Tuesday, October 19, 2010

Process with SOFTICE crack WINZIP



Break these steps:

1. With softice loading windows (by CTRL + D to check softice is ready, press the F5 exit softice);

2. Run winzip, select the "help" under the "Enter Registration Code ...";

3. In the "Name:", type: KraneXH (free), "Registration #:", enter: 12345678 (random);

4. Using CTRL + D exhaled softice, under the universal breakpoint: bpx hmemcpy, press F5 to return to the winzip;

5. Winzip, select "OK", program will soon be softice intercept them (because we set a breakpoint bpx hmemcpy, when in winzip, select "OK" when, winzip Council hmemcpy this function to fetch the name of our input, " KraneXH "and the registration code" 12345678 ", softice detected hmemcpy is called, so he interrupted the operation of winzip, winzip call hmemcpy stay in place);

6. With bd backup bin conf config data eshow_sitemap.html generate.sh log maint sitemap.html svn tmp suspended just set breakpoints bpx hmemcpy (suspended breakpoint bpx hmemcpy Why? Because our aim is to take the name of winzip and the registration code to run when the interrupt it, but this break is not bpx hmemcpy winzip only valid for the computer to run the program may be invoked at any time. As we enter the name and winzip registration code in just after setting off point bpx hmemcpy, then winzip will immediately fetch the name and registration code we entered, so we can ensure that disruption in the winzip program, by bd backup bin conf config data eshow_sitemap.html generate.sh log maint sitemap.html svn tmp The order to suspend breakpoint bpx hmemcpy, to prevent the decryption process when interrupted by other extraneous affect the normal decryption);

7. Press F12 key 9, to return to the winzip's airspace (as just softice break in hmemcpy, this is the windows system area can not be changed, winzip just call this function only, so we must return to the winzip program before helpful), to the following areas:
......
0167:00407 F6DCALL [USER32! GetDlgItemTextA]
0167:00407 F73PUSHEDI 鈫?- program stop here, EDI point to "KraneXH"
0167:00407 F74CALL0043F89A
0167:00407 F79PUSHEDI
0167:00407 F7ACALL0043F8C3
0167:00407 F7FPOPECX
0167:00407 F80MOVESI, 0048CDA4
0167:00407 F85POPECX
0167:00407 F86PUSH0B
0167:00407 F88PUSHESI
0167:00407 F89PUSH00000C81
0167:00407 F8EPUSHEBX
0167:00407 F8FCALL [USER32! GetDlgItemTextA]
0167:00407 F95PUSHESI 鈫?- ESI point to "12345678"
0167:00407 F96CALL0043F89A
0167:00407 F9BPUSHESI
0167:00407 F9CCALL0043F8C3
0167:00407 FA1CMPBYTE PTR [0048CD78], 00 鈫?- [0048CD78] point "KraneXH"
0167:00407 FA8POPECX
0167:00407 FA9POPECX
0167:00407 FAAJZ00408005
0167:00407 FACCMPBYTE PTR [0048CDA4], 00 鈫?- [0048CDA4] points "12345678"
0167:00407 FB3JZ00408005
0167:00407 FB5CALL00407905
0167:00407 FBATESTEAX, EAX
0167:00407 FC3JZ00408005
......

8. We call hmemcpy the system back to winzip airspace area, the program stop at 0167:00407 F73PUSHEDI, the look on it by me instructions 0167:00407 F6DCALL [USER32! GetDlgItemTextA], this CALL is the procedure to take our input data , that is, the CALL Let us bpx hmemcpy to winzip block down. Since winzip CALL fetch with this input things, then certainly after the call to return the results, let us take a look at: The D EDI, the data observed softice area, you will see EDI point to the contents of memory is the input The name "KraneXH";

9. From the program can be seen, not far below the same place where there is a call to USER32! GetDlgItemTextA, both 0167:00407 F8FCALL [USER32! GetDlgItemTextA] this line. Press F10 key several times, went to the CALL to stop the next one, both processes stop at 0167:00407 F95PUSHESI this instruction, the use of D ESI, ESI same point we can see the contents of the memory region is registered input code "12345678." Winzip has now entered the name and registration code we have to come by, let us look at it what to do next?

