[Summary] One mentioned network security, everyone thinks by everyone should be "a message" "The Word Building is also black", "the five-corner building yesterday and is hacked into", in fact, I think this is only a safe one, it is It is a remote attack, but if you think that more than 90% of the intrusion act is not a hacker, but the colleagues around you, friends ... or you think about it, the system has been invaded, resulting in a loss of information, but If your computer is cleaned and cleaned and cleaned out, the data you are still not there? So I think computer security should be divided into physical security, local security and remote security. Physical security is not in the discussion of this paper because of the discussion of this paper, because of the discussion of this paper, because of the discussion of this paper, involved in the arrangement, waterproof and fire prevention and fire prevention. [Local Safety Uncontrolled] Single Safety Gu Long Times said: The more close friends may be the danger of enemies.
Have you heard of it - no? I told you, you have a computer, usually used to go online, play games, occasionally I also knocked on the official document, you think it is quite safe, but one day, your friends suddenly tell you, he has your Internet Account and password, do you believe? - Don't believe, this method is very much, if you use windows, if you dial your online password written saved, then - Silers Three minutes - You are not a certain security concept! Anyone just runs a small software on your computer ... I never saved what password - you might want to say, but - your friend is installed in your computer, you can capture dial-up networks The "connected" CAPTION, then write down the keyboard you pressed, quietly writing the file into an encrypted text, automatically exiting - the person who will programming should be done, your computer is not abolished ? Set the screen protection password - day, what else after restarting? Set the management strategy, edit it with the policy editor, if you don't lose your password, he can't get it, you can't do it! - Use my user.dat and system.dat to replace it, this idea, what do you think? Of course, I don't have to make your cup of bow snakes, there is no shape of the hang - so alive! If your computer does not have confidential information, it doesn't matter, if there is - guarantees that there is a small number of people touching it! It's Win9X, which is Win9X, is there less than this issue in the UNIX system? In terms of physical perspective, if the position of a machine is not safe, people have enough time to open the chassis to do some hands and feet, your machine can't safely, take my machine, I have two pieces. The hard disk, but you can't see the shadow of the second hard disk in Win9x and NT - I put it on Linux, and can only start it from a specific place, after startup, under Linux, I can arbitrarily Use the mount command to install all the data in other operating systems, sweep, empty ... I understand what I mean? LAN security is based on the same truth, the computer in the local area network is physically strictly controlled, and it is necessary to pay attention to some non-normal moves in the LAN in the LAN - Why? This is also asked, take the example around me, I have a friend, more than 30 computers in the company, but this guy always wants to get the highest authority of the host, so they listen to the SMB Cipher The installation of the Trojan is busy - the last thing, of course, it is my buddy :-) Also, for example, in UNIX, it is best to restrict root can only be logged in by the main control station. (Console), Be cautious with Su command, etc., otherwise you will give a group of "Tiger" in the same domain to get the highest authority to get the opportunity ... [3, remote security and hacking often use] 1. Top more common activities for personal users The "aggressive" behavior is nothing more about the following spam. This is an eternal but helpless topic. Spam includes letters and malicious people such as some to make money, advertisements. Letters of tonnes, this doesn't need any skill, and is also the most boring - this kind of letters I have received are much like a humm! It's ok to delete such a letter remote login, and it is not necessary to use the traffic of the sender to revenge - there are too many things on the Internet. It can be said that the wildfire is not enough ... and then set the rejection in the mailbox configuration. Some people, or large letters, this waste is not within our discussion.
