Sniffer attack and defense examples in the broadband Internet environment _ Web surfing

There seems to be a lot of articles about the security of broadband Internet access, but often mentioned is a trojan, ie loopholes such as the problem, but there is a class of more dangerous problems seem to be unnoticed by users, not even for the firewall, but once you are invaded but you can share all of your drives and the files therein, And it's so simple to realize. What is the danger? And listen to me slowly.

Thinking

Recently, I was renovating my new house, these two days, considering the network structure of the local LAN, because I used to use the wire, then definitely move the machine past, so now there are two options I can consider:

1, CABLE modem--hub--each host;
2, CABLE modem--server (soft route)--hub--each host

See here everyone must think that the first scheme is better, it is obvious that the network structure is simple, at least can save a network card, and do not need a server to open all day. This is also recommended in the manual for Wired access. However, I was thinking of the first solution to share between the hosts, and suddenly realized that I have not been seriously concerned about security issues.

As we all know, the so-called community broadband is a LAN + Internet export solution, community users connected to a local area network, and then through an export on the Internet, the security of this scheme is relatively poor, mainly internal security, because it is connected to a local area network, if you do not pay attention to, Others are likely to share your resources. While the problem of wired access is more covert, he is not physically our common star Ethernet + export structure, and the DHCP server is assigned to the user is also the standard Class C address, it seems that we are directly facing the impact of the WAN. As it is, his physical structure of the general line of almost all wired users connected to a local area network, we also face a serious security problem with the local network, and the local network is larger, so it is more likely that it will be invaded (not strictly an intrusion, but shared).

Experiment

To verify my point of view, I have done the following experiments:

My host is now assigned to the IP address is 211.167.123.8, which is a standard C-class address, so the subnet mask is 24 bits, which means that theoretically there are 252 hosts (remove the gateway and myself) and I am in the same network segment, considering the actual usage of the wire, 252 estimates are not, but at the same time dozens of units should There are still some, it should be said that I can access to these hosts.

So I ping, starting from 211.167.123.2, to 211.167.123.15 Ping Pass, indicating this host is linked line, I immediately open IE, in the address bar input \\211.167.123.15, System prompts me to enter user name and password, Username input Administrator, password is empty, hey, HEI, entered the. Don't see any shared resources beyond the printer? It doesn't matter, I am already an administrator, still afraid to find resources? I re-enter the \\211.167.123.15\c$,c disk's root directory does not come out, this is the Windows2000 default sharing, is for the management and set, cannot go away. Next d$, e$, what to find their own input.
In the process of the whole experiment, with the Fluxayiv (streamer), a network segment 3, 5 minutes on the finish, found that there are 3x host line, which actually has 5, 6 host Administrator account password is empty, this is not trampled on? Even those who set the password, generally no one in their own computer set too complex, if the resolution, with a dictionary, it is not very difficult. What's more, it may be a host of a company that shares all the resources directly, without any password, and appears to be used by them as a file server.

Conclusion

Now you know what I said above two options which is better?

Because the wired distribution is a standard C-class address, it is not possible to extend the subnet mask to reduce the number of hosts per network segment, so the security of the local network is always our users of the enemy. and the DHCP server assigned IP address is a lifetime, about one weeks, you will be assigned to a new IP address, it means that you have entered a new network segment, and 252 new neighbors waiting for you, terrible? The most frightening is that and you are in the same network segment of the host by your firewall is considered a LAN host, the general firewall of the preset does not have such a host.

Preventive measures

First, and at the very least, set a password for your administrator account (not too simple), because this account is not deleted, you can not even do not let the password empty. In the course of the experiment I found that there are many users may use another account, the password is set, but the password of the administrator is empty, then you are not white busy?

There are also some user Administrator account password set, but also opened a few password blank account, which is also dangerous. Remember, all the available accounts have to set the password, and to regularly manage these accounts, close the long unused account, the Administrator account is best to be able to change the password frequently.

It's a good idea to install one or two firewalls, but keep in mind that you have to set up the firewall, because there is no strict precaution against the LAN host in general presets, and you should know that we need to guard against these "LAN" hosts. At the same time, the firewall itself may be a loophole, so I used the Skynet +norton, so that cross prevention or more reassuring me. As for the specific setting of the firewall, please refer to the relevant article, I will not repeat.

Also remind you that, after this precaution, if your network structure is the first solution, then you can not share between several hosts, because these hosts and the network segment of the other host is in equal status. So if you want to build your own network, consider the security, we recommend that you adopt the second option, if you can use hardware routers instead of soft routing that would be better.

The purpose of this article is to hope to play a role, if you reader think of convenient, safe, efficient means of prevention please be sure to communicate with me.