Pages

Sabtu, 12 November 2011

如何追踪黑客 How to track hackers

黑白网络 Black and white network

入侵者的追踪(Intruder Tracing)在区域网路上可能你听过所谓「广播模式」的资料发送方法,此种方法不指定收信站,只要和此网路连结的所有网路设备皆为收信对象。 Intruder tracking (Intruder Tracing) on ​​the local network you may have heard the so-called "broadcast mode" information delivery method, this method does not specify prepared to receive stations, as long as the link of this network and all network devices are all prepared to receive the object. 但是这仅仅在区域网路上能够实行,因为区域网路上的机器不多(和Internet比起来)。 But this is only on the local network can carry, because not many machines on a LAN (and Internet compared). 如果象是Internet上有数千万的主机,本就不可能实施资料广播(至于IP Multicast算是一种限定式广播Restricted Broadcast,唯有被指定的机器会收到, Internet上其他电脑还是不会收到)。 If, as is the tens of millions of hosts on the Internet, this would be impossible to implement the broadcast (as IP Multicast be regarded as a limited-type broadcast Restricted Broadcast, only the designated machine will receive, Internet or other computer will not receive) . 假设Internet上可以实施非限定广播,那随便一个人发出广播讯息,全世界的电脑皆受其影响,岂不世界大乱? Assuming the Internet broadcast can be implemented non-qualified, it just sent a broadcast message, the world's computers are affected, would not world disorder? 因此,任何区域网路内的路由器或是类似网路设备都不会将自己区域网路内的广播讯息转送出去。 Therefore, any local area network within the network router or similar device is not within the local network will broadcast their message transfer out. 万一在WAN Port收到广播讯息,也不会转进自己的LAN Port中。 In case the WAN Port receives the broadcast message, it will not turn into their own in the LAN Port. 而既然网路皆有发信站与收信站,用以标示信息发送者与信息接收者,除非对方使用一些特殊的封包封装方式或是使用防火墙对外连线,那么只要有人和你的主机进行通讯(寄信或是telnet、ftp过来都算) 你就应该会知道对方的位址,如果对方用了防火墙来和你通讯,你最少也能够知道防火墙的位置。 And since the station and prepared to receive network station Jie letter to indicate the sender and recipient information, unless the other party to use some special packages or packets using a firewall's external connections, so as long as people and your host Communication (send a letter or telnet, ftp over all count) you should be aware of each other's address, if the other party to use a firewall to communicate with you, you should at least be able to know the location of the firewall. 也正因为只要有人和你连线,你就能知道对方的位址,那么要不要知道对方位置只是要做不做的问题而已。 It is because as long as someone, and you connect, you will be able to know each other's address, then to the other location but do not know do not do questions. 如果对方是透过一台UNIX主机和你连线,则你更可以透过ident查到是谁和你连线的。 If the other party through a UNIX host, and your connection, then you can also be found through the ident who is your connection. 在实行TCP/IP通讯协定的电脑上,通常可以用netstat指令来看到目前连线的状况。 In the implementation of TCP / IP protocol on the computer, usually you can use the netstat command to see the current connection status. (各位朋友可以在win95、Novell以及UNIX试试看(注一),在下面的连线状况中,netstat指令是在win95上实行的,以看到目前自己机器 (Local Address处)的telnetport有一台主机workstation.variox.int 由远端(Foreign Address处)连线进来并且配到1029号tcp port.而cc unix1主机也以ftpport连到workstation.variox.int去。所有的连线状况看得一清二楚。(如A、B) (Dear friends in win95, Novell and UNIX try (Note 1), connected in the following situations, netstat command is implemented on win95, in order to see their current machine (Local Address Office) has a host of telnetport workstation.variox.int from the remote (Foreign Address Service) connection with the 1029 numbers come in and tcp port. but also to ftpport cc unix1 host to connect to workstation.variox.int all clearly see the connection status . (such as A, B)

A.在UNIX主机(ccunix1.variox.int)看netstat A. On the UNIX host (ccunix1.variox.int) look at netstat
B.另一端在Windows95(workstation.variox.int)看netstat, B. the other end in Windows95 (workstation.variox.int) look at netstat,

