📄 close.html
字号:
dangerous one: The back door provides future remote access, while the sniffer
may reveal important information about you like your other Passwords, Bank Details,
Credit Card Numbers, Social Security Number etc If your home system is connected
to a local LAN and the attacker manages to install a backdoor on it, then you
probably have given the attacker the same access level to your internal network,
as you have. This wouls also mean that you will have created a back door into
your network that bypasses any firewall that may be guarding the front door.<br>
<br>
You may argue with me that as you are using a dial up link to your ISP via PPP,
the attacker would be able to access your machine only when you are online.
Well, yes that is true, however, not completely true. Yes, it does make access
to your system when you reconnect, difficult, as you have a dynamic Internet
Protocol Address. But, although this provides a faint hope of protection, routine
scanning of the range of IP's in which your IP lies, will more often than not
reveal your current Dynamic IP and the back door will provide access to your
system. <br>
<br>
<font face="Verdana, Arial, Helvetica, sans-serif">*******************<br>
</font> <font color="#FFFFFF"><b>HACKING TRUTH:</b></font> Microsoft Says: War
Dialer programs automatically scan for modems by trying every phone number within
an exchange. If the modem can only be used for dial-out connections, a War Dialer
won't discover it. However, PPP changes the equation, as it provides bidirectional
transportmaking any connected system visible to scanners—and attackers.
<br>
<font face="Verdana, Arial, Helvetica, sans-serif">*******************<br>
</font> <br>
So how do I protect myself from such Scans and unsolicitated attacks? Well,
this is where Personal Firewalls come in. They just like their name suggests,
protect you from unsolicitated connection probes, scans, attacks.<br>
<br>
They listen to all ports for any connection requests received (from both legitimate
and fake hosts) and sent (by applications like Browser, Email Client etc.) As
soon as such an instance is recorded, it pops up a warning asking you what to
do or whether to allow the connection to initiate or not. This warning message
also contains the IP which is trying to initiate the connection and also the
Port Number to which it is trying to connect i.e. the Port to which the packet
was sent. It also protects your system from Port Scans, DOS Attacks, Vulnerability
attacks etc. So basically it acts as a shield or a buffer which does not allow
your system to communicate with the untrusted systems directly.<br>
<br>
Most Personal Firewalls have extensive logging facilities which allows you to
track down the attackers. Some popular firewalls are: <br>
<br>
1.BlackICE Defender : An IDS for PC's. It's available at http://www.networkice.com.
<br>
<br>
2. ZoneAlarm: The easiest to setup and manage firewall. Get it for free at:
www.zonelabs.com<br>
<br>
Once you have installed a firewall on your system, you will often get a number
of Warnings which might seem to be as if someone is trying to break into your
system, however, they are actually bogus messages, which are caused by either
your OS itself or due to the process called Allocation of Dynamic IP's. For
a details description of these two, read on.<br>
<br>
Many people complain that as soon as they dial into their ISP, their firewall
says that such and such IP is probing Port X. What causes them? <br>
Well, this is quite common. The cause is that somebody hung up just before you
dialed in and your ISP assigned you the same IP address. You are now seeing
the remains of communication with the previous person. This is most common when
the person to which the IP was assigned earlier was using ICQ or chat programs,
was connected to a Game Server or simply turned off his modem before his communication
with remote servers was complete. <br>
<br>
You might even get a message like: Such and Such IP is trying to initaite a
Netbios Session on Port X. This again is extrememly common. The following is
an explanation as to why it happens, which I picked up a couple of days ago:
NetBIOS requests to UDP port 137 are the most common item you will see in your
firewall reject logs. This comes about from a feature in Microsoft's Windows:
when a program resolves an IP address into a name, it may send a NetBIOS query
to IP address. This is part of the background radiation of the Internet, and
is nothing to be concerned about. <br>
<br>
What Causes them? On virtually all systems (UNIX, Macintosh, Windows), programs
call the function 'gethostbyaddr()' with the desired address. This function
will then do the appropriate lookup, and return the name. This function is part
of the sockets API. The key thing to remember about gethostbyaddr() is that
it is virtual. It doesn't specify how it resolves an address into a name. In
practice, it will use all available mechanisms. If we look at UNIX, Windows,
and Macintosh systems, we see the following techniques: <br>
<br>
DNS in-addr.arpa PTR queries sent to the DNS server <br>
NetBIOS NodeStatus queries sent to the IP address <br>
lookups in the /etc/hosts file <br>
AppleTalk over IP name query sent to the IP address <br>
RPC query sent to the UNIX NIS server <br>
NetBIOS lookup sent to the WINS server <br>
<br>
Windows systems do the /etc/hosts, DNS, WINS, and NodeStatus techniques. In
more excruciating detail, Microsoft has a generic system component called a
naming service. All the protocol stacks in the system (NetBIOS, TCP/IP, Novel
IPX, AppleTalk, Banyan, etc.) register the kinds of name resolutions they can
perform. Some RPC products will likewise register an NIS naming service. When
a program requests to resolve an address, this address gets passed onto the
generic naming service. Windows will try each registered name resolution subsystem
sequentially until it gets an answer. <br>
<br>
(Side note: User's sometimes complained that accessing Windows servers is slow.
This is caused by installing unneeded protocol stacks that must timeout first
before the real protocol stack is queried for the server name.). <br>
<br>
The order in which it performs these resolution steps for IP addresses can be
configured under the Windows registry key<br>
<br>
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\ServiceProvider.
<br>
<br>
<b><font color="#FFFFFF">Breaking Through Firewalls</font></b><font color="#FFFFFF"><br>
</font> <br>
Although Firewalls are meant to provide your complete protection from Port Scan
probes etc there are several holes existing in popular firewalls, waiting to
be exploited. In this issue, I will discuss a hole in ZoneAlarm Version 2.1.10
to 2.0.26, which allows the attacker to port scan the target system (Although
normally it should stop such scans.)<br>
<br>
If one uses port 67 as the source port of a TCP or UDP scan, ZoneAlarm will
let the packet through and will not notify the user. This means, that one can
TCP or UDP port scan a ZoneAlarm protected computer as if there were no firewall
there IF one uses port 67 as the source port on the packets.<br>
<br>
Exploit:<br>
UDP Scan:<br>
You can use NMap to port scan the host with the following command line:<br>
<br>
nmap -g67 -P0 -p130-140 -sU 192.168.128.88 <br>
<br>
(Notice the -g67 which specifies source port).<br>
<br>
TCP Scan:<br>
You can use NMap to port scan the host with the following command line:<br>
<br>
nmap -g67 -P0 -p130-140 -sS 192.168.128.88 <br>
<br>
(Notice the -g67 which specifies source port).<br>
<br>
Well, that is all for this manual, which is by no means finished. I would be
updating it at regular intervals, so kindly hang on. Bye...<br>
<br>
Ankit Fadia<br>
<br>
</span></font></p>
</body>
</html>
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -