Protection system security, prevention of network bombs four strokes

        The so-called "web bomb" is a malicious destruction program. As the "web bomb" function becomes more and more powerful, the operation interface becomes more and more simple, and the scope of its influence is gradually expanding, which has spread from email to chat tools. The damage that "cyber bomb" can cause includes: lost QQ number, stolen chat records; mailbox is destroyed, letters are lost; even hard disk data is maliciously deleted. Below we will introduce the four most common "web bombs" and prevention techniques on the Internet to readers.

prevent

IP IP bomb bomb is the most common type, IP is the abbreviation for Internet Protocol, the computer network through which to identify the other server, and then connect to the Internet. The IP bomb attacks a server in a certain IP address segment on the network. The attack process is to continuously send a large number of data packets, consuming 100% of system resources, causing the server to stop or restart.

tool now common attacks IP addresses for Windows 95 /NT, it is the use of routine OOB loopholes handler NetBiOS network of agreements, some of the specific data packets to be placed in a way OOB An open port on an IP address (usually 139, 137, 135), causing your computer to suddenly crash; the attack on Windows 98 system is mainly against the blue screen vulnerability of Windows98 system; and the attack on Windows 2000, There are many vulnerabilities in denial of service through itself. Here are a few common IP bomb tools to deepen your readership.

IPHacker

IPHacker program is under cyber attack with multiple functions. When attacking IPHacker, you must first add an IP address to the TOOLS menu. Because the attack network server is all assigned by IP, it is necessary to convert the obtained domain name into IP before attacking. Add the domain name you want to convert (for example, www.netname.com), press the conversion button to display the IP address of the domain name you filled in after the IP address to be tested at the top left, which is better than converting the domain name with PING www.Netname.com. It is convenient, but it should be noted that the conversion must be implemented online. The function of PING is to test whether the target host is connected to the network, that is, whether the target server is enabled, and the response rate of the target host can be seen from the return duration; the host information function is a simple scan of the target host to obtain basic configuration information of the host. The port scan function can scan out the open port number of the target IP and explain the protocol type and port function description. By adding the target host IP to the IP address to be tested, and then filling in the start port and the terminating port, all the ports in the specified range can be scanned, and then a small operation can be performed without any small damage.



snail snail bomb bomb is a distributed attack tools, even if the end of the attack, the attack on the network effect will continue until the other crashes so far. Snail bombs have two main functions, one is to test the security of a server, and the other is to search for available servers in a specified IP segment. Select the first function, just fill in the test IP, fill in the number of times to test, select the number of servers, you can attack a host in broadcast form. The second function, you need to fill in the start IP and end IP address in the search options, you can scan the server data available in this IP, and then add the IP address to attack (Figure 1). Tools


CGSiOOBMessageGFPGen

CGSiOOBMessageGFPGen is a section devoted to the OOB attack, can attack a single address, you can attack multiple hosts, enter the host as long as the IP /MachineName in IP address or host name, select the port open to the target host, press "Kill" to attack a host; to attack multiple hosts, click "AddtoMulti-Kill" to add the host to be attacked to the "Multi-KillList" list. In the middle, press "Kill All Now" to attack all the hosts in the list once; for the loop attack, you can select "Repeat Kill", and the selection will prompt the selection number. After selecting it, press OK to execute the attack. If CGSiPortSniffer is installed, you can also activate the port sniffer using OpenPortSniffer in the menu File.

UDP Flooder1.02

UDP Flooder is a weapon for UDP attacks. After opening the UDP Flooder, the title bar displays the IP address of the machine. Add the target host IP or domain name to be attacked in the IP/hostname of the destination of the Destination option, add the port of the target host to the Port, fill in the duration in Maxduration (secs), and fill in the packet size in Maxpackets. Speed ​​(pkts/sec) moves the slider to set the attack speed. In Data, you can customize the content of the sent packet. Select the Random option to send a messy packet of the specified size. The Text option is to send the UDP Flooder to the target host. The attack packet, the From file can select the specified file content as the data packet for the attack, fill in the above various items and press the "GO" button to implement the attack.

prevent IP bomb attacks

prevent bomb attacks IP solutions, primarily update the system as soon as possible, to install the appropriate patches, get rid of excess network protocols. If you are a stand-alone user, you can completely ban the NetBiOS service and plug this dangerous "vulnerability".

● Windows 9x users

In Windows 9x, if you access the Internet through dial-up, you do not need to completely log on to NT local area network environment, only in the "Control Panel" "Network", Delete "Microsoft Network User", use "Microsoft Friendly Login", and do not set "File Print Sharing".

