Network Access Attack and Defense

In many large enterprises and some countries, access restrictions are usually imposed to restrict employees or people from accessing certain websites or using certain network applications. There are usually several ways to limit the IP address of a router, such as filtering the IP address of the router and forcibly using the proxy server.
Vroip IP filtering refers to limiting access by adding an Internet or a foreign IP address blacklist to the vro so that the Intranet or domestic IP addresses cannot access the Internet or foreign IP addresses. The forced use of proxy servers is usually used only in large enterprises. It means that the Intranet must access the Internet through the proxy server, so more complex filtering mechanisms can be implemented on the proxy server. This article focuses on the attack and defense of IP address filtering and the next discussion on the attack and defense of proxy servers. The following describes the continuous upgrade process of network access Attack and Defense:
First, if you want to prohibit people from accessing certain websites, the router administrator can set IP filtering rules in the router to add the IP addresses of these websites to the blacklist. Naturally, people cannot access these websites.
Then, in order to continue accessing these websites, people will use proxy servers to bypass the restrictions. Tens of thousands of Proxy Server IP addresses are constantly changing, making network access restriction passive.
However, because the proxy server protocol is in plain text, by listening to network data packets and creating programs that automatically collect and organize data, you can know which proxy servers are accessed and automatically add the IP addresses of proxy servers to the IP blacklist, in this way, the access restriction bypass method with the common Proxy Server becomes invalid, and the network access restriction bypass is quite passive.
Therefore, in order to avoid being detected on the proxy server address, the encryption proxy software came into being. The communication protocol between the user and the proxy server is encrypted, so that the IP address of the proxy server cannot be analyzed simply by listening on network packets. Once again, the network access restriction is passive.
However, the encryption proxy software also needs to communicate with the proxy server, and also needs to know the IP address of the encryption proxy server. Therefore, the encryption proxy software usually obtains the IP address of the encryption proxy server from some places where the encryption Proxy Server IP address is published at startup. Then, you only need to take out a computer and start the encryption proxy software to monitor the network communication of the computer. Then you can know where the encrypted proxy IP address is published, in this way, the IP address of the publishing point is filtered. In addition, it can be used as a program to automatically start the encryption proxy software, automatically monitor data packets, and automatically add the IP address of the publishing location of the encryption proxy IP address to the blacklist. In this way, the encryption proxy software cannot obtain the IP address of the encryption proxy, the encryption proxy software is invalid, and the network restriction bypass is once again at a very bad position.
In order to deal with this situation, the encryption proxy software needs to mix the traffic to the proxy IP address publishing point with the traffic to access the non-proxy IP address publishing point. For example, when the encryption proxy software is started, it first accesses a large number of other websites and one of the other websites accesses the proxy IP address publishing point, thus mixing the traffic, the IP address of the proxy IP publishing point cannot be obtained through simple network packet listening. If you add all the listening addresses to the blacklist, many websites will be blocked by mistake. Network access restriction is at a disadvantage.
Then, in order to continue to restrict network access, the network administrator filters out the IP address of the encrypted proxy instead of the IP address of the published site. After the encryption proxy software is started, download a large file through the encryption proxy. The IP address with a large traffic volume is the IP address of the encryption proxy. In this way, the network administrator can still automatically block the encryption proxy software program, bypassing network restrictions and failure.
Then, the encryption proxy software can adopt the same idea to mix the traffic of the access proxy IP address with other traffic, and evenly distribute the scattered traffic and constantly change the proxy IP address, the IP address of the encrypted proxy cannot be obtained through network packet traffic statistics. People can bypass network access restrictions again. However, because traffic is evenly divided, the network speed is usually only a fraction. Most of the traffic is consumed in programs that confuse network administrators.
At this point, the network access attack and defense seems to be at the beginning, but the SMART network administrator is not helpless. By performing reverse engineering on the encryption proxy software, you can find the publishing point of the proxy IP address to filter the publishing point. However, it is no longer possible to automatically identify IP addresses by analyzing network traffic.
Finally, in order to prevent reverse engineering, the encryption proxy software performs Software Encryption, making reverse engineering very difficult. The next step is the intelligence contest between Software Encryption and cracking.
Conclusion: If network traffic is not obfuscated, the program can automatically find useful IP addresses for filtering. If you do not encrypt the encryption software, it is easy to reverse engineer and find useful IP addresses for filtering. The author of the encryption proxy software should always guard against software cracking. Once the software is cracked, it is necessary to upgrade the encryption proxy software so that the work of limiting network access can continue to be implemented only after the software is cracked again.

Html ">