2023幎8æ25æ¥ä»¥éãåœç€Ÿã§ã¯ãå€ãã®ã客æ§ã襲ã£ãç°åžžã«å€§èŠæš¡ãªHTTPæ»æãç®æãå§ããŸããããããã®æ»æã¯åœç€Ÿã®èªåDDoSã·ã¹ãã ã«ãã£ãŠæ€ç¥ããã軜æžãããŸããããããããããã®æ»æãèšé²çãªèŠæš¡ã«éãããŸã§ãããã»ã©æéã¯ããããŸããã§ããããã®èŠæš¡ã¯ã éå»ã«èšé²ãããæ倧ã®æ»æã®çŽ3åã«ãéããã®ã§ãã
æ»æãåããŠããããè¿œå ã®é²åŸ¡ãå¿ èŠã§ããïŒ æ¯æŽãåããã«ã¯ããã¡ããã¯ãªãã¯ããŠãã ããã
æžå¿µãšãªãã®ã¯ãæ»æè ãããã2äžå°ã®ããããããã§ãã®æ»æãå®è¡ã§ãããšããäºå®ã§ããä»æ¥ãæ°äžå°ããæ°çŸäžå°ã®ãã·ã³ã§æ§æããããããããããååšããŠããŸããWebäžã§ã¯å šäœãšããŠéåžž1ç§éã«10åãã30åã®ãªã¯ãšã¹ããããªãããšãèãããšããã®æ¹æ³ã䜿ãã°ãWebã®ãªã¯ãšã¹ãå šäœãå°æ°ã®ã¿ãŒã²ããã«éäžãããããšãã§ããŸãã
æ€åºãšè»œæž
ããã¯åäŸã®ãªãèŠæš¡ã®æ¬æ°ãªæ»æãã¯ãã«ã§ããããCloudflareã®æ¢åã®ä¿è·ã·ã¹ãã ã¯æ»æã®çå ãã»ãŒåžåããããšãã§ããŸãããåœåã¯ã客æ§ã®ãã©ãã£ãã¯ã«è¥å¹²ã®åœ±é¿ãèŠããããã®ã®ïŒæ»æã®åææ³¢ã§ã¯ãªã¯ãšã¹ãã®ããã1ïŒ ã«åœ±é¿ïŒãçŸåšã§ã¯ç·©åæ¹æ³ãæ¹è¯ããåœç€Ÿã®ã·ã¹ãã ã«åœ±é¿ãäžããããšãªããCloudflareã®ãã¹ãŠã®ã客æ§ã«å¯Ÿããæ»æãé»æ¢ããããšãã§ããããã«ãªããŸããã
åœç€Ÿã¯ãæ¥çã®æ倧æã§ããGoogleãšAWSã®2瀟ãšåæã«ããã®æ»æã«æ°ã¥ããŸãããåœç€Ÿã¯Cloudflareã®ã·ã¹ãã ã匷åããä»æ¥ã§ã¯ãã¹ãŠã®ã客æ§ããã®æ°ããDDoSæ»æææ³ããä¿è·ãããã客æ§ãžã®åœ±é¿ããªãããšã確èªããŸãããåœç€Ÿã¯ãŸããã°ãŒã°ã«ãAWSãšãšãã«ã圱é¿ãåãããã³ããŒãéèŠã€ã³ãã©ã¹ãã©ã¯ãã£ãããã€ããŒãžã®æ»æã«é¢ããå調çãªæ å ±é瀺ã«åå ããŸããã
ãã®æ»æã¯ãHTTP/2ãããã³ã«ã®ããã€ãã®æ©èœãšãµãŒããŒå®è£ ã®è©³çŽ°ãæªçšããããšã§è¡ãããŸããïŒè©³çŽ°ã¯ã CVE-2023-44487ãã芧ãã ããïŒããã®æ»æã¯HTTP/2ãããã³ã«ã«ãããæ ¹æ¬çãªåŒ±ç¹ãæªçšããŠãããããHTTP/2ãå®è£ ããŠãããã¹ãŠã®ãã³ããŒããã®æ»æã®å¯Ÿè±¡ã«ãªããšèããããŸããããã«ã¯ããã¹ãŠã®ææ°ã®WebãµãŒããŒãå«ãŸããŸããåœç€Ÿã¯ãGoogleãšAWSãšãšãã«ãWebãµãŒããŒãã³ããŒãããããå®è£ ã§ãããããæ»ææ¹æ³ãé瀺ããŸãããäžæ¹ã§ãWebã«é¢ããWebãAPIãµãŒããŒã®å段éã«èšçœ®ãããCloudflareã®ãããªDDoS軜æžãµãŒãã¹ãå©çšããã®ãæåã®é²åŸ¡çãšããŸãã
ãã®æçš¿ã§ã¯ãHTTP/2ãããã³ã«ã®è©³çŽ°ãæ»æè ããããã®å€§èŠæš¡ãªæ»æãçºçãããããã«æªçšããæ©èœãããã³ãã¹ãŠã®ã客æ§ãä¿è·ãããŠããããšãä¿èšŒããããã«åœç€Ÿãè¬ããç·©åçã«ã€ããŠè©³çŽ°ãæãäžããŠçŽ¹ä»ããŸãããããã®è©³çŽ°ãå ¬è¡šããããšã§ã圱é¿ãåããä»ã®WebãµãŒããŒããµãŒãã¹ãç·©åçãå®æœããããã«å¿ èŠãªæ å ±ãåŸãããããšãæåŸ ããŠããŸãããããŠããã«ãHTTP/2ãããã³ã«èŠæ ŒããŒã ããå°æ¥ã®WebèŠæ Œã«åãçµãããŒã ã«ã¯ãããããæ»æãé²ãããHTTP/2ãããã³ã«ã®èšèšæ¹åã«åœ¹ç«ãŠãŠããã ããã°ãšæã£ãŠããŸãã
RSTæ»æã®è©³çŽ°
HTTPã¯ãWebã皌åããã«ããã£ãŠçšããããã¢ããªã±ãŒã·ã§ã³ãããã³ã«ã§ãã HTTPã»ãã³ãã£ã¯ã¹ãšã¯ããªã¯ãšã¹ããšã¬ã¹ãã³ã¹ã¡ãã»ãŒãžãã¡ãœãããã¹ããŒã¿ã¹ã³ãŒããããããŒãã£ãŒã«ããšãã¬ãŒã©ãã£ãŒã«ããã¡ãã»ãŒãžã³ã³ãã³ããªã©ãå šäœçãªã¢ãŒããã¯ãã£ãçšèªããããã³ã«ã®åŽé¢ã«é¢ããããããããŒãžã§ã³ã«å ±éããŠããŸããåã ã®HTTPããŒãžã§ã³ã§ã¯ãã»ãã³ãã£ã¯ã¹ãã€ã³ã¿ãŒãããäžã§ãããšãããããã®ãã¯ã€ã€ãŒãã©ãŒããããã«å€æããæ¹æ³ãå®çŸ©ããŠããŸããäŸãã°ãã¯ã©ã€ã¢ã³ãã¯ãªã¯ãšã¹ãã¡ãã»ãŒãžããã€ããªããŒã¿ã«ã·ãªã¢ã©ã€ãºããŠéä¿¡ãããµãŒããŒãããã解æããŠåŠçå¯èœãªã¡ãã»ãŒãžã«æ»ããŸãã
