Give a hacker a "downloading"

Are you angry with hackers? When a firewall alarm is triggered, do you choose to silence or give appropriate warnings? You can use some tips to give the other party a "downloading" in good faith!

Messenger Service

When the firewall detects that the system is under attack, it will generally trigger an alarm or record the corresponding data. For example, if the common Skynet firewall detects that the system is under attack, the Skynet icon at the system tray will display a blinking alarm signal. Double-click the icon and in the pop-up window, you can obtain information such as the attacker's source and attempt to "break through" from the port (1 ).

Figure 1

After the attacker's IP address, we can try to use the Messenger Service to send a message to the other party! By default, Windows 2000/XP enables the messenger service to receive messages sent by others. If we want to send a messenger message to attackers, open the "command prompt" window and type "net send 218. 51. ***. *** warning message ". If you want to enter more text messages, you can use another method in Windows 2000 to open the [Control Panel] → [Administrative Tools] → [component services], right-click "services on the Local Computer", select [all tasks] → [send console message] in the pop-up menu, enter the message content, and click the [add] button, enter the IP address of the receiver, and click the [send] button.

Note: If the recipient does not enable the messenger service or uses a system that does not support the messenger service (such as Windows 98), you will receive an error message when sending the message.

Where is intelligence sent?

For friends who like software, they will be happy to download and try various software after going to broadband. However, some software is like a wolf in sheepskin, and they may secretly steal your secret, then it is sent to the host's mailbox. For a software that you are not at ease with, the key to knowing their every action on the network is to record the data packets they are active and try to find the "intelligence" email address, you can send an email to learn the situation!

Currently, many software programs can intercept and record network data packets. We recommend KFW, which is a firewall software. Its most characteristic function is to intercept network data packets of specified applications, record the sent and received data one by one. You can save and analyze the data to understand every action behind the network software.

KFW: html ">Http://download.zol.com.cn/detail/3/28567.shtmlAfter installation, you can use it again. Different network firewalls may conflict with each other. I suggest you disable other network firewalls when using KFW.

Step 1: add to the application rule list

Run the software you want to monitor. If the software has accessed the network, KFW will pop up a dialog box or automatically add it to the application rule list.

Tip: For security reasons, it is best to ask in the KFW pop-up dialog box as follows: Execute the main menu [setting] → [setting wizard], and click [next] in the pop-up dialog box. check "if the program is not recorded in the network, the query window is displayed ".

Step 2: Set the application to be monitored

Open the KFW settings window, switch to the "Application Rules" option page, find the software you just added, double-click it, and select the two "record data packets" options in the dialog box, track the sent and received data. Select the option box in the "Switch" column.

Step 3: analyze data packets

When the monitored software performs network activity, open KFW and switch to the "data packet record" page. You can view the corresponding data packet information, each record records important information such as the protocol name, package size, local port, peer port, and peer IP address. click the button next to the peer IP address to obtain the corresponding geographic location information. When you select a record, the following pane shows the content of the corresponding data packet. The left is in hexadecimal format, and the right is in text format (2 ), it is the information we need to care about. Have you found any suspicious email addresses?

Figure 2

After intercepting the email address information, you can share your thoughts with other friends on the software. If you are sure that this email has collected your information, let's send a letter to question it. As the saying goes, "being a thief" cannot scare him away.