Entry-level hacker attack and defense techniques

Before launching various "hacker behaviors", hackers will take various measures to detect (or "detect") The host information of the other party, in order to determine the most effective method to achieve your goal. Let's see how hackers know the most basic network information-the IP address of the other party, and how users can prevent their own IP address leakage.

■ Obtain an IP address

As an important identifier for Net users, "IP" is the first thing hackers need to know. There are many methods to obtain the IP address. hackers may also use different methods based on different network conditions, for example, using the Ping command in the LAN to Ping the name of the other party in the network; use the IP version of QQ for direct display on the Internet. The most effective way is to intercept and analyze the network packets of the other party. 1. This is a network packet captured by a Windows 2003 network monitor. It may be difficult for general users to understand these hexadecimal codes, but for hackers who know network knowledge, they can find and directly parse the IP packet header information of the intercepted packets through software, and then learn the specific IP address based on the information.

■ Hide IP addresses

Although there are multiple methods for IP reconnaissance, there are also a variety of ways for users to Hide IP addresses. To deal with the most effective "packet analysis method", you can install "Norton Internet Security 2003" that can automatically remove the packet header IP information ". However, the use of "Norton Internet Security" has some disadvantages, such as: it consumes resources seriously, reducing computer performance, affecting access to some forums or websites, and not suitable for Internet cafe users. Currently, the most common method for individual users to Hide IP addresses is to use a proxy. Because after a proxy server is used, the "IP address translation service" will modify the sent data packets, this invalidates the "packet analysis" method. Some network software (such as QQ, MSN, and IE) that are easy to leak users' IP addresses support proxy connection to the Internet, especially after QQ uses proxy software such as ezProxy to connect, QQ of IP version cannot display this IP address. Here I will introduce a simple Proxy Software suitable for individual users-IP address hiding tool for new users in the network (2 ), you only need to fill in the correct proxy server address and port in the "Proxy Server" and "Proxy Server" to use the proxy for http. This is suitable for IE and qq ip address leakage.

However, the use of proxy servers also has some disadvantages, such as: it will affect the speed of network communication; a computer on the network that can provide proxy capabilities, if you cannot find such a proxy server, you cannot use a proxy (when searching for the proxy server, you can use tools such as "proxy Hunter" to scan the proxy server on the network ).

Although the proxy can effectively hide the user's IP address, hackers can bypass the proxy to find the real IP address of the other party, and under what circumstances the user uses to hide the IP address, it should also be based on the situation.

Apart from IP detection, the hacker also has a port scan. Through port scanning, you can know which services and ports of the computer to be scanned are opened but not used (it can be understood as a channel to the computer ).

I. Port Scanning

It is easy to find remote port scanning tools on the Internet, such as Superscan, IP routing, Fluxay, etc. (1 ), this is the result of a port scan on the test host 192.168.1.8 using "streamer. From this, we can clearly understand which frequently used ports of the host are opened, whether FTP and Web services are supported, and whether FTP services support "anonymous" and IIS versions, whether any IIS vulnerability can be successfully cracked is also displayed.

2. Blocked port scanning

There are two methods to prevent port scanning:

1. disable idle and potentially dangerous ports

This method is somewhat "rigid". Its essence is to close all ports other than the normal computer ports that users need. As far as hackers are concerned, all ports may become targets of attacks. In other words, "all computer ports for external communication are potentially dangerous", and some necessary communication ports of the system, such as HTTP (port 80) required for webpage access; QQ (port 4000) and so on.

It is convenient to disable some idle ports in Windows NT core system (Windows 2000/XP/2003, you can use "()" or "open only allowed ports ". Some network services of a computer have default ports allocated by the system. Some idle services are closed, and the corresponding ports are also closed (2 ). Go to "Control Panel", "Administrative Tools", and "services", and disable some unused services (such as FTP services, DNS services, and IIS Admin services) on the computer ), their corresponding ports are also disabled. As for the "open only allowed port mode", you can use the "TCP/IP filtering" function of the system, "Only allow" some ports required for basic network communication (for "TCP/IP filtering", see this topic ).

2. Check the ports and immediately block the ports if they have symptoms of port scanning.

This method of preventing port scanning is obviously impossible for the user to manually complete, or it is quite difficult to complete, and requires the help of software. These software are our commonly used network firewalls.

The working principle of the firewall is: first, check every packet that arrives at your computer. Before this packet is visible to any software running on your machine, the firewall has a full veto power, your computer is prohibited from receiving anything on the Internet. When the first request for a connection is sent to your computer, a "TCP/IP Port" is opened. When a port is scanned, the other computer continuously establishes a connection with the local computer, gradually open the "TCP/IP Port" and idle port corresponding to each service, and the firewall will be able to know whether the other party is performing port scanning after judging by its built-in interception rules, and intercept all the packets required for scanning sent by the other party.

Currently, almost all network firewalls on the market can defend against port scanning. After the default installation, check whether the port scanning rules intercepted by some firewalls are selected. Otherwise, the firewall will allow port scanning, but leave information in the log.

This article describes the preparations for the hacker to launch the attack. In the future, we will introduce the formal intrusion, theft, attack, and other details.
I got online. I used Q. I got stolen. It's normal. I want to access the Internet cafe. I want to use Q. I don't want to steal Q. It's normal. Let's take a look at some QQ hacking knowledge!

I. Glossary

1. Dictionary

The so-called dictionary is actually a text file containing many passwords. There are two ways to generate a dictionary: generate a dictionary using the dictionary software and manually add a dictionary. Generally, dictionary software can generate a dictionary containing a birthday, phone number, frequently used English name, and other passwords. However, the dictionary is large and inflexible, therefore, Hackers often manually add some passwords to the dictionary to form an "intelligent" password file.

2. brute-force cracking

The so-called brute-force cracking is actually to use countless passwords to verify the passwords used to log on to QQ until they are the same. This method can be used not only to steal QQ, but also to crack other passwords, such as cracking the system administrator password. This is the most common method of cracking.

Ii. Principle Analysis

Currently, two types of software are involved: Local cracking and remote cracking. It looks like a mysterious one. In fact, this is the case. Next let's take a look at local cracking.

1. Local cracking

In fact, local cracking is to use the software to select a QQ number that has been logged on locally, and then use the dictionary to check the password. There are two types of local cracking: brute-force cracking and local record. There are two types of brute-force cracking: Increase in order and comparison by dictionary. For example, if I want to crack the password with the QQ number 123456, I can use 1 as the password for verification. If it is correct, I can steal it. If it is incorrect, I will use 2 for verification, if it is not correct, use 3 to add it in this order until it is the same as the password. However, the efficiency of such cracking is very low, because many people's passwords are not just numbers, so this method is not common.

In normal times, the common method is to compare the password in the dictionary. If it is correct, the QQ is stolen. Because the dictionary can be "intelligent", the attack efficiency is relatively high, especially when your password is a simple number or a number adds some English names. For example, I can see that the English name of a MM in an Internet cafe is alice, and the password number is 8 bits (how do I know? Dizzy! Why !). Generally, alice adds some numbers to her password. So I can use the Yiyou super dictionary generator to create a dictionary that uses alice as a special character to rank 1-5 characters (1) in the password, and then selects all the numbers in the basic characters, set the password's number of digits to 8, and then select the storage location and click "generate Dictionary ".

Figure 1

Open the generated dictionary, and you will see the alice000, alice001, and other passwords (2 ). Then, alice is placed in the 2-6, 3-7, and 4-8 digits. Other locations are also filled with numbers. Next, I just need to use the software to hook up these dictionaries for cracking, and soon I can get the QQ password.