当然,如果你想要把网路连线纪录给记录下来,你可以用cron table定时去跑: Of course, if you want to record to record network connection, you can use the timer to run cron table:

netstat>>filename,但是UNIX系统早已考虑到这一个需求,因此在系统中有一个专职记录系统事件的Daemon:syslogd,应该有很多朋友都知道在UNIX系统的 /var/adm下面有两个系统纪录档案:syslog与messages,一个是一般系统的纪录,一个是核心的纪录。 netstat>> filename, but UNIX systems already take into account this demand, so there is a full-time in the system event logging system Daemon: syslogd, there should be a lot of friends all know that in the UNIX system / var / adm record the following two systems file: syslog and messages, a general system of record, a record of the core. 但是这两个档案是从哪边来的,又要如何设定呢? But these two files come from which side, but also how to set it?

系统的纪录基本上都是由syslogd (System Kernel LogDaemon)来产生,而syslogd的控制是由/etc/syslog.conf来做的。 Basically, the system records by syslogd (System Kernel LogDaemon) to produce, but syslogd is controlled by / etc / syslog.conf to do the. syslog.conf以两个栏位来决定要记录哪些东西,以及记录到哪边去。 syslog.conf to two fields to determine what to record something, and the record to which side to go. 一个最标准的syslog.conf,第一栏写「在什么情况下」以及「什么程度」。 One of the most standard syslog.conf, the first column write "under what circumstances" and "to what extent." 然后用TAB键跳下一栏继续写「符合条件以后要做什么」。 And then jumped out of a column with the TAB key to continue to write "what to do after qualifying." 这个syslog.conf档案的作者很诚实,告诉你只能用TAB来作各栏位之间的分隔(虽然看来好像他也不知道为什么)。 The syslog.conf file is the author of a very honest and tell you to only use TAB as a separator between each field (though it seems like he does not know why). 第一栏包含了何种情况与程度,中间小数点分隔。 The first column contains the circumstances and extent of the middle decimal separator. 另外,星号就代表了某一细项中的所有选项。 In addition, an asterisk represents a breakdown of all the options. 详细的设定方式如下: Detailed settings as follows:

1.在什么情况:各种不同的情况以下面的字串来决定。 1 In what circumstances: a variety of different situations in the following string to decide.

auth 关于系统安全与使用者认证方面cron 关于系统自动排程执行(CronTable)方面daemon 关于背景执行程式方面kern 关于系统核心方面lpr 关于印表机方面mail 关于电子邮件方面news 关于新闻讨论区方面syslog 关于系统纪录本身方面user 关于使用者方面uucp 关于UNIX互拷(UUCP)方面 auth on system security and user authentication in cron scheduled to run automatically on system (CronTable) in the background daemon on the system to run the program on the core aspects in kern lpr mail on the printer in terms of e-mail news about news forum in syslog on system on the user record itself in terms uucp user on UNIX each copy (UUCP) in

上面是大部份的UNIX系统都会有的情况,而有些UNIX系统可能会再分出不同的项目出来。 Above is that most UNIX systems will be some situations, and some UNIX systems may then separate out the different projects.

2.什么程度才记录: (2) to what extent was recorded:

下面是各种不同的系统状况程度,依照轻重缓急排列。 Here is the situation of a variety of systems, arranged in accordance with priorities.
none 不要记录这一项debug 程式或系统本身除错讯息info 一般性资讯notice 提醒注意性err 发生错误warning 警告性crit 较严重的警告alert 再严重一点的警告emerg 已经非常严重了 none Do not record this one program or the system itself debug info debug information of a general information notice to draw attention to an error warning warning err crit alert warning of more serious then a serious point has been very serious warning emerg

同样地,各种UNIX系统可能会有不同的程度表示方式。 Similarly, a variety of UNIX systems may have different degree of representation. 有些系统是不另外区分crit与alert的差别,也有的系统会有更多种类的程度变化。 Some systems do not distinguish between crit and alert other differences, and some types of system will be more changes. 在记录时,syslogd 会自动将你所设定程度以及其上的都一并记录下来。 In the records, syslogd will automatically set the level you are on it and be recorded. 例如你要系统去记录info等级的事件,则notice、err.warning、crit、alert、emerg等在info等级以上的也会一并被记录下来。 For example, you want the system to record the info level event, the notice, err.warning, crit, alert, emerg other than the info level was also a record. 把上面所写的1、2项以小数点组合起来就是完整的「要记录哪些东西」的写法。 Written the above items 1 and 2 together with the decimal point is a complete "to record what things" is written. 例如mail.info表示关于电子邮件传送系统的一般性讯息。 For example, mail.info, said e-mail system on the general message. auth.emerg就是关于系统安全方面相当严重的讯息。 auth.emerg is very serious about system security message.

