佚名MYHACK58:62200612704NetSniper network pioneer works-vulnerability warning-the black bar safety net
NetSniper network tip of the soldiers is in Shanghai on a large lake network system Co., Ltd. developed the network access detection and a controller. It can automatically detect the network without permission the erection of a proxy server is system or an illegal router, and through the illegal proxy server, the IP packet and the flow to the illegal Router, the IP packet can be controlled. By this control, effectively prevent the malicious users to steal to escape the cost of access to happen. At the same time NetSniper can precisely control a network interface connected to the user’s computer number. NetSniper occurs, the successful solution of the broadband community, the campus network, the emergence of cost loss problems. NetSniper can also be applied to the Central office, the address of each ISP dial-up Internet generated cost loss problems.
One, why use NetSniper
The current network is already our learning office indispensable tool, especially broadband network using increasingly popularity. However, in the operator the actual operation process, there has been such a problem: some of the“technical master”the use of TCP/IP features on your own computer to install a proxy server or network address translation software, so that multiple tenants can use the same subscription account, Internet access, corporate office, even without permission the erection of the cafe. In the campus network, the above situation has been very popular. In the cell, also began to appear and spread rapidly. Will eventually lead to the access provider to put the huge infrastructure costs it difficult to properly recycle. NetSniper design purpose, which is to be a simple solution to this problem.
In addition, the network charges the normalization of the voice getting higher and higher, many Telecom operators and ISP all have the specification that the network charges the plan, some operators have taken the specification of the network usage charges the first step. In the business of norms of fees and services at the same time, you need to have a strong mechanism to cooperate. Now has become a flood trend of the single account multi-user use the problem must be guided, become the operator to open up new positions of the user base. To this end, my company production of NetSniper increases the precise control of a single network interface on a users computer the number of features for the ISP and broadband operators to provide new services, but also for Internet users provides new Internet access mode selection.
Second, NetSniper range of applications
NetSniper applicable to various network environment, such as: cable TV Networks, HFC, and Ethernet, xDSL(ADSL, VDSL, HDSL, AND SDSL, dial-up network, and so on, the PSTN is.
NetSniper effectively prevents the following types of theft of broadband resources way:
(1) The Private to pull the line; (2)the shared Internet access; (3)the theft of the MAC address of the Internet; (4)the Modem back to dial up Internet.
At the same time NetSniper can be technically efficient to discover the metro network in the presence of the“Black Internet cafes”to help law enforcement agencies is simple, fast, effective positioning and the fight against“black bars” in.
Third, NetSniper-series devices
NetSniper network tip of the soldiers of the whole system includes three parts: a network pioneer Controller, the Network Configuration Manager and the Log Manager.
For different environment, the actual needs, NetSniper network pioneer hardware equipment-network pioneer controller is designed to be I and II two kinds of models. NetSniper-I and NetSniperII use the same network Configuration Manager software and Log Manager Software. The Network Configuration Manager to configure and manage network pioneer Controller related to the parameters. The Log Manager means for receiving and processing network tip of the soldiers sent by the controller log information.
NetSniper-I applicable to the detection and control of the private to pull the line. NetSniper-II is applicable to the detection and control shared Internet access and a stolen MAC address to access the Internet.
Interface: 1 1 0/100M or 1000M Ethernet port
1 RS232 management port
1 1 0/100M Ethernet port management port
Power supply: 220V/50Hz, 30W
Cooling: built-in four high performance fans
Size: 1U 4 4 0×4 3 1×4 4(wide×deep×high)
Fourth, NetSniper the appearance and the relevant parameters
! Press this opens in new window pictures
Interface: 1 1 0/100M or 1000M Ethernet port
1 RS232 management port
1 1 0/100M Ethernet port management port
Power supply: 220V/50Hz, 30W
Cooling: built-in four high performance fans
Size: 1U 4 4 0×4 3 1×4 4(wide×deep×high)
Five, the use of NetSniper precise control of a single network interface number of users
Existing network operators in providing access to services, usually to the initial registration of the computer number for the network cost calculation standard, or given a certain bandwidth of the leased line charge a monthly subscription fee. As for the user after the increase how many computers you indifferent, especially the Dial-Up Networking, ISDN, ADSL more there is no corresponding means to be controlled, and therefore cause great cost loss. For the network operator to Refine the management of needs, I company in NetSniper, deliberately added precise control of the same network interface on the user number of the function.
