Windows system >> Windows XP System Tutorial >> About XP system tutorial

The hacker explains the four popular backdoor technologies (2)

  

First, the tunnel sends the intruder a confirmation data to report the existence of the tunnel; then the tunnel immediately sends a new connection to request the intruder's attack data and process it. The data sent by the intruder from the HTTP port; finally, the tunnel performs the operations that the intruder wants. Since this is a "normal" data transfer, the firewall does not see it. But what if the target does not open port 80? Unauthorized opening of a port is tantamount to suicide. But the intruder won't forget the cute NetBIOS port - the 139 port that has been open for years, sharing data with it, why not? Tunnel technology makes the back door concealed to another level, but this does not mean that it is impeccable, because an experienced administrator will see the abnormal scene through Sniffer... The tunnel attack is defeated by the administrator, but a kind of More terrible intrusions are being carried out secretly...

3. Useless data transmission?

The thief under the eyelids - ICMP

ICMP, Internet Control Message Protocol, the most common network messages, have been used extensively in flood blocking attacks in recent years. But few people have noticed that ICMP is also secretly involved in this Trojan war... The most common ICMP message is used as a pathfinder - PING, which is actually a Type 8 ICMP data, the protocol specifies the remote machine After receiving this data, it returns a response of type 0, reporting "I am online". However, since the ICMP message itself can carry data, it is destined to become an effective assistant for the intruder. Since ICMP messages are handled by the system kernel and it does not occupy ports, it has a high priority. ICMP is like a relative of the system kernel, and can be blocked by any guard. So, the old man in the basket with weapons is ringing the president's door...

The back door using special ICMP data is quietly Popular, this seemingly normal data under the supervision of the firewall is the master of the victim, even if the administrator is an experienced master, will not think that these "normal" ICMP messages are swallowing his machine. Some people may say that catching the bag to see it. However, in practical applications, most of the ICMP messages that pass data are definitely encrypted. How do you check them?

However, ICMP is not invincible. Administrators with more experience simply ban all ICMP message transmissions, so that the relatives are no longer close to the system, although doing so will affect some of the normal functions of the system. However, in order to avoid being murdered by relatives, I can only endure it. The most intimate and least suspected person is often the one who is the easiest to kill you.

Unusual postman - IP header strategy

We all know that the network is based on IP datagrams, everything must deal with IP, but even IP This basic postman was also bought by the intruder, and the war never stops... Why? Let's take a brief look at the structure of an IP datagram. It is divided into two parts, the first part and the body. The first part is filled with address information and identification data, just like an envelope; the body is the data we are familiar with, just like letterhead. Any message is wrapped in an IP message. Usually we only pay attention to what is written on the letter, but we ignore the application of potassium cyanate on the envelope. As a result, many administrators die from undetectable suspects...

This is caused by a defect in the protocol specification. This error is not unique, just as the SYN attack is also caused by a protocol specification error. Similarly, both use the IP header. SYN uses a fake envelope, while the "socket" Trojan smears the extra white space on the envelope - the IP protocol specifies that the IP header has a certain length to place the flag (Express? Flat?), Additional data (remarks on the letter), resulting in a few bytes of blank in the IP header, do not underestimate these blanks, it can carry highly toxic substances. These seemingly harmless letters will not be intercepted by the guards, but the president is unknowingly dead in the office...

The intruder fills the gaps in the IP header with short attack data, if the data is too More, just send a few letters. The postman who mixed into the victim's machine records the "extra" content of the envelope. When the content can be put together into an attack command, the attack begins...

Conclusion

Backdoor technology has developed to this day, It is no longer a rigid machine-to-machine war. They have learned to test humans. If the current defense technology is still stuck in simple data judgment processing, it will be defeated by countless new backdoors. The real defense must be based on human management operations, rather than relying solely on machine code, otherwise your machine will be corrupted beyond recognition...

About XP system tutorial
Windows system
How to shut down the XP system debugger?

Under normal circumstances, the debugger is turned off, but some users report that when using some s
How does the Win7 system delete the linked files in the favorites?

How does the Win7 system delete the link files in the favorites? In the process of using the compute
Let invalid programs be re-usable in Win7 to play batch uninstall [group map]

In general, Windows system auxiliary software supports cleaning system garbage and uninstalling soft
XP system network neighbor can not open how to solve?

I believe that everyone is not unfamiliar with online neighbors. Under normal circumstances, we may

XP Explorer tool does not have "folder options" how to fix it?

I believe everyone knows that the resource manager is a service project of the Windows system. Users
WinXP SP1 increases the virtual memory of the two options

Nowadays computers have entered the era of large memory, think about the computer that can install W
  • XP system application skills
  • XP system basics
  • Xp FAQ
  • About XP system tutorial

    • How to solve the new system Win8.1 browser can not be on the network?

    Word link removed separately treated

    XP users upgrade Win10 is free? XP wants to upgrade Win10 need to take money

    Windows7 Ultimate Activation Key Permanent Edition

    Add Backup Startup Protection Startup Failure for Windows7 (2)

    Win8 file history backup settings

    Win10 closes usc to solve the two methods of realtek hd audio update failure

    Ubuntu - grubrescue master boot fix

    Win7 system skips the boot login interface to enter the system directly

    How to use the table for range screening

  • Windows XP System Tutorial
  • Windows 7 System Tutorial
  • Windows 8 System Tutorial
  • Windows 10 System Tutorial
  • Windows 2003 System Tutorial
  • Windows 2008 System Tutorial
  • Windows Vista System Tutorial
  • Windows tutorial synthesis
  • Windows Server System Tutorial
  • Linux system Tutorial
  • Computer software Tutorial
  • Windows NT Tutorial
    • Copyright © Windows knowledge All Rights Reserved