How to solve the problem of CEN blockout routing and number of Internet servers

Source: Internet
Author: User

 

The latest method to solve China Telecom Netcom's blocked routes and the number of connected machines
Recently, China Netcom and China Telecom have all added restrictions on the number of machines on the Internet, and many people have seen a lot of ways! Not ideal !!
Let me teach you a simple method! You don't need to use hardware to implement two steps!
Step 1! Still the original method! Routing networking!
External line ---- No. 1 vro ---- 1 Computer

Outer line = LAN port ADSL, man line
Vro1 1 = 1. Use pppoe for dialing
2. Use DNS settings
3. Disable Dynamic IP
1 Pc = set the IP address to the specified IP address of vro1 1
Test to see if you can access the Internet!
The most important step in step 2 is to add a vro2 2
External line ---- No. 1 vro ---- No. 2 vro ---- 1 Computer
Outer line = LAN port ADSL, man line
Vro1 1 = 1. Use pppoe for dialing
2. Use DNS to set
3. Disable Dynamic IP
Vro 2 = 1. Use static IP dialing
2. Use 10.10.10.1 as the router address
3. Use 255.255.255.0 as the subnet mask.
4. Use vro1 1 as the DNS address
1 Pc = set the IP address to the specified IP address of vro2 2
Test to see if you can access the Internet!
The basic principle is that the secondary route will not be detected by China Netcom!
Note that route 1 is inserted with only two incoming lines and Route 2.
Route 2 can be inserted into N or even connected to vswitches !!!!

 

 

The best method to crack China Telecom's route-prohibited Internet access

There are two ways for ADSL to share the Internet. One is proxy and the other is address translation (NAT). Generally, the routing method is actually Nat, in fact, the principle of routing and Nat is still different. We will not discuss it here. Currently, ADSL cats generally have Nat functions. It is more economical and convenient to use its own functions to achieve Internet sharing, this article mainly discusses this method.


Figure 1
If you want to block more than one computer from accessing the internet, you must find that there are more than one machine behind the sharing, as shown in Nat working principle 1, after Nat translation, the addresses of computers accessing the Internet over the Intranet are changed to 192.16 8.0.1, And the MAC address is also converted to the MAC address of ADSL. That is to say, in principle, you cannot find several machines accessing the internet by directly capturing nat-converted packets at the ADSL egress. How did we find it? After research, it is found that it uses a variety of methods to detect whether users use the Internet sharing mode, thus limiting, the following are cracked:
1. check whether there are different MAC addresses in the packets with the same IP address. If so, determine that the user shares the internet. The solution is to change the MAC address of each server to the same one. The modification method is as follows:
First, obtain the MAC address of the Local Machine: the MAC address is the physical address that is fixed in the serial EEPROM on the NIC, usually with 48-bit length. The ethernet switch implements packet switching and Transmission Based on the Mac source address and Mac destination address in a packet header.
(1) In Windows 98/Me, choose Start> RUN> enter winipcfg> enter.
(2) in Windows 2000/XP, click Start → run → Enter cmd → press ENTER → enter ipconfig/All → press Enter.
Alternatively, right-click the local connection icon, select the status, and click the support tab. "details" contains Mac and other important network parameters.
1. If your NIC Driver directly provides the clone MAC address function, such as the rtl8139 chip from RealTek, congratulations. Click Start → set → control panel ", double-click "network and dial-up connections", right-click the NIC icon to modify the MAC address, and select "properties ". On the "General" tab, click the "configuration" button and click the "advanced" tab. In the "attribute" area, you should see a project called "network address" or "locally administered address", click it, and under the "value" on the right, enter the MAC address value you want to specify. You must enter 12 numbers or letters consecutively. Do not enter "-". After the system is restarted, the setting will take effect (Windows 98 and Windows 2000/XP user operations are slightly different, please refer to the System Instructions)
2. If your NIC driver does not provide the clone MAC address function, here are some methods to find a suitable one for you.
  Win98:
A. right-click the "Network Neighbor" icon and select "properties". A "network" dialog box is displayed. In the "configuration" box, double-click the NIC you want to modify and a NIC attribute dialog box is displayed. In the "advanced" option, click "network address" under the "attribute" identifier, and select the preceding one from the two single options on the right, enter the MAC address of the network adapter you want to modify in the box, and click "OK", the system will prompt you to restart. After restarting, your NIC address will be modified !!
B. Click "Start> Run", type "winipcfg", select the NIC you want to modify, and record the MAC address value. Click "Start> Run", enter "Regedit" to run the Registry Editor (you must back up the registry before modifying the Registry), and locate "hkey_local_machinesystemcurrentcontrolsetservicesclassnet" in sequence based on the registry tree structure ", you will see subkeys like "0000", "0001", and "0002. Click the "0000" sub-key and search for the content of the "driverdesc" key under the sub-key until you find the NIC registry information that is exactly the same as the target.
After finding the correct Nic, click "Edit> New> string" in the drop-down menu, and the name of the string is "networkaddress". Double-click the name of the newly created "networkaddress" string, you can enter a value. Enter the new MAC address value you specified. The new MAC address should be a 12-digit number or letter with no "-", similar to "00c095ecb761.
There are two ways to activate a new MAC address:
If you are using a common built-in Nic, you must restart the computer to make the change take effect.
If you are using a PCMCIA card, follow these steps without restarting the operating system: Run winipcfg, select and release DHCP settings, and disable winipcfg. Open the control panel or System Tray "PC Card (PCMCIA)", stop and bring up the pcmcia Nic. Re-insert the pcmcia Nic, open winipcfg, select and refresh DHCP settings, run winipcfg, and confirm that the modified MAC address has taken effect.
  In Win2000:
A. right-click the "Network neighbors" icon on the desktop and select "properties". In the "Network and dial-up connections" window, there are usually two icons. One is the "New Connection" icon, one is the "my connections" icon. If your machine has two NICs, there will be three icons.
If you only have one Nic, right-click the "my connections" icon and select "properties". A "My Connection Properties" window is displayed. In the upper part of the graph port, there is a "Connect with:" icon. The following figure shows the NIC model on your machine. There is a "configuration" button below. Click this button to enter the NIC Properties dialog box. This dialog box contains five properties pages. Click the second "advanced" page, there are two items under the "attribute" identifier: one is "link speed/duplex mode", which is used to set the NIC working rate. We need to change the following "network address ", click this item. There are two single options under the "value" icon on the right of the dialog box. The default value is "no". We only need to select the single option above, enter the MAC address of the network card you want to change in the box on the right, and click "OK". Wait a moment, the network card address will be changed. You don't even need to disable the network card!
You can also open the NIC properties page in "Settings manager" to modify the settings.

