It's easy to cheat cainiao hackers to cleverly modify the TTL value

TTL is a value in the IP protocol package. It tells the network whether a packet (such as an ICMP packet) is discarded because it takes too long in the network. There are many reasons that the package cannot be delivered to the destination within a certain period of time. For example, an incorrect route table may cause an infinite loop of packets. One solution is to discard the packet after a period of time and then send a message to the sender, which determines whether to resend the packet. The initial value of TTL is usually the default value of the system, which is the 8-bit domain in the header. The original assumption of TTL is to determine a time range and discard the package after this time. Since each vro must at least reduce the TTL domain by one, TTL usually indicates the maximum number of vrouters that can pass the packet before it is discarded. When the Count reaches 0, the router decides to discard the packet and send an ICMP packet to the original sender.

When hackers attack other people's computers, the first thing they usually do is to determine whether the host is online. The method for judging is simple, that is, using the Ping command. The method is to enter "Ping IP Address" at the command prompt. If the returned information is "Reply from 221.231.114.219: bytes = 32 time = 23 ms TTL = 128 ", the host is on, that is, the other computer is in use.

Because the vulnerabilities and intrusion methods of different operating systems are different, hackers will also judge the operating system used by the other Party based on the information returned by the ping command. The result is the TTL value. In general, the TTL value of Windows 2000/XP is 120 and 128, while that of Unix/Linux is 64 or 255. We all know that Unix/Linux vulnerabilities and intrusion methods are much more difficult than Windows, so we can modify the TTL value returned by the system to deceive hackers.

Run "regedit" and open registry editor. Select "HKEY_LOCAL_MACHINESystemCurrentControlSetServicesTcpipParameters" to create a "DefaultTTL" Dword key value, modify the value to "255" in decimal format or "FF" in hexadecimal format, and restart the computer to make the settings take effect.

Now, when the other party ping the computer again, it will return the incorrect TTL value, so that the other party may mistakenly think that the operating system used is Unix/Linux, thus achieving the same effect, let it go farther and farther on the wrong road.