readx;

After everyone dispersed, Lin Hong continued to configure the router. Pen, fun, and www.biquge.info

Through the terminal interface, he checked the version of this router ios and found that it was the C2500 series, which was already very new, but not the latest.

He thought about it in his mind for a while, and found that there were really a lot of vulnerabilities that could be exploited, of course, not many of them were made public, and they were all vulnerabilities he found when he was researching this system.

Due to Cisco's extensive business around the world, every vulnerability in this company's products will cause extremely serious consequences, not only ordinary users are using their products, but also some telecommunications companies are also using their high-end products.

Therefore, every vulnerability in iOS is very valuable, and either hackers use these vulnerabilities to sell them to Cisco for money, or they keep them and use them secretly until the vulnerability is plugged by Cisco itself.

In order to let the super worm spread smoothly, Lin Hong dug up several heavyweight vulnerabilities and used them secretly, but until now, Cisco has still not filled these loopholes. The system upgrade of this kind of equipment is not as simple and convenient as other operating systems.

The system upgrade of the router, known as the flash system, is an update to the firmware, which has a certain technical content in operation, and if you are not careful, it will be brushed into a brick.

What is a brick called? I can only use it as a brick, and I don't have any other use.

Lin Hong first changed the login password, and used a relatively robust password, including letters, case sensitive, and numbers, and mixed two special characters in it, basically eliminating the possibility of guessing the password and brute-force cracking the password for a period of time.

Lin Hong optimized the configuration file, removed some unnecessary services and processes, and then started the tftp service inside and established a connection with his notebook.

TFTP is a simple text transfer protocol. Cisco's iOS has a built-in service that allows you to transfer files to it through this protocol for tasks such as modifying configuration files, backups, and upgrades.

What Lin Hong has to do now. I want to install a little software inside to monitor all the traffic coming in and out.

Although there is such a function in the Cisco system, the recorded things are too simple, only for general statistics, Lin Hong needs to improve its security, closely monitor all the detailed traffic data in and out of this router, and can also set rules. Once an abnormality is found, it will prompt the alarm information to attract everyone's attention.

Normally, intrusion detection is the second door after the firewall, but Lin Hong didn't want to wait for the other party to break through the firewall and other defense equipment, and finally find the other party's intrusion, and at that time, it seemed a little late. The other party has completely entered it, and it is likely that it has even succeeded.

He wanted to take a more proactive approach, in the event that the other side attempted to start an invasion. It has been screened out, monitored in a focused manner, and then responded to in a targeted manner.

The monitoring program is ready-made, Lin Hong has written it before, and he can use it with a little change, and it can be run directly in Cisco IOS as a resident process.

The router does not have a display device, and must be connected to a computer or terminal device to see the information it gives.

Lin Hong's laptop is naturally not good for this device all the time, and the best device is a server. Install a software directly inside to display the information monitored in the router on the server's display at any time.

At this moment, Lao Wang's system is almost installed, and he is configuring the security policy of FreeBDS, turning off some unnecessary services and ports, leaving no chance for the other party.

Lin Hong walked to his side and looked at it for a while. found that he did things like his character, calm, solid and meticulous, and his skills were also very solid.

He said that he was studying viruses and that he would not be able to do this job without enough patience.

Lin Hong said: "Lao Wang, I want to install an intrusion detection and monitoring software on it, and directly receive the traffic information sent by the router......

Lin Hong told him what he thought, Lao Wang nodded again and again, and immediately asked Lin Hong to share the software directly, and he installed it inside.

Since it was on the same local area network, Lin Hong directly created a new folder in the notebook, shared the software, and then Lao Wang could access it directly in the server.

The software is small, pure green, and does not need to be installed, just run it.

This software is not graphical, only a terminal interface displays information, and after setting a few parameters, it begins to receive the data sent from the router.

"Very nice software!" Lao Wang stared at the terminal for a while and praised, "With this detection, we can know their invasion situation in advance at any time!" ”

Although the data on it is swiped quickly and densely, for technicians like Lin Hong and Lao Wang, it is as if they are playing a video file, telling what is happening in the entire network.