lpr.none表示不要记录关于列表机的讯息(通常用在有多个纪录条件时组合使用)。 lpr.none that do not record a message on the list of machines (usually there are multiple records with the conditions in combination). 另外有三种特殊的符号可供应用: In addition, there are three special symbols available in:

1.星号(*) 1 asterisk (*)
星号代表某一细项中所有项目。 Asterisk on behalf of a breakdown of all items. 例如mail.*表示只要有关mail的,不管什么程度都要记录下来。 For example, mail .* that as long as the mail, no matter to what extent have recorded. 而*.info会把所有程度为info的事件给记录下来。 The *. info for the info will all levels of events to record.

2.等号(=) (2) the equal sign (=)
等号表示只记录目前这一等级,其上的等级不要记录。 The equal sign indicates that only the current record level, not its level on record. 例如刚刚的例子,平常写下info等级时,也会把位于info等级上面的notice、err.warning、crit、alert、emerg等其他等级也记录下来。 For example, just an example, write down the info usual level, it will also put in the info level above notice, err.warning, crit, alert, emerg and other levels are also recorded. 但若你写=info则就只有记录info这一等级了。 However, if you write = info is the only record of this level of info.

3.惊叹号(!) 3 exclamation point (!)
惊叹号表示不要记录目前这一等级以及其上的等级。 This exclamation point means no record of the current level and on which level.

一般的syslogd都提供下列的管道以供您记录系统发生的什么事: Syslogd provides the following general pipe system for you to record what happened:

1.一般档案这是最普遍的方式。 1 flat file is the most common way. 你可以指定好档案路径与档案名称,但是必须以目录符号「/」开始,系统才会知道这是一个档案。 You can specify the file path and file name of the good, but the directory must sign a "/", the system will know that this is a file. 例如/var/adm/maillog表示要记录到/var/adm下面一个称为maillog的档案。 For example, / var / adm / maillog said to be recorded to / var / adm following a called maillog file. 如果之前没有这个档案,系统会自动产生一个。 If you have not this file, the system will automatically generate a.

2.指定的终端机或其他设备你也可以将系统纪录写到一个终端机或是设备上。 2 Specify the terminal or other device you can record the system writes a terminal or device. 若将系统纪录写到终端机,则目前正在使用该终端机的使用者就会直接在萤幕上看到系统讯息(例如/dev/console或是/dev/tty1.你可以拿一个萤幕专门来显示系统讯息)。 If the system writes a record terminal, the terminal is currently being used directly on the screen the user will see the system messages (such as / dev / console or / dev/tty1. You can get a special screen to display system message). 若将系统纪录写到印表机,则你会有一长条印满系统纪录的纸(例如/dev/lp0)。 If the system writes a record printer, then you will have a long record of paper printed full system (such as / dev/lp0).

3.指定的使用者你也可以在这边列出一串使用者名称,则这些使用者如果正好上线的话,就会在他的终端机上看到系统讯息( 例如root,注意写的时候在使用者名称前面不要再加上其他的字)。 3 You can also specify a user string user name in the list here is just on the line if these users, they would see in his system message on the terminal (such as root, note that the time to write in Do not add the user name in front of other words).

4.指定的远端主机这种写法不将系统讯息记录在连接本地机器上,而记录在其他主机上。 4 The wording of the specified remote host is not connected to the system messages in the local machine, and recorded on other hosts. 有些情况系统碰到的是硬碟错误,或是万一有人把主机推倒,硬碟摔坏了,那你要到哪边去拿系统纪录来看呢? In some cases the system hard disk error is encountered, or if the host was down, hard drive broke, you have to pick up the system to record which side of view? 而网路卡只要你不把它折断,应该是比硬碟机耐摔得多了。 The network card as long as you do not break it, it should be much more than the hard drive ruggedness. 因此,如果你觉得某些情况下可能纪录没办法存进硬碟里,你可以把系统纪录丢到其他的主机上。 So if you think in some cases may be no way to keep a record into the hard drive, you can throw the system records the other host. 如果你要这样做,你可以写下主机名称,然后在主机名称前面加上「@」符号(例如@ccunix1.variox.int,但被你指定的主机上必须要有syslogd)。 If you do this, you can write down the host name, then the host name preceded by "@" symbol (eg @ ccunix1.variox.int, but was on the host you specify must have syslogd).

