readx;

Li Yushan checked the status of the server at the moment, and finally had to admit that the server had crashed and completely lost its response. Pen @ fun @ pavilion wWw. ｂｉｑUｇE。 ｉｎｆｏ

In desperation, he pressed the restart button, and the picture in the monitor suddenly went black and entered the restart process.

"Who was operating this machine before?" Li Yushan turned his head and asked.

Everyone, you look at me, I look at you, and finally they all shook their heads.

Seeing this, Li Yushan's brows couldn't help frowning.

"So...... It is likely that the attack was caused by the other party. ”

The other party has not made any breakthroughs before, and suddenly let their servers restart? Could this be a sign that the other side is starting to attack?

With such questions and worries, Li Yushan waited a little anxiously for the system to restart.

In the display, the results of the system self-test are constantly swiped upwards.

After a while, the system reboots.

Li Yushan skillfully entered the username and password, and quickly logged in to the system.

Then, he immediately began to look at the processes and services in the system that were now in the system.

A quick glance at it didn't reveal any suspicious processes, which reassured him a lot.

"Huahui, check it, why did the system crash just now." Li Yushan did not continue to investigate, but handed over this task to Ding Huahui, doing this kind of thing, this student is more skilled than him.

Li Yushan continued: "This system is newly installed, and if it is running normally, this situation will definitely not occur, and I estimate that the other party must have mastered one of the vulnerabilities to cause the crash." ”

Ding Huahui nodded in agreement with him: "Okay, I'll take a look at what the loophole is." ”

Ding Huahui was about to sit down, but found that the picture in the monitor had stopped changing again.

"Dead again?" Ding Huahui was stunned for a moment, and hurriedly tapped the keyboard a few times.

As it was, the system was once again in a state of death.

Li Yushan was also stunned: "I didn't find any suspicious processes just now. ”

His implication is obvious, that is, after the system restarts, the other party attacks the server again.

In this way, the other party must have mastered an important vulnerability in this system, and it is very effective, and it can directly restart the system in a short time.

If they continue like this, they will definitely lose too many points to restart the server, which is much more than the weight of causing problems on ordinary computers.

Ding Huahui hurriedly restricted the network connection of this machine.

Then reboot again, log in quickly, and find out the reason for the system reboot as quickly as possible.

According to the rules, the server cannot be disconnected from the network for too long, otherwise, points will be deducted, and if you disconnect from the network for a long time, you may be directly won by the other party.

Fortunately, when the system crashes, the data of the previous moment will be recorded, and Ding Huahui will directly look for abnormal situations according to the system logs.

Analyzing system logs is a meticulous task, because there are usually a lot of logs, and it is not easy to find abnormal data in these dense records. The research can be found huā, and it may only be part of the analysis.

Of course, this is only for novice rookies.

For a master like Ding Huahui, because he often deals with this kind of thing, he has long been handy.

He looked at the log for a while, and then directly wrote a script code to filter all the normal connection records that contained specific keywords, and save the records that might be abnormal directly into another new file.

That's where the command line tools of Unix-like systems come in. What system administrators or technicians want to achieve can be done directly through specific commands, or even write code directly in the terminal and execute it directly.

In Windows, to achieve such a function, it is usually operated by software, and if there is no software that completes such a function, it may have to be written separately.

Of course, there are dos commands under windows, but the dos command is not powerful, it is equivalent to the emasculated unix command, and many useful functions are not available.

After filtering the normal connection records, there are relatively few records left.

Ding Huahui once again filtered all the records from ten minutes ago, leaving only those within ten minutes.

After filtering through this three times and twice, he got a final record of the results.

He first examines the intrusion records to see if the other party has broken through their defenses through some loopholes and entered the middle of the system to wreak havoc.

The final inspection result was negative, and there was no trace of the other party's invasion at all.

He was surprised to find that the records inside seemed to be normal, with no abnormal records at all and no abnormal IPs

"No way, there must be something I haven't seen clearly."

Ding Huahui had to re-check it from the beginning.

I have to say that Ding Huahui's patience is very good, it may be that he knows that if he wants to find useful information from it, he has to be patient and not let go of any clues.

After repeating it several times, he finally found out!

