Home | hacker invade | crack analyzes | hacker course | Exploit | encryption decipher | network management | System crack | the virus to be related | invades the examination | firewall
You are here: hacking technology > invades the examination > Content
Hot Articles
Based on CallStack count
Security precious book m
Bypasses the web key wor
How to use double WAN ro
Only opens 80 port's saf
pcshare official net exa
Uses IDS/IPS effectively
The invasion examination
pcshare official net exa
Making network security
The invasion examination
Serv-U bounce attack and
IDS invasion examination
php.ini explains in deta
Invasion examination + f
Recommend Articles
Only opens 80 port's saf
Bypasses the web key wor
Bypasses the CallStack f
Security precious book m
Based on CallStack count
pcshare official net exa
SQL Server SA idle talk
Honey jar and honey net
The invasion examines th
Four next generation inv
An accidental invasion e
The invasion examines (I
How to use IDS to invade
The invasion examination
A winding safe examinati
New Articles
To a Jinshan poisonous t
I to a some hacker techn
Carries on the safe exam
To some senior Technical
To a some agricultural s
health.china.com's frien
To a Jiangxi some teleco
To Tsinghua University's
To Tsinghua University's
To a some software compa
Uses Snort1.7
After the system suffers
The distributional invas
Surveys the LKM back doo
After one time by DNS at
Ten big invasion examination system and handling countermeasure
  Add date: 10/07/2008   Publishing date: 10/07/2008   Hits: 1
Total 3 pages, Current page:1, Jump to page:
 
The intranet invasion examination system (hereafter refers to as “the IDS system”) to be able to discover in some intranets the network virus, the system crack, exceptionally to attack and so on promptly the high risk event and carries on effective handling, thus strengthened the intranet security, has safeguarded each important operational channel's normal operation powerfully. To strengthen the intranet management, the full display earnestly “the IDS system” the function, below author acts according to monitors the high risk event to analyze the question, to propose the countermeasure safely, by for everybody reference.

  Event 1 Windows 2000/XP RPC serves long-distance refuses to serve the attack

  The crack exists in Windows system's DCE-RPC storehouse realizes, the long-distance aggressor may connect the TCP 135 ports, the transmission abnormal data, may cause to close the RPC service, closes the RPC service to be possible to cause the system halt to carry on the response to the new RPC request, produces refuses to serve.

  [countermeasure]

  1st, temporary processing method: Uses the firewall or Windows the system bringing TCP/IP filtration mechanism carries on the limit for the TCP 135 ports, exterior the limit cannot trust main engine's connection.

  2nd, thorough settlement means: Has the security patch.

  Under event 2 Windows systems MSBLAST (shock-wave) worm dissemination

  The infection worm's computer attempts to scan in the infection network other main engines, consumes main engine's resources and the massive network band width, causes the network visit ability to drop suddenly.

  [countermeasure]

  1st, after downloading the patch, separates the network connections to install the patch again.

  2nd, elimination worm virus.

  Under event 3 Windows systems Sasser (shake wave) worm dissemination

  The worm attack will leave behind the back door on the system and possibly causes Win the 2000/XP operating system to restart, when worm dissemination possibly will cause to infect the main engine system performance serious drop as well as is infected the network band width to take massively.

  [countermeasure]

  1st, first separates the computer network.

  2nd, then with kills tool Zha Shadu specially.

  3rd, finally has the system patch.

  Event 4 TELNET service violence guess user password

  The TELNET service is the common remote login simulation service, the user may use the TELNET remote login system, the execution orders willfully. This event is the gain jurisdiction class attack. The aggressor is possibly attempting the guess effective TELNET service user name and the password, if succeeds, the aggressor may register the system to carry out each kind of order even completely control system.

  [countermeasure]

  Pays attention the further activity which closely the attack originates, if thought that has the necessity to block it visit to server's connection.

  Event 5 TELNET service user authentication defeat

 
Other pages: : 1 * 2 * 3 * Next>>
Prev:Five big most famous invasion examination system overall analysis (chart) Next:Ten big invasion examination system high risk event and handling countermeasure

Comment:

Category: Home > invades the examination
Home