在以上各种纪录方式中,都没有电子邮件这项。 Record in the above way, are not e-mail this. 因为电子信件要等收件者去收信才看得到, 有些情况可能是很紧急的, 没办法等你去拿信来看(BSD的Manual Page写着「when you got mail,it's already too late...」 :-P)。 Because e-mail recipients to have to wait for receipt of the letter was seen, in some cases may be very urgent, can not you pick up the letter and other terms (BSD's Manual Page says "when you got mail, it's already too late. .. ":-P). 以上就是syslog各项纪录程度以及纪录方式的写法,各位读者可以依照自己的需求记录下自己所需要的内容。 These are the records of the syslog and records are written, you readers can record their own needs according to their own need. 但是这些纪录都是一直堆上去的,除非您将档案自行删掉,否则这些档案就会越来越大。 But these records has been piled up are, unless you delete the file itself, otherwise the file will be increasing. 有的人可能会在syslogd.conf里写:*.*/var/log/everything,要是这样的话,当然所有的情况都被你记录下来了。 Some people may write in syslogd.conf :*.*/ var / log / everything, If so, of course, all cases were you recorded. 但是如果真的系统出事了,你可能要从好几十MB甚至几百MB的文字中找出到底是哪边出问题,这样可能对你一点帮助都没有。 However, if the system is really an accident, you may want to dozens or even hundreds of MB MB of text in the end to find out which side is wrong, so you may be a little help at all. 因此,以下两点可以帮助你快速找到重要的纪录内容: Therefore, the following points can help you quickly find the important content of the record:

1.定期检查纪录养成每周(或是更短的时间,如果你有空的话)看一次纪录档的习惯。 1 week to develop a regular inspection record (or a shorter period of time, so if you have the time) to see a log file of the habit. 如果有需要将旧的纪录档备份,可以cploglog.1,cploglog.2...或是cploglog.971013,cploglog.980101...等,将过期的纪录档依照流水号或是日期存起来,未来考察时也比较容易。 If there is a need to backup old log files, you can cploglog.1, cploglog.2 ... or cploglog.971013, cploglog.980101 ... and so on, will expire in accordance with the record file serial number or date of deposit up next inspection easier.

2.只记录有用的东西千万不要像前面的例子一样,记录下*.*。 2 records only useful things do not like the previous example, record *.*. 然后放在一个档案中。 Then placed in a file. 这样的结果会导档案太大,要找资料时根本无法马上找出来。 Such an outcome would lead file is too large, could not immediately find information to find out. 有人在记录网路通讯时,连谁去ping他的主机都记录。 Communications network was in the record, even he who is to ping the host are recorded. 除非是系统已经遭到很大的威胁,没事就有人喜欢尝试进入你的系统,否则这种鸡毛蒜皮的小事可以不用记录。 Unless the system has been under great threat, nothing like some people try to enter your system, otherwise the trivial matters can not record. 可以提升些许系统效率以及降低硬盘使用量(当然也节省你的时间)。 A little can improve system efficiency and reduce the hard-disk usage (of course, save your time). 地理位置的追踪如何查出入侵者的地理位置? How to find out the geographic location of the intruder's location tracking? 光看IP地址可能看不出来,但是你常看的话,会发现也会发现规律的。 Just look at the IP address may not see, but you always look at it, you will find will find the law. 在固接式的网路环境中,入侵者一定和网路提供单位有着密切的关系。 In the fixed-type network environment, network intruders, and providers must have a close relationship. 因为假设是区域网路,那么距离绝对不出几公里。 Because the assumption is that local area network, then a few kilometers away from the absolute no. 就算是拨接好了,也很少人会花大笔钱去拨外县市甚至国外的拨接伺服器。 Even dial-up well, and few people will spend large sums of money to call abroad, even outside the county's dial-up server. 因此,只要查出线的单位,入侵者必然离连线单位不远。 Therefore, as long as the unit found the line, the invaders must not far away from the connection unit.

