Anti-intrusion tracking after pigeons are in progress

Recently, I downloaded a Chinese: DameWare NT Utilities 4.9.2.6 mini control and got the pigeon trick.

The process is as follows:
1. Due to the habit of using the netstat-an command under cmd to find a strange connection:
TCP 192.168.0.8: 3155 220.176.15.46: 1986 ESTABLISHED
TCP 192.168.0.8: 3156 61.145.121.115: 80 ESTABLISHED

At that time, I didn't open any browsers .. When you see the familiar 80, you will be noted. In view of the recent chaos of pigeons .. The first time I suspected it was a pigeon.

2. I immediately got all the tools for killing pigeons. Only the following tool can be used to find its trace:

Screen. width * 0.7) {this. resized = true; this. width = screen. width * 0.7; this. alt = Click here to open new window;} "border = 0>

3. Identify port 80 as the pigeon access address. Ip address and port used to locate intruders
Scan port 80 immediately

D: hackeripc> s tcp 61.145.121.115 1-6000 1024
TCP Port used V1.1 By WinEggDrop

Normal Scan: About To Scan 6000 Ports Using 1024 Thread
61.145.121.115 80 Open
Scan 61.145.121.115 Complete In 0 Hours 0 Minutes 21 Seconds. Found 1 Open Ports

However, the following prompt is displayed when you use ie:

Webpage not found
The webpage you want to view may have been deleted, its name changed, or temporarily unavailable.

--------------------------------------------------------------------------------

Please try the following operations:

If you have entered the address of the webpage in the address bar, make sure that it is spelled correctly.

Go to the 61.145.121.115 homepage and find a link to the information you are interested in.
Click the back button to try other links.
Click search to find information on the Internet.

HTTP 404-file not found
Internet Explorer

Ip138.com IP address query (search IP address location)
IP Address: 61.145.121.115
Query Result 1: Guangzhou Telecom, Guangdong Province
Query Result 2: ADSL in Guangzhou City, Guangdong Province

 

Estimation .. The intermediate server may be a non-http server like a server in an Internet cafe .. If you want to start from the transfer, find the intruders .. Stuck here.

4. Check the hacker's location:
Ip138.com IP address query (search IP address location)
IP Address: 220.176.14.66
Query Result 1: Jiangxi Province, Ganzhou City, China Telecom
Query Result 2: ADSL in Ganzhou City (Anyuan County), Jiangxi Province

5.open procexp.exe .. Pay close attention to the enabled processes. Shut down suspicious items.

6. Try to use net send 220.176.14.66 "what do you want to do? "
An error occurred.

7. It is said that you can also use sniffer to see what data the other party has taken .. But I won't check the captured data.

8. What other methods can be used to capture intruders or intrude into the system ?? Welcome to discuss it !!