10. To continue to press F10 many times, when the program went 0167:00407 FA1CMPBYTE PTR [0048CD78], 00 when to stop, this instruction will be data in the memory 0048CD78 and 00 more, and then compare the results to determine procedures. With D 0048CD78, observed softice data area, we can see 0048CD78 the data is "KraneXH", now we know the role of this instruction is to determine whether the name of our input is empty, if not entered anything, the program will Skip 00,408,005 to; the same, according to F10 went 0407FACCMPBYTE PTR [0048CDA4], 00 line stop, and then use D 0048CDA4, you can see 0048CDA4 the data is "12345678." As we enter the name and registration code, so the program does not jump to 00408005 to, the program checks the input name and registration code, if any one does not enter (both its value is 00), the program will jump to 00408005, thus we should think very likely display an error 00408005 place, that is, when the program reached 00,408,005, when the input of name and registration code is wrong;

11. Press F10 twice to the following that CALL00407905 (because the process just stops at 0167:00407 FACCMPBYTE PTR [0048CDA4], 00 above):
......
0167:00407 FB5CALL00407905 鈫?- program stops here
0167:00407 FBATESTEAX, EAX
0167:00407 FC3JZ00408005
......
Procedure to judge whether the input name and registration key after the call is empty CALL00407905, that the results returned to the CALL EAX, the EAX value judgments according to procedures. From the program can know that if the return value of EAX is 0, then the program will jump to 00,408,005, that is, we determine there is a problem just the place. CALL What are they going to hide then the transmission of the disease you? Is not yet clear, and then press F10 twice to JZ00408005 stop. Now look at softice of zero (ie Z) flag, its value is zero, so the program will jump to 00408005, 00408005 Let us see what happens by F10 jump:
......
0167:00408005 CALL004082A6 鈫?- program stops here
0167:0040800 APUSH0000028E
0167:0040800 FCALL0043F5ED
0167:00408014 PUSHEAX
0167:00408015 PUSHEBX
0167:00408016 PUSH3D
0167:00408018 CALL00430025 鈫?- Error Box
0167:0040801 DADDESP, 10
0167:00408020 INCDWORD PTR [00487AF8]
0167:00408026 CMPDWORD PTR [00487AF8], 03 鈫?- to judge whether the number of errors to 3 times?
0167:0040802 DJNZ0040812C
0167:00408033 PUSH00
0167:00408035 PUSHEBX
0167:00408036 CALL [USER32! EndDialog]
0167:0040803 CJMP0040812C
......

12. Has been passed by F10 0167:00408018 CALL00430025, this is the program pop out a window, a warning: Incomplete or incorrect information (incomplete or incorrect information), the program came up here is very clear: if the program in the preceding Skip 00,408,005 to time, enter the name and registration code that is wrong, so just compare that 0167:00407 FB5CALL00407905 must enter the registration code is the right place, that is, which certainly will enter the registration code and correct our The registration code comparison Therefore, we have to go take a look into the CALL00430025. If you continue to read the following statement CALL00430025, you will see the following few:
0167:00408020 INCDWORD PTR [00487AF8]
0167:00408026 CMPDWORD PTR [00487AF8], 03
0167:0040802 DJNZ0040812C
Process value first memory 00487AF8 Department plus 1 (the initial value of 0, can be used in this statement before the D 00487AF8 view), and then compare whether it is 3, if not to jump 0040812C, if the implementation of the subsequent 0167 : 00408036CALL [USER32! EndDialog], its role is to close the dialog box, that is, we enter the name and registration code window. We can see here the role of procedure is to check the error input name, registration code whether the number of errors to 3 times, if to 3 times, then close the dialog box, do not allow re-importation; if less than 3 times, can be have the opportunity to once again enter the name and registration code.

13. Repeat the previous steps 1 through 11, let the program stop at 0167:00407 FB5CALL00407905, and then press F8 to enter the inside CALL:
......
0167:004079 D5PUSHEBP
0167:004079 D6PUSHEBP, ESP
0167:004079 D8SUBESP, 00000208
0167:004079 DEPUSHEBX
0167:004079 DFPUSHESI
0167:004079 E0XORESI, ESI
0167:004079 E2CMPBYTE PTR [0048CD78], 00
0167:004079 E9PUSHEDI
0167:004079 EAJZ00407A8A
......

