How does China Telecom disable route access

There are two ways for ADSL to share the Internet. One is proxy and the other is address translation (NAT). Generally, the routing method is actually NAT, in fact, the principle of routing and NAT is still different. We will not discuss it here. Currently, ADSL cats generally have NAT functions. It is more economical and convenient to use its own functions to achieve Internet sharing, this article mainly discusses this method.

If you want to block more than one computer from accessing the internet, you must find that there are more than one machine behind the sharing, as shown in NAT working principle 1, after NAT translation, the addresses of computers accessing the Internet over the Intranet are all changed to 192.168.0.1, And the MAC address is also converted to the MAC address of ADSL. That is to say, in principle, you cannot find several machines accessing the internet by directly capturing NAT-converted packets at the ADSL egress. How did we find it? After research, it is found that it uses a variety of methods to detect whether users use the Internet sharing mode, thus limiting, the following are cracked:

1. check whether there are different MAC addresses in the packets with the same IP address. If so, determine that the user shares the internet. The solution is to change the MAC address of each server to the same one. The modification method is as follows:

First, obtain the MAC address of the Local Machine: the MAC address is the physical address that is fixed in the serial EEPROM on the NIC, usually with 48-bit length. The ethernet switch implements packet switching and Transmission Based on the MAC source address and MAC destination address in a packet header.

(1) In Windows 98/Me, choose Start> RUN> enter winipcfg> enter.

(2) in Windows 2000/XP, click Start → run → Enter CMD → press ENTER → enter ipconfig/all → press Enter.

Alternatively, right-click the local connection icon, select the status, and click the support tab. "details" contains MAC and other important network parameters.

1. If your NIC Driver directly provides the clone MAC address function, such as the RTL8139 chip from RealTek, congratulations. Click Start → set → control panel ", double-click "network and dial-up connections", right-click the NIC icon to modify the MAC address, and select "properties ". On the "General" tab, click the "configuration" button and click the "advanced" tab. In the "attribute" area, you should see a project called "Network Address" or "Locally Administered Address", click it, and under the "value" on the right, enter the MAC address value you want to specify. You must enter 12 numbers or letters consecutively. Do not enter "-". After the system is restarted, the setting will take effect (Windows 98 and Windows 2000/XP user operations are slightly different, please refer to the System Instructions)

2. If your NIC driver does not provide the clone MAC address function, here are some methods to find a suitable one for you.

WIN98:

A. right-click the "Network Neighbor" icon and select "properties". A "network" dialog box is displayed. In the "configuration" box, double-click the NIC you want to modify and a NIC attribute dialog box is displayed. In the "advanced" option, click "Network Address" under the "attribute" identifier, and select the preceding one from the two single options on the right, enter the MAC address of the network adapter you want to modify in the box, and click "OK", the system will prompt you to restart. After restarting, your NIC address will be modified !!

B. Click "Start> Run", type "winipcfg", select the NIC you want to modify, and record the MAC address value. Click "Start> Run" and enter "regedit" to run the Registry Editor (you must back up the registry before modifying the registry). Based on the registry tree structure, find "HKEY_LOCAL_MACHINE \ System \ CurrentControlSet \ Services \ Class \ Net" in sequence, and you will see subkeys like "0000", "0001", and "0002. Click the "0000" sub-key and search for the content of the "DriverDesc" key under the sub-key until you find the NIC registry information that is exactly the same as the target.

After finding the correct Nic, click "Edit> New> string" in the drop-down menu, and the name of the string is "networkaddress". Double-click the name of the newly created "networkaddress" string, you can enter a value. Enter the new MAC address value you specified. The new MAC address should be a 12-digit number or letter with no "-", similar to "00C095ECB761.

There are two ways to activate a new MAC address:

If you are using a common built-in Nic, you must restart the computer to make the change take effect.

If you are using a PCMCIA card, follow these steps without restarting the operating system: Run winipcfg, select and release DHCP settings, and disable winipcfg. Open the control panel or System Tray "PC Card (PCMCIA)", stop and bring up the PCMCIA Nic. Re-insert the PCMCIA Nic, open winipcfg, select and refresh DHCP settings, run winipcfg, and confirm that the modified MAC address has taken effect.

In WIN2000:

A. right-click the "Network neighbors" icon on the desktop and select "properties". In the "Network and dial-up connections" window, there are usually two icons. One is the "New Connection" icon, one is the "my connections" icon. If your machine has two NICs, there will be three icons. If you only have one Nic, right-click the "my connections" icon and select "properties". A "My Connection Properties" window is displayed. In the upper part of the graph port, there is a "Connect with:" icon. The following figure shows the NIC model on your machine. There is a "configuration" button below. Click this button to enter the NIC Properties dialog box. This dialog box contains five properties pages. Click the second "advanced" page, there are two items under the "attribute" identifier: one is "Link Speed/Duplex Mode", which is used to set the NIC working rate. We need to change the following "Network Address ", click this item. There are two single options under the "value" icon on the right of the dialog box. The default value is "no". We only need to select the single option above, enter the MAC address of the network card you want to change in the box on the right, and click "OK". Wait a moment, the network card address will be changed. You don't even need to disable the network card!
You can also open the NIC properties page in "Settings manager" to modify the settings.
B .1. in the primary keys such as "HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Class \ 4D36E972-E325-11CE-BFC1-08002BE10318 \ 0000, 0001, 0002", you may have installed more than one network adapter, therefore, the primary key contains multiple primary keys similar to "0000, 0001". In this case, you can find the primary key with which the DriverDesc content matches the description of the ENI you want to modify, for example, 0000 ".
　　
2. In the primary key mentioned above, add a string named "NetworkAddress" and set its value to the MAC address you want. It must be written continuously as "001010101010 ".
　　
3. then add a primary key value "NetworkAddress" to "NDI \ params" under the primary key, add a string named "default" under the primary key, and write the value to the MAC address to be set, continuous writing, such as "001010101010 ".
　　
[Note] In fact, this is only the "Initial Value" in the advanced attribute mentioned later. The actual MAC address is determined by the "NetworkAddress" parameter mentioned in, in the future, the Intermediate Value of the advanced attribute is the value given by "NetworkAddress" instead of the value given by "default.
　　
4. add a string named "ParamDesc" under the primary key of "NetworkAddress". The function is to specify the description of the "NetworkAddress" primary key. The value can be "MAC Address" (you can also set it as needed, this is only a description. It doesn't matter. This value will appear as a description when you directly modify the MAC address in the future). In this way, the attributes of network neighbors will be opened after the restart, double-click the corresponding Nic item and you will find an advanced setting with the MAC Address (ParamDesc, (^ 29041103a ^) 1 that you set earlier) under it, this is the new "NetworkAddress" that you add in the Registry in step 2. You only need to modify the MAC address here.
　　
5. Close Registry Editor and restart. Your NIC address has been changed. Open the properties of the network neighbor. Double-click the corresponding Nic item and you will find an advanced setting item for MAC Address. It is used to directly modify the MAC address, and can be changed at any time without restarting.

In WinXP

Most NICs can change their MAC addresses by modifying the NIC attributes in the control panel. In Device Manager, right-click the NIC icon to modify the MAC address and select the properties/Advanced tab. In the "properties" area, you can see a project called "Network Address" or another similar name. Click it and click it at the bottom of the "value" on the right, enter the MAC address to be specified. You must enter 12 hexadecimal numbers or letters consecutively. Do not enter "-".

Other software that can modify MAC can be run in XP/W2K. You can search for it online.

Linux

You need to use # ifconfig eth0 down to disable the NIC first, and then use ifconfig eth0 hw ether 1234567890ab, so that the change can be successful.
To change it permanently, add these three sentences to/etc/rc. d/rc. local (you can also add the following three lines to/etc/init. d/network)
Ifconfig eth0 down
Ifconfig eth0 hw ether 1234567890ab
Ifconfig eth0 up

If you want to restore the MAC Address of the Network card to its original state, you only need to set the single option on the right of the "Network Address" item to "not displayed" and restart the Network card. In WIN2000, select "no". Of course, you do not need to restart it.

Ii. SNMP (Simple Network Management Protocol) is used to discover multi-host internet access. Some routers and ADSL cats have built-in SNMP services through scanning software (ipscan, superscan ......) after scanning, we found that port 161 is open and port 161 is the service port of SNMP (Simple Network Management Protocol). Is it the number of hosts found through the SNMP protocol, and xscan is used to scan the cat for vulnerabilities, there is a default password, which is logged on to the management interface of the cat but cannot be found to close the SNMP service. It seems that it is a backdoor, and it can be concluded that it is the number of hosts found through the SNMP protocol. In order to further confirm that an SNMP management software, ActiveSNMP, is used to view the connection status of the ADSL cat, 2 shows that the SNMP protocol can clearly identify the number of hosts accessing the Internet at the same time.

Solution:

1. if the cat can disable the SNMP protocol, disable port 161 for SNMP. if you use a vro or enable the ADSL Cat's route mode to share the Internet, you can go to the management interface and turn it off with the SNMP option. If the management interface of the cat has no options to disable SNMP had to buy a router without SNMP service, such as TP-LINK TL-R400, put in the middle of adsl moden and hub, such. create a NAT service in the vro so that an address is entered into the ADSL cat, which solves the problem of shared Internet access. Disable the SNMP protocol in the vro.

2. to modify the configuration file, you can convert the configuration into a file, use the binary editing tool to change the default password, and then load it into the cat. This is just a way of thinking and has not been tried.

3. Monitor the number of concurrent ports. If the number of concurrent ports exceeds the set number, it is determined to be shared.

This is an unpleasant setting. "Network Vanguard" constantly scans the number of ports opened by users. If it is more than the set value, it will be shared, sometimes, when you press the F5 key several times, it is considered to be shared, and a single user is also affected to access the Internet. This cannot be cracked (unless you have hacked the network ), the solution here is to pretend to be an innocent user to call the ISP's customer service, and declare that if it is not good, it will change to the ISP. Then the network will be normal.

4. "Network Vanguard" also uses an unknown method to test shared information from the shared computer. The solution is to install a firewall on all shared clients, set the security level to the highest, due to limited conditions, only tried several firewalls, found Kingsoft network router V (http://www.gz-pet.com/Soft_Show.asp? SoftID = 10) useful: do not allow all rules in the IP configuration rule to allow others to access the local machine, allow PING to the local machine, and prevent ICMP attacks. also select this option. If it is WINXP, open the network firewall of the NIC.

After the above method is used, the local machine cannot be seen in the local area network, and after WINXP opens the network firewall of the NIC, files cannot be transmitted on QQ, and the network speed slows down, but we can finally share it again. If you have a good solution, please let us know.

In general, "Network Vanguard" is still an immature product, mainly because it also has an impact on individual users accessing the internet. Browsing webpages often needs to be refreshed several times, and some webpages are complicated, when you want to call several server files, it is also shared, so that the webpage part cannot be displayed. Moreover, the "Network Vanguard" constantly scans user ports for bandwidth usage, resulting in slow network speeds.