NetSniper, the control interface shown
! Press this opens in new window pictures
From the above figure we can see that the NetSniper can be easily according to the user IP address or MAC address control the same network port the number of users, number of users can be controlled in eight stages, including single user and unlimited user default settings, a total of ten levels. The number of users in accordance with their own will to define each level of user can manage the number of computers, accurate and flexible, is the operator of increased access to the service way of the powerful Foundation.
Six, stealing escape the cost of access ways and responses:
1, through the access to the other line of the“underground operations”
! Press this opens in new window pictures
2, sharing Internet access(1)The use of one network port connected in series to a plurality of computer case
3, shared Internet access(2)The use of one network port connected in series to the other connection of the user
4, illegal users of stolen legitimate user’s MAC address Internet access
5, The use of Dial-Up Networking to access a legitimate network port connected in series to the illegal computer Modem back to dial the Internet
1, through the access to the other line of the“underground operations”
By the access the other line of the“underground operations”
Now know the first kind of illegal operation the situation: as Figure F legitimate user to apply a ADSL or other lines, and then on your own computer to install the agent service software or connected to a router, it can be mustered for a number of tenants sharing the leased line rental fees, and through the outlet of the shared bandwidth to access the external network, and at the same time they can also enjoy the cell internal network inherent in all functions.
At the same time does not exclude such a possibility, that some of the cell taking into account costs and other factors, privately with a second access to negotiate for the same cell the erection of the two exit through a different access provider to access the service. In this case, the first access provider of high wiring cost cannot be recovered.
For in the case, our device can promptly detect all illegal users, and timely truncated users of the illegal IP packets, and notify the system administrator to be processed.
2, sharing Internet access(1)The use of one network port connected in series to a plurality of computer case
! Press this opens in new window pictures
Share Internet access(1)The use of one network port connected in series to a plurality of computer case
Illegal operation case II: as above figure F of the user as operators of legitimate monthly users, Internet service provisioning later in your own computer to install the agent software or install a router, so you can always mustered a number of tenants sharing a flat monthly fee, or even the Kangaroo cafe.
For the above figure in the case, our network monitoring module can detect such user, and notify the network administrator of the user information to the network administrator discretion to. Such as the temporary closure of this account, shall be ordered to correct and re-open, and so on.
3, shared Internet access(2)The use of one network port connected in series to the other connection of the user
! Press this opens in new window pictures
Share Internet access(2)The use of one network port connected in series to the other connection of the user
The illegal operations of the three: on Figure F of the user as operators of a legitimate User, Application Internet services later, on your own computer to install the agent service software, or connected to the road by the controller, then all the rest in the network segment of the computer are available through this computer access to the Internet.
In this case, the operator inputs the funds set up the network, but become illegal users steal to escape the cost of the tool.
For the above case, the NetSniper can promptly detect all illegal users, and timely truncated users of the illegal IP packets, and notify the system administrator to be processed.
4, illegal users of stolen legitimate user’s MAC address Internet access
! Press this opens in new window pictures
Illegal users from theft of legitimate user’s MAC address Internet access
There are currently many operators is through the user computer’s MAC address to restrict user access to the network, thereby generating a steal to escape the cost of access situation: user F first apply to open an account, and then reported to stop or arrears down, the subsequent theft of legitimate user A’s MAC address access to the Internet. By this means, the user F Do not have to pay any fee you can access to the Internet.
In this case, the operator will not only be unable to charge user F Internet costs, and because the legitimate user A’s MAC address is stolen, Cause A can not be normal Internet access, leading operators to provide the quality of service decline.
For the above figure in the case, NetSniper can be detected in time all of the use of improper means to Internet users, once seized illegal IP packet is immediately truncated, and notify the system administrator to be processed.
5, The use of Dial-Up Networking to access a legitimate network port connected in series to the illegal computer Modem back to dial the Internet
! Press this opens in new window pictures
The use of Dial-Up Networking to access a legitimate network port connected in series a number of illegal computer case
This is in enterprise network a common situation: as above figure F of the user as a legitimate user, the Internet services opening later, with the operator in F of the computer to install the agent service software, NAT software, or install the router software, then install the Modem and other remote access devices. Illegal users at the distal end through the Modem and other access devices and the network is connected.