"I'm!" Ding Huahui couldn't help but say, "A data pack? How is this possible? ”

He searched and searched, and finally found something unusual - it was just a syn synchronization packet!

SYN means synchronization, and this packet is the first packet sent by the requesting party to the server when the two parties to be connected are engaged in a three-way handshake.

This is a very small, very small packet, which is the common TCP on the web

The packets used by the IP protocol to transmit are named IP datagrams.

In the head of this packet, there is a fixed length called the "header", which is a total of 20 bytes, which is a common structure that all packets have.

In this structure, it contains a series of information, according to 32 bits, that is, 4 bytes as a paragraph, the first 12 bytes, including information such as version, length, identity, chip offset, etc. In the last eight bytes, the first four bytes are the source address of the packet, that is, the IP address of the sender, and the last four bytes are the destination address, that is, the IP address of the receiver.

This "header" is like the envelope of a letter, on which all the information about the flow of the packet is marked. Every package includes this part, because only then can the data be transferred smoothly.

The data package analyzed by Ding Huahui is such a package. It's very small, almost only the header structure, and the data part at the back turns out to be 0, that is, it's an "empty envelope".

It is precisely because of this that Ding Huahui discovered its abnormality.

Obviously, this is not an ordinary "empty envelope" but a well-designed empty envelope.

Ding Huahui used the editor tool, and after careful analysis, he found that the first 12 bytes of the first part of this IP datagram were normal, and there was nothing suspicious.

It's just the last eight bytes - the source and destination addresses are the same!

"What kind of attack is this?" After Ding Huahui saw this demerit, he couldn't help frowning.

He had never seen an IP datagram of this nature.

If the source and destination addresses are the same, will OpenBSD restart?

Li Yushan has also been watching from the side, and after he took a look at this address, his heart moved, and he said, "This address is the IP address of our server." ”

was reminded by him like this, Ding Huahui also remembered, this address is so familiar, he didn't remember it for a while, isn't it the IP address of the server!?

That is, the other party forged an "empty envelope" that said that the sender was their server and the recipient was also theirs.

According to the protocol design of the network, when such a SYN packet is received, the server will reply to this address with an acknowledgment and synchronization packet, and this packet is its own ......

Red Army combat engine room.

"The other party's server has become unresponsive!" Xiao Jiang excitedly reported the situation he had monitored.

"Good!"

"Great!"

Everyone immediately cheered.

This news, like a booster, brought great encouragement to everyone.

Especially Captain Qian, who was so happy that he took the lead in applauding and said, "Good job! Let them also know that our Red Army is not vegetarian! ”

Being able to make the opponent's server unresponsive is indeed a very big achievement, and it is much more powerful than the opponent's petty fights.

Captain Qian continued to encourage: "I hope everyone will continue to work hard, don't slacken, and continue to closely monitor each other's dynamics!" Now the exercise has entered a critical stage! ”

Everyone looked at Lin Hong with some admiration, it was him just now, he simply sent a carefully prepared data packet to the other party, and then let the other party's server hang up, and it succeeded twice in a row, and finally let the other party's server directly disconnect from the network.

Liu Hui also had to admit that Lin Hong's technical level was indeed much higher than him, and finally convinced him, and cheered for Lin Hong with his fists clenched.

"I didn't expect your IP data report to be so powerful!" Lao Wang also showed a look of admiration on his face.

Just now, Lin Hong said that he was going to restart the other party's server so that they could carry out their next plan, and Lao Wang had some expectations in his heart, guessing what method he would use.

He never imagined that he would use only one data packet to get the server they had been studying and analyzing for so long.

In fact, it is not complicated to design the IP datagram by himself, and the data storm attack software used by Liu Hui before is actually using this principle, by sending a large number of customized IP datagrams, so that the other party can generate an empty connection, so as to achieve the purpose of consuming the other party's resources.

However, they have been tossing for so long, and they have not yet had Lin Hong's guarantee.

The beauty of his packet is that the source address and the destination address are the same, and it is the address of the other server's own, rather than an empty source address or other non-existent IP address like ordinary attacks.

Seeing that everyone was so happy because of such a small achievement, Lao Wang thought to himself with some amusement: This is just an appetizer, and the best is yet to come! (To be continued.)