14. Press F10 key to N times (I do not know a few times, you count it ^_^), has been stopped to the following areas:
......
0167:00407 A91LEAEAX, [EBP-0140] 鈫?- program stops here
0167:00407 A97PUSHEAX
0167:00407 A98PUSHEDI 鈫?- EDI point to enter the name of "KraneXH"
0167:00407 A99CALL00407B47 鈫?- Calculation of License
0167:00407 A9EMOVESI, 0048CDA4
0167:00407 AA3LEAEAX, [EBP-0140]
0167:00407 AA9PUSHESI 鈫?- ESI point to enter the registration code "12345678"
0167:00407 AAAPUSHEAX 鈫?- EAX pointing to the correct registration code "5CFC0875"
0167:00407 AABCALL004692D0
0167:00407 AB0ADDESP, 10
0167:00407 AB3NEGEAX
0167:00407 AB5SBBEAX, EAX
0167:00407 AB7INCEAX
0167:00407 AB8MOV [00489FDC], EAX
0167:00407 ABDJNZ00407B27
0167:00407 ABFLEAEAX, [EBP-0140]
0167:00407 AC5PUSHEAX
0167:00407 AC6PUSHEDI 鈫?- EDI point to enter the name of "KraneXH"
0167:00407 AC7CALL00407BE4 鈫?- Calculation of License
0167:00407 ACCLEAEAX, [EBP-0140]
0167:00407 AD2PUSHESI 鈫?- ESI point to enter the registration code "12345678"
0167:00407 AD3PUSHEAX 鈫?- EAX pointing to the correct registration code "23804216"
0167:00407 AD4CALL004692D0
0167:00407 AD9ADDESP, 10
0167:00407 ADCNEGEAX
0167:00407 ADESBBEAX, EAX
0167:00407 AE0INCEAX
0167:00407 AE1MOV [00489FDC], EAX
0167:00407 AE6JNZ00407B27
......

15. We must ask: Why stop here, and not other places? I have been in the previous procedure with D backup bin conf config data eshow_sitemap.html generate.sh log maint sitemap.html svn tmp read, and did not find anything suspicious ah ^ _ ^!

Press F10 went 0167:00407 A99CALL00407B47 Department, with the D EAX and D EDI to observe what is inside? We can see the EDI point to enter the name of "KraneXH", EAX points to no particular area of memory data; immediately following CALL00407B47 would "KraneXH" some treatment, specific we do not know, continue to go backwards;

16. By F10 went 0167:00407 AABCALL004692D0 this one, then D ESI and D EAX view the data in memory, you can see ESI point we enter the registration code "12345678", and EAX points to another string of characters "5CFC0875". Needless to say, in all likelihood this is the correct registration code, they must write it on paper it ^ _ ^! Continue to go down, we will immediately find another place below a similar program segment, which are also a bunch of code "23804216";

17. Verify License: press F5 to return winzip, choose to register, enter the name of "KraneXH" and the registration code "5CFC0875" or "23804216." Then you see? Registration Successful screen appears, directly confirm buttoned, and Ha ha ha. . . !

18. Now we know CALL00407B47 the role of this statement is based on the name of our input to calculate the correct registration code, then enter the registration code and our comparison to see whether the two are equal. Take care of things: Last but not with CTRL + D exhaled softice, then under the command BC backup bin conf config data eshow_sitemap.html generate.sh log maint sitemap.html svn tmp clear all breakpoints! !







相关链接:



Lesson: Payment orders I have lost 170 000



Moderate BPM



SAIC Ssangyong Qin Zhu



WIZARD Religion



MTS to AVI



DAT to 3GP



Compare Browser Tools



Pipeline



Good Chat And Instant Messaging



Closed more than 80 million Baidu PPC Keywords



lg kc 780 ideal for PHOTOGRAPHY



Taste CorelDRAW10: color docker



Do Small Business Know-how To Master The Four



DivX to ZUNE



Fraud warning: Fishing the latest plot and potential threats



Operators Around Loose Charges Tariff War Is Inevitable That The First



Posted by at 5 comments:

Tuesday, October 5, 2010

"Dragon Century: The Origin of" combat experience to know the 10 o'clock



"Dragon Century: The Origin of" combat experience to know the ten-point: to play the 2 days of HARD difficulty DAO, beginning with the thieves, later changed to play the Master, I feel this game is very challenging ... fighting talk here Some say my experience, the right hand suffered when to English people or novice RPG suggestions it:

1. To keep in mind this game is the RPG, not the ACT! Space is to always press, and his teammates also want to switch at any time, do not operate a fantasy figure what to use to go places open up relations skills ...

