How to configure the hacker strategy in Internet cafes

A friend asked: My Internet café host do not know why every 2:30 P.M. always problems. The first is the disconnection phenomenon of ADSL. Then disconnect, and then dial up also not. It's no use rebooting. Last night after the restart, dial up, open the page also blue screen. Originally thought it was telecommunications, but call to network management there, they do not maintain equipment. And it's impossible to work overtime every day. There is no source of interference nearby, I think someone may be in some purpose, want to hit us. But do not know how to prove it? My host is Windows 98 + self-with ICS. Installed "Jinshan Poison Pa", did not run "Jinshan net Dart".

A: As far as symptoms are concerned, ISP (telecom) is the most likely problem, but since the friend has determined that it is not an ISP issue, it can only find the reason from their own and solve.

Because of the specificity of the symptoms, so we press: Determine the problem → solve the problem → Prevent the problem of the steps described in turn.

A, determine whether or not to be attacked

Upgrade your system to Windows 2000 and use Network Monitor to determine whether it is a hacker attack. Network Monitor can be used in Windows 98, but not as well as Windows 2000, and as a server for an Internet café network, it is more appropriate to use Windows 2000 systems, both in terms of stability and functionality. But Microsoft has a lot of holes, the installation of Windows 2000 to pay attention to patching yo, now has launched a service PACK3 (recommended). There is a better way, is to use the Linux system, which can be more effective to prevent others to interfere with the host (because very few people will use, hehe ...).

The Network Monitor that is included with the Windows 2000 system (recommended for use in the server Edition) is in the Program]→[Administration tool, and if it is not installed, you can select and install it in the Control Panel]→[Add or Remove Programs]→[add remove Windows components.

The way to use Network Monitor to judge an attack is as follows: When the ADSL is about to stop every day, turn off all internet connections on the host, including QQ, Web pages, etc., but do not disconnect the network. Start Network Monitor, pay attention to monitor the network packet analysis, if found that an IP address has been with 192.168.0.1 (host intranet IP address) of the network request (this seems difficult to understand, as long as you observe each containing IP Whether there is another invariant IP address in the 192.168.0.1 packet. Then you can conclude that you are being hacked, because many local telecommunications to the Internet cafes allocated fixed IP, so the hacker can continue to attack this IP, leading to ADSL flow. If you also have a certain knowledge of hackers, you can trace the capture of this IP, as long as the other side is not the use of proxy server.

Tip: As mentioned earlier, the form of transmission on the network is a form of connectionless and transmitted data are used in the form of packets, and the network packet contains the IP address of the sender, the IP address of the receiver, the role of Network Monitor is to intercept these packets, translate and read, You can observe the original files that were intercepted, all of them are 16.

b, using ADSL router to replace the host

ADSL routers are generally built into the system, to achieve the function and the server is quite, you can implement the agent. Many hackers now attack through Microsoft System vulnerabilities (Windows 2000; Windows XP; Windows 98 is also a lot of loopholes, do not think that the use of Updata upgrade patch, you can worry about everything, updata function itself will open a door for hackers, and now use ADSL router to replace the role of the server, nature can avoid some hacker attacks, and it will not be infected.

Tip: ADSL router is different from Cisco's regular router, the price is about 4000 yuan (Cisco's router price can be several times the price), of course, the function and Cisco's far, but very suitable for use in Internet cafes, when used without the need to configure the routing table, like setting up a server, Specify IP, DNS, subnet mask, and so on, specific settings, the use of the manual will be described in detail.

C, use network firewall truncation attack

The

knows that attacking your source IP address will prevent you from doing so. At this time it is best to "Jinshan Net Dart" start, or install network firewall, in fact, "Jinshan Net Dart" is a network firewall. You can specify the IP address in which to intercept, and then enter the IP address you traced to it. The firewall will automatically intercept any network requests sent over by this IP, effectively eliminate the attack.