Internet cafe anti-hacker policy promotion

Q: I don't know why there is always a problem with my Internet cafe host around 01:40 every night. The first is the disconnection of ADSL. And then disconnected. It is useless to restart. After restarting last night, dial up and open the web page and return the blue screen. I thought it was a telecom business, but I called the network manager and they didn't maintain the equipment. It is also impossible to work overtime every day. There are no sources of interference nearby. I think someone may be at some point and want to attack us. But I don't know how to verify it? My host is Windows 98 + with ICS. Install Kingsoft drug overlord and fail to run Kingsoft Network website.

A: According to the symptoms, ISP (Telecom) is the most likely to have problems. But since this friend has determined it is not an ISP problem, he can only find the cause and solve it himself.

Due to the special characteristics of the symptoms, we will introduce them in sequence by: determining the problem → solving the problem → preventing the problem.

1. Determine whether the website is under attack

Upgrade the system to Windows 2000 and use the network monitor to determine whether the attack is a hacker attack. Network Monitor can be used in Windows 98, but the effect is not as good as Windows 2000. As a server for Internet cafes, the Windows 2000 system can be used for stability, and functions are more appropriate. However, Microsoft has many vulnerabilities. After installing Windows 2000, install patches. Now, we have launched Service Pack3 (recommended ). Another better way is to use the Linux system, which can effectively prevent other people from messing around the host (because few people will use it, haha ......).

In Windows 2000 (Server version is recommended), the built-in Network Monitor is in [Program] → [Administrative Tools]. If it is not installed, you can choose [Control Panel] → [add or delete programs] → [add or delete Windows Components] to select and install Windows Components.

Network Monitor is used to determine the attack: When ADSL is about to cut off every day, close all Internet connections on the host, including QQ and web pages, but do not disconnect the network. Start the network monitor and observe the monitoring's analysis of network data packets. If a network request has been sent to a certain IP address and 192.168.0.1 (the Intranet IP address of the host), it seems hard to understand, as long as you observe whether there is another unchanged IP address in each packet containing IP address 192.168.0.1 at the same time ). Then we can conclude that you are being attacked by hackers. Because many local telecom companies allocate a fixed IP address to Internet cafes, this hacker can continue to attack this IP address, resulting in ADSL interruption. If you have some knowledge of hackers, you can also follow the captured IP address as long as the other party is not using a proxy server.

Tip: As mentioned above, the form of network transmission is a connectionless form, while the transmitted data is in the form of data packets, and the network data packet contains the IP address of the sender, the IP address of the receiver. The network monitor intercepts these data packets, translates them, and reads them. You can observe that the original files intercepted are in hexadecimal format.
2. Use network firewall to intercept attacks

You can defend against this attack by knowing your source IP address. At this time, it is best to start Kingsoft network firewall or install a network firewall. In fact, Kingsoft Network Firewall is a network firewall. You can specify the intercepted IP address in it, and then input the IP address traced above into it. The firewall automatically blocks any network requests sent from this IP address to effectively prevent attacks.

3. Replace the host with an ADSL Router

ADSL routers generally have built-in systems that provide the same functions as servers and can implement proxies. Today, many hackers attack through Microsoft System Vulnerabilities (Windows 2000, Windows XP, and Windows 98, now, the Updata function will open a door for hackers. Now, we use the ADSL Router to replace the server role, which naturally avoids some hacker attacks, and it will not be infected.

Tip: ADSL Router is different from Cisco's regular router, Which is priced at around 4000 yuan (Cisco's router price can be several times the price). Of course, the function is far from Cisco's, however, it is very suitable for Internet cafes. You do not need to configure the route table when using it. Just like setting a server, you can specify the IP address, DNS, and subnet mask, the instructions are described in detail.

Well, I will introduce this to you. You have to try it on your own!