2. DAO skills for each character, not much, with the very important battle shield to attack the enemy archers Master or taken away, the Master Control archers or BOSS These are the basic principles

3. Because there DAO determine the impact, the card position is very important, especially in the indoor ... two soldiers gatekeepers can often be more effective, sometimes not four individuals playing an enemy, close combat, then if all you will find several teammates be stopped ...

4. Narrow the angle for the individual operation, the situation can be observed widening of the distribution of his teammates

5. Careful trap! AI is very clever often lead you into traps, if you see an enemy to fight a few turned to run it must take care ....

6. To all the scope of magic will accidentally injure teammates! But do not dare to use, with a good range of magic words is often the key to reversing the situation of the war

7. Although the spell does not need to sleep and memory, but must remember the magic of energy can not you think so much! Strict budgeting skills each of your release (wash down medicine can solve some problems, but not entirely wash down medicine)

8. At the tactical setting with their own blood in less than 25% when the automatic wash down medicine, it makes you a lot ... not easy to not want to wash down medicine! Particular characters did not heal once the case ... do not fall over if the Chapter a success of a

9. Spells and bows and arrows are trajectories, and wood, stone, shrubs, and even terrain are likely to block your attacks, be careful of their stations

10. This game BOSS is not terrible, terrible thing is the 4 on the N of the field, you do not want to repeat again and again the words of dialogue, remember that before the war record ...







Recommended links:



MOV to MP4



The basic CONCEPTS of object-oriented



MPEG TO MOV



E-cology in the Pan Micro Series 39: 24 hour online training center



UML in practice, the current situation and some of the Recommendations [2]



Hart governance "disease" Hewlett-Packard



How to avoid the invasion of Trojan



DIGITAL Hospital



Half an Hour to teach you learn regular expressions



Easy To Use Astronomy



MP4 to WMP



quot error loading c windows System32 nvmctray



Teach you to quickly Identify "Sasser"



Premier Network Monitoring



Posted by at No comments:

Wednesday, September 29, 2010

Interview with Lei Jun: 3-year commitment to rewrite the WPS their courage unmatched


Sina Technology News, "we in the chat before you installed the software first try, it will be easier talking to some." Before the dialogue, Kingsoft CEO Lei Jun person to act as the promoters smiling, helping with the installation of Sina Technology WPS Office 2005.

At 14 o'clock on the September 12th, Kingsoft WPS Office released its latest 2005 version. Lei Jun words, this product may bring you unexpected revolution. This product Jinshan spent 3 years to re-write code, the previous 10 years of successful development and once they give up.

Lei Jun believe that more and more junk code that will increase product updates Is. The development of the Internet will bring a new definition to the software, in this context, Jinshan the courage to rewrite the code to make a decision.

Determination in the moment, not everyone understands. In the beginning, Lei Jun is also earnestly to comfort those who have developed WPS 10-year-old old program developers have the sad feeling.

He said that if Jinshan innovation, it must respect the fact that the user habits, imitation, and all the features of existing Office. And then carry out their own innovations, and then to achieve a breakthrough in the Internet environment.

Finally, in Zhuhai, after spending more than 100 people took 3 years of hard development and support of tens of millions of yuan after the completion of this with the "revolutionary" WPS Office 2005.

Lei Jun said that the decision on the SAN before and after the process:

At the recent Beijing "Fortune Forum", I told Jerry Yang demonstrates WPS Office 2005 this version. He asked me a question, "Why StarOffice are beat Microsoft, you have to fight over?" I told him that nobody dared to go inside because the rewriting software code.

WPS Office if you do not rewrite the code, still according to the original idea to do so, to achieve the same functionality and Microsoft is not possible, can only be approximate. Therefore, 3 years ago, I think, have to rewrite code. Microsoft Office has become the de facto market standard, we should fully respect the user habits can make a satisfactory alternative to the user.

But this effort is unprecedented, and we need courage is also unprecedented. Few software companies have the courage to do so, including Microsoft.

Determined to rewrite the entire code of a software is very difficult, you have to ensure that more than 100 individual finish three years to rewrite the five million lines of code. Can not finish on time? Can not do a good job? Another fellow is changing, that time came out so we can adapt to do? These are difficult, risky.

