal edilen makinelerle ileti\u015fim ve bunlar\u0131n kontrol\u00fcn\u00fc sa\u011flar.<\/p>\n<\/li>\n<\/ol>\n

        Sorunlar ve \u00c7\u00f6z\u00fcmler:<\/strong><\/p>\n

          \n
        1. \n

          Yanl\u0131\u015f Pozitifler:<\/strong> G\u00fcvenlik \u00e7\u00f6z\u00fcmleri, de\u011fi\u015fken IP adresleriyle olan ili\u015fkileri nedeniyle me\u015fru web sitelerini yanl\u0131\u015fl\u0131kla engelleyebilir. Yanl\u0131\u015f pozitifleri \u00f6nlemek i\u00e7in \u00e7\u00f6z\u00fcmlerde daha geli\u015fmi\u015f tespit teknikleri kullan\u0131lmal\u0131d\u0131r.<\/p>\n<\/li>\n

        2. \n

          H\u0131zla De\u011fi\u015fen Altyap\u0131:<\/strong> Geleneksel yay\u0131ndan kald\u0131rma prosed\u00fcrleri etki alan\u0131 ak\u0131\u015f\u0131na kar\u015f\u0131 etkisizdir. Bu t\u00fcr tehditlere etkin bir \u015fekilde kar\u015f\u0131 koymak i\u00e7in g\u00fcvenlik kurulu\u015flar\u0131 aras\u0131ndaki i\u015f birli\u011fi ve h\u0131zl\u0131 m\u00fcdahale mekanizmalar\u0131 hayati \u00f6nem ta\u015f\u0131yor.<\/p>\n<\/li>\n

        3. \n

          DNS Batmas\u0131:<\/strong> K\u00f6t\u00fc ama\u00e7l\u0131 etki alanlar\u0131n\u0131 yok etmek, etki alan\u0131 ak\u0131\u015f\u0131n\u0131 bozabilir. G\u00fcvenlik sa\u011flay\u0131c\u0131lar\u0131, trafi\u011fi k\u00f6t\u00fc ama\u00e7l\u0131 alanlardan \u00e7ukurlara y\u00f6nlendirerek bunlar\u0131n ger\u00e7ek k\u00f6t\u00fc ama\u00e7l\u0131 altyap\u0131ya ula\u015fmas\u0131n\u0131 engelleyebilir.<\/p>\n<\/li>\n<\/ol>\n

          Ana \u00f6zellikler ve benzer terimlerle di\u011fer kar\u015f\u0131la\u015ft\u0131rmalar tablo ve liste \u015feklinde.<\/h2>\n

          Etki Alan\u0131 Fluxing'i ve di\u011fer ilgili teknikler aras\u0131nda bir kar\u015f\u0131la\u015ft\u0131rma:<\/p>\n\n\n\n\n\n\n\n\n\n
          Teknik<\/strong><\/th>\nTan\u0131m<\/strong><\/th>\n<\/tr>\n<\/thead>\n
          Etki Alan\u0131 Ak\u0131s\u0131<\/td>\nTespitten ka\u00e7\u0131nmak ve s\u00fcrekli kullan\u0131labilirli\u011fi s\u00fcrd\u00fcrmek i\u00e7in bir alan ad\u0131yla ili\u015fkili IP adreslerini h\u0131zla de\u011fi\u015ftirme.<\/td>\n<\/tr>\n
          Etki Alan\u0131 Olu\u015fturma Algoritmalar\u0131 (DGA)<\/td>\nC&C sunucular\u0131yla ileti\u015fim i\u00e7in \u00e7ok say\u0131da potansiyel alan ad\u0131 olu\u015fturmak amac\u0131yla k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m taraf\u0131ndan kullan\u0131lan algoritmalar.<\/td>\n<\/tr>\n
          H\u0131zl\u0131 Ak\u0131<\/td>\nEtki Alan\u0131 Fluxing'i i\u00e7eren ancak ayn\u0131 zamanda DNS ve Service Fluxing gibi di\u011fer teknikleri de kapsayan daha genel bir terim.<\/td>\n<\/tr>\n
          DNS De\u011fi\u015fimi<\/td>\nYetkili ad sunucusunu de\u011fi\u015ftirmeden yaln\u0131zca DNS kay\u0131tlar\u0131n\u0131 de\u011fi\u015ftiren bir Etki Alan\u0131 Fluxing \u00e7e\u015fidi.<\/td>\n<\/tr>\n
          Servis Ak\u0131lama<\/td>\nFast Flux'a benzer, ancak bir etki alan\u0131 veya IP adresiyle ili\u015fkili hizmet ba\u011flant\u0131 noktas\u0131 numaralar\u0131n\u0131n h\u0131zla de\u011fi\u015ftirilmesini i\u00e7erir.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

