Hackers were cleverly fooled by modifying the TTL value.

As you know, you can use the Ping and Tracert programs to determine the target host type. The main use of Ping is to check whether the target host can be connected. Tracert uses the TTL value in the ICMP and IP packet headers to prevent data packets from continuously repeating over the IP Internet. Many intruders first Ping your host. If the TTL value is 128, they think that your system is Windows NT/2000; if the TTL value is 32, the operating system of the target host is Windows 95/98. If the TTL value is 255/64, the host is regarded as a UNIX/Linux operating system. Although intruders believe the results of TTL values, they cannot intrude into the computer as long as the TTL value is modified.

Procedure:

1. Open the Notepad program and write the batch processing command:

@ Echo REGEDIT4> ChangeTTL. reg

@ Echo.> ChangeTTL. reg

@ Echo [HKEY_LOCAL_MACHlNESystemCurrentControlSetServicesT cpipParameters]> ChangeTTL. reg

@ Echo "DefaultTTL" = dword: 000000 "> ChangeTTL. reg

@ REGEDIT/S/C ChangeTTL. reg

2. save the compiled program. bat is a batch processing file with the extension. Click this file. The default TTL value of your operating system will be changed to ff, that is, 255 of the 10th hexadecimal value, that is to say, you have changed your operating system to a UNIX system. At the same time, a Registry file named ChangeTTL. reg is generated under the folder where the file is located. If you want to run this batch file without generating ChangeTTL. reg file. You can add deltree/Y ChangeTTL to the last line of the batch processing file. reg. reg file.

Note: In the preceding command, echo is a DOS echo command. If you want to see the program execution process, remove. ">" Is appended to the file ChangeTTL. reg after it. "DefaultTTL" = dword 000000ff "is used to set the default TTL value of the system, if you want to change the TTL value of your operating system to the ICMP echo response value of other operating systems, change the "DefaultTTL" key value, you must change the TTL value of the corresponding operating system to hexadecimal.

In this way, when the intruders Ping your machine, what they get is a false TTL value. This false TTL value will mislead the other party and lead to misjudgment by the intruders, because the intrusion methods for different operating systems are not the same, using this method to cheat the other party can make him confused! Is it good to use this method to cheat intruders? Try it!