The illegal user through the callback behavior, not only a waste of the company’s cost of Internet access, but also a lot of waste of corporate phone bills. For the above figure in the case, NetSniper network sharp soldiers can timely find such a user, and notify the network administrator of the user information to the network administrator discretion to. Such as temporary offClosed the computer the right to use, shall be ordered to correct and re-open, and so on.
Seven, NetSniper use
1, with the NetSniper-I block“private pull line”
! Press this opens in new window pictures
By NetSniper-I block“private pull line”
In the upper figure it can be seen that our device simultaneously monitor up to 8 Station HUB. Product easy to install, in the HUB requires only one network port. As a detection device, NetSniper to the data reception based, basic data is not transmitted, so the bandwidth is almost zero occupancy, the transmission efficiency does not have any impact.
In this case, NetSniper monitoring the illegal export of Internet users and to intercept all the illegal users of an IP packet, so that it is in the“OFF”state due to the application in addition to the line of the user, its application and use behavior is legal, so we do not the user to take any monitor with interference measures, our work aims to prevent the illegal operation behavior.
The completion of the above capture at the same time, our device is not for these users should have the right to cause any harm, does not reduce the network transmission efficiency, does not infringe the user’s privacy interests, even within a cell user is inside the LAN information file is transmitted also to distinguish clearly understood, implemented only for the illegal use of the phenomenon of precision strike.
2, with NetSniper-II control shared Internet access, misappropriation MAC address Internet access and Modem back to dial Internet access
Use NetSniper-II can effectively control the shared Internet access, misappropriation MAC address Internet access and Modem back to dial the Internet.
! Press this opens in new window pictures
By NetSniper-II control shared Internet access, misappropriation MAC address of the Internet Modem back to dial Internet access
On the figure, NetSniper-II can be on the internal network to each user for detecting, upon the occurrence of a user to install the proxy server software, the other user via the user interface to the Internet to steal the escape network fee, or find theft MAC address access to the Internet and by Modem back to dial Internet access the case, NetSniper-II you can locate these users, and take notice of the system administrator or automatically blocking unauthorized users and other measures.
3, the NetSniper-II detection network in the presence of the black bars
The cafe is through a proxy server or NAT Converter Internet, and therefore can be detected by the network in the presence of a proxy server and a NAT Converter to determine the cafe’s existence and location.
NetSniper can effectively detect the presence of a network proxy server or NAT converters, as well as their management of the computer number.
! Press this opens in new window pictures
By NetSniper-II detection network in the presence of the black bars
(1)“NetSniper network tip of the soldier”is a day of 2 consecutive 4-hour work of the intelligent computer equipment, can effectively greatly improve the management efficiency, reduce management costs.
(2)Make up the current“the masses to report—>law enforcement agencies confirm—>law enforcement agencies in the fight against”this mode is insufficient,“NetSniper network tip of the soldiers”can help law enforcement agencies more comprehensive and accurate the fight against“black bars” in.
(3)The use of“NetSniper network tip of the soldier”can play the advantages of technology, will manage the work done in peacetime, to avoid the existing assault-style management: a tragedy occurs, it is concentrated to take the stormy style checks rectification, culminating in the past and often calm, manage and operate back to their original orbit, law enforcement and illegal business with each other live together peacefully.
(4)“NetSniper network tip of the soldiers”very convenient to use, and the operators of the existing equipment with extremely simple: you do not need to change the existing network structure, does not affect the performance of the network, and user-independent, centralized maintenance, control mode is flexible.
4, the NetSniper-II in the Office of the use
NetSniper-II can also be used as infrastructure equipment for xDSL(ADSL/VDSL AND PSTN Telephone dial-up network, the HFC(cable television network, etc. In this case, NetSniper-II can effectively prevent control of the shared Internet access, misappropriation MAC address Internet access and Modem back to dial the Internet. The following two legend points out how the NetSniper-II for the Office end.
! Press this opens in new window pictures
The NetSniper-II for the dial network(PSTN)
In these three figures, the Central office end use NetSniper-II, as in the Ethernet environment as NetSniper-II can be on the internal network to each user for detecting, upon the occurrence of a user to install the proxy server software, the other user via the user interface to the Internet to steal the escape network fee, or find theft MAC address access to the Internet and by Modem back to dial Internet access the case, NetSniper-II you can locate these users, and take notice of the system administrator or automatically blocking unauthorized users and other measures.