拨接式的网路就比较令人头疼了。 Dial-up Internet is more of a headache. 有许多ISP为了吸引客户,弄了很多什么网络卡。 There are many ISP in order to attract customers, get a lot of what the network card. User这边只要买了固定的小时数,不需须另外向ISP那边提出申请,就可以按照卡片上的说明自行拨接上网。 User side just buy a fixed number of hours, no need to apply separately to the ISP side, you can follow the instructions on the card on their own dial-up Internet access. 这样当然可以吸引客户,但是ISP就根本无从得知是谁在用他们的网路。 This course can attract customers, but ISP will simply not know who is using their network. 也就是说,虽然以网络卡提供拨接服务给拨接使用者带来相当大的便利,但却是系统安全的大敌,网路管理员的恶梦。 In other words, although the network card to dial-up users to provide dial-up services bring considerable convenience, but it is the enemy of security, network administrator's nightmare. 如果入侵你的人是使用网络卡来上网,那……,要从拨号的地点查吗? If the person is invading your network card to use the Internet, that ... ..., from dial-up locations check it? 入侵者可以不要用自己家里的电话上网。 Intruder can not use their home phone access. 来话者电话侦测(Caller ID)各位读者家中有ISDN吗? To detect the speaker phone (Caller ID) you have ISDN you readers at home? 如果你用过ISDN的Caller ID功能,会发现真是方便极了,对方的号码马上就显示出来给你看。 If you used an ISDN Caller ID feature, you will find really very easy, the other number immediately displayed to you. 看到女朋友打电话来,马上就接了起来;而杂志社的打来催稿,就打开电话答录机假装不在家…… :-P.但是Caller ID依然有失效的时候。 Called to see girlfriend, pick up immediately; the magazine called Cuigao, pretending not to open the answering machine at home ... ...:-P. But still have Caller ID failure time. 有以下测试,是看CallerID可以显示出哪些号码的(受测机种为Zyxel,终端机使用Windows NT的Hyper Terminal):要显示来话方号码的前提是,对必须是透过数位交换机打到你这边,有些地区目前仍然使用机械式交换机,如果你打电话的交换路径中,有经过这些机械式的交换机,那么依然无法显示出号码来。 The following test is to see which can show the CallerID number (measured by the models for the Zyxel, the terminal using the Windows NT Hyper Terminal): To display the incoming number on the premise that parties on the need to hit through the digital switch you are here, some areas still use mechanical switches, if you call the exchange path, there is a result of these mechanical switches, it still can not display the numbers. 其他电话还没有做测试。 Other phones have not done testing. 如何靠IP地址或Domain Name找出入侵者位置? How Domain Name by IP address or location to find the intruder? 虽然电话不一定查得出来,但是至少你会知道他的IP地址。 Although the phone does not check out at, but at least you will know his IP address. IP地址的使用必须向InterNIC登记,而Domain Name要向当地直属的网路管理中心登记。 Use of IP addresses must register with InterNIC, the Domain Name to the local network management center directly under the registration. 在Internet上的网路管理中心共有三个层级(单位性质一定为NET): On the Internet network management center has three levels (in the nature of some of NET):

1.国际等级国际等级只有InterNIC一个,全球各国的NIC以及洲际NIC均由其管理。 1 InterNIC international level only a international level, countries around the world by the NIC and the NIC Intercontinental its management. ( http://www.internic.net/)。 (Http://www.internic.net/).

2.洲际等级InterNIC并不直接管理整个Internet,其下的网路资源会再做分区。 2 intercontinental level InterNIC does not directly manage the entire Internet, the network resources will do the next partition. 例如台湾、日本、香港等亚太地区国家,由亚太洲际网路管理中心(Asian-PacificNIC,APNIC,位于日本)来管理,并不直接由InterNIC管理( http://www.apnic.net/)。 Such as Taiwan, Japan, Hong Kong and other Asia Pacific countries, the Asia-Pacific intercontinental network management center (Asian-PacificNIC, APNIC, located in Japan) to manage, not directly managed by the InterNIC (http://www.apnic.net/).

