To teach you how to crack a telecom-sealed route

Intermediary transaction SEO diagnosis Taobao guest Cloud host technology Hall

To teach you how to crack a telecom-sealed route

Recently ISP offers more and more ways to seal the road, further infringing on the interests of users.

ISP providers use a single, "Network Vanguard" monitoring software shield route.

I found a way to crack, we can try.

"Network Vanguard" is the use of a variety of methods to detect whether users use a shared way to access the Internet, so as to limit, the following I cracked:

First, check the same IP address packet has a different MAC address, if it is to determine the user to share the Internet. The solution is to change the MAC address of each computer to the same;

(a), deception

1. Modify the Registry

Almost all NIC drivers can be invoked by the ndisreadnetworkaddress parameter to read a user-specified MAC address from the registry. When the driver determines that the MAC address is valid, the MAC address is programmed into the hardware register, ignoring the intrinsic MAC address of the NIC. We can accomplish this by manually modifying the Windows registry.

Run Windows Registry Editor under Winodws 98, expand Hkey_local_machine\system\current controlset\services\class\net, and see a similar "0000", " 0001 "," 0002 "subkeys. Start by clicking on the "0000" subkey, then look for the contents of the "DriverDesc" key under the subkey until you find the same network card registry information as the target we are looking for.

When the correct network card is found, click on the Pull-down Menu "edit/New/String", the name of the string "NetworkAddress", The New "NetworkAddress" string name on the mouse can be entered a value. Enter the new MAC address value you want to specify. The new MAC address should be a 12-digit hexadecimal number or letter with no "-", like "000000000000" values (note that the specific key values in Windows 98 and Windows 2000/xp are slightly different locations and can be looked up by the lookup feature).

Under "NetworkAddress", continue to add a string value named "Paramdesc" that will be described as the "networkaddress" item, which can be taken as "MAC address." Then change its content to what you want to set. As shown in the figure. In this way, we have successfully modified the MAC address of the NIC, restart the computer.

2. Modify Network card Properties

Most network adapters can change their MAC address by modifying the network card properties in the Control Panel, in Device Manager, right click on the network card icon that needs to be modified, and select the Properties/Advanced tab. In the Properties section, you can see an item called "Receptacle address" or something similar to a name, click on it, and, under "value" on the right, enter the value of the Mac that you want to specify. To enter 12 hexadecimal digits or letters consecutively, do not enter "-" in between. The settings will take effect after restarting the system.

(b), the most drastic

If the user is using the NIC of the Realtek Company's RTL8139A/B/C/D series Chip, there is a simpler way to modify the MAC address. The PG8139 software designed by Realtek Company can modify the MAC address of RTL8139 series network card directly, even can make the MAC address of the NIC different after each boot. The specific actions are as follows:

The Pg8139.zip solution to a folder, to 8139C chip, for example, with Notepad to open the directory of 8139c.cfg files, modify 8139c.cfg file The first line, the "NodeID" (network card number) after the required new values, the proposed initial value is "E0 4C 00 00 01 ", note that at least one space must be left between each two bit.

Save and then enter MS-DOS (note, in pure DOS mode), enter "Pg8139/pci 8139c.cfg" after the DOS prompt, and then press ENTER, when the system prompts "programming EEPROM is successful" Indicates that the change was successful. PG8139 program successfully run every time, in the corresponding 8139c.cfg file, the system will automatically "NodeID" value plus 1, that is, the first run to the current Workstation network card allocated MAC address is "E0 4C 00 00 01", the second run, the system will automatically be assigned to "E0 4C 00 00 02", the third run, will automatically for "a E0 4C 00 00 03" ..., and so on, you can modify the MAC address of the network card in batches, no longer need to modify the 8139c.cfg file again.

If the user's Nic is a RTL8139 other version of the chip, just find the corresponding. cfg file modification.

In addition, there is an extreme way to burn the network card through the EEPROM to achieve the purpose of cloning MAC address. But this is risky, and the operation is complex, even experienced users will inevitably appear in the operation of errors, do not recommend this operation.

(c), Qiao circumstance

If you are a user of Windows 2000/XP, you can modify the software SMAC with a free MAC address. After you run SMAC, the list box in the window lists the network cards that are working on your computer. After you select the NIC you want to modify, after entering the new MAC address in the six input boxes below the list box, click on the right "Update Mac (Modify MAC Address)" To complete the MAC address modification.

There are many tools for modifying MAC addresses, but most of them are only available for Windows 2000/XP, which is recommended for "Super Bunny Magic Settings" because it is easy to use and is also effective in Windows 9x systems.

After the modification is complete, the general way to make the settings effective is to reboot the system. There is also an easy way to reboot the system, in the Device Manager, select the network adapter icon, click the right mouse button, choose Disable (note that the status bar has been shown as "disabled" after the operation). Then right-click the selected network adapter and choose Enable from the right-click menu. This allows the modified settings to take effect.