We also made some arrangements, the WPS cut R & D team of two teams in Beijing and Zhuhai. Among them, Beijing is based on the original code improvement, functional improvement, according to the way go on, WPS Office 2003, and hurricanes Edition is the group to do. Zhuhai team is responsible for rewriting.

Development process, Jinshan also comply with many rules, intellectual property issues very carefully, not only to rewrite all the code, to ensure no one team from Microsoft, a Microsoft lawyer also retrieve all the patents registered in China. Finally this process took three years and a month.

Now individual users can go online for free download WPS Office 2005 Personal Edition, download the package only 15.4M, which includes text, spreadsheet, presentation, and all other functions. First released last year, the government version of WPS Office 2005, with a year to actually use, but also conducted large-scale enterprise applications and user testing of the perfect.

Its advantage is obvious. Jinshan on the government procurement market can not worry about how much this release is to inform you that the true competitiveness of this product. We may not realize this will lead to revolution.

It also has a lot of innovation inside the first innovation is the design for the network operating system. The future of the Internet may not process a, and now the Internet news, as proceedings are hyperlinks, and only one interface only.

One trend is the future of the Internet, the Internet to do the hard disk, hard disk so the cache. I'm sure the next 3,5 years is Fast access bandwidth. The concept of the future will be no software that is running the background. Direct calls to come out when Internet bandwidth is infinite, then users do not install any programs, opened the machine, a few seconds to download to complete. WPS is designed for this.

In the future, WPS Office if any problems or have any updates, the updates in the background. Users simply do not feel in front. He also felt he was not the software, future software will have been as common as table and chairs had.

The second step is to support Linux, but also consider the high efficiency. If you support Linux, then write with JAVA became, but felt a little slow the use of JAVA, so using the C language. This was also under a very large commitment.

Jinshan hope that in 3 months can be downloaded 500 million copies. Market, mainly for government and enterprise market sales.

But our main effort will be spent on overseas market development. Jinshan in the Japanese market earlier this year set up a subsidiary in early tomorrow, I will go to Japan, the Japanese release Duba. Online games in Vietnam, Singapore, Malaysia and other markets have also made good. In overseas markets, WPS will take great effort to do the same.






Recommended links:



The Origin And Nature Of Marketing Warfare



Chen Wende: Narrow City Rushed Machine Must



Catalogs Clipboard Tools



Good Web Development



eBiz.scm INTRODUCTION



50% stake in MSN China, the main message would be easy to pass and then mad



Catalogs Games Card



Religion evaluation



MOV to MP4



SWF to MP4



OGM converter



Element Union and day encounter in the rubber of the Kingdom of Thinking



Asia-Pacific Broadcasting Union General Assembly: the young man is the main consumer groups IPTV



ChinaByte Jian Yang: Dell You In The End Yuan Buyuan



Unicom Officially Started Selling 30 IPhone "contract User" Pay 1 Month Prognosis,



Wang Haibo: Society World Partners, With 10 000 Win



Posted by at No comments:

Thursday, September 16, 2010

IDS weaknesses and limitations (2)




1.2.5 Intrusion variant
1.2.5.1 HTTP attack variant
Repeat the directory separator ,'/'' into'//''銆?br />The current directory, '/ cgi-bin/phf''into the' / cgi-bin/./phf''.
Parent directory, '/ cgi-bin/phf''into the' / cgi-bin/xxx/../phf''.
URL encoding, '/ cgi-bin /''becomes'% 2fcgi-bin /''.
Use TAB instead of spaces and other separators.
NULL method, 'GET% 00/cgi-bin/phf''.
GET outside use other methods such as POST.
Change the parameters of the order, add the unwanted parameters.
For IIS, there are the following:
DOS / Win under the directory separator, '/ winnt/system32/cmd.exe''into the' / winntsystem32cmd.exe''.
Case conversion, such as cmd.exe into CMD.EXE.
IIS second decoder, such as cmd.exe into% 2563md.exe,% 25 and then decoded to decode% 63''%'', as''c''.
UNICODE encoding, such as cmd.exe into the% c0% 63md.exe. UNICODE encoding more complex because there are very few NIDS can decode it.