HTTP/1.1ã¯ãããã¹ã圢åŒã®ã·ãªã¢ã©ã€ãºã䜿çšããŸãããªã¯ãšã¹ãã¡ãã»ãŒãžãšã¬ã¹ãã³ã¹ã¡ãã»ãŒãžã¯ASCIIæåã®ã¹ããªãŒã ãšããŠãããšããããTCPã®ãããªä¿¡é Œæ§ã®é«ããã©ã³ã¹ããŒãã¬ã€ã€ãŒãä»ããŠã以äžã® ãã©ãŒãããã§éä¿¡ãããŸãïŒãCRLFãã¯ãã£ãªããžãªã¿ãŒã³ãšã©ã€ã³ãã£ãŒããæå³ããŸãïŒïŒ
HTTP-message =start-line CRLF *( field-line CRLF ) CRLF [ message-body ]
äŸãã°ãã¯ã€ã€äžã®éåžžã«ç°¡åãªGETãªã¯ãšã¹ãã¯ãhttps://blog.cloudflare.com/
ãšãªããŸãïŒ
GET / HTTP/1.1 CRLFHost: blog.cloudflare.comCRLFCRLF
ãããŠãå¿çã¯æ¬¡ã®ãããªãã®ã«ãªããŸãïŒ
HTTP/1.1 200 OK CRLFServer: cloudflareCRLFContent-Length: 100CRLFtext/html; charset=UTF-8CRLFCRLF
ãã®ãã©ãŒãããã¯ãã¯ã€ã€äžã§ã¡ãã»ãŒãžããã¬ãŒã åããŸããã€ãŸãã1ã€ã®TCPæ¥ç¶ã䜿ã£ãŠè€æ°ã®ãªã¯ãšã¹ããšã¬ã¹ãã³ã¹ãããåãããããšãå¯èœã«ãªããŸãããããããã®ãã©ãŒãããã§ã¯ãåã¡ãã»ãŒãžããŸãšããŠéä¿¡ãããå¿
èŠããããŸããããã«ããªã¯ãšã¹ããšå¿çãæ£ããé¢é£ä»ããããã«ãå³å¯ãªé åºãèŠæ±ãããŸããã€ãŸããã¡ãã»ãŒãžã¯é åºã ãŠãŠäº€æãããå€éåããããšã¯ã§ããŸãããhttps://blog.cloudflare.com/
ãhttps://blog.cloudflare.com/page/2/
ã®2ã€ã®GETãªã¯ãšã¹ãã¯ã次ã®ããã«ãªããŸãïŒ
GET / HTTP/1.1 CRLFHost: blog.cloudflare.comCRLFCRLFGET /page/2/ HTTP/1.1 CRLFHost: blog.cloudflare.comCRLFCRLF
ã¬ã¹ãã³ã¹ã¯ã次ã®ããã«ãªããŸãïŒ
HTTP/1.1 200 OK CRLFServer: cloudflareCRLFContent-Length: 100CRLFtext/html; charset=UTF-8CRLFCRLFCRLFHTTP/1.1 200 OK CRLFServer: cloudflareCRLFContent-Length: 100CRLFtext/html; charset=UTF-8CRLFCRLF
WebããŒãžã§ã¯ããããã®äŸãããè€éãªHTTPã€ã³ã¿ã©ã¯ã·ã§ã³ãå¿ èŠãšãªããŸããCloudflareããã°ã«ã¢ã¯ã»ã¹ãããšããã©ãŠã¶ã¯è€æ°ã®ã¹ã¯ãªãããã¹ã¿ã€ã«ãã¡ãã£ã¢ã¢ã»ãããèªã¿èŸŒã¿ãŸããHTTP/1.1ã䜿ã£ãŠãããããŒãžã蚪ããããã«2ããŒãžç®ã«ç§»åããå Žåããã©ãŠã¶ã¯2ã€ã®éžæè¢ããéžã¶ããšã«ãªããŸããããŒãž2ãå§ãŸãåã«ãããŒãžã«å¯Ÿãããã¥ãŒã«å ¥ãããããã®ã§ããå¿ èŠã®ãªããã®ãã¹ãŠã®å¿çãåŸ ã€ããTCPæ¥ç¶ãéããŠæ°ããæ¥ç¶ãéãããšã§ãå®è¡äžã®ãªã¯ãšã¹ãããã£ã³ã»ã«ããããšã®ãããããšãªããŸããã©ã¡ãããããŸãçŸå®çã§ã¯ãããŸããããã©ãŠã¶ã¯ãTCPæ¥ç¶ã®ããŒã«ïŒãã¹ããããæ倧6ã€ïŒã管çããããŒã«äžã§è€éãªãªã¯ãšã¹ããã£ã¹ãããããžãã¯ãå®è£ ããããšã«ãã£ãŠããããã®å¶éãåé¿ããåŸåããããŸãã
HTTP/2ã¯ãHTTP/1.1ã®å€ãã®åé¡ã«å¯ŸåŠããŠããŸããåHTTPã¡ãã»ãŒãžã¯ãåãé·ãããã©ã°ãã¹ããªãŒã èå¥åïŒIDïŒãšæªæã®ãããã€ããŒããæã€HTTP/2ãã¬ãŒã ã®ã»ããã«ã·ãªã¢ã©ã€ãºãããŸããã¹ããªãŒã IDã¯ãã¯ã€ã€äžã®ã©ã®ãã€ããã©ã®ã¡ãã»ãŒãžã«é©çšãããããæ確ã«ããå®å šãªå€éåãšåæå®è¡ãå¯èœã«ããŸããã¹ããªãŒã ã¯ãåæ¹åãšãªããŸããã¯ã©ã€ã¢ã³ãã¯ãã¬ãŒã ãéä¿¡ãããµãŒããŒã¯åãIDã䜿ã£ããã¬ãŒã ãè¿ä¿¡ããŸãã