Second, through SNMP (Simple Network Management Protocol) to find multiple computer sharing Internet.

Some routers and ADSL cat built-in SNMP service, through the appropriate tools to see if the user has been shared, the following is a netizen provided by the corresponding tool to view an ADSL modem in the number of connected users, which can be very clear to see the number of users to share.

To find out if your router or big cat is open to SNMP services, look for a scanning software (Ipscan, Superscan ...). Scanning, if the 161 port is open to the built-in SNMP service, the solution is to use the SNMP 61 port to prohibit on the line.

Use a router or open the ADSL cat's routing mode to share the Internet with friends who can access the admin interface with shutdown SNMP option to turn it off. If the cat's management interface does not turn off the SNMP option to buy a router without SNMP services, such as TP tl-r400, placed in the middle of the ADSL moden and hub, the router to do a NAT service, so into the ADSL cat is an address, This solves the shared Internet.

Thirdly, the number of concurrent ports is monitored, and the number of originator is more than that of set.

This is an annoying setting, "network Vanguard" constantly scan the number of ports opened by users, more than the set value of the judge is shared, sometimes even press several times F5 key it is considered to be shared, even a single user online also affected, this can not be cracked (unless you put the Network Vanguard Black), I here the solution is to pretend to be innocent users to the ISP's customer service phone call lambaste, and the statement to change the ISP, in a moment the network is normal;

Network Vanguard also uses unknown methods to detect shared information from shared computers. The current solution is that all shared clients have to install a firewall, the security level is set to the highest, the IP configuration rules in all of the Allow access to the local rules do not, allow ping this machine do not, To prevent ICMP,IGMP attacks also tick. If it is WinXP, open the network firewall for the NIC. Take the above solution, in their own local area network can not see the machine, and WinXP open the network card firewall, in QQ can not transfer files, speed slowed down, but finally can be shared.

Network Vanguard, who is sacred

In fact, Netsniper Network Vanguard is not mysterious. He is a set of maintenance management system which was launched by a Shanghai network system company a few years ago.

Network Vanguard is divided into three parts: Network Vanguard Controller, network Configuration Manager and log manager.

One of the hardware devices-Network Vanguard Controller has developed into I and II two models. I apply to detect and control private line; II applies to Detect and control shared Internet access and steals MAC address online.

Network Configuration Manager is used to configure and manage the relevant parameters of the Network Vanguard Controller. The log manager is used to receive and process log information sent by the Network Vanguard Controller.

After placing the standard rack-type network Vanguard hardware on the line, the network service provider and the manager can make a fairly comprehensive setup.

Network Vanguard based on the TCP/IP environment, it can detect the unauthorized proxy server or router in the network, prevent the theft of other people's MAC address, and automatically intercept the IP packets of these proxy servers and the IP packets flowing to such routers.

Finally can effectively avoid the user escape fee or privately operated situation, the network service provider will have a manageable broadband network. It is based on this, so all over the network service providers began to launch the network Vanguard.

Monitoring principle, not yet public

Won the service provider favored by the network vanguard in the end is how to monitor the user? How did the sharing of the internet be discovered? The discussion of Network Vanguard was launched on the network.

Because of the business interests involved, neither the equipment provider nor the ISP has disclosed how the network vanguard works. The information that ordinary netizens can learn comes from unofficial Internet.

ADSL sharing network is generally through the route NAT, after the routing of the Internet access to the intranet computer IP address has become 192.168 0.1, and MAC address also converted to the ADSL modem MAC address. It is difficult to monitor the data packets directly at the ADSL exit to check the NAT conversion.

The network Vanguard scans the ADSL cat with tools such as Superscan, and finds the number of PCs with 161 ports open. Because Port 161 is a service port for SNMP (Simple Network Management Protocol), it is shared more than the number of ISP settings.

Others argue that cyber-Vanguard detects shared information from shared computers using unknown methods, and alerts the Internet when it is shared. When an illegal user is found, Netsniper can issue a specific control pack to keep the illegal user in an "offline" state.

Network outbreak, attack and defense war

Although the principle of its work is a wide spectrum of opinions, but most users of network vanguard resistance attitude, although the manufacturer claimed that, as a test equipment, network Vanguard to receive the data mainly, do not send data, so the bandwidth consumption is almost zero. But there are still a lot of people on the internet to steal criticism of network Vanguard's drawbacks.

Guilt One:

The biggest guilt is that it limits the freedom of the Internet and does not allow users to share the Internet with others. If you have a long time with friends and family, neighbors together with the network of ADSL line, will be found by the network service providers and warning.

Guilt two:

It constantly scans the number of ports opened by users, more than the set value of the judgment is shared, sometimes even press several times F5 key it is considered to be shared, even a single user online also affected.

Counts three:

Its non-stop scanning influence speed, resulting in browsing the Web page often to refresh several times; but some pages are more complex, to call several server files when it also when you are sharing, part of the page can not be normal display

This article is supplied by www.momo13.cn