1.2.5.2 Telnet attack variant
Use the backspace key.
Using the Tab key for command padded.
Use Shell to execute attack code.
Using macros.
Add a useless argument.
In fact very difficult to detect those NIDS Telnet to connect to the server through the local after the attack.

1.2.6 TCP / IP protocol limitations
As TCP / IP design did not consider good security, so now IPV4 security is worrying, in addition to the above problems arising due to network structure, there are some limitations below.

1.2.6.1 IP fragmentation
Packet fragmentation, some NIDS can not restructure IP fragmentation, or more than its capacity, you can bypass the NIDS.
A maximum of 8192 IP datagram fragmentation, NIDS performance parameters of a reorganization shall be able to slice the largest number of IP.
NIDS every IP received a new IP datagram fragmentation when the fragment will start a restructuring process, after the reorganization is complete, or timeout (typically 15 seconds of overtime) Close this restructuring process, NIDS performance parameters of a shall simultaneously restructuring the number of IP packets.
An IP datagram maximum 64K, as ready to receive a IP datagram, NIDS will be ready enough memory to accommodate the upcoming follow-up fragments, NIDS performance parameters of a reorganization shall be to the largest IP datagram .
Combining above three parameters, namely, in the time-out time NIDS (for example 15 seconds) while preparing for maximum internal energy (for example, 64K) The number of IP datagram reorganization.
If the NIDS received packets over the limit, NIDS have packet loss, which occurred DoS attacks.

1.2.6.2 IP fragment overlap
IP packet fragmentation in the reorganization of the time, if met, then overlapping fragments, each operating system is not the same approach, for example, some systems will use the first received fragment (Windows and Solaris), some will be adopted after the closing to the slice (BSD and Linux), if the overlapping fragment of data is not the same thing, and NIDS approach is different with the protected host, it will lead to NIDS packet after the reorganization of the protected host and the packet is inconsistent, NIDS to bypass the detection.
For example, TCP or UDP can overlap the destination port, and then penetrate through most firewalls now, and may bypass the NIDS.
You can also overlap TCP flags, so that NIDS can not correctly detect the TCP FIN packet, so that NIDS soon to be able to simultaneously monitor the maximum number of TCP connections; to NIDS can not correctly detect TCP SYN packet, so that NIDS can not detect TCP connection due.

1.2.6.3 TCP segmentation
If the NIDS can not be re-TCP stream, you can bypass the TCP segmentation to NIDS.
Some unusual TCP segmentation will confuse some of NIDS.

1.2.6.4 TCP un-sync
Sent the wrong in the TCP sequence number, send the duplicate serial number, reverse the order to send such, it is possible to bypass the NIDS.

1.2.6.5 OOB
Attacker to send OOB data is protected if the host application can handle OOB, as NIDS can not predict the protected buffer when the host received OOB data in the number of normal, they may bypass the NIDS.
Some systems, when dealing with OOB will be the beginning of a byte of data discarded (such as Linux, the Apache, but IIS is not), then by sending in more than one TCP segment, including options with OOB TCP segment, then NIDS may lead to the data stream after the reorganization of the host and the protected application is inconsistent, and thus bypass the NIDS.

1.2.6.6 T / TCP
If the destination host can handle things TCP (currently very few systems support), an attacker can send transaction TCP, NIDS may not be protected with the host application on the same treatment, which may bypass the NIDS.

1.3 Resource and capacity constraints

The DoS attack against the NIDS 1.3.1.

1.3.1.1 the impact of high flow
Attacker to the protected network to send large amounts of data, more than NIDS processing power is limited, the situation of packet loss will occur, which may lead to acts of omission of the invasion.
NIDS network packet capture capabilities associated with a number of factors. For example, 1500 bytes in each packet case, NIDS will be over 100MB / s of processing power, even to more than 500MB / s of processing power, but if only 50 bytes per packet, 100MB / s of traffic means that 2 million package / s, most of which will exceed the current handling capacity of cards and switches.

1.3.1.2 IP fragmentation attacks
Attacker to the protected network to send a large number of IP fragments (such as TARGA3 attacks), more than NIDS IP fragments can be simultaneously restructuring capacity, leading technology through IP fragmentation attacks omitted.

1.3.1.3 TCP Connect Flooding
Attacker to create or simulate a large number of TCP connections (described by the above method of IP fragment overlap), while more than NIDS to monitor the maximum number of TCP connections, resulting in unnecessary TCP connection can not be monitored.