          Etki Alan\u0131 ak\u0131\u015f\u0131yla ilgili gelece\u011fin perspektifleri ve teknolojileri.<\/h2>\n

          Etki alan\u0131 ak\u0131\u015f\u0131n\u0131n gelece\u011finin siber g\u00fcvenlik ve a\u011f izleme teknolojilerindeki geli\u015fmelerle \u015fekillenmesi bekleniyor. Baz\u0131 potansiyel geli\u015fmeler \u015funlar\u0131 i\u00e7erir:<\/p>\n

            \n
          1. \n

            Makine \u00d6\u011frenimi ve Yapay Zeka Tabanl\u0131 Tespit:<\/strong> G\u00fcvenlik \u00e7\u00f6z\u00fcmleri, etki alan\u0131 de\u011fi\u015fim kal\u0131plar\u0131n\u0131 tan\u0131mlamak ve k\u00f6t\u00fc ama\u00e7l\u0131 etki alan\u0131 etkinliklerini daha do\u011fru bir \u015fekilde tahmin etmek i\u00e7in makine \u00f6\u011frenimi algoritmalar\u0131n\u0131 giderek daha fazla kullanacak.<\/p>\n<\/li>\n

          2. \n

            Blockchain tabanl\u0131 DNS:<\/strong> Blockchain teknolojisi \u00fczerine kurulu merkezi olmayan DNS sistemleri, kurcalamaya ve manip\u00fclasyona kar\u015f\u0131 daha fazla diren\u00e7 sa\u011flayarak etki alan\u0131 ak\u0131\u015f\u0131n\u0131n etkinli\u011fini azaltabilir.<\/p>\n<\/li>\n

          3. \n

            \u0130\u015fbirli\u011fine Dayal\u0131 Tehdit \u0130stihbarat\u0131:<\/strong> Tehdit istihbarat\u0131n\u0131n g\u00fcvenlik kurulu\u015flar\u0131 ve \u0130SS'ler aras\u0131nda iyile\u015ftirilmi\u015f payla\u015f\u0131m\u0131, etki alan\u0131 ak\u0131\u015f\u0131 tehditlerini azaltmak i\u00e7in daha h\u0131zl\u0131 yan\u0131t s\u00fcrelerini kolayla\u015ft\u0131rabilir.<\/p>\n<\/li>\n

          4. \n

            DNSSEC'nin Kabul\u00fc:<\/strong> DNSSEC'nin (Etki Alan\u0131 Ad\u0131 Sistemi G\u00fcvenlik Uzant\u0131lar\u0131) daha geni\u015f \u00e7apta benimsenmesi, DNS g\u00fcvenli\u011fini art\u0131rabilir ve etki alan\u0131 de\u011fi\u015ftirme sald\u0131r\u0131lar\u0131 taraf\u0131ndan yararlan\u0131labilecek DNS \u00f6nbellek zehirlenmesinin \u00f6nlenmesine yard\u0131mc\u0131 olabilir.<\/p>\n<\/li>\n<\/ol>\n

            Proxy sunucular\u0131 nas\u0131l kullan\u0131labilir veya Etki Alan\u0131 ak\u0131\u015f\u0131yla nas\u0131l ili\u015fkilendirilebilir?<\/h2>\n

            Proxy sunucular\u0131, etki alan\u0131 ak\u0131\u015f\u0131 i\u00e7in hem etkinle\u015ftirici hem de kar\u015f\u0131 \u00f6nlem olabilir:<\/p>\n

            1. K\u00f6t\u00fc Ama\u00e7l\u0131 Altyap\u0131n\u0131n Gizlili\u011fi:<\/strong><\/p>\n