3.国家等级Domain Name后面不挂国码的不是由InterNIC管理就是由洲际的NIC管理,但是有挂国码的由当地国家之NIC管理,惯例是两位国码加上NIC就是该国NIC之名称。 3 behind the national level Domain Name is not linked to the country code is not managed by the InterNIC is managed by the Intercontinental NIC, but the country code linked to the NIC by the local state administration, practice is the country code with two NIC is the NIC's name. 例如中国的国码为CN,则中国网路管理中心为CNNIC(http://www.cnnic.net/),但由于InterNIC位于美国,因此美国的DomainName由InterNIC直辖。 For example, China's country code is CN, then the Chinese network management center CNNIC (http://www.cnnic.net/), but because of InterNIC in the United States, the United States by the InterNIC directly under the DomainName. 有一个特别的例外是挂.mil的美国军方网路的资料是由ddn.mil(美国军事防卫网路)来管理,不由InterNIC管理,当您得到某个Domain Name或是IP地址后,可以使用whois来查出资料,语法如下: There is a special exception is linked to. Mil U.S. military network information is ddn.mil (U.S. military defense network) to manage, not help InterNIC management, when you get a Domain Name or IP address, you can Use whois to find out information on the following syntax:

whois -h<whois服务器><查询对象> whois-h
例如向whois.internic.net查询hp.com,需输入: For example, to whois.internic.net check hp.com, enter:
whois -h whois.internic.nethp.com whois whois-h whois.internic.nethp.com whois
也可能使用下列语法: May also use the following syntax:
whois <查询对象>@<whois伺服器> whois @
例如向whois.twnic.net查询ntu.edu.tw需输入: For example, the query to whois.twnic.net ntu.edu.tw enter:
whois ntu.edu.tw@whois.twnic.net whois ntu.edu.tw @ whois.twnic.net
目前在Slackware Linux附上的为后者。 Slackware Linux is currently attached to the latter.

Domain Name命名的三种情况 Domain Name naming of three cases

虽然同样是Domain Name,可能你会遇到三种命名的不同情况。 It is also a Domain Name, you may encounter three kinds of naming the different situations. 在许多国家*.edu.*是由NIC以外的单位所管理( 如育部),而属性也不一定是三个字母,甚至没有属性。 In many countries *. edu .* unit by NIC other than the management (such as the Ministry of Education), and the property is not necessarily a three-letter, or no attributes. 在判断单位性质时读者宜多加注意,以免找不到资料。 Unit in determining the nature of the reader should pay more attention to avoid data found.
1.标准国码+三码属性码(或没有国码,仅有属性码) 1 standard country code + three yards attribute code (or no country code, the only attribute code)
普遍使用于欧洲,美洲国家以及部份东南亚国家。 Commonly used in Europe, the Americas and part of the Southeast Asian countries. 如台湾常见*.edu.tw、*.com.tw,美国的*.com、*.edu。 Such as Taiwan common *. edu.tw, *. com.tw, ​​the United States *. com, *. edu.

2.标准国码+二码属性码以日本例,公司属性为co,社团属性为or,和三码定义的com、org略有不同。 2 The standard country code + two yards attribute code to Japanese patients, the company attributes to co, community property or, and three yards definitions com, org slightly different. 如日本万代公司之Homepage 为www.bandai.co.jp,如果读者要使用公司名称拼凑出完整主机名称时,需注意日本为仅有两码属性码之地区,否则若猜测其为 www.bandai.com.jp 就会发生错误(注:在国际通信范例中,无论是无线电通信、国际越洋电话、乃至于网际网路等,均将台湾与中国大陆划分为两个不同国家。在此将中国大陆与台湾区分,除突显此一特性外,并无其他涵义,请大家勿需自行揣测其他意义)。 Japanese companies such as Bandai Homepage for the www.bandai.co.jp, company name if you want to use the reader to piece together a complete host name, the need to pay attention to Japan for only two yards attribute code of the area, or if the speculation that it is www.bandai. com.jp error occurs (Note: the example of international communications, both radio and international long-distance telephone, and even the Internet, are Taiwan and mainland China is divided into two different countries in this will be China distinction between the mainland and Taiwan, in addition to highlighting this feature, no other meaning, please Needless to speculate on their own other meaning).

