First, there are two different types of Internet cafes in China. One is the traditional internet cafe (the computer in the internet cafe is
If there is a distinction between a host and an extension, all requirements of the extension must be processed by the host before it reaches the Internet)
The second type is the DDN Internet cafe, which has no host or extension. All computers in the internet cafe share one or
Multiple leased lines, but each computer has a static IP address and is directly connected to the Internet.
In the second type of Internet cafe, because the computer of the Internet cafe is directly connected to the Internet, Trojan control is required.
There is no problem at all. Let's talk about traditional Internet cafes.
In traditional Internet cafes, only hosts are connected to the Internet.
Before data communication, you must first send a request to the host to run the proxy service on the host. Program (Wingatesygatewinproxy, etc.) these requests are processed and sent to the Internet.
When the response is received, the data is sent back to the requested extension. In this case, the host does not act as an intermediary.
Transmission can also act as a firewall because all requests to the Internet or ext are
The request must be processed by the host. Therefore, all requests must pass through the host before reaching the extension.
Why is the single machine at home unable to control the extension in this type of Internet cafe. Server Side of most Trojans
After the program is executed on a computer, a port is opened on that computer to wait for the client connection. For example:
If a computer in an Internet cafe executes a glacier, the glacier opens port 7626 on that computer, and then
Is waiting. Here, we need to resolve the internal IP address and external IP address problems. In the meat bar of this type
Each extension has an internal IP address (allocated by the Network Card). The internal IP address is mainly used between computers in a local network.
Communication), in the Internet cafe, all computers have only one external IP address, which is connected by the host.
Allocated by the network provider on the Internet. Okay, now let's assume that the internal IP address of the computer in the internet cafe infected with glaciers is
192.12.12.12, the external IP address is 61.61.61.61 when a single machine or computer on the network is used at home
If the IP address used is 192.12.12.12
The IP address does not exist on the Internet (several IP addresses are dedicated to setting internal IP addresses). If this IP address does not exist
You will not receive a response. When you try to connect with the IP address 61.61.61.61, your connection request
First, it will be received by the host of the Internet cafe (the firewall and intermediary function of the host) and the host will not be infected with glaciers, so
Your connection request will be rejected immediately and the connection will fail. Most of the traditional Internet cafes
Computers in Internet cafes cannot be controlled by horses. The following describes the possibility of controlling computers in Internet cafes.
As we can see from the above, when the external machine sends a connection request to the extension in the Internet cafe, the host will reject such requests, but what if the extension in the internet cafe sends a connection to a specific IP address? What happens?
For example, when an extension uses a browser to view the website www.yahoo.com.cn, it is essentially an extension.
Send a request to www.yahoo.com.cn. When www.yahoo.com.cn receives the request, it will respond.
According to the data sent back to the extension, the data will first pass through the host, because the extension initiates a request, when
When there is a data response, the proxy service program on the host sends the data to that extension. In this case,
The connection is established smoothly. By using this principle, you can control the possibility of computers in Internet cafes. Vegetables
This principle is used by the Trojan's server programs to generate external connections.
This solves the problem. Besides the trojan of vegetables
The IRC function can also achieve this, but there may be some restrictions. The BioNet Trojan has a function.
It is the IRC notification function, that is, when the server program starts, a connection will be generated to the specified IRC server,
Then wait for the command in the specified room (Channel) in IRC. In this case, the denial-of-service attack
The server that waits for the command is the same, because the connection is from the server (the computer infected with the Trojan)
So if the host in the internet cafe does not reject the extension connection (because IRC uses the default port
It is 6667, so the host's server program may not be allowed. The vegetable trojan uses the ftp port,
The port is usually not rejected) so that the extension can connect to the IRC server.
Then, the connection is generated, so that the IRC server sends the command to the extension and will no longer be
Rejected. Although BioNet's commands on the IRC server to the Trojan server are limited, at least all of them are uploaded,
Remote Execution and attack of these commands, although not rich enough, but due to restrictions on IRC, there are
All functions are good. Another Trojan that can control computers in Internet cafes is remote-anything,
This function is available only in Versions later than 3.6, and one condition is that the host of an internet cafe must also be infected with remote
This trojan. Remote on the host acts as a "Gateway" function and redirects all requests to the extension.
This function is almost a port steering function (the so-called port steering function is
For example, if a port Redirection Program is run on the host, this program will
All requests sent to port 7777 of the host are directed to port 7626 of a certain extension. Assume that the internal IP address of the extension is
It is 12.12.12.12 and infected with glaciers. The port opened is 7626. The external IP address of the host is 13.13.13.13.
The port redirection program running on the host will forward the request to port 7777 of 13.13.13.13 to 12.12.12.12
When someone sends a request for a glacier connection to port 7626 of host 13.13.13.13,
At this time, the Redirection Program will take effect, and the request will be immediately directed to the extension 12.12.12.12.
7626 that port went because the extension 12.12.12 was infected with the glacier, so this opportunity is now
In this way, the connection will be generated, that is, the ice can be used to control the extension in the internet cafe), remote
The "Gateway" function on the host is similar to the above port steering principle. Although the host is infected
Remote attackers can control remote extensions in Internet cafes. However, remote extensions are better than those without remote extensions,
Even if the host in the internet cafe is infected with the glacier, the extension is infected with Trojans. You can only control the host and Root
There is no way to control the extension (unless you use one of the extensions in that Internet cafe to control the extension, this is a different theory.
