Professional Documents
Culture Documents
攻击与应急响应
攻击与应急响应
Contents
LOGO
IDS
25
LOGO
10.4
1986
PC-Write
AIDS
1989AIDS
LOGO
10.4
C/S
Passwd Sender()
LOGO
10.4
dllocx
LOGO
10.4
CtrlAltDel
,
LOGO
Glacier()
C:\Windows\System\Kernel32.exe
;C:\Windows
\System\Sysexplr.exe,
,
Kernel32.exeKernel32.exe
, ,
,Sysexplr.exe
Sysexplr.exeKernel32.exe
LOGO
10.4
:
win.inisystem.iniautoexec.bat
config.sys
,
,
notepad.exe
.txt
LOGO
10.4
1
c:\windowsc:\windows\system
windows
2windows
SubSeven 1.7
c:\windows\KERNEL16.DL,windows
c:\windows\KERNEL32.DLL,
KERNEL32.DLL
SubSeven 1.5
c:\windows\window.exe, s
LOGO
10.4
1
2
1
vxd
DLLTCPUDP
DLL
DLL
LOGO
2ICMP
ICMP
ICMP
Ping
ICMP_ECHOREPLYPing
ICMP_ECHOREPLY
LOGO
80
TCP User IP
LOGO
ServerServer
Client
ClientIP
Client
Client
LOGO
10.4
1.
2.,
3.readme.txt
4., ,
LOGO
10.4
1
2netstat a
/
3
4kernel32.exe
sysexplr.exe
5
LOGO
10.5
1Sniffer
1Sniffer
3Sniffer
Sniffer
4Sniffer
promiscuous mode
LOGO
10.5
2
1
4Sniffer""
LOGO
10.5
5
6sniffer
sniffer
LOGO
10.5
3Sniffer
Sniffer
Sniffer
HubHub
LOGO
10.5
4
1
2DNS
DNS
3Ping
ICMP
4arp
arp
LOGO
10.5
IP
ping
LOGO
10.6
1
1
3
CPU
LOGO
10.6
2
1
2
3
4
LOGO
10.6
64KB
ICMP64K
TCP/IP
LOGO
10.6
2SYN Flooding
Windows NT
IP
Windows NT3.54.0
SYNACK53+6+12+24+48+96=189
LOGO
SYN-Flooding
LOGO
10.6
3)Land
SYN
SYNACKACK
UNIXNT
LOGO
10.6
4)Smurf
ICMP
a
ICMP
bIP
LOGO
Smurf
LOGO
10.6
5Fraggle
FraggleSmurf
ICMP UDP Echo
UDP
LOGO
10.6
LOGO
10.6
LOGO
10.6
TCP
LOGO
10.6
2""
TCP
LOGO
10.6
DDOS
DDOSPC
PCDOS
LOGO
10.6
DDos
'--master---
---
DDos
UDP4
0
LOGO
DDOS
1IDSUDP
UDP
10UDP
IPIP
2
ICMP Port Unreachable
3DDOS
LOGO