HTTP/2ã§ã¯ãhttps://blog.cloudflare.com
ãžã®åœç€Ÿã®GETãªã¯ãšã¹ãã¯ã¹ããªãŒã ID 1ã§ããåããããã¯ã©ã€ã¢ã³ãã¯1ã€ã® HEADERSãã¬ãŒã ãéä¿¡ãããµãŒããŒã¯1ã€ã®HEADERSãã¬ãŒã ãšãããã«ç¶ã1ã€ä»¥äžã® DATAãã¬ãŒã ã§å¿çããŸããã¯ã©ã€ã¢ã³ãã®ãªã¯ãšã¹ãã¯åžžã«å¥æ°çªå·ã®ã¹ããªãŒã IDã䜿çšããã®ã§ãåŸç¶ã®ãªã¯ãšã¹ãã¯ã¹ããªãŒã ID 3ã5ãâŠã䜿çšããããšã«ãªããŸããã¬ã¹ãã³ã¹ã¯ã©ã®ãããªé çªã§ãæäŸããããšãã§ããç°ãªãã¹ããªãŒã ããã®ãã¬ãŒã ãã€ã³ã¿ãŒãªãŒãããããšãã§ããŸãã
ã¹ããªãŒã å€éåãšåæå®è¡ã¯ãHTTP/2ã®åŒ·åãªæ©èœã§ãããããã¯ãåäžã®TCPæ¥ç¶ãããå¹ççã«äœ¿çšããããšãå¯èœã«ããŸããHTTP/2ã¯ãç¹ã« åªå é äœä»ããšçµã¿åããããšããªãœãŒã¹ã®ååŸãæé©åããŸããåé¢ãã¯ã©ã€ã¢ã³ãã倧éã®äžŠåäœæ¥ãç°¡åã«éå§ã§ããããã«ããããšã¯ãHTTP/1.1ãšæ¯ããã¹ãµãŒããŒãªãœãŒã¹ã«å¯ŸããããŒã¯éèŠãå¢å ãããå¯èœæ§ããããŸããããã¯æããã«ããµãŒãã¹æåŠã®ãã¯ãã«ã§ãã
è€æ°ã®é²è·çãæäŸãããããHTTP/2ã¯æ倧ã¢ã¯ãã£ã åæã¹ããªãŒã ã®æŠå¿µã掻çšããŸãã SETTINGS_MAX_CONCURRENT_STREAMSãã©ã¡ãŒã¿ã«ããããµãŒããŒã¯åæåŠçæ°ã®äžéãã¢ããã¿ã€ãºã§ããŸããäŸãã°ããµãŒããŒãäžéã100ãšããå Žåãåžžæã¢ã¯ãã£ãã«ã§ããã®ã¯100ãªã¯ãšã¹ãã ãã«ãªããŸããã¯ã©ã€ã¢ã³ãããã®å¶éãè¶ ããŠã¹ããªãŒã ãéãããšããå Žåã RST_STREAMãã¬ãŒã ã䜿çšããŠãµãŒããŒã«æåŠãããå¿ èŠããããŸããã¹ããªãŒã æåŠã¯ãæ¥ç¶äžã®ä»ã®ã¹ããªãŒã ã«ã¯åœ±é¿ããŸããã
æ¬åœã®ãšããã¯ããå°ãè€éã«ãªããŸããã¹ããªãŒã ã«ã¯ã ã©ã€ããµã€ã¯ã«ããããŸããäžå³ã¯HTTP/2ã¹ããªãŒã ã®ã¹ããŒããã·ã³ã®å³ã§ããã¯ã©ã€ã¢ã³ããšãµãŒããŒã¯ã¹ããªãŒã ã®ç¶æ ããããã管çããŸããHEADERSãDATAãRST_STREAMãã¬ãŒã ãéåä¿¡ããããšé·ç§»ãçºçããŸããã¹ããªãŒã ã®ç¶æ ã®ãã¥ãŒã¯ç¬ç«ããŠããŸãããåæããŠããŸãã
HEADERSãšDATAãã¬ãŒã ã¯END_STREAMãã©ã°ãå«ã¿ããã®ãã©ã°ãå€1ïŒtrueïŒã«ã»ããããããšãã¹ããŒãé·ç§»ã®ããªã¬ãŒãšãªããŸãã
ã¡ãã»ãŒãžã³ã³ãã³ããæããªãGETãªã¯ãšã¹ãã®äŸã§èª¬æããŸããã¯ã©ã€ã¢ã³ãã¯ãŸãã¹ããªãŒã ãã¢ã€ãã«ç¶æ ãããªãŒãã³ç¶æ ã«ãç¶ããŠå³åº§ã«ããŒãã¯ããŒãºç¶æ ã«é·ç§»ãããŸããã¯ã©ã€ã¢ã³ãã®ããŒãã¯ããŒãºç¶æ ã¯ããã¯ãHEADERSãDATAãéä¿¡ã§ããªãããšãæå³ãã WINDOW_UPDATEã PRIORITYãRST_STREAMãã¬ãŒã ã®ã¿ãéä¿¡ã§ããŸãããã ããä»»æã®ãã¬ãŒã ãåä¿¡ããããšãã§ããŸãã
ãµãŒããŒãHEADERSãã¬ãŒã ãåä¿¡ããŠè§£æãããšãã¹ããªãŒã ã®ç¶æ ãã¢ã€ãã«ç¶æ ãããªãŒãã³ç¶æ ããããŠããŒãã¯ããŒãºç¶æ ã«é·ç§»ãããã¯ã©ã€ã¢ã³ããšäžèŽãããŸãããµãŒããŒãããŒãã¯ããŒãºç¶æ ã§ããã°ãã©ããªãã¬ãŒã ã§ãéä¿¡ã§ããŸãããWINDOW_UPDATEãPRIORITYããŸãã¯RST_STREAMãã¬ãŒã ããåä¿¡ã§ããªãããšãæå³ããŸãã
ãã®ããããµãŒããŒã¯END_STREAMãã©ã°ã0ã«èšå®ããHEADERSãéä¿¡ãã次ã«END_STREAMãã©ã°ã1ã«èšå®ããDATAãéä¿¡ããŸããDATAãã¬ãŒã ã¯ããµãŒããŒã§ããŒãã¯ããŒãºãããã¯ããŒãºããžã®ã¹ããªãŒã ã®é·ç§»ãããªã¬ãŒããŸããã¯ã©ã€ã¢ã³ãããã®ãã¬ãŒã ãåä¿¡ãããšãã¹ããªãŒã ãã¯ããŒãºãã«é·ç§»ããŸããã¹ããªãŒã ãã¯ããŒãºããããšããã¬ãŒã ã®éåä¿¡ã¯ã§ããªããªããŸãã
ãã®ã©ã€ããµã€ã¯ã«ãä»ã«ã¬ã³ã·ãŒã®æèã«åœãŠã¯ãçŽããHTTP/2ã¯æ¬¡ã®ããã« èšè¿°ããŸãïŒ
