(1) call requests a password.
Although this method is very common, but often ask for a password to call work. Those in the social engineering hackers posing as legitimate employees lost password, often through such simple methods to obtain the password.
(2) forged e-mail
The use of remote login, a hacker can be any one of the interception of all e-mail identity information, such as e-mail message is true, because it is from a legitimate user on. Under such circumstances it is the information is absolutely true. These hackers can be forged. Posing as a system administrator or manager of the hackers will be able to more easily access a wealth of information, hackers will be able to implement their malicious conspiracy.
二. Ping of death attack
Ping is dedicated submarine terms of personnel, said in response to the sonar pulse, Zhongping in the network is a very useful TCP / IP tools. Its major function is used to detect network connectivity and network speed analysis. Flat side of the good side of evil also.
The way they attack the way the attack:
(1) on the target horizon to detect the IP in order to keep target host resulted in the TCP / IP stack collapse
(2) network to a standstill.
(3) T or the 65,550-ping
三. Exploits the Unicode
Description 1.Unicode loopholes
Attacker IE browser by browser attacks remote computer running cmd.exe file, so that exposure to the computer files, and are free to implement and change the file.
Many of the Unicode standard has been adopted by software developers, regardless of what platform, program, or the development of language, unity of characters are each unique serial number, such as the server to IIS, including illegal Unicode
UTF - 8 encoding sequence of the URL, an attacker could server verbatim "to enter or withdraw from the" directory and the implementation of any program, the offensive attack that is known as the directory conversion.
Uniform with "% 2" and "% 5C No." on behalf of "/" and "\" characters, but can also be used "very long" to replace the sequence of these characters. "Long" sequence is illegal and that the Unicode characters, such as "% c0% AF" represents "/" character. IIS as a result of the inspection sequence is not long, so long to add on the Web site of the Unicode sequence may bypass Microsoft's security checks, such as marked as executable in a folder issued by the request, an attacker can in running on the server executable file.
2. Unicode use loopholes to carry out attacks
This loophole in IIS4.0 + SP6 from the beginning of the Chinese, but also Chinese WIN2000 + IIS5.0, English WIN2000 + IIS5.0 + SP1, Taiwan Traditional Chinese also there is no such loophole. NT4 is in / encoding to "% C1% 9C of Article" or "% C1% 9C of Article", WIN2000 English is a "% c0% AF."
However, some sites outside the information obtained, as well as the coding can be achieved following the detection of flaws in the code exist in Japanese, Korean and other operating systems.
3. Unicode use loopholes in the system disk directory read
Use of the loopholes in the computer to read the directory list, such as disk read ç directory, as long as the browser, type in
4. Unicode use loopholes to read system files
Use to get their statements to fit a number of computer operating system and the type of operating system, as long as the disk read ç the Boot.ini file under it. The use of the statement is:
5. Copy of the loopholes in the use of Unicode files
In order to be easy to use, the use of paper statements to copy cmd.exe to the script directory, and changed its name to c.exe, the use of the statement is:
Conclusion
This paper describes the various aspects of network security solutions designed to provide users with information security, authentication and integrity protection mechanisms, so that network services, data and systems from intrusion and destruction. Such as firewalls, encryption techniques are commonly used method today, the papers start from the in-depth study of these methods in all aspects of network security solutions, enabling readers to have a network security technology to a more profound understanding.
温馨提示:答案为网友推荐,仅供参考