大家都很清楚Win9x操作系统的安全性不怎么样,使用防火墙共享软件,又怕泄漏了自己在上网方面的隐私。 We are well aware Win9x operating system security not up to much, use a firewall shareware, afraid of leaks in the Internet in their own privacy. 难道不能自己对Win9x进行简单设置,让它具有一定的防黑能力吗? Do not own a simple set of Win9x, it has a certain Hacking capabilities? 我分析Win9x协议后,发现完全可以自己建立一个简单的“Win9x个人防火墙”。 I analyzed the Win9x agreement, can find themselves a simple "Win9x personal firewall." 只要按照下面的步骤,修改操作系统的内核文件,随时开关各种安全选项,就能为自己量身定做防火墙软件。 Just follow the following steps to modify the operating system kernel files, ready to switch to a variety of security options, you can tailor for their own firewall software.
下面分几种情况讲述内核文件的修改过程。 Here are several points about the core file of the revision process.
1. 关闭TCP协议的修改方法关闭TCP协议可以预防别人远程登录你的电脑,进入共享目录或者放置木马控制软件,但你同时也不能再使用FTP了,因为FTP的数据回传需要与本机连接。 1 Close method to close the TCP protocol TCP protocol can be modified to prevent others to access your computer remotely, place the Trojan into the shared directory or control software, but you also no longer use FTP because the FTP data need to return the machine to connect with .
在纯DOS状态下,进入Windows\system后键入以下命令: In pure DOS mode, enter the Windows \ system, type the following command:
DEBUG VTCP.386 DEBUG VTCP.386
D 5D56 D 5D56
如果显示是0F 85 8C 01 00 ......,将其改为E 5D56 E9 8D 01 00 。 If the display is 0F 85 8C 01 00 ......, to change it to E 5D56 E9 8D 01 00.
如果用HEX编辑软件修改,可以搜索HEX串或者查找文件偏移5C56H(从0开始算,注意DEBUG调进去是从100H开始算)。 If HEX editing software to modify, you can search for HEX string or find the file offset 5C56H (count from 0, note tune into DEBUG is counted from the beginning 100H).
同样不让TCP连接,但可以使自己用FTP的改法是,简单的判断是否连接21端口,别的端口的TCP连接禁止。 Also allow a TCP connection, but their use can change the FTP method is simple to determine whether the connection port 21, the other port of the TCP connection prohibited. 由于普通上网电脑不能指定端口连接,端口值一般等于1024再加21,所以这样的改动具有一定的防范能力。 Since ordinary computer can not access the specified port, the port value is generally equal to 1024 plus 21, so this change has a certain ability to guard against. 下面是需要修改的值,左边是文件偏移,右边是改动后文件与原文件的区别。 The following is the need to modify the value, the left is the file offset, on the right after the file is changed and the difference between the original file.
5C3F: 75 74 5C40: E5 0B 5C41: 8B 2B 5C3F: 75 74 5C40: E5 0B 5C41: 8B 2B
5C42: 44 C0 5C43: 24 5D 5C44: 4C 5F 5C42: 44 C0 5C43: 24 5D 5C44: 4C 5F
5C45: 80 5E 5C46: E4 5B 5C47: 16 83 5C45: 80 5E 5C46: E4 5B 5C47: 16 83
5C48: 80 C4 5C49: FC 40 5C4A: 02 C3 5C48: 80 C4 5C49: FC 40 5C4A: 02 C3
5C4B: 0F 90 5C4C: 85 8B 5C4D: 97 44 5C4B: 0F 90 5C4C: 85 8B 5C4D: 97 44
5C4E: 01 24 5C4F: 00 4C 5C50: 00 80 5C4E: 01 24 5C4F: 00 4C 5C50: 00 80
5C51: 8B E4 5C52: 44 16 5C53: 24 80 5C51: 8B E4 5C52: 44 16 5C53: 24 80
5C54: 28 FC 5C55: 66 02 5C56: 8B 0F 5C54: 28 FC 5C55: 66 02 5C56: 8B 0F
5C57: 18 85 5C58: 66 8C 5C59: 81 01 5C57: 18 85 5C58: 66 8C 5C59: 81 01
5C5A: FB 00 5C5C: 14 6A 5C5D: 75 00 5C5A: FB 00 5C5C: 14 6A 5C5D: 75 00
5C5E: EC 6A 5C5F: 90 06 5C60: 6A 8B 5C5E: EC 6A 5C5F: 90 06 5C60: 6A 8B
5C61: 00 44 5C62: 6A 24 5C63: 06 30 5C61: 00 44 5C62: 6A 24 5C63: 06 30
一共要改动36项。 A total of 36 to be changed.
2. 关闭IGMP协议的修改方法因为个人电脑很少进行多项传送,所以IGMP协议可以不用。 2 off IGMP protocol modification method because a number of personal computers rarely transmitted, so the IGMP protocol can not. 将其关闭可以避免别人利用BUG攻击。 Turn it off to avoid others using BUG attack. 把文件VIP.386中HEX码00 6A 02 HEX code in the file VIP.386 00 6A 02
E8 改成00 6A F2 E8就可以了。 E8 00 6A F2 E8 into it.
3.关闭ICMP协议的修改方法修改文件VIP.386的HEX码。 3 Close the ICMP protocol to modify the file VIP.386 way to modify the HEX code.
(1)关掉ICMP协议改法:把00 6A 01 E8改成00 6A F1 (1) turn off the ICMP protocol change the law: 00 6A 01 E8 00 6A F1 into
E8,使ICMP协议不能使用,别人不能PING你,你也不能PING别人。 E8, the ICMP protocol can not be used, others can not PING you, you can not PING others.
(2)ICMP协议中只让自己PING别人的改法:83 F9 11 77 08 改成83 F9 00 75 08。 (2) ICMP PING protocol only allows others to change their method: 83 F9 11 77 08 change 83 F9 00 75 08.
(3)ICMP协议中不让别人PING的改法:文件偏移D04DH(从0开始,如果是DEBUG调进去,就是D14DH)74 0D 改成90 (3) ICMP PING protocol to prevent the others change the law: file offset D04DH (starting from 0, if it is transferred into DEBUG is D14DH) 74 0D change 90
90。 90.
以上内容大家可以参照自己的需要相应改动。 Above their own needs we can refer to the corresponding changes. 还应注意,NetBIOS是微软提供共享服务的协议,黑客在你上网时可以通过NetBIOS查机器上的用户名和共享。 Should also be noted, NetBIOS is a shared services agreement to provide Microsoft, hackers can access your machine via NetBIOS check the user name and shared. 所以你要注意在网络属性的TCP/IP协议上不要绑定微软客户,专线用户的专线IP不要绑定微软客户。 So you should pay attention to the network properties of the TCP / IP protocol on Microsoft's customers do not bind, green line IP will not bind the user's Microsoft customers. 这样黑客就不能直接连接NetBIOS,得到你的机器名、共享目录等。 A hacker can not be directly connected NetBIOS, get your machine name, shared catalog. 另外要注意,Win9x系统访问别人时有可能泄露当前用户名和密码。 Also note, Win9x system access is possible when someone divulge the current user name and password.
最后,在修改之前记住把文件备份到软盘上,以备急用。 Finally, keep in mind before modifying the file backup to a floppy disk, for emergencies.
Tidak ada komentar:
Posting Komentar