{"id":62968,"date":"2019-12-25T09:00:35","date_gmt":"2019-12-25T01:00:35","guid":{"rendered":"https:\/\/blog.trendmicro.com.tw\/?p=62968"},"modified":"2019-12-23T17:39:07","modified_gmt":"2019-12-23T09:39:07","slug":"ddos%e6%94%bb%e6%93%8a%e5%92%8ciot%e6%bc%8f%e6%b4%9e%e6%94%bb%e6%93%8a%ef%bc%9amomentum%e6%ae%ad%e5%b1%8d%e7%b6%b2%e8%b7%af%e7%9a%84%e6%96%b0%e5%8b%95%e6%85%8b","status":"publish","type":"post","link":"https:\/\/blog.trendmicro.com.tw\/?p=62968","title":{"rendered":"DDoS\u653b\u64ca\u548cIoT\u6f0f\u6d1e\u653b\u64ca\uff1aMomentum\u6bad\u5c4d\u7db2\u8def\u7684\u65b0\u52d5\u614b"},"content":{"rendered":"\n

\u8da8\u52e2\u79d1\u6280<\/a>\u6700\u8fd1\u767c\u73fe\u4e86\u6703\u986f\u8457\u5f71\u97ffLinux\u88dd\u7f6e\u7684\u60e1\u610f\u8edf\u9ad4\u6d3b\u52d5\uff0cLinux\u5e73\u53f0\u4eca\u5e74\u5df2\u7d93\u8207\u8a31\u591a\u554f\u984c<\/a>\u5728\u596e\u6230\u4e2d\u3002\u9032\u4e00\u6b65\u5206\u6790\u53d6\u5f97\u7684\u60e1\u610f\u8edf\u9ad4\u6a23\u672c\u986f\u793a\u9019\u4e9b\u6d3b\u52d5\u8207\u540d\u70baMomentum\u7684\u6bad\u5c4d\u7db2\u8def\uff08\u5f9e\u901a\u8a0a\u983b\u9053\u5167\u6240\u767c\u73fe\u5716\u7247\u547d\u540d\uff09\u6709\u95dc\u3002\u6211\u5011\u767c\u73fe\u4e86\u6bad\u5c4d\u7db2\u8def\u7528\u4f86\u5165\u4fb5\u88dd\u7f6e\u4e26\u57f7\u884c\u5206\u6563\u5f0f\u963b\u65b7\u670d\u52d9\uff08DDoS\uff09\u653b\u64ca\u7684\u5de5\u5177\u53ca\u6280\u8853\u7d30\u7bc0\u3002<\/p>\n\n\n\n

\"\"\/<\/figure><\/div>\n\n\n\n

Momentum\u6703\u91dd\u5c0d\u63a1\u7528\u5404\u7a2eCPU\u67b6\u69cb\u7684Linux\u5e73\u53f0\uff0c\u5305\u62ecARM\u3001MIPS\u3001Intel\u3001Motorola 68020\u7b49\u3002\u5b83\u7684\u4e3b\u8981\u76ee\u7684\u662f\u8981\u958b\u555f\u5f8c\u9580\u4f86\u63a5\u53d7\u547d\u4ee4\u5c0d\u7d66\u5b9a\u76ee\u6a19\u9032\u884c\u5404\u7a2e\u963b\u65b7\u670d\u52d9\uff08DoS\uff09\u653b\u64ca\u3002Momentum\u6bad\u5c4d\u7db2\u8def\u6703\u6563\u64ad\u7684\u5f8c\u9580\u7a0b\u5f0f\u5305\u62ec\u4e86Mirai\u3001Kaiten\u548cBashlite\u7b49\u75c5\u6bd2\u8b8a\u7a2e\u3002\u6211\u5011\u6240\u5206\u6790\u7684\u6a23\u672c\u6b63\u5728\u6d3e\u9001Mirai\u5f8c\u9580\u7a0b\u5f0f\u3002\u6b64\u5916\uff0cMomentum\u662f\u900f\u904e\u653b\u64ca\u591a\u7a2e\u8def\u7531\u5668\u548c\u7db2\u9801\u670d\u52d9\u6f0f\u6d1e\u4f86\u9032\u884c\u6563\u64ad\uff0c\u9032\u800c\u5728\u76ee\u6a19\u88dd\u7f6e\u4e0b\u8f09\u4e26\u57f7\u884cShell\u8173\u672c\u3002<\/p>\n\n\n\n

