Counterattacks against cyber law enforcement officers

As the "cyber law enforcement officer" of management software, it has been quite popular for some time. However, they must hate it very much, today, we are talking about the software's law enforcement process and Breakthrough process as a network administrator. First, let's take a look at the description of "cyber law enforcement" on the Internet:You can run the main process of the cyber law enforcement officer on any machine in the LAN. It can penetrate the firewall, monitor and record the online status of the entire LAN user in real time, and limitIP, Time period, and illegal users can be kicked off the LAN. This software is applicable to the LAN and cannot monitor or manage machines outside the gateway or router!

It was rumored on the Internet that it could penetrate the firewall, which really scared me,I don't know if the software team has such a saying. Maybe some advocates have made him holy, so I began to study how he penetrated the firewall. After reading this article, you will know"How does one implement penetration firewall ".

Actually"Internet law enforcement officer" is throughARPSpoofing for management purposes.ARPThere are a lot of spoofed articles. If you are not sure, you can search for them. In fact, "Internet law enforcement officer" is just a very common management software. Although its functions are more comprehensive and stable, it is essentially different from other software. If you want to know how he manages the CIDR Block and not allow the workstation to access the Internet, you need to pursue the principles of network communication. Because the main feature of this software is built on the data link layer, I simplified it for others.IOSMain features of the layer-7 Reference Model.

Network basics: physical layer, data link layer, and network layer

User: transmission, session, representation, and Application Layer

 

We know that our communication is closely related to the layer-7 protocol of the network. Below we use a virtual LAN to explain the network communication process and the management process of the "Network law enforcement officer. When we are at the top layer of the layer-7 protocolAWant to communicate with other hosts, suchTelnetTo hostB, Each layer is packaged with data to encapsulate the data labels that we can recognize. We only talk about the communication process below Layer 4, and the communication process is second.

1When the data packet arrives at the transport layerTelnetUseTCPProtocol. The Transport Layer keeps the data transmitted from the upper layer unchanged in encapsulation.TCPSo that the target host can correctly unpack and continue to pass to the lower layer (Network Layer.

2The network layer will not change the previous data packets, including any header files,First hostATo judge the target host, he will use his ownIPThe result of performing operations on the address and its own subnet mask is172.16.12.0, And then get your own mask and hostBOfIPAddress operation and calculation, the result is172.16.12.0At this time, he knows that they are in the same network segment, then he will encapsulate hisIPAnd targetIPAddress, which is the same as the data uploaded from the previous layer.

3The data link layer actually includes two child layers. The first isLLCThe other sub-layer isMACChild layer. We know that communication over Ethernet is physically addressable and will encapsulate our ownMACAddress and recipient'sMACAddress. Of course, the user did not notify himMACThe host will check its own cache table to see if there is any host.BOfMACAddress, which is encapsulated if any. Otherwise,ARPAddress Resolution broadcast package, the package will only survive in the network segment and tagged, although all hosts can receive the broadcast package, but it will only be passed to the data link layer of the host. More specifically, it will be discarded when it is passed to the high-level layer of the data link layer.

4And the data will be transmitted from the transmission media such as our network cable.BWhen you receive the data, perform the same job but perform the opposite operation. I believe you do not need to explain too much, as shown in figure 3.