ããªãŒãã³ãç¶æ ã«ããã¹ããªãŒã ããŸãã¯ãããŒãã¯ããŒãºããç¶æ ã®ããããã«ããã¹ããªãŒã ã¯ããšã³ããã€ã³ããéãããšãèš±å¯ãããã¹ããªãŒã ã®æ倧æ°ã«ã«ãŠã³ããããŸããããã3ã€ã®ç¶æ ã®ããããã«ããã¹ããªãŒã ã¯ã SETTINGS_MAX_CONCURRENT_STREAMSèšå®ã§ã¢ããã¿ã€ãºãããå¶éã«ã«ãŠã³ããããŸãã
çè«çã«ã¯ãã³ã³ã«ã¬ã³ã·ãŒã®å¶éã¯ãæçšã§ãããããããã®å¹æã劚ããçŸå®çãªèŠå ããããŸãã詳现ã¯ããã®ããã°ã®åŸåã§éèšããŸãã
HTTP/2ãªã¯ãšã¹ãã®åãæ¶ã
å段ã§ãã¯ã©ã€ã¢ã³ãããã®å®è¡äžã®ãªã¯ãšã¹ãã®ãã£ã³ã»ã«ã«ã€ããŠèª¬æããŸãããHTTP/2ã¯ãHTTP/1.1ãããã¯ããã«å¹ççãªæ¹æ³ã§ããããµããŒãããŠããŸããæ¥ç¶å šäœãåæããã®ã§ã¯ãªããã¯ã©ã€ã¢ã³ãã¯1ã€ã®ã¹ããªãŒã ã«å¯ŸããŠRST_STREAMãã¬ãŒã ãéä¿¡ããããšãã§ããŸãããµãŒããŒã«ãªã¯ãšã¹ãã®åŠçãäžæ¢ããã¬ã¹ãã³ã¹ãäžæ¢ããããæ瀺ãããã®ã§ããããã«ãã£ãŠãFree ããµãŒããŒã®ãªãœãŒã¹ãç¯çŽãã垯åå¹ ã®æµªè²»ãé¿ããããšãã§ããŸãã
å ã»ã©ã®3ã€ã®ãªã¯ãšã¹ãã®äŸãèããŠã¿ãŸãããã®ãšãã¯ã©ã€ã¢ã³ãã¯ããã¹ãŠã®HEADERSãéä¿¡ãããåŸã«ãã¹ããªãŒã 1ã®ãªã¯ãšã¹ãããã£ã³ã»ã«ããŸãããµãŒããŒã¯ãå¿çãæäŸããæºåãã§ããåã«ãã®RST_STREAMãã¬ãŒã ã解æãã代ããã«ã¹ããªãŒã 3ãš5ã«ã®ã¿å¿çããŸãïŒ
ãªã¯ãšã¹ãã®ãã£ã³ã»ã«ã¯ã䟿å©ãªæ©èœã§ããããšãã°ãè€æ°ã®ç»åãå«ããŠã§ãããŒãžãã¹ã¯ããŒã«ãããšããWebãã©ãŠã¶ã¯ãã¥ãŒããŒãã®å€ã«ããç»åããã£ã³ã»ã«ããããšãã§ãããã¥ãŒããŒãã«å ¥ãç»åãããéãèªã¿èŸŒãããšãã§ããŸããHTTP/2ã¯ãHTTP/1.1ã«æ¯ã¹ãŠãã®åäœãããå¹ççã«ããŠããŸãã
ãã£ã³ã»ã«ããããªã¯ãšã¹ãã¹ããªãŒã ã¯ãã¹ããªãŒã ã®ã©ã€ããµã€ã¯ã«ãæ¥éã«é·ç§»ããŠãããŸããEND_STREAMãã©ã°ã1ã«èšå®ãããã¯ã©ã€ã¢ã³ãã®HEADERSã¯ãç¶æ ãã¢ã€ãã«ãããªãŒãã³ãããŒãã¯ããŒãºãžãšé·ç§»ãããRST_STREAMã¯çŽã¡ã«ããŒãã¯ããŒãºããã¯ããŒãºãžãšé·ç§»ãããŸãã
ã¹ããªãŒã ã®åæå®è¡æ°å¶éã«å¯äžããã®ã¯ããªãŒãã³ç¶æ ãŸãã¯ããŒãã¯ããŒãºç¶æ ã«ããã¹ããªãŒã ã ãã§ããããšãæãåºããŠãã ãããã¯ã©ã€ã¢ã³ããã¹ããªãŒã ããã£ã³ã»ã«ãããšããã®ã¯ã©ã€ã¢ã³ãã¯å³åº§ã«å¥ã®ã¹ããªãŒã ããªãŒãã³ã§ããããã«ãªããããã«å¥ã®ãªã¯ãšã¹ããéä¿¡ã§ããããã«ãªããŸããããã CVE-2023-44487ãæ©èœãããèŠè«Šãªã®ã§ãã
ãµãŒãã¹æåŠã«ã€ãªããRapid Reset
HTTP/2ãªã¯ãšã¹ãã®ãã£ã³ã»ã«ã¯ãå¶éã®ãªãæ°ã®ã¹ããªãŒã ãæ¥éã«ãªã»ããããããã«æªçšãããå¯èœæ§ããããŸããHTTP/2ãµãŒããŒãã¯ã©ã€ã¢ã³ãããéä¿¡ãããRST_STREAMãã¬ãŒã ãåŠçããååã«è¿ éã«ç¶æ ãåããããããšãã§ããå Žåãããããè¿ éãªãªã»ããã¯åé¡ãåŒãèµ·ãããŸãããåé¡ãçºçãå§ããã®ã¯ãçä»ããéã«äœããã®é 延ãã¿ã€ã ã©ã°ãããå Žåã§ããã¯ã©ã€ã¢ã³ãã¯éåžžã«å€ãã®ãªã¯ãšã¹ããåŠçãããããäœæ¥ã®ããã¯ãã°ãèç©ããããµãŒããŒã®ãªãœãŒã¹ãéå°ã«æ¶è²»ããããšã«ãªããŸãã
äžè¬çãªHTTPãããã€ã¡ã³ãã¢ãŒããã¯ãã£ã¯ãHTTP/2ãããã·ãããŒããã©ã³ãµãŒãä»ã®ã³ã³ããŒãã³ãã®åã§å®è¡ããããšã«ãªã£ãŠããŸããã¯ã©ã€ã¢ã³ãã®ãªã¯ãšã¹ããå°çãããšãããã¯ããã«ãã£ã¹ããããããå®éã®äœæ¥ã¯éåæã¢ã¯ãã£ããã£ãšããŠå¥ã®å Žæã§è¡ãããŸããããã«ããããããã·ã¯ã¯ã©ã€ã¢ã³ãã®ãã©ãã£ãã¯ãéåžžã«å¹ççã«åŠçããããšãã§ããŸãããããããã®ãããªæžå¿µã®å±€å¥ã¯ããããã·ãåŠçäžã®ãžã§ããçä»ããããšãé£ããããŸãããã®ããããããã®ãããã€ã§ã¯ãæ¥éãªãªã»ããã«ããåé¡ãçºçãããããªããŸãã