! Press this opens in new window pictures
The NetSniper-II for the cable TV network(HFC)
! Press this opens in new window pictures
The NetSniper-II for xDSL(ADSL/VDSL)Central office
Eight, with existing solutions compared
It is all steal escape network fee situation, the operators invest a lot of resources laying the network connection device is used illegally, can not be timely recovery of investment. From a long-term point of view, this phenomenon also hampers the operators with a large number of potential users of close interaction, the inability to advance the update of the value-added services. Thus affecting the broadband industry.
According to the market survey, the current is similar to the three cases in the broadband residential area has been the rise of the trend, especially in the campus network is in full swing, let the network management personnel helpless, operators headache endless. Generally speaking, the campus network is the Internet experiment of the application base, where any“new discovery”will soon be on the entire Internet users in popularity.
However, currently the market has yet to show any simple and effective targeted solutions. Therefore, some operators to prevent this terrible phenomenon spread, forced to take the division VLAN way to put all of the user separated, so that it can not communicate with each other.
As long as we know about VLAN technology, you know where the operator had difficulties.
VLAN, also known as virtual LAN, is located in a different physical LAN segment of the device components. Although the VLAN of the connected devices from different network segments, but between each other can communicate directly, as if in the same network segment, hence the name virtual local area network.
Thus, the operator is forced to Use VLAN the root cause of just use the VLAN of the network isolation feature.
It is for this reason, the VLAN technology design The purpose of the application is simply not for currently found unlawful user of unauthorized application of the phenomenon. With VLAN mode to solve this problem, like the use of a secondary drug secondary efficacy to the treatment of disorders, the loss outweighs the gain also will have other incalculable side effects.
We only analyze several drawbacks:
1, the VLAN is divided need to be able to support the VLAN of the dedicated switch, the high price of out of the ordinary switch lot, directly increases the cost of construction.
2, more important is for the management of human resources an unprecedented vast of. Because, if according to a switch port defined VLAN, usually it is easy with some drag-and-drop software to one or more users assigned to a specific VLAN. In non-Exchange environment, move, add or change operation is very troublesome, it is possible to change the wiring on the Board jump line from one Hub Port to another port. MAC address-based VLAN allocation scheme can indeed make some moves, adds and changes to the operation of the automation. But in order to the user’s computer can be connected to the switched network of any one of the ports, all traffic can correctly reach the destination, the administrator still have to be VLAN initial manual assignment, the need for access providers to invest a lot of labor. In fact, in order to completely avoid the illegal use of the network, you will need all of the users are isolated, using a VLAN to divide the network number and the user number are equal, this network workload will make it difficult to accept.
3, even if the use of VLAN segmentation is completed, all of the user partition and then become information silos state, in addition to simple Internet browsing service, and then difficult to enjoy the operators to provide value-added services and parks within the full LAN bandwidth.
4, Using the VLAN isolation later, although you can avoid part of the use of existing network resources, illicit use, but still can not avoid the use of a monthly interface connected in series to a plurality of computer or opening an Internet cafe, etc. the worst case occur.
5, as a detection device, NetSniper to the data reception based, basic data is not transmitted, so the bandwidth is almost zero occupancy, the transmission efficiency does not have any impact.
6, the NetSniper detection on the network the IP packet, and can choose to intercept all the illegal users of an IP packet, so that it is in the“OFF”state due to the application in addition to the line of the user, its application and use behavior is legal, so we do not the user to take any monitor with interference measures, our work aims to prevent the illegal operation behavior.
7, our device is not for these users should have the right to cause any harm, does not reduce the network transmission efficiency, does not infringe the user’s privacy interests, even within a cell user is inside the LAN information file is transmitted also to distinguish clearly understood, implemented only for the illegal use of the phenomenon of precision strike.
NetSniper network pioneer series of product specific, installation, simple configuration, maintenance-free. We offer the standard configuration can meet the vast majority of the network monitoring requirements; the performance of the system can be based on hardware optimization, can be*high, broadband network operators and system integrators best choice.
====================================
**1. Port mapping crack network pioneer
**Turn:speed home plus 5 1 1 can not be set to routing
The original local SPEED HOME PLUS 5 1 1 set Auto dial routing has been normal, a week ago, some users reflect the set finished the route after less than two minutes of disconnection, the MODEM is restarted, if set to the initial state, with ETHERNET300 such as dialing normal.
I heard that is the Bureau to do the hands and feet, to prevent the user to set the routing to share Internet access, do not this problem have to cope with the method? Please master give teach!