● Windows NT users

under Windows NT, you can cancel the NetBIOS bound to TCP /IP protocol, is: "Control Panel" "Network" "NetBiOS Interface" "WINS Client (TCP/IP)", select "Disable", confirm and restart.

● Windows 2000/Windows XP users

Right-click "Network Neighborhood", select "Properties", enter "Network and Dial-up Connection"; then right-click " Local connection", select "Properties", enter "Local Area Connection Properties"; double-click "Internet Protocol (TCP/IP)", click "Advanced", select "TCP/IP Filter" in the "Options" bar, in "Only" Allow to fill in the ports to be used in addition to 139. Note that if you are on a LAN, this will affect the use of the LAN.

● Customize your own firewall rules

This method is suitable for all Windows operating system users. Take Skynet Personal Firewall as an example, select an empty rule, as follows: “Packet Direction” is “Receive”, “Party IP Address” is “any”, “Protocol” is “TCP”, “Local Port” is selected. 139 to 139", "the other port" is "0 to 0", select "SYN flag" in the "flag", "action" select "intercept", save it.

Anti-mail bomb

Mail bomb is a destructive use of sending a large number of documents beyond the space specified by the mailbox, so that the target mailbox can no longer process the letter, resulting in the rejection of the mailbox attack. Here are some email bomb tools.

EmailKiller

EmailKiller is relatively cumbersome in similar mail bombs. It can add the target mailbox address to be attacked in the "Target Mailbox" option, but the length of each sent message is limited (depending on the capacity of the target mailbox), the number of threads depends on the speed of the network. In the "Set Letter Content", you can edit the title and content of the sent letter, and the message will be automatically sent and garbled. In other options, you can select the SMTP sender server address and fill in the email sender's mailbox address. It should be noted that the sender server must be the same address as the sender server used by the sender's mailbox. Fill in, you can also take the default value.

MailBomb

MailBomb is a relatively common mail bomb tool that not only can send anonymous letters, you can also add an attachment to the letter sent in. When using this tool, first fill in the target address, fill in a known sending server, and then fill in your own mailbox address (usually fake). However, the server of the sender's mailbox must be consistent with the added server to send it successfully. The content of the email can be edited freely. The "ADD" option can be added to the attachment to be sent, and the number of times can be customized. There are a number of options in the "more" option, including: the ability to set the address of the auto-reply message, the subject of the auto-reply letter, and the name of the sender. After adding the above options, just change the subject back and forth when sending the relevant email, press "Send" to attack (Figure 2).
Honker Honker messenger messenger

bulk mail can be achieved, is a tool for "trouble" mail bomb. Fill in the address of the target mailbox in the mailbox blacklist, press the "+" sign to add the address to be transferred to the list, press the "-" sign to clear the target mailbox in the list. Send mail with Red Guest Messenger, you can use the default option, Red Mail Messenger will send some letters like greetings to the target mailbox. If the letter sent by Red Guest Messenger is opened, it will occupy the target system source until it crashes. .

prevent mail bomb attack methods

First, do not open their own important mail addresses; secondly, the use of e-mail filtering program to reject some damage over the letter addresses your mailbox. As long as you follow the above two methods, you can prevent mail bomb attacks.

hard to prevent bomb

bombs designed to cripple the hard disk data to other losses, but also to target hard disk can not start.

Jiangmin bomb

This is a very dangerous bomb hard disk, run it will lock the hard drive head in a certain position on the boot sector, resulting in soft and hard fake physical damage, resulting in DOS
The various systems above 3.3 cannot be started normally.

we all know, the computer at boot DOS
system will search all the logical drive order, when the DOS
be directed, first of all to go to the master boot sector Partition table information - at the beginning of the OBEH address of the first sector of the zero-headed cylinder of the hard disk - when the partition information starts 80H, it means the main boot partition, the other is the extended partition, the main boot partition It is defined as the logical disk C disk, the logical disk of the extended partition is defined as the D disk, and so on to find E, F, G... Jiangmin bomb is here to modify the normal master boot partition record, the extended partition The first logical disk points to itself. DOS
After finding the first logical disk at startup, finding the next logical disk always finds itself, thus forming an infinite loop, which is to use The reason why the floppy drive, the optical drive, and the dual hard disk cannot be started normally. In fact, Jiangmin bombs only used a small flaw in the launch of DOS
, which made many people feel helpless. Knowing the "locking" principle of Jiangmin bombs, you have to unlock them.