The method and corresponding treatment of searching the computer on the Internet

Recent hacker attacks frequently occur, our friends around us may have QQ, e-mail and game account stolen events occurred. Hacker technology now has a trend toward the popular direction, can master attack others system technology more and more people, as long as your computer a little bit of system bugs or installed the problem of the application, it is possible to become someone else's broiler. How to find a network of machines to check holes and make the appropriate treatment?

One, deadly port.

To communicate with the outside world, a computer must pass through some ports. Other people want to invade and control our computer, but also from certain ports to join in. If you open an important port such as 139, 445, 3389, 4899, you should know that these ports can facilitate hacking. In particular, 4899 may be an intruder-mounted backdoor tool Radmin opened, and he can obtain full control of the system through this port.

Under Windows, select Run from Start, and then enter command (enter "cmd" in "Run" under Windows 2000/xp/2003), enter the commands prompt window, and enter Netstat/an, You can see the native port open and network connectivity.

So how do you close these ports? Because each port of the computer corresponds to a service or application, the ports are automatically shut down as long as we stop the service or uninstall the program. For example, in the "My Computer → control Panel → Computer Management → service" to stop the Radmin service, you can close the 4899 port.

If you do not find a service to open a port for the time being or stop the service may affect the normal use of the computer, we can also use the firewall to screen the port.

Second, the enemy's "process"

Under Windows, you can view and close the process by pressing the "Ctrl+alt+del" key at the same time, and you can see it by using the system's own tools Msinfo32 to enter Msinfo32 in "Start → run" and open "Microsoft System Information" interface, you can see the native process under "Running Tasks" in the software environment.

But at present many Trojan process will camouflage system process, novice friend difficult to distinguish its authenticity,

Third, careful, remote management software is a big trouble

Now many people like to install remote management software on their own machines, such as pcanywhere, Radmin, VNC or Remote Desktop with Windows, which is really convenient for remote management maintenance and office, but at the same time remote management software also brings us a lot of security risks. For example pcanywhere version 10.0 and earlier versions have password files *. It is easy to decrypt (decode rather than explode) the problem of CIF, once the intruder has obtained the * by some means. CIF file, he can use the tool to crack the administrator account and password.

The radmin is mainly a null password problem, because the radmin default is a null password, so most people installed Radmin, all ignored password security settings, therefore, any attacker can use the Radmin Client connection installed Radmin machine, and do everything he wants to do.

The remote Desktop with the Windows system will also provide a convenient gateway to hackers, certainly after he has obtained an accessible account by a certain means.

It can be said that almost every kind of remote management software has its problems, such as powerful remote management software Dameware NT Utilitie. Some versions of the Dameware Mini Remote control in the toolkit also have buffer overflow vulnerabilities that hackers can use to execute arbitrary instructions on the system. Therefore, to use it securely remotely requires IP restrictions.

Installing the latest version of the remote control software also helps improve security, such as the latest version of the pcanywhere password file with a strong encryption scheme.