The cyber law enforcement officer has come to the rescue team.

To improve the management and maintenance efficiency of LAN networks, I believe many network administrators will choose professional tools like network law enforcement to manage networks, by using this tool, the network administrator can automatically detect unregistered workstations connected to the network and generate alarms, record online users in real time, and archive for future reference, and limit the connection time periods for each workstation to access the network, in addition, the IP addresses of workstations can be limited to prevent IP address theft in LAN networks. However, cyber law enforcement officers are sometimes a double-edged sword. They are often maliciously used by others, resulting in many artificial network faults in LAN networks. In order to guard against the damage caused by cyber law enforcement officers, this article specifically offers the following tips to effectively respond to these attacks, so that the network administrator can quickly resolve the problem when the LAN encounters malicious "bad" attacks from cyber law enforcement officers!

　Damage from cyber law enforcement officers

In the LAN work environment, malicious attackers often use tools such as cyber law enforcement to create artificial network faults, so how did they use the cyber law enforcement tool to make trouble for LAN Operations? After a user installs the cyber law enforcement program on any workstation in the LAN, the user only needs to run the cyber law enforcement program, open the user list, and select a workstation as the target of the attack, right-click the corresponding workstation icon and execute the "properties" command from the shortcut menu. Then, the user can clearly view some basic information about the target workstation, click the "Set permissions" button. In the Setting dialog box that appears later (as shown in Figure 1), an illegal attacker only needs to execute the "Restricted User" command and set a restricted access rule, at the same time, add appropriate management methods below, such as "IP conflict", and finally save the setting parameters. As a result, the target workstation will continuously prompt for IP address conflicts, this will cause a lot of trouble for efficient LAN access.

Figure 1

　Damage to cyber law enforcement officers

After understanding the Damage Principle of the cyber law enforcement officer, the network administrator can take targeted measures. Obviously, the cyber law enforcement program works according to the binding relationship between the IP address and the MAC address of the NIC device. To this end, the network administrator can modify the physical address of the network card for the workstation in which an IP address conflict occurs, so as to easily remove illegal restrictions on the network Law Enforcement Program. The following are the specific restrictions:

First, click Start, set, and network connection commands in the workstation system in which an IP address conflict occurs. In the displayed network connection List window, right-click the "local connection" icon, and then right-click the "properties" command in the menu to open the local connection Property setting window;

Click the "General" tab in the local connection property settings window, and click the "configuration" button on the corresponding tab page To Go To The NIC property settings page of the target workstation;

Click the "advanced" tab on the settings page To Go To The tag settings page shown in 2. In the "properties" list box on the settings page, select the "Network Address" or "Locally Administered Address" project, specify a new physical Address value for the NIC in the text box on the right of the project, and click "OK, and restart the target workstation system, so that the target workstation can get rid of the illegal restrictions of the cyber law enforcement program.

Figure 2Query the damage caused by cyber law enforcement officers

Most of the time, when a LAN workstation encounters a network fault, the user does not know that the fault is related to the cyber law enforcement program. Therefore, they are often prone to detours when troubleshooting network faults, eventually, network fault resolution efficiency is not high. So how can we determine that the failure of the LAN workstation is related to the cyber law enforcement program? In fact, it is very simple. We only need to install a network Law Enforcement Program in the LAN workstation, and then use the System Log Viewing function of the tool to clearly identify whether the current network fault is damaged by the Network law enforcement officer.

For example, to check whether the IP address conflict of the faulty workstation is caused by an illegal user by using the cyber law enforcement program, we can first install the cyber law enforcement program in the system of the faulty workstation, once illegal users use the same program for malicious destruction, we only need to open the cyber law enforcement program and click the "System" menu item in the menu bar on the program interface, execute the "view system logs" command from the drop-down menu. In the subsequent interface, we can easily find out which IP address is launching an attack to the faulty workstation, based on this IP address, we can quickly find the specific location of an illegal attacker.

　　Tips

For a long time, managing and maintaining a LAN has been a headache. For example, some LAN users may set up and install proxy servers on their networks at will, you can also use vswitches and hubs to connect to the network without authorization. Some LAN users may secretly use P2P or other tools to download various multimedia resources, occupying a large amount of valuable network bandwidth resources, these actions have a serious impact on the normal operation of the LAN. So how can we effectively control some illegal behaviors in the LAN to ensure stable network operation performance? With the tool of cyber law enforcement, we can easily manage the above work!

First, download the compressed package of the LAN management tool "cyber law enforcement officer" from the Internet, decompress it into a temporary directory, and double-click the executable program, install it according to the default settings. After the installation is complete, select the target Nic device that is directly connected to the LAN, in the "scan range" text box, enter the start IP address and end IP address of the LAN, and then click "Add/modify, you can add the work subnet specified by the network administrator to the monitoring CIDR block list, and then click "OK" in the dialog box, the main program interface of "cyber law enforcement officer" appeared in front of everyone, all the IP addresses, physical addresses, and host names of the network adapters connected to the LAN are automatically displayed on the program interface.

Now you can use this tool to manage and maintain network operation performance. To prevent workstations in the LAN from connecting to the Internet at will within the specified time, you must first set the router device in the LAN as a key host, you can click the "Settings" menu item on the main program interface of "Network law enforcement officer" and execute the "key host group" command from the drop-down menu, in the Setting dialog box that appears, enter the IP address of the router device in the LAN, and click "add" to set the LAN gateway device as a key host.

Then return to the main program interface of "Network law enforcement officer", find a workstation to be managed, right-click the workstation, and execute the "permission settings" command in the right-click menu, select the "Restricted Users" option on the page and select the "enable time limit" option and "enable time limit" option if the following permissions are violated, then, based on the actual situation, set the time at which the network can be accessed and the time at which the network cannot be accessed, so that the access time of the target workstation can be effectively managed, instead of accessing the Internet as before.

When all workstations are connected to the LAN, the "Network law enforcement officer" program will automatically save the information of all workstations, in this case, you will be able to reject illegal workstation connections that ignore network usage rules. First, click the "Settings" menu item on the main program interface of "Network law enforcement officer", and click the "default permission" option from the drop-down menu that appears, in the subsequent interface, select the "disconnect from all hosts TCP/IP (except the local host and sensitive hosts)" item, and then click the "save" button, in this way, when a new workstation is connected to the LAN network, the newly connected workstation cannot communicate with other workstations, so as to prohibit unauthorized workstation from connecting to the network at will. If you also select the "IP conflict" option in the corresponding Settings dialog box, no matter what IP address is set for this workstation, there will be frequent IP address conflict failures.

If you want to connect valid workstations to a LAN, you can click the "user"/"Add User" command in the toolbar on the "Network Administrator" main program interface, in the settings window that appears, enter the physical address of the new valid workstation Nic In the "NIC address" text box, and adjust the access permissions of the new workstation according to the actual situation. Once you find that the unregistered workstation accesses the lan network, you can set up a program to enable the "Network judge" program to automatically send an alarm to the network administrator; when setting alarm information, you only need to click "set"/"alarm settings" menu options in the main program interface of "Network law enforcement officer, in the settings window that appears, select the enable sound alarm option when an illegal user is found.

To prevent LAN users from installing and configuring proxy servers at will, you can right-click any workstation icon in the user list on the main program interface of "Network law enforcement officer, right-click the "Scan proxy service" command in the menu, enter the common proxy service port number in the "Scan port" text box, and click "OK, the "cyber law enforcement officer" program can automatically scan all workstations in the LAN. Once a workstation with an illegal installation or proxy server is found, it will automatically force it to be disconnected from the lan network.