Cloudflareã® ãªããŒã¹ãããã·ã¯ãHTTP/2ã¯ã©ã€ã¢ã³ãã®ãã©ãã£ãã¯ãåŠçããéãæ¥ç¶ãœã±ããããããŒã¿ããããã¡ã«ã³ããŒãããããã¡ãªã³ã°ãããããŒã¿ãé çªã«åŠçããŠãããŸããåãªã¯ãšã¹ããèªã¿èŸŒãŸãããšïŒHEADERSãšDATAãã¬ãŒã ïŒãã¢ããã¹ããªãŒã ãµãŒãã¹ã«ãã£ã¹ããããããŸããRST_STREAMãã¬ãŒã ãèªã¿èŸŒãŸãããšããªã¯ãšã¹ãã®ããŒã«ã«ç¶æ ãç Žæ£ããããªã¯ãšã¹ãããã£ã³ã»ã«ãããããšãã¢ããã¹ããªãŒã ã«éç¥ãããŸãããããã¡å šäœãæ¶è²»ããããŸã§ããããç¹°ãè¿ãããŸããããããªããããã®ããžãã¯ã¯æªçšãããå¯èœæ§ããããŸããæªæã®ããã¯ã©ã€ã¢ã³ããèšå€§ãªãªã¯ãšã¹ãã®é£éãéä¿¡ãå§ããæ¥ç¶ã®éå§æã«ãªã»ããããããšãåœç€Ÿã®ãµãŒããŒã¯ããããã¹ãŠãç±å¿ã«èªã¿èŸŒã¿ãæ°ããçä¿¡ãªã¯ãšã¹ããåŠçã§ããªããªãã»ã©ã®ã¹ãã¬ã¹ãã¢ããã¹ããªãŒã ãµãŒããŒã«ããããã§ãããã
匷調ãã¹ãéèŠãªç¹ã¯ãã¹ããªãŒã ã®åæå®è¡æ§ã ãã§ã¯æ¥æ¿ãªãªã»ãããç·©åã§ããªããšããããšã§ãããµãŒããŒã SETTINGS_MAX_CONCURRENT_STREAMSã®å€ãéžãã ãšããŠããã¯ã©ã€ã¢ã³ãã¯é«ããªã¯ãšã¹ãã¬ãŒããçæããããã«ãªã¯ãšã¹ããç¹°ãè¿ãããšãã§ããŸãã
Rapid Resetã®å šè²
以äžãåèš1000ãªã¯ãšã¹ããè©Šã¿ãæŠå¿µå®èšŒã¯ã©ã€ã¢ã³ãã䜿çšããŠåçŸãããé«éãªã»ããã®äŸã瀺ããŸãã軜æžçã¯äžåèšãããåžè²©åã®ãµãŒããŒãçšãããã¹ãç°å¢ã§ã443çªããŒããçšããŠããŸãããã©ãã£ãã¯ã¯Wiresharkã䜿ã£ãŠå解ãããããããããããããã«HTTP/2ãã©ãã£ãã¯ã ãã衚瀺ããããã«ãã£ã«ã¿ãªã³ã°ãããŠããŸããé²ããã«ã¯ã pcapãããŠã³ããŒãããŠãã ããã
ã³ãæ°ãå€ãã®ã§ãã¡ãã£ãšèŠã¥ãããããããŸãããWiresharkã®Statistics> HTTP2ããŒã«ã§ç°¡åãªèŠçŽããŸãšããŠããŸãïŒ
ãã®ãã¬ãŒã¹ã®æåã®ãã¬ãŒã ã§ãããã±ãã14ã¯ãµãŒããŒã®SETTINGSãã¬ãŒã ã§ãããæ倧ã¹ããªãŒã åæå®è¡æ°100ãã¢ããã¿ã€ãºããŠããŸãããã±ãã15ã§ã¯ãã¯ã©ã€ã¢ã³ãã¯ããã€ãã®å¶åŸ¡ãã¬ãŒã ãéä¿¡ãããã®åŸãæ¥éã«ãªã»ãããããªã¯ãšã¹ããéå§ããŸããæåã®HEADERSãã¬ãŒã ã¯26ãã€ãé·ã§ããããã以éã®HEADERSã¯ãã¹ãŠ9ãã€ãã§ãããã®ãµã€ãºã®éãã¯ã HPACKãšåŒã°ããå§çž®æè¡ã«ãããã®ã§ãããã±ãã15ã¯åèšã§525ã®ãªã¯ãšã¹ããå«ã¿ãã¹ããªãŒã 1051ãŸã§å¢ããããŸãã
èå³æ·±ãããšã«ãã¹ããªãŒã 1051ã®RST_STREAMã¯ãã±ãã15ã«é©åããªãããããã±ãã16ã§ã¯ãµãŒããŒã404å¿çããŠããã®ãããããŸãããã®åŸãæ®ãã®475ãªã¯ãšã¹ãã®éä¿¡ã«ç§»ãåã«ããã±ãã17ã§ã¯ã©ã€ã¢ã³ããRST_STREAMãéä¿¡ããŠããŸãã
ãµãŒããŒã¯100ã®åæã¹ããªãŒã ãã¢ããã¿ã€ãºããŠããŸãããã¯ã©ã€ã¢ã³ããéä¿¡ãããã±ããã¯ããããããããããå€ãã®HEADERSãã¬ãŒã ãéä¿¡ããŠããŸããã¯ã©ã€ã¢ã³ãã¯ãµãŒããŒããã®æãè¿ãã®ãã©ãã£ãã¯ãåŸ ã€å¿ èŠããªããéä¿¡ã§ãããã±ããã®ãµã€ãºã«ãã£ãŠã®ã¿å¶éãããŠããŸãããã®ãã¬ãŒã¹ã«ã¯ãµãŒããŒã®RST_STREAMãã¬ãŒã ã¯èŠãããããµãŒããŒã¯åæã¹ããªãŒã éåã芳枬ããŠããªãããšã瀺ããŠããŸãã
顧客ãžã®åœ±é¿
äžè¿°ããããã«ããªã¯ãšã¹ãããã£ã³ã»ã«ããããšãã¢ããã¹ããªãŒã ãµãŒãã¹ã¯éç¥ãåããå€ãã®ãªãœãŒã¹ã浪費ããåã«ãªã¯ãšã¹ããäžæ¢ããããšãã§ããŸããä»åã®æ»æã§ã¯ãã»ãšãã©ã®æªæãããªã¯ãšã¹ããé ä¿¡å ãµãŒããŒã«è»¢éãããããšã¯ãããŸããã§ããããããããããã®æ»æã®èŠæš¡ã倧ãããããäœããã®åœ±é¿ãåŒãèµ·ããããŸãã
