Current location - Training Enrollment Network - Education and training - Ddos attack tutorial DDoS attack tutorial rookie
Ddos attack tutorial DDoS attack tutorial rookie
How to prevent hackers from invading through system settings?

1, IPC null connection is prohibited.

Hackers can use the netuse command to establish a null connection and then invade, as well as netview and nbtstat, which are all based on null connections. Just no empty connections. Open the registry, find local _ machinesystemcurrentcontrolsetcontrolsa-restrictive anonymous and change the value to "1".

2, prohibit arbitrary command

Cookies often give you a Trojan horse to run, and then he needs to be in command. Open Administrative Tools-Services and disable the taskscheduler service.

3. Turn off HyperTerminal services

If it is opened, this loophole will be rotten.

4. Close the SSDPDiscoverService service.

This service is mainly used to start UPnP devices on home network devices, and the service will start 5000 ports at the same time. It may cause DDOS attacks, make the CPU utilization rate reach 100%, and then lead to computer crash. It stands to reason that no one will bother to do DDOS on a personal machine, but this application process also takes up a lot of bandwidth, and will continue to send packets to the outside world, which will affect the network transmission rate, so it is better to turn it off.

5. close the RemoteRegistry service.

Just look at it, allowing remote modification of the registry? !

6. Disable NetBIOS over TCP/IP.

My Network Places-Properties-Local Area Connection-Properties -Internet Protocol (TCP/IP) Properties-Advanced -WINS Panel -NetBIOS Configuration-Disable NetBIOS over TCP/IP. So hackers can't use nbtstat command to read your NetBIOS information and MAC address of network card.

7. Close the DCOM service.

This is port 135. In addition to being used as a query service, it may also lead to direct attacks. The key to closing this port is to enter dcomcnfg at runtime, select the default property label in the pop-up component service window, and cancel "Enable Distributed COM on this machine".

8. Change the permission of * * * to enjoy files from the "owner" group to "authorized users"

"Everyone" in win2000 means that anyone who can access your network can get these * * * enjoyment materials. Don't configure * * * users who enjoy files to the "Everyone" group at any time. Including printing * * *, the default attribute is "everyone" group, don't forget to change it.

9. Cancel other unnecessary services.

Please decide for yourself according to your own needs. The following are the minimum services required by the HTTP/FTP server as a reference:

Event log

License recording service

windows ntlmsecuritysupportprovider

Remote procedure call (RPC) service

windows ntserverrwindows ntworkstation

IISAdminService

MSDTC

WorldWideWebPublishingService

Protected warehouse

10, modify TTL value.

Crackers can roughly judge your operating system according to the TTL value of ping back, such as:

TTL = 107(WINNT);

TTL = 108(win 2000);

TTL= 127 or128 (win9x);

TTL=240 or 241(Linux);

TTL = 252(Solaris);

TTL = 240(Irix);

In fact, you can modify it yourself:

HKEY _ Local _ Machine System Current Control Settings Service

Parameter: defaultttlreg _ dword 0-0xff (decimal 0-255, the default value is 128) is changed to an inexplicable number, such as 258. At least those rookies will be stunned for a long time, so you may not give up the invasion.

1 1, account security

First of all, ban all accounts except yourself, hehe. Then rename the administrator. As for me, I set up an administrator account conveniently, but it is the kind without any authority. Then I opened my notebook, knocked it, copied and pasted it into the "password". Hehe, let's crack the password! I didn't know it was a low-level account until I broke it. See you collapse?

12. Suppress the display of the last logged-in user.

HKEY _ Local _ Machine Software Microsoft WindownntCurrentVersionWinlogon: Dontdisplaylastusername Change this value to 1.

13, delete the default * * *

Someone asked me what it was like to enjoy all the disks as soon as I turned them on, but after I changed them back, I enjoyed them again when I restarted. This is the default * * * enjoyment configured by 2K for management, and must be cancelled by modifying the registry:

HKEY _ Local _ Machine System Current Control Settings Service

Parameter: AutoShareServer type is REG_DWORD, just change the value to 0.

14. Disable LanManager authentication.

Windows NT Server Service Pack 4 and subsequent versions support three different authentication methods: LanManager(LM) authentication; WindowsNT (also known as NTLM) authentication; Windows operating system

Related articles
  • 20 19 Nanchang phoenix ditch ginkgo tent festival 165438+ 10/2, with wonderful activities.
  • How about Jiaohui Changzhou Science and Technology Service Co., Ltd.
  • How to choose the training in the middle school attached to Jiangsu Academy of Fine Arts?
  • How do c++ programmers start a business case?
  • How to brush the training course of civil servant network?
  • What are the facilities around Shoujun Community in Luzhou?
  • What are the better art training institutions in Ningbo?
  • Sailor craft skill training
  • Why is the item called item?
  • What about the surrounding facilities of Zhanjiang City Square Community?

    • copyright 2024 Training Enrollment Network All rights reserved