Another: I check in online to say that there is a network pioneer class of equipment used in telecommunications, specifically to prevent the user to set the routing, the corresponding method to screen out the snmp port, but I’m in the FIREWALL. don’t know how to add the firewall list? Want to know the way.
Port mapping【snmp port 1 6 1)】hack network pioneer
the snmp port is 1 6 1., do a port mapping the port mapping to the internal networkDoes not exist, the ip try this idea seems to be hiker?
I also use 5 1 1, try to do so the two tcp and udp each of a port mapping mapped to 1 0. 0. 0. 8 8, was found in the user. ini shows:
create protocol=tcp inside_addr=10.0.0.88:snmp outside_addr=0.0.0.0:snmp foreign_addr=0.0.0.0:0
create protocol=udp inside_addr=10.0.0.88:snmp outside_addr=0.0.0.0:snmp foreign_addr=0.0.0.0:0
In the web setup interface displayed as:
! Press this opens in new window picture
2. Crack the“network pioneer”
Close paragraph of time,many parts of the telecommunications ISPS use the one called“network pioneer”device to restrict users to share Internet access, to give everyone a lot of inconvenience, after the master who unremitting efforts, now has been able to crack the“network tip of the soldiers.” Note that the“network pioneer”and the recent virus attacks phase difference, the viruses attack when the ADSL MODEM is generally to be restarted in order to use, and the“network pioneer”the impact of etc on a few minutes you can continue to access the Internet and open a web page frequently to refresh several times to hit the open. After the study found it is using a variety of methods to detect whether the user is using to share Internet access, thereby limiting, the following I were crack:
One, check the same IP address of the data packet has a different MAC address, if it is determined that the user shared access to the Internet. The hack way is to put each machine’s MAC address to the same; modified in many ways, not described in detail here, yourself with a GOOGLE search for the keyword“modified MAC address”.
Second, through the SNMP(Simple Network Management Protocol to discover multiple machines to share Internet access. Some routers and ADSL cat built-in SNMP service, by the corresponding tool is able to view the user there is no sharing, the following is a netizen provided by the corresponding tools view the A ADSL MODEM connected to the user the number of renderings, which you can clearly see the share of the number of users
! Press this opens in new window pictures
In order to know your own router or a big cat is open up the SNMP service, feel free to look for a scanning software(ipscan, the superscan…) Scan it, if you open a 1 6 1 port is a built-in SNMP service, the solution is to put SNMP with the 1 6 1 port ban on the line.
The use of the router or open the ADSL cats of routing mode Internet Sharing friends can get into the management interface for closed-SNMP option to turn off it. If the cat’s management interface independent of the closed-SNMP option had to buy one without the SNMP service for the router, such as TP-LINK TL-R400, put to the adsl moden and the hub in the Middle, in the router do a NAT service, so that the feed to the ADSL cats in is an address, this would solve the shared access to the Internet.
Third, the monitoring and the number of ports, and port more than the set number determined for the share.
This is one of the most to laugh and cry is set, the“network pioneer”to constantly scan the user to open number of ports, more than the set value it is determined that the shared, and sometimes even press few times the F5 key it is considered to be shared, even single-user Internet access are also affected, this can’t crack(unless you put the network tip of the soldiers was black), I where the solution is to pretend to be innocent of the user to the ISP customer service phone cursed, and the statement could just change ISP, while the network is normal;
Fourth, the“network pioneer”also uses an unknown method from a shared computer in a probe to the shared information, the current solution is to all of the shared clients to install a firewall, the security level is set to the highest, because the condition is limited, only tried a few kinds of firewall, the found network Dart V(useful,the IP configuration rules inside all allow others to access the machine rules all don’t allow to PING the machine do not, to prevent ICMP,IGMP attack also ticked. If it is WINXP,to open the NIC’s network firewall.
Taking the above hack way, in their own local area network can not see the machine, and WINXP open the network card of the firewall, in the QQ can not transfer files, the network Speed has slowed down, but it also can be shared, if there is a better way, also please inform.
In General, the“network pioneer”or an immature product, the main is him to single-user Internet access also have an impact, browse the web often to refresh a few times, and some pages more complex, to call several of the server files when it also when you are sharing, causing the Web Part cannot be displayed. And because of“network pioneer”to constantly scan the user port bandwidth, causing the network speed to slow down, I’ve got the ISP with the user after great views, customer service phone almost off the hook, now the ISP only dare in the night secretly open one or two hours:-p