Novice Hacker entry attack and prevention tips _ security-related

In the formal conduct of various "hacker behavior", the hacker will take various means to detect (also can say "reconnaissance") the other party's host information, in order to determine the most effective way to achieve their goals. Take a look at how hackers learn the most basic network information-the IP address of each other, and how users can protect themselves from IP leaks.

Get IP

"IP" as an important indicator of net users, is the first need to understand hackers. Get more methods, hackers will also because of different network situation to adopt different methods, such as: In the LAN use ping instructions, ping the other in the network name and get IP; Use the IP version of QQ directly on the Internet to display. And the most effective way is to intercept and analyze each other's network packets. As shown in Figure 1, this is a network of Windows 2003 Network Monitor capture of the packet, the average user may be more difficult to understand these 16 code, and for knowledge of network hackers, they can find and directly through the software to resolve intercepted packets of IP header information, Then based on this information to understand the specific IP.

Hide IP

Although the method of reconnaissance IP is diverse, but the user can hide the IP method equally diverse. With the most effective packet analysis method, you can install the "Norton Internet Security 2003" that automatically removes IP information from the packet headers that are sent to it. However, there are some drawbacks to using the "Norton Internet security", such as: it consumes a lot of resources, reduces computer performance, is affected when visiting some forums or websites, is not suitable for Internet café users, and so on. Now the most popular way to hide IP users should use the proxy, since the use of proxy server, the "Referral Service" will be sent out of the packet changes, resulting in "packet analysis" method failure. Some easy to leak user IP network software (QQ, MSN, ie, etc.) support the use of proxy way to connect the Internet, especially QQ use "ezproxy" and other agent software connection, IP version of QQ can not display the IP address. Here the author introduces a more suitable for individual users of the simple agent software-network novice IP hidden (Figure 2), as long as the "proxy server" and "Proxy Server" to fill in the correct proxy server address and port, you can use the proxy HTTP, more suitable for IE and QQ leakage IP situation.

However, the use of Proxy server, there are also some drawbacks, such as: the speed of network communication will be required, a network on the ability to provide agents on the computer, if the user can not find such a proxy server can not use the proxy (to find a proxy server, use the "Agent Hunter" Tools such as software to scan proxy servers on the network.

Although the agent can effectively hide the user IP, but sophisticated hackers can bypass the agent, find the other side of the real IP address, users under what circumstances to use the method of hiding IP, but also because of the situation.

In addition to reconnaissance IP, there is also one-port scan in the hacker's detection mode. "Port scans" allow you to know which services, ports are open and not used (which you can understand to find the channel to the computer) that is being scanned.

First, port scanning

Easy to find remote port scanning tools, such as Superscan, IP Scanner, Fluxay (streamer), etc. (Figure 1), which is the "streamer" of the test host 192.168.1.8 port scan results. From there, we can clearly see which of the host's very ports are open, whether it supports FTP, Web services, and whether the FTP service supports "Anonymous" and the IIS version, and whether there are IIS vulnerabilities that can be successfully compromised.

Second, blocking port scanning

There are two ways to prevent port scanning:

1. Close idle and potentially dangerous ports

This method is somewhat "inflexible", and its essence is to shut down all other ports on the normal computer port that all users need to use. Because as far as hackers are concerned, all ports can be the target of an attack. In other words, "all outgoing ports of the computer are potentially dangerous", while some system-necessary communication ports, such as HTTP (80-port) required to access the Web page, and QQ (4000-port) cannot be shut down.

It is convenient to turn off some idle ports in the Windows NT core system (Windows 2000/xp/2003), which can be directed to turn off the port for the specified service and to open only the allowed ports. Some of the computer's network services will have system-assigned default ports, shut down some unused services, and their corresponding ports will be closed (Figure 2). Go to Control Panel, administrative tools, services, and shut down some unused services (such as the FTP service, DNS service, IIS Admin service, and so on) and their corresponding ports are deactivated. As for the "Only open allow port", you can use the system's "TCP/IP Filtering" feature, set up, "only allow" some of the system's basic network communication needs of the port (for "TCP/IP filtering," see the current issue of application).

2. Check ports for port scan symptoms, and immediately block the port

This method of preventing port scanning is clearly not possible for users to do their own hand, or it is quite difficult to complete, need software. These software is our common network firewall.

The firewall works by first checking every packet that arrives on your computer, and before any software that is running on your machine is seen, the firewall has a full veto, which can prevent your computer from receiving anything on the Internet. When the first request to establish a connection is answered by your computer, a "TCP/IP Port" is opened; when the port is scanned, the other computer is constantly connected to the local computer, and gradually opens the corresponding "TCP/IP Port" and idle port for each service, and the firewall is judged by its own interception rules, will be able to know whether the other side is scanning the port, and intercept the other sent over all the scanning required packets.

Now on the market almost all network firewalls can withstand port scanning, after the default installation, should check some firewall blocked port scan rule is selected, otherwise it will release port scan, but only in the log left information.

The hacker's preparation before the attack is complete. In future content, it will be turned into formal intrusion, theft, and attacks, and other specific introductions.
The internet, with Q, it was stolen, normal. Want to go online, want to use Q bar, don't want to be stolen Q, normal. Then come to know some stolen QQ knowledge!

I. Interpretation of nouns

1. Dictionary

A dictionary, in fact, is a text file that contains a lot of passwords. There are two ways to build a dictionary: by using dictionary software and by adding it manually. General dictionary software can generate a dictionary including birthdays, phone numbers, commonly used English names, and so on, but because of the size of the dictionary generated, and not flexible, so the hacker will often manually add some password to the dictionary to form an "intelligent" password file.

2. Violent cracking

The so-called violent cracking, in fact, is to use countless passwords and login QQ password to check, until the same. Brute force crack This method not only can use in Pilfer QQ, in cracked other password also commonly used this method, such as: Crack system administrator password. This is the most common way to crack.

Second, the principle analysis

Now there are two software stolen QQ, local cracking and remote cracking. Looks like a mysterious, in fact, that's what it is. Let's take a look at the local hack first.

1. Local cracking

Local cracking is actually using software to select a local login in the QQ number, and then hang up the dictionary to check the password. Local cracking can also be divided into two types: brute force and local record. And violent cracking is divided into two kinds: in order to increase and through the dictionary contrast. For example, now I want to crack QQ number 123456 password, I can use 1 as a password to check, if the correct can steal the number, if not correct, then with the second check, is not correct, then use 3, in order to increase until the same as the password. However, the efficiency is very low, because many people's password is not just a number, so this method is not common.

Usually used is the dictionary through the comparison of the password method, if the right to steal away QQ. Because dictionaries can be "smart", this kind of cracking is relatively efficient, especially if your password is a simple number, or the number plus some English names is particularly noticeable. For example, I saw in the Internet café a mm in English named Alice, password number of 8 digits (how do I know?) Dizzy! You stole it! ）。 Generally speaking, her password is Alice plus some numbers. So I can use the Easy Super Dictionary generator to make such a dictionary: Put Alice as a special character in the password 第1-5位 (Figure 1), and then the basic word character the number of all selected, and then set the number of password to 8, and then select the Save location point "generate a dictionary."

Figure 1

Open the generated dictionary, and you can see the alice000, alice001, and other passwords (Figure 2). Then you put Alice in 第2-6位, 第3-7位, 第4-8位, and other places are filled with numbers. Next I just use the software to hang the dictionary to crack, will soon be able to get QQ password.