Mar

To prevent the invasion of some skills ADSL

With the vigorous development over ADSL networks to achieve a permanent connection, at any time online is no longer a distant dream, but we must understand that a permanent connection into the Internet also means the possibility of invasion greatly increased. To know ourselves and can only Baizhanbudai, let's look at ADSL users hacking methods and means of prevention bar.

hacking method of ADSL users

In many parts of the system are monthly, so if a hacker can use a longer time to port and vulnerability scans, or even violent means to steal passwords online , or use sniffer tool to sit back and wait like to wait for each other's user name and password automatically sent to door.

To complete a successful network attacks, generally have the following steps. The first step is to target a variety of information collected, in order to conduct a thorough analysis of the target, we must gather as much as possible targets of a large number of valid information in order to loopholes in the final analysis, to afford the target list. The results include: the operating system type, operating system version, open services, open the service version, network topology, network equipment, firewall.

hackers scan is mainly used by TCP / IP stack fingerprinting method. Means of achieving these are mainly three kinds:

1.TCPISN sampling: Finding the provisions of the length of initialization sequence match with a specific OS.

2.FIN Detection: send a FIN packet - or any no ACK or SYN packets to the target marking an open port, and then wait for a response. Many systems will return a RESET-Reset tag.

3. Use BOGUS tag: by sending a SYN packet, it contains no definition of the TCP header TCP marking, using the system for marking different responses can be distinguished a number of operating systems.

4. The use of TCP initialization window: simply check the return package contains the length of the window, according to the size of each operating system only to confirm.

scanning technology, while a lot of principle is very simple. Here briefly scanning tool Nmap-Networkmapper, it is called is the best scanning tools, powerful, multi-purpose support multiple platforms, flexible, easy to use, carry strong, leaving little trace; not only be able to scan a TCP / UDP ports, but also for scanning / detection of large-scale network.

Note the use of some real domain name, which would allow scanning behavior looked more specific. You can own the name of the network to replace one of the addresses / names. You'd better obtain permission before scanning, or the consequences of you had better take your own Oh.

nmap-vtarget.example.com

This command right to retain all of the target.example.com did a TCP port scan,-v verbose mode that is available.

nmap-sS-Otarget.example.com/24

This command will start a half-open SYN scan is directed to a target.example.com where C class subnet, it attempts to determine on the target operating system running on what. This command requires administrator privileges, as used in a half-open scanning and detection system.

The second step is to launch attacks to establish a connection with each other, find login information. Now assume that the other was found by scanning the machine to establish a IPC $. IPC $ named pipe is a shared resource, it is for the communication between programs is very important, in the remote management computer and view the computer's shared resources will be used. Use IPC $, a hacker can connect with each other to establish an empty (no user name and password), while the use of this space to connect, you can get each other's list of users.

The third step is to use the right tools software registry. Open a command line window, type the command: netuse222.222.222.222ipc $ administrator / user: 123456

Here we assume that administrator password is 123456. If you do not know the administrator password, password tools needed to find other help. Log into the later, all things would have been under the control of hackers.

preventive measures

Because ADSL users typically spend more time online, so security awareness must be strengthened. Internet access 10 hours a day, or even a minority of people overnight boot it, but also people have made their own machine Web or ftp server for others to access. Routine preventive work in general can be divided into the following several steps to make.

Step 1, must take the Guest account is disabled. There are many invasions were carried out through an administrator password or account number to gain further privileges. If you do not want your computer to others when the toys, it is still prohibited good. Open the Control Panel, double-click the user and password, select the Advanced tab. Click the Advanced button, pop-up Local Users and Groups window. In the Guest account above, right-click, select Properties, select the General page account is disabled.

Step 2, stop sharing. Windows2000 installed, the system will create a number of hidden share. Click Start → Run → cmd, and then in the command line mode, type the command netshare you can view them. There are many online articles on the IPC's invasion, have taken advantage of the default shared connection. To prohibit such sharing, open the Administrative Tools → Computer Management → Shared Folders → share, in the corresponding shared folder on the right-click, point to stop sharing on the list.

Step 3, try to shut down unnecessary services, such as TerminalServices, IIS-If you do not use their own machines to make Web servers, then -, RAS-remote access services. There is also a Tingfan people should turn off the Messenger service, always someone else to use message service sent online advertising. Open the Administrative Tools → Computer Management → Services and Applications → Services and saw no use to turn off.

Step 4, to prohibit the establishment of an empty connection. By default, any user can connect through the air connected to the server, and enumerates account and guess your password. We must prohibit the establishment of air connections, the following two methods:

(1) to modify the registry:

HKEY_Local_MachineSystemCurrent-ControlSetControlLSA, will change the DWORD value RestrictAnonymous the key one.

(2) modify Windows2000 local security policy:

Setting Local Security Policy → Local Policies → Options in the RestrictAnonymous-Additional restrictions for anonymous connections is not allowed to enumerate SAM accounts and shares.

Step 5, if the open Web services, but also the need for IIS services security configuration:

(1) change the Web Service home directory. Right-click Default Web Site → Properties → Home Directory → local path, local path to point to other directories.

(2) delete the original installed by default Inetpub directory.

(3) delete the following virtual directories: _vti_bin, IISSamples, Scripts, IIShelp, IISAdmin, IIShelp, MSADC.

(4) deletion of unnecessary IIS extension mapping. Method is: Right-click the Default Web Site → Properties → Main Menu → Configuration, open the application window, get rid of unnecessary application mapping. If no other map, leaving only the. Asp,. Asa you can.

(5) backup IIS configuration. IIS can use the backup feature, it will set a good IIS to configure all the backup down, so that you can resume at any time IIS security configuration.

Do not think so that everything is all right, Microsoft's operating system, we are not unaware, bug is so great that it had to push all of Microsoft's patch to play.

Finally, we recommend you choose a functional firewall. For example NetworkICECorporation companies produce go BlackICE. It is very simple to install and run, even for network security are not familiar with does not matter, use the default configuration will be able to detect most types of hacker attacks. For experienced users can also select Tools in the AdvancedFirewallSettings, to target a specific IP address or a specific UDP port to accept or reject configuration, in order to achieve a specific effect of the defense.