How does the ISP detect and control multi-host shared ADSL connections?
ADSL brings great convenience to Internet access. Many families have several computers. Through ADSL Internet sharing, they can access the Internet without interfering with each other. However, many friends recently told me that, if only one machine is connected to the Internet, everything is normal. If both machines are connected to the Internet, they cannot open the web page. According to a message, China Telecom has a new network hardware: Network Vanguard.
I checked the information about the network Vanguard online. I only talked about the implementation function, but not about the implementation principle. To solve this problem, we must find out how it works if we cannot share the internet, there are two ways for ADSL to share the Internet. One is proxy and the other is address translation (NAT). Generally, the routing method is actually Nat, in fact, the principle of routing and Nat is still different. We will not discuss it here. Currently, ADSL cats generally have Nat functions. It is more economical and convenient to use its own functions to achieve Internet sharing, this article mainly discusses this method.
If you want to block more than one computer from accessing the internet, you must find that there are more than one machine behind the sharing, as shown in Nat working principle 1, after Nat translation, the addresses of computers accessing the Internet over the Intranet are all changed to 192.168.0.1, And the MAC address is also converted to the MAC address of ADSL. That is to say, in principle, you cannot find several machines accessing the internet by directly capturing nat-converted packets at the ADSL egress. How did we find it?


Figure 1. How Nat works
I. analyze the cause
First, use superscan to scan ADSL cats and find that port 161 is open, and port 161 is the SNMP (Simple Network Management Protocol) Service port. Is it the number of hosts discovered through the SNMP protocol, xscan is used to scan the cat's vulnerabilities. The default password is displayed. you can log on to the management interface of the cat but cannot find the place to close the SNMP service. It seems to be a backdoor left, from this, we can basically determine the number of hosts found through the SNMP protocol. In order to further confirm that an SNMP management software, activesnmp, is used to view the connection status of the ADSL cat, 2 shows that the SNMP protocol can clearly identify the number of hosts accessing the Internet at the same time.


Figure 2. Connections in ADSL displayed by activesnmp
Ii. Solution
The solution is to block the SNMP protocol. There are several ideas as follows.
1. There is no place in the cat to disable the SNMP protocol. You can switch between a cat and a cat that can disable the protocol.
2. You can change the configuration file to a file, use the binary editing tool to change the default password, and then load it into the cat. This is just a way of thinking and has not been tried.
3, buy an ADSL Router, such as TP-LINK TL-R400, put in three shown in the place, In the router and then do a NAT service, so into the ADSL cat is an address, in this way, shared Internet access is solved. Disable the SNMP protocol in the vro.