Blue Screen Bomb This is some small software developed for Win95 OOB vulnerability, named * Nuke, etc. On patches, most Nuke software has been invalid, but recently heard that a software called VOOB is still valid for Win98 - I haven't tried it yet, do you want to take you? The software interface is as follows: (This type of software interface is very awesome, using simple and incomparable) to prevent the attack of such software, a soil method is to listen to the port, there are many software on the Internet, you only need to set up the monitable Port, once Some people try to send a packet to this port, then ^ &% ^ & *, after catching him, you can do it yourself ... Sharing file This question has quite a lot of security people have already mentioned Countless times, but ... I can find a large group of people when I scan a Class C address group, I still have no protection and self-satisfaction, I am sorry, I have seen some of these people's letter, pictures. More confidential ... Is there such a small hand with a disk in your computer? If you have any words, you should be careful, you have a sharing, that is, say,
The following method is quite effective to you ... 1) Local attacks are dangerous to share C $, D $, Admin $, and Print $, but for some reason, it is unwilling to mention where the danger is in detail. More and more people who have recently asked this problem are now decided to announce our discovery. After the NT installation, each disk is automatically assigned a shared, C $, D $, and E $, and so on. These sharing is hidden Sharing, in the online neighbors, there is also admin $, IPC $, after the printer is shared, it will generate this shared. Microsoft said that these shares are set for management, and it is best not to delete In fact, these C $ shared resources are accessible, but it takes a little permissions. And Print $ is generally accessible. By default, to access C $, you need to provide the permissions above Backup Operator, The backup permission of the file. Suppose you have a account in your NT domain is Benny, NT IP is 192.168.0.1, he is Backup Operator, and you get this account password, then you can access the NT server through the network Disc, regardless of whether the C disk is shared. The method is as follows: Enter: //192.168.0.1/C $ 00 in the running command: One window containing the C disk all files will be bombed. Or Net Use z: //192.168 .0.1 / c $ NT Server C: The disk is mapped to a local z: disk. By default, you will have full control permissions, you can use NT intrusion upgraded version of the method, put GetMin The file is transmitted to the C drive to get Administrator privileges. In addition, for //192.168.0.1/print - You don't need a BACKUP OPERATOR permission to fully control 2) This trick to the local attack is known, let's talk about it. Talking about remote attack This problem can be used remotely! Assume that there is a server is www.xxx.com average person input //www.xxx.com/c $ will appear a dialog box, you want you to enter your password (but don't You enter your password), this is a guise, Maybe Microsoft developers have a public password, otherwise, don't you need an ID prompt to enter your password? Above, we mentioned that in the LAN, as long as it is Backup Operator or above If you enter this command, you will not have a password input dialog box, and you will pop up the window that exposes all files and directories of the C disk. This site discovered that if you have the permissions above Backup Operator, use the domain spoof Method, you can access the C drive remotely, and in the default This is fully controlled! Find the steps: As mentioned above, to open //www.xxx.com/c ///www.xxx.com/c //www.xxx.com, you have to log in in this domain at www.xxx.com. But through TCP / IP Log in in NT? I produced a thought of this NT domain, that is, I set up a primary domain controller with the same name as the domain of www.xxx.com, assume www.xxx.com domain The name is called XXX, then I change my local domain controller to XXX, and also set a Benny account and password. Then dial the Internet, then enter //www.xxx.com/c! The directory is actually bomb, the permissions are complete control, deceived! There is a problem with the above method, how to learn the name of the other party? Use this command: nbtstat -ahttp://www.xxx.com/
Quack Note: nbtstat is a utility that can be tested from the NetBIOS name to the TCP / IP address. You can check the NetBIOS's current style. You can also add the table item from the LMHOSTS file to the NetBIOS name cache, or inspect The NetBIOS name and the NetBIOS scope assigned to your computer, which is different from NetStat that it only processes the NetBIOS connection, and NetStat processes all your systems to connect all of the other computers. Of course, the method mentioned in this Retina's literature can also get the name of the domain. The basis of this article is to obtain the authority of Backup Operator. The result is to get Administrator privileges, and local / recote is valid. However, // Www.xxx.com/print - This directory is not required, anyone can access. Because almost all NT machine C $ directory is open, even if someone deletes this sharing, the machine is restarted. It will be automatically opened, so this security issue is very serious. About the problem of domain spoof, it is undoubtedly the security of Microsoft. See here, this article also uses other Hack Tips such as NBTSTAT and GetMin, successful invading Taiwan NT Server is used to use a lot of knowledge. After reading it, I don't think that my heart is jumping - your file on your hard disk is all in someone else! This feeling is not very good, huh, so if it is not necessary, Win98 file and print sharing option will not open, the best to NTBIOS under NT, to open - find a security tool, such as Lockdown2000, the software is quite simple, you can monitor others with your computer with your computer ... Try you know. Some people may say - I am dial-up, dynamic IP, even if the sharing is? Do you have ICQ? Do ICQ does not have the role of "stealth people"? Some people don't accept it -, then you will open, tell me your ICQ number ... Trojan said that the first reaction of many people in Trojans is BO, yes, Bo is indeed the highest level of Trojan so far. The program is - right, to explain what is Trojan? It is remote control software! A client, a server side, both sides are installed after the client can access the remote server, saying it is Trojan, because it is often loaded in the case of the server side - That is to say, you are not careful, open "is open". Online Trojans are very popular, in fact, it is also very simple, roughly modifying the registry or INI file to load a file to provide services, which is easy to detect the wooden horse. First, see the increased unknown service. Second, because Trojans are generally to open a network communication port as a service, so checking the added service port is also easy to check the Trojan program. In fact, you can make a very good Trojan with a slightly changed operating system kernel, so you don't have to change the registry. (For example, put the Trojans into a driver, ^ & *% $, let's work hard to hand detection, it is not easy ...) Nowadays some Trojans will copy themselves to a folder. Get up, but it is going to start, so check the registry hkey_local_machine / software / microsoft / windows / currentvision / run, there is no doubtful object. If you are unfamiliar, downloading a software called Cleaner can also solve many Trojan problems, and the LockDown2000 mentioned has also cleared Trojans.