ãŸãããªã¯ãšã¹ãã®çä¿¡çããããŸã§ã«ãªãããŒã¯ã«éãããããã¯ã©ã€ã¢ã³ããç®ã«ãã502ãšã©ãŒã®ã¬ãã«ãäžæãããšããå ±åããããŸãããããã¯ãæã圱é¿ãåããããŒã¿ã»ã³ã¿ãŒã§çºçããŠããããã¹ãŠã®ãªã¯ãšã¹ããåŠçããã®ã«é£åããŸãããåœç€Ÿã®ãããã¯ãŒã¯ã¯å€§èŠæš¡ãªæ»æã«ã察å¿ã§ããããã«ãªã£ãŠãããã®ã®ãä»åã®è匱æ§ã¯åœç€Ÿã®ã€ã³ãã©ã¹ãã©ã¯ãã£ã®åŒ±ç¹ãé²åãããã®ã§ãããããŒã¿ã»ã³ã¿ãŒã®ã²ãšã€ã«å±ãããªã¯ãšã¹ããã©ã®ããã«åŠçãããããäžå¿ã«ã詳现ãããå°ãæãäžããŠã¿ãŸãããïŒ
Cloudflareã®ã€ã³ãã©ã¹ãã©ã¯ãã£ã¯ã圹å²ã®ç°ãªããããã·ãµãŒãã®ãã§ãŒã³ã§æ§æãããŠããããšãããããŸããç¹ã«ãã¯ã©ã€ã¢ã³ããHTTPSãã©ãã£ãã¯ãéä¿¡ããããã«Cloudflareã«æ¥ç¶ãããšããŸãTLS埩å·åãããã·ã«åœãããŸãããã®ãããã·ã¯TLSãã©ãã£ãã¯ã埩å·åããHTTP 1ã2ããŸãã¯3ãã©ãã£ãã¯ãåŠçããåŸããããžãã¹ããžãã¯ããããã·ã«è»¢éããŸãããã®ãããã·ã¯ãå顧客ã®ãã¹ãŠã®èšå®ãããŒããããªã¯ãšã¹ããä»ã®ã¢ããã¹ããªãŒã ãµãŒãã¹ã«æ£ããã«ãŒãã£ã³ã°ãã圹å²ãæ ã£ãŠãããããã«åœç€Ÿã®å Žåã§ã¯ã»ãã¥ãªãã£æ©èœãæ ã£ãŠããŸãããã®ãããã·ã§ãL7æ»æç·©åã®åŠçãè¡ãããŸãã
ãã®æ»æãã¯ãã«ã§ã®åé¡ç¹ã¯ããã¹ãŠã®æ¥ç¶ã§éåžžã«å€ãã®ãªã¯ãšã¹ããçŽ æ©ãéä¿¡ããããšã«ãªããŸããåœç€Ÿããããã¯ãããã£ã³ã¹ãåŸãåã«ããã®ã²ãšã€ã²ãšã€ãããžãã¹ããžãã¯ãããã·ã«è»¢éãããªããã°ãªããªããŸããã§ããããªã¯ãšã¹ãã®ã¹ã«ãŒãããããããã·ã®ãã£ãã·ãã£ãäžåãããã«ãªããšããã®2ã€ã®ãµãŒãã¹ãã€ãªããã€ãã¯ãããã€ãã®ãµãŒããŒã§é£œåã¬ãã«ã«éããŸããã
ãããèµ·ãããšãTLSãããã·ã¯ã¢ããã¹ããªãŒã ãããã·ã«æ¥ç¶ã§ããªããªããæãæ·±å»ãªæ»ææã«ã502 Bad Gatewayããšã©ãŒã衚瀺ãããã¯ã©ã€ã¢ã³ããããã®ã¯ããããçç±ã§ããéèŠãªã®ã¯ãçŸåšã§ã¯HTTPåæã®äœæã«äœ¿çšããããã°ã¯ãããžãã¹ããžãã¯ãããã·ãããåºåãããããšã«ãªããŸãããã®çµæããããã®ãšã©ãŒã¯Cloudflareã®ããã·ã¥ããŒãã«ã¯è¡šç€ºãããŸãããåœç€Ÿå éšã®ããã·ã¥ããŒãã«ãããšãïŒç·©åçãå®æœããåã®ïŒæåã®æ»ææ³¢ã§ã¯ããªã¯ãšã¹ãã®çŽ1ïŒ ã圱é¿ãåãã8æ29æ¥ã®æãæ·±å»ãªæ»æã§ã¯æ°ç§éã§çŽ12ïŒ ã®ããŒã¯ãèŠãããŸããã次ã®ã°ã©ãã¯ããã®çŸè±¡ãèµ·ããŠãã2æéã«ããããšã©ãŒã®å²åã瀺ãããã®ã§ãïŒ
åœç€Ÿã§ã¯ããã®èšäºã®åŸåã§è©³è¿°ãããšããããã®åŸã®æ°æ¥éã§ãã®æ°ãåçã«æžããããšã«åªããŸãããåœç€Ÿã«ããã¹ã¿ãã¯ã®å€æŽãšè»œæžçã«ãããããããæ»æã®èŠæš¡ãå€§å¹ ã«çž®å°ããããããã§ããã®æ°ã¯ä»æ¥ã§ã¯äºå®äžãŒãã«ãªã£ãŠããŸãïŒ
499ãšã©ãŒãšHTTP/2ã¹ããªãŒã åæå®è¡ã®èª²é¡
äžéšã®é¡§å®¢ããå ±åãããããäžã€ã®çç¶ã«ã499ãšã©ãŒã®å¢å ããããŸããããã®çç±ã¯å°ãéã£ãŠããããã®æçš¿ã§åè¿°ããHTTP/2æ¥ç¶ã®æ倧ã¹ããªãŒã ã®åæå®è¡æ°ã«é¢é£ããŠããŸãã
HTTP/2ã®èšå®ã¯ãSETTINGSãã¬ãŒã ã䜿çšããŠæ¥ç¶ã®éå§æã«äº€æãããŸããæ瀺çãªãã©ã¡ãŒã¿ãåãåããªãå Žåãããã©ã«ãå€ãé©çšãããŸããã¯ã©ã€ã¢ã³ããHTTP/2æ¥ç¶ã確ç«ãããšããµãŒããŒã®èšå®ãåŸ ã€ïŒé ãïŒããããã©ã«ãå€ãæ³å®ããŠãªã¯ãšã¹ããéå§ïŒéãïŒããããšã«ãªããŸããSETTINGS_MAX_CONCURRENT_STREAMSã§ã¯ãããã©ã«ãã§ã¯äºå®äžç¡å¶éãšãªããŸãïŒã¹ããªãŒã IDã¯31ãããã®æ°å€ç©ºéã䜿çšãããªã¯ãšã¹ãã¯å¥æ°ã䜿çšãããããå®éã®å¶éã¯1073741824ãšãªããŸãïŒãä»æ§ã§ã¯ããµãŒããŒãæäŸããã¹ããªãŒã