Momentum<\/strong>\u5982\u4f55\u904b\u4f5c\uff1f<\/strong><\/p>\n\n\n\n

Momentum\u5728\u611f\u67d3\u88dd\u7f6e\u5f8c\u6703\u7d93\u7531\u4fee\u6539 rc\u6a94\u6848\u4f86\u5be6\u73fe\u6301\u7e8c\u6027\u3002\u63a5\u8457\u6703\u52a0\u5165\u547d\u4ee4\u548c\u63a7\u5236\uff08C&C\uff09\u4f3a\u670d\u5668\uff0c\u9023\u5230\u540d\u70ba#HellRoom\u7684IRC\u983b\u9053\u4f86\u8a3b\u518a\u81ea\u5df1\u4e26\u63a5\u6536\u547d\u4ee4\u3002IRC\u5354\u5b9a\u662f\u5b83\u8207\u547d\u4ee4\u548c\u63a7\u5236\uff08C&C\uff09\u4f3a\u670d\u5668\u901a\u8a0a\u7684\u4e3b\u8981\u65b9\u6cd5\u3002\u63a5\u8457\u6bad\u5c4d\u7db2\u8def\u64cd\u4f5c\u8005\u5c31\u53ef\u4ee5\u767c\u9001\u8a0a\u606f\u5230IRC\u983b\u9053\u4f86\u63a7\u5236\u53d7\u611f\u67d3\u7cfb\u7d71\u3002<\/p>\n\n\n\n\n\n\n\n

\"\"\/<\/figure>\n\n\n\n

\u57161. \u53d7\u611f\u67d3\u88dd\u7f6e\u52a0\u5165\u653b\u64ca\u8005\u7684IRC\u547d\u4ee4\u548c\u63a7\u5236\u983b\u9053<\/p>\n\n\n\n

\"\"\/<\/figure>\n\n\n\n

\u57162. \u547d\u4ee4\u548c\u63a7\u5236\u901a\u8a0a\u8def\u5f91\uff08\u4e0b\u8f09\u5668\/\u6d3e\u9001\u4f3a\u670d\u5668\u3001IRC\u4f3a\u670d\u5668\uff09<\/p>\n\n\n\n

\u6d3e\u9001\u4f3a\u670d\u5668\uff08\u5982\u4e0a\u6240\u793a\uff09\u653e\u6709\u60e1\u610f\u8edf\u9ad4\u57f7\u884c\u6a94\u3002\u53e6\u4e00\u53f0\u4f3a\u670d\u5668\u662f\u6bad\u5c4d\u7db2\u8def\u7684C&C\u4f3a\u670d\u5668\u3002C&C\u4f3a\u670d\u5668\u662f\u57282019\u5e7411\u670818\u65e5\u958b\u59cb\u555f\u7528\u3002<\/p>\n\n\n\n

\u4e00\u65e6\u5efa\u7acb\u4e86\u901a\u8a0a\u9023\u7dda\uff0cMomentum\u4fbf\u53ef\u4ee5\u900f\u904e\u5404\u7a2e\u547d\u4ee4\u4f86\u5229\u7528\u53d7\u611f\u67d3\u88dd\u7f6e\u9032\u884c\u653b\u64ca\u3002\u5177\u9ad4\u5730\u8aaa\uff0cMomentum\u80fd\u5920\u90e8\u7f7236\u7a2e\u4e0d\u540c\u7684DoS\u653b\u64ca\uff0c\u5982\u4e0b\u6240\u793a\u3002<\/p>\n\n\n\n