My bandwidth is shared! Break through layer-by-layer ADSL shared block

Xiao Tao just installed ADSL Broadband at home and connected the adsl modem and two computers in the home with a router. He planned to use one computer to play online games, and the other computer to show his parents online movies and stocks. However, he found that only one computer can access the Internet at a time, but the other computer cannot access the Internet. After inquiry, I learned that the local ADSL was not allowed to share the internet, and the telecom operators used technical means to block it. So how can we lift the sharing restrictions?

To break through the sharing restrictions, you must first understand how the other party blocks the sharing, so that you can be targeted.

I. Check the MAC address

Generally, we use a vroadsl to share the Internet access through ADSL through NAT (address translation). Through the adsl modem or the NAT Function of the vro, a valid public IP address is encapsulated in the data sent by the original Intranet computer, this IP address is used to access the Internet, while the original MAC address (MAC address is the physical address solidified in the EEPROM on the network chip, usually 48 bits) and IP address are used as the source address, NAT forwards data to a specified Intranet computer through it, which also makes the Internet unable to know the Intranet situation. In principle, it is impossible to find several computers accessing the internet by directly capturing NAT-converted data packets at the ADSL egress. How does a telecom operator block this sharing method? It turns out that the other party will check whether the data packet of the same IP address contains multiple MAC addresses. If so, it will determine that the user shares the internet.

Solution: Modify the MAC address

The solution is to change the MAC address of each machine to the same one. First, obtain the MAC address of the local machine. Right-click "Network neighbors" and choose "properties", right-click "Local Connection", select "status", and click the "support" tab, the "actual address" shown in the "details" tab is the MAC address of the local network chip (figure 1 ). Next, modify the MAC address.

 

1. Clone the MAC address directly.

Telecom Operators usually use technical means to bind the ADSL line with the MAC address of the user's network card, resulting in a computer or router failure to access the Internet. However, most vrouters on the market now provide the MAC address cloning function (earlier vrouters without this function can also be obtained by upgrading the firmware), so that sharing restrictions can be easily broken.

 

 

Open the Web management interface of the router in the browser, find the "clone MAC address" option, and click "enable ", click "Get MAC address of the current PC" to get the bound MAC address (Figure 2) and save the settings.

2. manually set the MAC address of the NIC

 

If there is no router, you can only change the network chip to the same MAC address one by one. Right-click "Local Connection" and choose "properties". On the "General" Page, select the "configuration" and "Advanced" tabs, find the "Locally managed project" ("Network Address" or "Locally Administered Address") project (figure 3 ), enter the bound MAC address on the right (12 digits or letters in a row, do not enter "-" in it). After the system is restarted, the setting takes effect.

Ii. SNMP detection and sharing

Binding ADSL and MAC addresses is simple and easy to crack. Therefore, some telecom operators use more advanced detection methods. Some routers and adsl modem have built-in SNMP (Simple Network Management Protocol) services. port 161 is used as the service port. The other party can use SNMP management software, such as ActiveSNMP, to view the connection information, this determines the number of computers that share Internet access through the ADSL line.

Solution: Disable SNMP.

If the Web management interface of the adsl modem contains the SNMP option, disable it. If you cannot disable SNMP on the adsl modem, disabling the SNMP service on the vro also has the same effect, generally, you can disable SNMP options on the "management" and "service" interfaces (figure 4) (the options vary with the products of different manufacturers.

3. Use "star speed" as the dialing software

Considering that ADSL users may work on the adsl modem and router, telecom operators in some regions have launched a dedicated dial-up Internet Access software "star speed ". At first glance, it is no different from other dial-up software based on PPPoE protocol, but after you install this software, you will find that you can no longer use the vro to share the internet. What's wrong with "star speed? Originally, it had a built-in password protocol converter, which first encrypted the user's password and then connected to the local device of China Telecom, which caused the failure of the common dial-up program built in the router.

The "star speed" password Converter uses the MD5 code for conversion, that is, to calculate a string of MD5 code for the user name, add it to the end of the user's original password, to form a real dial-up password. For example, if the ADSL user name is "adsl334455667" and the password is "WXD123", after dialing "star speed", your actual password has changed to "WXD123a83f01dcfcb804b ", here, "a83f01dcfcb804b" is converted from the user name. Because of this, the user enters the original password in the router to dial, of course, it cannot pass the ADSL user name/password verification.

Solution: Use the converted password for dialing

Since "star speed" is the MD5 code used, we will use the MD5 code calculator first (which can be found on the Internet) to "treat people with their own path ). Run the calculator, enter the user name, and click Generate. the MD5 code is calculated immediately and added to the end of the original password to form a new password, enter the password in the vro. Now, it is okay to use the vro for dialing.

4. Use "Network Vanguard" to identify and share

After being criticized by users, telecom operators in some regions have used a software called "Network Vanguard", which keeps scanning the number of ports opened by ADSL users, if the value is greater than the set value, it is determined to be shared. Sometimes, even if you press the F5 key a few times, it will be mistaken for sharing. It also uses an unknown method to detect shared information. In general, "Network Vanguard" is still an immature software, because it keeps scanning user ports, occupying network bandwidth, affecting the access of a single user, resulting in poor web browsing.

Solution: Block "Network Vanguard"

1. Increase the security level of the firewall

This is a simple method. If you install firewall software on all computers that share Internet access and set the security level to the highest, it is possible to prevent "Network Vanguard" from scanning ports. However, after this method is adopted, even though the other party cannot find the sharing, it will also affect its normal internet access.

2. Use "shared Alibaba Cloud security"

"Shared shield" is a cracking software for bandwidth sharing restrictions. It is based on the underlying network drive of Windows and packet camouflage technologies, and can break through the blocking very well. It is easy to use and can be easily used by users who are not familiar with computers.

After "shared security" is installed, the system must be restarted and configured again. On the left side of the software interface is the function menu, and on the right side is the network bandwidth status, which records the overall upstream and downstream traffic, upstream and downstream speed, and other statuses (figure 5 ).

 

First, click the "break sharing limit" option, select the network interface to connect to the Internet from the "select Network Interface for Internet access" on the right, and then select "start automatically, save the configuration (figure 6 ).

In particular, the installation methods of "shared shield" vary depending on the way users share the internet. When the SNMP protocol is disabled for shared bandwidth routers, each computer on the Intranet must be installed and run "shared shield" at the same time ". If you share a host as a proxy server, you only need to install "shared shield" on a computer other than the host. If there is no proxy for a fixed host, each computer must run the "shared shield" command ".

 

 

 

Conclusion

Since the launch of the broadband network, the battle between the network sharing technology and the sharing restriction technology has never been stopped. With the rapid development of network technology, these two technologies are like spear and shield. Both sides cannot completely overwhelm each other. However, through this confrontation relationship, the continuous development of network technology and culture has been promoted.

The above solution requires users to choose to use it based on the local network environment and their own situation. In addition, telecom operators in a few regions use hardware-level equipment for blocking, so far there is no good solution, the Comparison Between spear and shield continues ......