æ°ã¯100ãäžåããªãããã«ããããšãæšå¥šããŠããŸããã¯ã©ã€ã¢ã³ãã¯äžè¬çã«ã¹ããŒããéèŠããããããµãŒããŒã®èšå®ãåŸ ã€åŸåããªããã¡ãã£ãšãã競åç¶æ ãçºçããŸããã€ãŸããã¯ã©ã€ã¢ã³ãã¯ããµãŒããŒãã©ã®ãªããããéžæããããšããè³ãã«åºãŠããã®ã§ããããééã£ããªããããéžæããã°ããªã¯ãšã¹ãã¯æåŠãããåè©Šè¡ããªããã°ãªããªããªããŸãã1073741824ã¹ããªãŒã ã«è³ããã®ã£ã³ãã«ã¯ãè³¢æã§ã¯ãããŸããããã®ä»£ãããå€ãã®ã¯ã©ã€ã¢ã³ãã¯ããµãŒããŒãä»æ§ã®æšå¥šã«åŸãããšãæåŸ ããåæã¹ããªãŒã çºè¡æ°ã100ã«å¶éããããšã«ããŠããŸãããµãŒããŒã100以äžã®ãã®ãéžãã å Žåããã®ã¯ã©ã€ã¢ã³ãã®ã®ã£ã³ãã«ã¯å€±æããã¹ããªãŒã ã¯ãªã»ãããããŸãã
ãµãŒããŒã«ããã¹ããªãŒã ã®ãªã»ããã«ã¯ãåæå®è¡æ°ã®äžéãè¶ ããå Žåãªã©ãããããã®çç±ããããŸããHTTP/2ã¯å³æ Œã§ãããæ§æ解æãããžãã¯ãšã©ãŒãçºçããå Žåã¯ã¹ããªãŒã ãéããå¿ èŠããããŸãã2019幎ãCloudflare㯠HTTP/2ã®DoSè匱æ§ã«å¯Ÿå¿ããŠè€æ°ã®ç·©åçãéçºããŸããããããã®è匱æ§ã®ããã€ãã¯ãã¯ã©ã€ã¢ã³ãã誀åäœãèµ·ããããµãŒããŒãã¹ããªãŒã ããªã»ããããããšã«ãã£ãŠåŒãèµ·ããããŠããŸããããã®ãããªã¯ã©ã€ã¢ã³ããåãç· ãŸãããã®éåžžã«å¹æçãªæŠç¥ã¯ãæ¥ç¶äžã®ãµãŒããŒãªã»ããã®åæ°ãã«ãŠã³ããããããããéŸå€ãè¶ ããã GOAWAYãã¬ãŒã ã§æ¥ç¶ãéããããšã«ãªããŸããæ£åœãªã¯ã©ã€ã¢ã³ãã¯ãæ¥ç¶äžã«1ã€ã2ã€ã®ãã¹ããããããããªããã®ã®ãããã¯èš±å®¹ç¯å²å ãšãªããŸããããŸãã«ãå€ãã®ãã¹ãããã¯ã©ã€ã¢ã³ãã¯ãããããå£ããŠãããæªæã®ããã¯ã©ã€ã¢ã³ãã§ãããæ¥ç¶ãéããããšã§äž¡æ¹ã®ã±ãŒã¹ã«å¯ŸåŠã§ããŸãã
CVE-2023-44487ã«ããDoSæ»æã«å¯Ÿå¿ããŠããéãCloudflareã¯ã¹ããªãŒã ã®æ倧åæå®è¡æ°ã64ã«æžãããŸããããã®å€æŽãè¡ãåãåœç€Ÿã¯ã¯ã©ã€ã¢ã³ããSETTINGSãåŸ ããã代ããã«100ã®åæå®è¡ãæ³å®ããŠããããšãç¥ããŸããã§ãããç»åã®ã£ã©ãªãŒã®ãããªäžéšã®WebããŒãžã§ã¯ãæ¥ç¶éå§æã«ãã©ãŠã¶ãããã«100ãªã¯ãšã¹ããéä¿¡ããããšããããŸããæ®å¿µãªãããå¶éãè¶ ãã36ã®ã¹ããªãŒã ã¯ãã¹ãŠãªã»ããããå¿ èŠãããããããã«ãŠã³ãç·©åã®ããªã¬ãŒãšãªããŸãããã€ãŸããæ£åœãªã¯ã©ã€ã¢ã³ãã®æ¥ç¶ãéããŠããŸããããŒãžã®ããŒããå®å šã«å€±æããŠããŸã£ãã®ã§ãããã®çžäºéçšæ§ã®åé¡ã«æ°ã¥ããŠããã«ãã¹ããªãŒã ã®æ倧åææ¥ç¶æ°ã100ã«å€æŽããŸããã
CloudflareåŽã§ã®å¯Ÿå¿
2019幎ãHTTP/2ã®å®è£ ã«é¢é£ããè€æ°ã® DoSè匱æ§ãçºèŠããŸãããCloudflareã¯ãããåããŠäžé£ã®æ€åºãšç·©åçãéçºãããããã€ããŸããã CVE-2023-44487ã¯ãHTTP/2ã®è匱æ§ã®ç°ãªãçç¶ã§ãããããããã®è匱æ§ãç·©åããããã«ãã¯ã©ã€ã¢ã³ãããéä¿¡ãããRST_STREAMãã¬ãŒã ãç£èŠããäžæ£ã«äœ¿çšãããŠããå Žåã¯æ¥ç¶ãéãããããæ¢åã®ä¿è·ãæ¡åŒµããããšãã§ããŸãããRST_STREAMã®æ£åœãªã¯ã©ã€ã¢ã³ãå©çšãžã®åœ±é¿ã¯ãããŸããã§ããã
çŽæ¥çãªä¿®æ£ã«å ãããµãŒããŒã®HTTP/2ãã¬ãŒã åŠçãšãªã¯ãšã¹ããã£ã¹ãããã³ãŒãã«ããã€ãã®æ¹åãå®è£ ããŸãããããã«ãããžãã¹ããžãã¯ãµãŒããŒã§ã¯ãã¥ãŒã€ã³ã°ãšã¹ã±ãžã¥ãŒãªã³ã°ãæ¹åããäžèŠãªäœæ¥ãæžãããã£ã³ã»ã«ã®å¿çæ§ãåäžããŸãããããããçµã¿åãããããšã§ãæ§ã ãªæªçšãã¿ãŒã³ã®å¯èœæ§ã®åœ±é¿ã軜æžãããµãŒããŒã«é£œåããåã«ãªã¯ãšã¹ããåŠçããããã®äœè£ãäžããããšãã§ããŸããã