There are also 2nd Methods !!!!!!!!!!!!!
Computers, but recently China Telecom has used "Network Vanguard" to detect multi-host internet sharing. The detected accounts may be disabled, to deal with this brutal behavior (using full traffic is our right !), Through the test, several methods are obtained, which are publicly available here for you to try.
"Network Vanguard" checks the service port of SNMP (Simple Network Management Protocol) to determine whether there are several computers accessing the internet. Therefore, even using IP routers is useless. However, there are also ways to deal with network leaders:
1. Use a secondary proxy to connect two proxy servers.
2. Disable the SNMP protocol in ADSL moden, but the management interface of the ADSL moden provided by China Telecom cannot find the place where the SNMP service is disabled;
3, add an ADSL Router, such as TP-LINK TL-R400, put in the middle of ADSL Moden and hub, in the router and then do a NAT service, so into the ADSL cat is an address, in this way, shared Internet access is solved. Disable the SNMP protocol in the vro.
4. Install the Win2000 Server version on the win shared host, and disable port 161 or port 161 on the firewall.
Recently, users who use routes to access the Internet will see telecommunications announcements. Internet Explorer restricts the page and cannot browse the website normally, but can open QQ. Why? The notice has already stated that the user is connected to multiple computers in a single ADSL line. this is the network Vanguard software used by China Telecom to monitor user ports and restrict sharing. next we will talk about how to crack the network vanguard and let the network share continue.
Analysis of Network Vanguard principles:
1. By scanning the adsl161 port and checking the data packets, we can find that there are several different IP packets, which are considered to be shared.
2. Some unknown technologies are used to check the number of concurrent ports on the WAN port. Excessive ports are considered to be shared. Of course, this will also affect single-host users. Therefore, this detection method is also being improved, it doesn't seem like this anymore. For example, I pressed dozens of F5 keys without being blocked by IE (I used to be locked by a single machine ). So I don't want to comment on the method of changing the MAC of all hosts to the same method of dealing with network leaders. I'll just try it on my own.
Port 161 Uses SNMP (Network Management Protocol), so we can disable the SNMP protocol to display port 161. China Telecom uses LAN data analysis to determine the number of machines, therefore, we can encrypt the intranet data and increase the security level of the local machine, so that the network Vanguard can obtain information that only one computer accesses the Internet (one IP address.
Therefore, there are three methods to crack Telecom encryption:
1. Hardware dual-route: one for dialing and one for Dynamic IP. Because the network Vanguard can analyze the data from one route, get the number of machines, add one route for data packaging, and encrypt the two paths, the software can only detect data of one IP address. This method is simple and easy to implement. It can be implemented by computer personnel.
2. Software single route, disable the SNMP protocol of ADSL (port 161 is displayed), enable the built-in route, and set the MAC of ADSL
3. One or two methods of integration: adding a route to the 2 route as a dynamic IP address to further package data is too bad, but we do not need to do this here, if you have an idle route, you can try it in this way or in a bad place on the Network.
Now, let's talk about how to do it.
I use the commonly used tp8800 and TP 402 vrouters to describe how to set them:
1. Dual Routing: Pay attention to the IP settings. Generally, you know the single route settings, and pay attention to the MAC of the X-Dragon host. Because China Telecom is generally bound to a Mac, you can use the default IP address and enable DHCP. The second route IP cannot be in the same CIDR block as the first route, for example, 10. 10. 0. 1 series, use dynamic IP, all open the firewall, do not enable DHCP, (note that when setting the second route, set the computer ip to 10. 10. 0. 3. Otherwise, you will not be able to enter the route. You should know that) set the master computer to 10. 10. 0. 3. You can directly access the Internet, or open two routes (no need to change the Host IP address). One route is 192. 168. 1. 1 is 10. 10. 0. 1. It is better if two or more of the two routes do not have the SNMP protocol. For example, TP 400.
2. How can I disable the SNMP protocol of ADSL? The different ADSL methods are a bit different, but they are generally not found on the webpage setting interface. For example, the Huawei mt800 ADSL shutdown method is as follows (the computer only connects to ADSL)
Start running
CMD
Telnet
Open 192.168.1.1
Admin (annotation account)
Admin (password)
$ Modify SNMP Trap disable (disable the SNMP Protocol)
$ Delete SNMP comm Community private
$ Delete SNMP comm community public
$ Commit (save and quit)
Quit
An additional article is required to set the ADSL built-in route.
Note: VPI and VCI are different from each other in China Telecom. For example, there are seven interfaces in the 881 of Yueyang, Hunan Province. You can try them one by one, determine which VPI and VCI you can know if the network is disabled. If you find other options, the connection will be disabled. Otherwise, the connection will fail. Set it to pppoe, and write the correct account and password (sent to you by China Telecom)
If this is the case, the system still cannot access the Internet. Why? Because most telecom enterprises are bound to the MAC of the NIC, that is, only your computer can access the Internet through dialing. Therefore, we must rewrite the MAC of ADSL and make the network card of the computer with the same name, the method is as follows: (for example, modify the MAC address of tp8800)
Start running
Telenet 192.168.1.1
Output account password
Enter $ prompt
$ Do serialize (MAC of your computer Nic)
In this way, the "valid" Mac is written to ADSL. The nic mac of your computer can be locally connected ~ Supported ~ The first line in the details is displayed.
Because your NIC address conflicts with the ADSL address, you must temporarily change the MAC address of your Nic
The method is as follows: (8139)
Right-click the local connection and right-click the attribute configuration advanced network address. You can ping ADSL by modifying your network card.
OK
For the third method, add a hard route after the second method. For the setting method, see 1.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.