1.3.1.4 Alert Flooding
Attacker can detect the light of the rules posted on the network, while the attack would deliberately send a large number of alarm caused by NIDS data (such as stick attack), may exceed the speed NIDS to send alarm, resulting in omission, and to network received a large number of alarm, it is difficult to distinguish real attacks.
If you send 100 bytes can generate an alarm, you can generate per second through dial-up 50 police, 10M LAN can produce 10 thousand per second alarm.

1.3.1.5 Log Flooding
The attacker will send large amounts of data caused by NIDS alarms and eventually led to the space NIDS to be depleted Log, Log to delete the previous record.

1.3.2 RAM and hard drive limit
If the NIDS to improving the ability to process the IP fragments and TCP connection monitoring capabilities restructuring, which will require more memory to do the buffer, if the NIDS's memory allocation and management is not good, will the system cost a lot of exceptional circumstances memory, if the start using virtual memory, it will shake the memory may occur.
Hard drive speed is usually far less than the speed of the network, if the alarm system to produce a large number of records to the hard drive, will cost enormous amounts of system capacity, if the system records the original network data, save a large and high-speed network data will require expensive large-capacity RAID.

1.4 NIDS related to the vulnerability of the system
NIDS itself should have very high security, generally used for monitoring the network cards are not IP addresses, and other card will not open any ports. However, associated with the NIDS system may be attacked.

1.4.1 Console host of security vulnerabilities
Some systems have a separate console, if the attacker can control the console to the host computer, you can control the entire NIDS system.

1.4.2 Sensor and the vulnerability of the console communication
If the communication between sensors and the console may be attacked by a successful attack, will affect the normal use of the system. Such as conducting ARP deception or SYN_Flooding.
If the communication between sensors and console explicit communication or simply use encryption, you may be subject to IP spoofing or replay attacks.

1.4.3 and the system alarm and other equipment related to the vulnerability of communications
If an attacker can successfully attack the system alarm and other related equipment, such as mail servers and so on, will affect the alarm message is sent.

2 HIDS weaknesses and limitations

2.1 Resource constraints
As HIDS installed on protected hosts, so the resources can not be too much occupied, thus limiting the detection method used and the processing performance.

2.2 operating system limitations
Unlike NIDS, manufacturers can customize their own operating system, a sufficient security to ensure their own security NIDS, HIDS where the security of the host operating system under its security restrictions, if the host system is compromised, HIDS will soon be cleared. If the HIDS as stand-alone, it is basically not successful attack can only be detected if the HIDS for the sensor / control panel structure, will be faced with the same NIDS attack on the related systems.
Some HIDS will consider increasing the security of the operating system itself (such as LIDS).

2.3 System log limit
HIDS will monitor the system log to discover through the suspicious behavior, but some procedures are not sufficiently detailed system logs, or no logs. Some of the invasion would not in itself be a system log of the proceedings recorded.
If the system does not install third-party logging system, the system's own log system will soon be intruders or modified, and intrusion detection systems typically do not support third-party logging systems.
If there is no real-time inspection system HIDS log, then use automated tools to attack will be entirely possible to complete the inspection interval and clear of all the attack works in the system log traces.

2.4 The core of the system was modified to fool the paper check
If an intruder to modify the system core, you can fool a tool based on file consistency check. It's like the beginning of certain viruses, when they think that by the time of inspection or to track the original documents or data will be available to the inspection tool or tracking tool.

Detection limit of 2.5 Network
Some HIDS can check the network status, but will face many problems facing the NIDS.







相关链接:



Youtube zen



Photoshop top aides - EXTENSIS Photo Graphics (1)



Mp4 To Avi Converter Free



Interview with B & Q (China) Vice President, Human Resources Director Miss Hu Weiyan



News About Games Board



Do for others to do the wedding dress carriers should be out of the "influence" the edge



Neusoft transition stranded behind the overall market REJECTIONS



Convert Xvid To Divx



PICKED Pager Tools



IME TOOL to INPUT more obedient



Jack Ma, Alibaba Will Open A Large Envelope Puzzle



Exchange links need special attention



What rod dealer outlets



Flv Format



Guide Adventure And Roleplay



C # and object-oriented programming language [1]



Posted by at No comments:

Monday, July 26, 2010

Download flying - Thunder support Emule download



As we all know, the current way to download is a "third world": Thunderbolt, BT, eMule. Know the history of electric mule people know, to some extent its resources to stimulate a virtuous cycle of sharing, the electric mule can find more resources available for download, and even more popular resources can be found. But the biggest drawback eMule download is relatively slow, which is gradually increased today, as a constraint we have to download the main contradiction. Remember Thunder 5 launched to support the official version of BT, its end in one fell swoop "BT download speed" of history. The new version of Thunder to support Emule 5 Emule download speed can not be done "to download flying?" Relative to other electric mule download third-party device, it has the characteristics of what makes us heart function?