æ»æã®æ©æ軜æž
Cloudflareã¯ãã§ã«ãããå®äŸ¡ãªæ¹æ³ã§éåžžã«å€§èŠæš¡ãªæ»æãå¹ççã«è»œæžããã·ã¹ãã ãå°å ¥ããŠããŸããããã®äžã€ãããIP Jailããšãããã®ã§ãããã€ããŒåž¯åå¹ æ¶è²»åæ»æã®å Žåããã®ã·ã¹ãã ã¯æ»æã«åå ããŠããã¯ã©ã€ã¢ã³ãIPãåéããæ»æãããããããã£ãžã®æ¥ç¶ãIPã¬ãã«ãŸãã¯åœç€Ÿã®TLSãããã·ã§é»æ¢ããŸãããã®è²Žéãªæ°ç§ã®éã«ãªãªãžã³ã¯ãã§ã«ä¿è·ãããŠãããã®ã®ãåœç€Ÿã®ã€ã³ãã©ã¹ãã©ã¯ãã£ã¯ãŸã ãã¹ãŠã®HTTPãªã¯ãšã¹ããåžåããå¿ èŠããããŸãããã®æ°ããããããããã«ã¯äºå®äžç«ã¡äžããæéããªããããåé¡ã«ãªãåã«æ»æãç¡ååããå¿ èŠããããŸãã
ãããå®çŸãããããåœç€Ÿã¯IP Jailã·ã¹ãã ãæ¡åŒµããŠã€ã³ãã©ã¹ãã©ã¯ãã£å šäœãä¿è·ããŸãããIPãããžã§ã€ã«ãïŒæçïŒããããšãæ»æãããããããã£ãžã®æ¥ç¶ããããã¯ãããã ãã§ãªãã察å¿ããIPãCloudflareäžã®ä»ã®ãã¡ã€ã³ã«å¯ŸããŠHTTP/2ã䜿çšããããšãããã°ããã®éçŠæ¢ãããŸãããã®ãããªãããã³ã«ã¯ãHTTP/1.xã§ã®æªçšã¯äžå¯èœã§ãããã®ãããæ»æè ã«ãã倧èŠæš¡ãªæ»æã®å®è¡ã¯å¶éããããã®ã®ãåãIPãå ±æããæ£åœãªã¯ã©ã€ã¢ã³ãã§ããã°ãã®éã®ããã©ãŒãã³ã¹ã®äœäžã¯ããããããªãã®ãšãªããŸããIPããŒã¹ã®æ»æ軜æžçã¯ãéåžžã«éæãªããŒã«ã§ãããã®ããããã®ãããªèŠæš¡ã§äœ¿çšããå Žåã现å¿ã®æ³šæãæãã誀æ€ç¥ãã§ããã ãé¿ããããã«ããªããã°ãªããŸãããããã«ãããããããå ã®ç¹å®ã®IPã®å¯¿åœã¯éåžžçããããé·æçãªç·©åçã¯è¯ãããšãããæªãããšã®æ¹ãå€ãå¯èœæ§ãé«ããªããŸãã以äžã®ã°ã©ãã¯ãæã ãç®æããæ»æã«ãããIPã®å ¥ãæ¿ããã瀺ãããã®ã§ãïŒ
ãã®ããã«ãããæ¥ã«çºèŠãããå€ãã®æ°èŠIPã¯ããã®åŸããã«æ¶ããŠããŸããŸãã
ãããã®åäœã¯ããã¹ãŠHTTPSãã€ãã©ã€ã³ã®æåã«ããTLSãããã·ã§è¡ããããããéåžžã®L7æ»æäœæžã·ã¹ãã ãšæ¯èŒããŠããªãã®ãªãœãŒã¹ãç¯çŽã§ããŸããããã«ããããããã®æ»æãã¯ããã«ã¹ã ãŒãºã«åãæããããšãã§ããããã«ãªããçŸåšã§ã¯ãããã®ããããããã«ãã£ãŠåŒãèµ·ããããã©ã³ãã ãª502ãšã©ãŒã®æ°ã¯ããŒãã«ãªããŸããã
å¯èŠ³æž¬æ§ã®åäž
åœç€Ÿãå€é©ããããšããŠããããã²ãšã€ã®å°å¹³ã«ã芳枬å¯èœæ§ããããŸãã顧客åæã§æããããããšãªããã¯ã©ã€ã¢ã³ãã«ãšã©ãŒãè¿ããŠããŸãã®ã¯ãäžæºã«ã€ãªãããŸãã幞ããªããšã«ãä»åã®æ»æã®ã¯ãã以åããããããã®ã·ã¹ãã ããªãŒããŒããŒã«ãããããžã§ã¯ããé²è¡äžã§ãããæçµçã«ã¯ãããžãã¹ããžãã¯ãããã·ããã°ã»ããŒã¿ãçµ±åããŠåºåãã代ããã«ãã€ã³ãã©å ã®åãµãŒãã¹ãç¬èªã«ããŒã¿ããã°ã§ããããã«ãªããŸããä»åã®äºä»¶ã¯ããã®åãçµã¿ã®éèŠæ§ãæµ®ã圫ãã«ããŸããã
ãŸããæ¥ç¶ã¬ãã«ã®ãã®ã³ã°ã®æ¹åã«ãåãçµãã§ããããã®ãããªãããã³ã«ã®ä¹±çšãããè¿ éã«çºèŠããDDoS軜æžèœåãåäžãããããšãã§ããŸãã
ãŸãšã
ä»åã®æ»æã¯èšé²çãªèŠæš¡ã§ãã£ããã®ã®ããããæåŸã§ã¯ãªãããšã¯æçœã§ããæ»æããŸããŸãå·§åŠåããäžãCloudflareã§ã¯æ°ããªè åšãèœåçã«ç¹å®ããåœç€Ÿã®ã°ããŒãã«ã»ãããã¯ãŒã¯ã«å¯Ÿçããããã€ããããšã§ãæ°çŸäžäººã®é¡§å®¢ãå³åº§ã«èªåçã«ä¿è·ããããããããŸã¬åªåãç¶ããŠããŸãã
Cloudflareã¯ã2017幎以æ¥ãã¹ãŠã®ã客æ§ã«ç¡æãåŸéå¶ãç¡å¶éã®DDoSæ»æ察çãæäŸããŠããŸãããããã«ãããããèŠæš¡ã®çµç¹ã®ããŒãºã«åãããŠãããŸããŸãªè¿œå ã®ã»ãã¥ãªãã£æ©èœãæäŸããŠããŸããä¿è·ãããŠãããã©ããããããªãå ŽåããŸãã¯ä¿è·æ¹æ³ããç¥ãã«ãªãããå Žåã åœç€Ÿã«ãåãåãããã ããã
Source: cloudflare.com