3.仅有标准国码,未有任何属性码如澳洲的主机均为仅有*.au之主机名称,未有任何其他的com、co、或任何单位属性码后面直接接上单位名称。 3 only the standard country code, such as Australia do not have any attribute code *. au hosts are only the host name, without any other com, co, or any unit properties back directly connected to the unit code name. 由Domain Name查出连线单位资料在Internet上惯例由whois服务来查询连线单位的登记资料,whois本来应该是用来查某人的电话或是其他资料的(有点像是finger或是现在很流行的寻人服务,像是whowhere、bigfoot之类的,请上www.whowhere.com一探究竟),但是在 NIC方面是用来查出连线单位的电话以及住址,技术联络人等。 Units by the Domain Name to identify the connection information practices on the Internet connection from the whois service query registration information units, whois a beautiful woman who should have been used to the phone, or other information (a bit like a finger, or is now popular finder services, such as whowhere, bigfoot and the like, please take a closer look on www.whowhere.com), but the NIC is used to detect the connection unit in the phone, and address, technical contact and so on. 符合该NIC管理权限的单位资料会存放于该单位的whois主机中,惯例是whois+NIC名称+net。 Compliance with the NIC management authority information units stored in the unit will host whois, whois + NIC name of practice + net. 例如亚太地区网路管理中心whois server为whois.apnic.net,台湾网路中心whois server为whois.twnic.net,我过网路中心whois server是whois.cnnic.net。 For example, Asia-Pacific Network Management Center whois server to whois.apnic.net, Taiwan, the network center whois server for the whois.twnic.net, I had a network-centric whois server is whois.cnnic.net. 当你知道某台主机的Domain Name以后,可以依照下面顺序查出连线单位的电话住址等资料。 When you know a host's Domain Name after the following sequence can be identified in accordance with the telephone connection unit address and other information.

第一步,先看有没有国码。 The first step, look there is no country code. 没有国码的,向whois.internic.net问;有国码的,向whois.国码nic.net问(ex.whois.twnic.net)。 Without a country code, to whois.internic.net asked; a country code, to whois. Country code nic.net asked (ex.whois.twnic.net). 另外,如果你要查美国军事单位的联络明细(假如某天你发现有人利用美国海军的网路来入侵你的电脑)则你需要向nic.ddn.mil查询,方可查到资料。 Also, if you want to check the contact details of U.S. military units (if one day you find someone using the U.S. Navy to invade your computer network) then you need to nic.ddn.mil query before found information. 例如查出美国陆军的资料:但FBI等调查机构属政府单位,非军事单位,查询时需注意: 由DomainName查出资料, 如您能从nslookup查出某一IP地址之FQDN,则可以直接向当地NIC查出入侵者网路之资料: For example, the U.S. Army found the information: but the FBI and other investigative agencies are government agencies, non-military unit, the query must be noted: DomainName detected by the data, if you find out an IP address from the nslookup FQDN, you can directly to the NIC network of local information to identify the intruder:

1.由美国入侵的例子: 1 by the U.S. invasion of examples:
由xxx.aol.com入侵由主机名称发现未有国码,因此直接向InterNIC查询。 Invasion of the host name from the xxx.aol.com found no country code, so check directly to the InterNIC. 由此我们可以查到America Online的技术负责人以及电话、传真等资料,把你的系统纪录档准备好,发封传真去告状吧! From this we can get the technical director of America Online and telephone, fax, etc., to your system log files are ready, send letters to complain fax it!

2.由台湾入侵的例子: 2 examples of invasion from Taiwan:
由HopeNet入侵(cded1.hope.com.tw)由于TWNIC目前whois资料库不知怎么的不见了,故请改由dbms.seed.net.tw查出hope.com.tw之中文名称,再打104询问该公司的电话! By the HopeNet invasion (cded1.hope.com.tw) as TWNIC whois database is currently unknown how the missing, so please change the dbms.seed.net.tw found hope.com.tw the Chinese name, call 104 ask The company's phone! 现在如果直接由whois.twnic.net 查询会这样: Now, if the query directly from whois.twnic.net this:

只有IP地址的查法 Only the IP address of the search method

若某天您发现由168.95.109.222有人入侵,假设您不知道这是哪里的网路,而这个IP地址也没有Domain Name 的话,则须先将IP地址分等级,再向InterNIC查询: (以下作为范例之位址均为虚构,如有雷同,纯属巧合)。 If one day you find someone from the 168.95.109.222 invasion, if you do not know where this is the network, and the IP address of the Domain Name, then no, you must first IP address of the sub-grade, InterNIC query again: (the following as Examples of addresses are fictitious and any similarity is purely coincidental).
1.由15.4.75.2入侵的例子: 1 by 15.4.75.2 invasion of examples:
此IP地址是15开头,为一个ClassA网路,故向InterNIC查询15.0:查出此IP地址为惠普公司所有 This IP address is 15 at the beginning, as a ClassA network, so check with InterNIC 15.0: Find out the IP address of all Hewlett-Packard