As you can see from the data on the terminal, they have started to probe and scan this side, and several IPs appear on it frequently, constantly sending all kinds of different data, expecting to get a specific response in order to get the information.

This way, in technical terms, is counting and scanning.

The purpose of this step is to determine which computers are alive on the network, what are the IPs of these computers, what ports are opened, and what type of operating system is installed.

This information needs to be sent by itself, and then the computer will give a reply, and the detector can get the information he wants from these answers.

The Internet was actually developed on the basis of radio broadcasting, and many of these design ideas were inherited.

For example, in radio, there is the concept of broadcasting, and there is also it in the Internet. It's just that in the Internet, the broadcast signal is transmitted through a network cable.

In radio, the establishment of communication requires one party to broadcast first, and then the party that needs to communicate receives the broadcast signal of the other party, and then responds to the past according to the information in it, and the two sides can communicate after "discussing" the strategy.

This process of radio is carried out manually, and everyone uses call signs or special terms to "discuss strategy".

For example, Ham A says to Ham B: "CQ, CQ, I'm Little A, I'm calling Little B, and I want to establish a communication with you." My sync frequency is xx......"

Ham B responded: "I'm Xiao B, I'm Xiao B, I'm online, and I agree to communicate." My signal frequency is synchronous yy......"

Ham A confirmed again: "Great, you're here!" Then let's use the frequency zz to communicate! ”

This is how hams need to negotiate countermeasures. In the Internet, this process is completely simplified and completely automated by a well-designed communication protocol.

This negotiation process is vividly referred to as the "three handshakes".

The first handshake means that the client applies for a connection to the server and sends its own synchronization packet by the way. The second handshake means that the server agrees to its link and will also provide its own synchronization package; The third time is that the client really confirms the connection, completes the third handshake, and finally enters the connection state.

The three-way handshake is the most common agreement, but there are others.

Basically, every time a packet is sent to the other party, if the other party is a service provider, it will inevitably reply, and these reply packets will contain some real information about the system.

This is also the principle utilized by scanning and stepping points.

Lin Hong asked, "Lao Wang, what kind of service has been opened?" ”

"In order to confuse the other party, I opened port 21 and port 80, but they were both set to least privilege, basically the same as if they were not opened." A smile appeared on Lao Wang's face.

Lin Hong was also a little happy when he heard it. This old king looks honest, but he didn't expect to be quite cunning.

He sat down in front of the keyboard and quickly configured a security policy for the intrusion detection program, which recorded more than a certain number of IPs in a period of time, and then automatically pulled them into the blacklist, directly not giving the other party the corresponding data, delaying the other party's detection behavior. The reason why the policy is configured is to prevent normal access from being accidentally killed.

Then, Lin Hong reconfigured the router with a policy to restrict ICMP and UDP packets to specific systems to minimize the possibility of exposing information.

Finally, he thought about it for a moment and re-shared a piece of software on his computer.

Then, he went back to the server and smiled, "Give them something fun." ”

Wang saw that he executed a software called "rotorouter", and then quickly set some parameters in it.

"What does this software do?" Lao Wang has never seen this software.

"Hehe, a camouflage gadget." Lin Hong explained while setting it up, "This software can take over some of the system's answering services, and then use the false information set up by my implementation to respond, so that they can make wrong judgments." ”

The IP list recorded by the intrusion detection is used on this gadget, and once it is found that it is the IP on the IP list to ask for it, the software will use a fake answer instead of the real one to confuse them.

"Yes, that's good! You've got a lot of good stuff on your hands! Lao Wang sighed, "Lin Hong, I'm really a little curious about your profession. ”

Lao Wang also has a good understanding of domestic information security, but he has never heard of the existence of such a number one person as Lin Hong, and it can be seen from these details that Lin Hong's level in this regard is definitely a master, several grades higher than him. In front of him, he was like a baby who didn't know anything.

Such a person, like the sun, can shine everywhere, and it is impossible to be unknown and unheard of.