Author; Sai Binghe ============================================== =============================== Description: reproduced also please indicate the author: ice race Contact QQ 18184412, EMAIL anmeihong @ sina.com is another thing that is suitable for the rookie. If the master is going to review, you can (speechless), there is not much new intention only, the individual summary ================= ============================================================================================================================================================================================================= =========
The ping command is a commonly used basic command, you don't look at it, but it's a lot, so this time I found relevant information and made a summary. But I just combine my experience in this order. I don't say too much. I don't say it. Ping is using an ICMP Echo packet to detect the host, then according to its return situation, thus extracting Our valid information is good for our attack and preventive. As for its basic command format, what parameters, please find information yourself. I am mainly used herein.
Ok, let's talk about how to use it in terms of attack:
1. Get the IP of the attack target, because we are mainly scanned in the preparation stage of the attack, so it is known that if its IP is to get the IP of a website, use: c: /> ping www.xxx.com according to its return We can see its IP.
2, the conversion of IP and its domain name, if you have an IP, it opened 80 ports, you want to see if it's the domain name, you can use this: C: /> ping -a 202.115. ***. *** The domain name can be seen according to its return.
3. Use the TTL value to determine what operating system. If we use the ping command, we will see a value with TTL (simultaneously, ttl: refers to the time of life)
Such as: C: C: /> ping 192.168.0.1 with 32 bytes of data:
Reply from 192.168.0.1: bytes = 32 TIME <10ms TTL = 128 reply from 192.168.0.1: bytes = 32 TIME <10ms TTL = 128 reply from 192.168.0.1: bytes = 32 TIME <10MS TTL = 128 reply from 192.168.0.1 : bytes = 32 TIME <10ms TTL = 128PING Statistics for 192.168.0.1: Packets: Sent = 4, Received = 4, Lost = 0 (0% Loss), Approximate Round Trip Times In Milli-Seconds: minimum = 0ms, Maximum = 0ms, average = 0ms
Here you can make a simple determination may be a Microsoft Windows NT / 2K operating system (just possible 哟) The following is the common system TTL return value ------------------- -------------------------------------------------- ---- UNIX and class UNIX operating system ICMP returns a TTL field value of 255
Compaq Tru64 5.0 ICMP Emotion Answer TTL field value is 64
Microsoft Windows NT / 2K Operating System ICMP Reviewed TTL field value is 128
Microsoft Windows 95 Operating System ICMP Back Appearance TTL field value is 32
Linux kernel 2.2.x & 2.4.x ICMP returns a TTL field value of 64
Microsoft Windows XP Operating System ICMP Back Answering TTL field value is 128 --------------------------------- ----------------------------------------
4, refuse the service attack with ping. By default, the packet size sent by Windows is 32byt but we can send a larger package yourself. When the number sent by the other party is greater than or equal to 65535, the other party is very likely to block, we can Use the -t parameter to implement a command with an aggressive. C: \> ping -l 65500 -t 192.168.1.21
Ok, the above is generally a hacker is often used in the use of attacks. So how do we prevent it? Let's take a look at how to prevent such attacks and probes:
1. The simplest and practical is to install a firewall, because all firewalls can block the ICMP packets. You don't have to formulate a firewall under the default condition, so it is simple to solve, such as Tianwang.
2. Find the Internet Protocol (TCP / IP) → Properties → Advanced → Option -TCP / IP Filter - Properties, you see a window is about "TCP / IP Filter", add the port you want to use. This will be filtered off, then open "Control Panel → Administration Tools → Local Security Policy", right-click "IP security policy," Manage IP Filters and IP Filters ", plus one "Prevent ICMP Attack", then press Add, select any IP address in the source address, select my IP address, the protocol type is ICMP, set complete. Distinguished "Manage Filter Actions", unchecked "Use Add Wizard" , Add, enter the name "Don't ping me" in the regular, the security measures are "blocked". In this way, we have a filtering policy that comes to enter ICMP packets and discards filtering of all packets. Click on "IP Security Policy, in Local Machine", select "Create IP Security Policy - Next - Enter Name ICMP Filter", by adding the Filter Regulations Wizard, specify the "Prevention ICMP Attack" filtering policy that just defined to the ICMP filtering The device, then select "Do not ping me", then right click to "prevent ICMP attack" and enable. 3, if you don't filter it, you can play with hackers to catch a hide and seek game, change your TTL's value, let him use the judgment to the operating system, huh, huh. Windows modifications are as follows: [HKEY_LOCAL_MACHINE \SYSTEM \CURRENTCONTROLSET \SERVICES \CPIP \Parameters] "defaultttl" = dword: 000000FF This is indicated by 16-based, corresponding to: 255 --- FF, 128 --- 80, 64 ---- 40, 32 ---- 20 Let him judge to see ghosts