Malicious code This may happen when chatting room or browse the page, now mainly written by JavaScript, its effect, a simple example, such as a well-known chat room attack method: Let others open countless windows, of course you have to turn your Java. (But now the chat room can not be destroyed, you'd better first figure a certain ASP code of a representative chat room, after a understanding of it, give a non-three, play it on your own. Some HTML pages containing malicious code, you may be formatted by people when you browse a page, it is well exaggerated! There is a spill vulnerability in the network code section of Windows 95 and Windows 98. By using A long-term literary name, an attacker allows the user machine to crash or perform any code. This vulnerability can be used through web page or HTML mail, and attack when the user opens this page or opens the message. This inspection program Test only in Japanese Windows 98 / IE4 / IE5 environment. After compiling under VC, you can get IE5Filex.exe, type IE5FileX a directly under DOS, which will generate an HTML file, turn it on this file, prompting errors and shuts down , How, a little taste! If the virus attacks the virus, there is no need to say it. It has several characteristics, destruction, latent, self-replication ... It is recommended that everyone has a real-time monitoring software, and When downloading the software, it is best to first scan it again. Of course, some destroyers on the network will wrap the virus in the packet, as some fun things sent to others, for these unable to execute, Word & Excel documents, the most Before doing scanning (I have seen someone sent CIH sent to others in a small program that he wrote by himself, and adjust the date of the system to April 6th ......) Web spoof Taiwan has discovered an event that got a victim's bank account through Web (should also occur in nine, October), the operator copied a bank's page, and then change the bank's URL, so the viewer is in A series of data operations on the fake bank page - Of course, everything is recorded in the intruder's computer, then things don't say, everyone should know ... You can do it. ^ & ^ The key to attack all the URLs on the bank page all the URLs to the invader. Assume the attacker's server running on the machine www.hacker.cn, the URL of the invaded bank is www.bank.tw Then, the attacker wants to add its own URL before all the URLs on the page is as follows: http://www.hacker.cn/http: //www.bank.tw. Of course this behavior is on the invasion machine Dry, otherwise it is easy to discover your true identity, then ^ & ^ 2, the most often encountered for the network host network host is illegal to enter - you have to remember this is a violation of the law Hey! Assume a hacker to attack a website, then what hand will he use? The password enters ... The password attack password can be said to be a system of the door, most newcomers are beginning to be a hacker. In many systems in the past, there are so-called Joe accounts, both usernames and passwords - are relatively few, even if so, there is a very much weak password, such as simply adding a number after the user name, Then some crack passwords can be big.
Scanning remembers seemingly the Goodwell of the Green Corps says that the good scanner is difficult to buy, and it is true that the scanner is written to the program, after running it, it will search for a site, if the station There are some known vulnerabilities, and the last report of the scanner will tell you that a hacker can try to attack with these known vulnerabilities - there is a goal! Of course, some may have been on the patches, but some otherwise, whether to see your skills and luck. Another scanner is a scanner, which is also a good way to get host information. For example, it can easily get the operating system information and which services are provided. Many ports are typically open under UNIX, such as 13 (daytime) ..., etc., and NT only provides some general services such as port21, port80, and also listens on the 135, 139 port, and Win95 is only 139 Monitoring, so that the operating system is not very easy? Buffer overflow vulnerabilities Whether some calls provided by the system or the program written by the user, may sometimes lack an inspection of the length of the string to be copied. When the string exceeds the buffer length is sent to an excessive buffer, the proximity space is often covered. If more serious, the stack is destroyed and the procedure cannot be executed. Some applications in UNIX If we enter the character of the third five-page as the command line parameter, see the action of the program, sometimes this program will be wrong, and there will be a core file, which may contain some you want Toast. You can also use a class of well-written code to use this error existing in the SUID program to easily obtain the superuser authority of the system. Since the program surface involved in the buffer overflow vulnerability is quite wide, it is difficult to make effective elimination of this type of attack. Under normal circumstances, the hacker will find the system after obtaining the information of the target machine, and the various services running on it have a vulnerability, and then the search for a program code is uploaded to compile operation ... (article written It's really tired to find a specific example, otherwise there is a lot of code to be keyin, how do I get it?) Trojan is as long as the user does not know anything, it seems to complete some normal The function of the function can be called Trojan, which generally appears in several times, one is that the applicant wants to take some permissions or obtain information; the second is that the system is broken to enter the future, and set various agencies. . It can appear in the compiled program, or in the system command that the system administrator needs to be executed, even a part of the message. The more exciting is: some mail headers allows users to return to the shell and execute the command, because this feature activates the email, hackers use it to send a specific message to the terminal, in the terminal in the terminal Command sequence and execute it ... it sounds cool! Other (denial of service attack, network monitoring) Denial of service is also easy to understand, that is, let the server's CPU overload, disk saturation, insufficient memory ... In short, you can think that it can make it actions can be called Service because this causes a request for formal users using the server to be rejected by the server.