2.由140.111.32.53入侵的例子: 2 by 140.111.32.53 invasion of examples:
此IP地址为ClassB,需查询两次。 This IP address is ClassB, need to check twice. 先向InterNIC查询140.111.0:查出为台湾教育部所有。 InterNIC query 140.111.0 first: find out all of Taiwan's Ministry of Education. 再向whois.twnic.net查询140.111.32.0: Again whois.twnic.net query 140.111.32.0:

3.由203.66.35.1入侵的例子这是一个ClassCIP,因此必须查询至少二次,一般是三次。 3 by 203.66.35.1 This is an example of the invasion ClassCIP, it is necessary to check at least twice, usually three times. 顺序为国际->洲际->所属国家。 International order -> Intercontinental -> Country. 先查203.0:出来一大堆,怎么办? Will check 203.0: out a lot, how do? 有的情况只好再追ClassB。 Some cases had to catching ClassB. 由于InterNIC将部份ClassC交给洲际管理机构来负责配给,因此有些ClassC的资料会在洲际管理机构,此时先向InterNIC查出所属洲际管理机构(用ClassB问)。 As part of ClassC InterNIC to the governing body responsible for intercontinental rationing, so some information will be intercontinental ClassC administration, then first find out the respective continental governing body InterNIC (with ClassB asked). 问到203.66为亚太地区洲际网路,于是向whois.apnic.net询问203.66.35.0:查了三次以后,终于查到203.66.35.0 为在一堆资料中查到203.66.35.1,此一IP地址为ForwardnessTechnologyCo.Ltd.所有,电话地址也一并附在上面由以上的查法,可以由任一主机名称或IP地址查到连线者网路单位的资料,如果您发现该网路单位下属主机对您的网路有攻击行为,请检具资料告诉对方的系统管理员 (对方不一定接受)。 Asked to 203.66 intercontinental network for the Asia-Pacific region, so ask to whois.apnic.net 203.66.35.0: after three investigations, and finally found 203.66.35.0 found in a pile of data 203.66.35.1, this IP address ForwardnessTechnologyCo.Ltd. All, telephone and attached to the above address is also an investigation by the above method, can be either host name or IP address of the network units were found to connect the data, if you find under the host of the network unit with aggressive behavior on your network, please submit the information to tell the other side of the system administrator (the other is not necessarily accepted). 下面是Windows95的hosts档案:当您没有DNS的时候,您可以拿这个来将DomainName<->IP地址的对应工作做好。 Here is the hosts file Windows95: When you do not have DNS, when you can take this to the DomainName <-> IP address of the corresponding job done. 写法就和UNIX样。 Written on and UNIX-like. Microsoft的这个hosts档案写的是给chicago用的,这是windows95的开发代号,看见没? Microsoft, the hosts file is written to chicago used, which is windows95, Mozilla did not see? (看来Microsoft出windows95时太赶,忘了修正这些小东西), 不过各位读者要注意的是, 原先的hosts档案档名是hosts.sam,您要自己将档名改成hosts才能用。 (Appears when Microsoft windows95 too rush out, forgot to fix these small things), but you the reader to note that the original hosts file file name is hosts.sam, the file name you want to change your hosts to use.

注:几乎所有使用TCP/IP通讯协定的机器都会有hosts、network等档案。 Note: Almost all use TCP / IP protocol of the machine will have hosts, network and other files. 这是所有TCP/IP系统的共通习惯(但只有Microsoft的软体会有lmhosts来配合Microsoft自己的wins域名解译系统)。 This is all TCP / IP systems used in common (but only to Microsoft's software will have lmhosts wins with Microsoft's own interpretation of the domain name system). 如果读者有注意到的话,可以发现Novell Netware服务器也有一个etc目录,还有hosts等档案! If readers have noticed, you can find also a Novell Netware server etc directory, there are hosts and other files!

Tidak ada komentar:

Posting Komentar