Scribd Logo
Upload

Welcome to Scribd!

  • 攻击与应急响应

    Uploaded by

    sanns2000
    4 views38 pages

    Copyright

    © © All Rights Reserved

    Available Formats

    PPT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    4 views38 pages

    攻击与应急响应

    Uploaded by

    sanns2000

    Copyright:

    © All Rights Reserved
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 38

    LOGO

    Contents

    LOGO

    IDS


    25

    LOGO

    10.4

    1986
    PC-Write

    AIDS

    1989AIDS

    LOGO

    10.4

    C/S

    Passwd Sender()

    LOGO

    10.4


    dllocx

    LOGO

    10.4

    CtrlAltDel
    ,

    LOGO


    Glacier()

    C:\Windows\System\Kernel32.exe
    ;C:\Windows
    \System\Sysexplr.exe,
    ,
    Kernel32.exeKernel32.exe
    , ,
    ,Sysexplr.exe
    Sysexplr.exeKernel32.exe
    LOGO

    10.4

    :
    win.inisystem.iniautoexec.bat
    config.sys

    ,

    ,
    notepad.exe
    .txt
    LOGO

    10.4

    1
    c:\windowsc:\windows\system
    windows
    2windows

    SubSeven 1.7
    c:\windows\KERNEL16.DL,windows
    c:\windows\KERNEL32.DLL,
    KERNEL32.DLL
    SubSeven 1.5
    c:\windows\window.exe, s
    LOGO

    10.4

    1
    2
    1
    vxd
    DLLTCPUDP

    DLL
    DLL
    LOGO

    2ICMP
    ICMP
    ICMP

    Ping
    ICMP_ECHOREPLYPing

    ICMP_ECHOREPLY

    LOGO

    80
    TCP User IP

    LOGO

    ServerServer

    Client
    ClientIP
    Client
    Client
    LOGO

    10.4

    1.
    2.,

    3.readme.txt
    4., ,

    LOGO

    10.4

    1
    2netstat a
    /
    3
    4kernel32.exe
    sysexplr.exe
    5

    LOGO

    10.5
    1Sniffer
    1Sniffer

    3Sniffer
    Sniffer

    4Sniffer
    promiscuous mode

    LOGO

    10.5
    2
    1

    4Sniffer""
    LOGO

    10.5
    5
    6sniffer

    sniffer

    LOGO

    10.5
    3Sniffer
    Sniffer

    Sniffer

    HubHub

    LOGO

    10.5
    4
    1

    2DNS

    DNS
    3Ping
    ICMP
    4arp
    arp
    LOGO

    10.5

    IP
    ping

    LOGO

    10.6

    1
    1

    3
    CPU

    LOGO

    10.6

    2
    1
    2
    3
    4

    LOGO

    10.6

    1)ping ping of death

    64KB

    ICMP64K
    TCP/IP

    LOGO

    10.6

    2SYN Flooding

    Windows NT

    IP

    Windows NT3.54.0
    SYNACK53+6+12+24+48+96=189

    LOGO

    SYN-Flooding

    LOGO

    10.6

    3)Land
    SYN

    SYNACKACK

    UNIXNT

    LOGO

    10.6

    4)Smurf
    ICMP
    a
    ICMP

    bIP

    LOGO

    Smurf
    LOGO

    10.6

    5Fraggle

    FraggleSmurf
    ICMP UDP Echo
    UDP

    LOGO

    10.6

    LOGO

    10.6

    LOGO

    10.6

    TCP

    LOGO

    10.6

    2""
    TCP

    LOGO

    10.6

    DDOS

    DDOSPC
    PCDOS

    LOGO

    10.6

    DDos
    '--master---
    ---
    DDos
    UDP4

    ICMP Port Unreachable

    0
    LOGO

    DDOS
    1IDSUDP
    UDP
    10UDP
    IPIP

    2
    ICMP Port Unreachable
    3DDOS

    LOGO

    You might also like