One, fully support Emule Download Agreement

Click here to download the latest version of Thunder

Thunder now has full support Emule 5 protocol to download, we can be several ways to launch its electric mule download:

1. Right menu

When we right click on the link ed2k, can appear "Use Thunder download" command (Figure 1), then you can open the window shown in Figure 2, that it has been properly resolved, you can download the appropriate resources.




Figure 1, the use of Thunder Download

2. Direct Click

Directly in the ed2k link click, will be out of Thunder 5, and you can download the resource.




Figure 2 download prompt box

3. Replication Monitor

Thunder 5 is turned on by default link to clipboard monitoring, when we copy a ed2k link, the Thunder 5 can also automatically pop up.

4. Copy and paste

Thunder 5, we can also select "File" 鈫?"New" command, and then in the "Address (URL)" ed2k paste the link to download.

Intelligent reader must have felt, which is usually our download any difference! Thunder 5 compatible for the electric mule completely fulfilled the "seamless integration." Allow users to use them very easy to use.

Tips

鈽?Emule ed2k beginning with the agreement is, in fact ed2k is eDonkey (referred to as ED) used the download tool to download the agreement, power of mule is the client for the eDonkey add more features and announced new customer side, electricity is used mules eDonkey 2000 (ed2k) network.

Therefore, it is improved eDonkey, eDonkey has also used the network, its protocol ed2k still the beginning.

鈽?ed in a download link to "ed2k: / /" at the beginning, followed with "|" is divided into three parts: "| file |" after the file name, but it does not play a key role in the download (its role is only To facilitate the search); file name for the file size after the figures, if the film, this value is usually greater video clarity as possible; the last hexadecimal digit code that contains the file's "hash value", which is the ed2k link key information, the file name if different, the same value as long as the Hash file, download the same file to be considered. For example, in "ed2k: / / | file | New Concept English 3-1.rm | 65550389 | 2970C855C64C658D7C2823FD1481D82F | /" this address, "New Concept English 3-1.rm" for the file name, "65550389" for the file size, "2970C855C64C658D7C2823FD1481D82F" is this file "Hash".




Figure 3 Hash

Second, the real high-speed electric mule download

Thunder is known for high-speed download this new version of Thunder 5 did not let us down with it the download speed can be greatly raised! Figure 3, is that we fuse Thunder 5, download speed (the address is: ed2k: / / | file | fuse. Flash.Point.2007.SUBBED.DVDScr.XviD-ZY.avi | 734310400 | 95892320368d22ad7da79517279b3962 | /), to 722KB / s (average of 400KB / s or so). While using VeryCD eMule v0.48a Build 0824 Beta latest version of the download speed up to only more than 160 KB / s (Figure 4). Meanwhile, Thunder 5, the source also much higher than the return to power in mules.




Figure 4 a lot of resources

Is the subject of high-speed downloads, because under the "quantitative cause qualitative change" in philosophy. Only the speed is fast enough, and be able to greatly enhance the availability of downloadable resources. Otherwise, most likely because some resources are too slow, although it can connect, but it is not downloaded, and the "aborted!"

Third, a more intelligent control of the rich

5 also supports the new Thunder more intelligent features, we chose the "Tools" 鈫?"Configuration" and then in the open window, click "EMule / Port Settings", you can see (Figure 5), she now supports the network connection KAD (find more sources), data compression (which can speed up the download), fuzzy agreement (which can break through the download limit), AICH support (re-damaged area can be greatly reduced data of the time), mine features such as Friends of the award between the points. All of these instructions Thunder 5 is no longer in power mule support only a "shell", but a real "entity"!




Figure 5 Set

This article to tell a new version of Thunder 5, one of the largest features: support Emule download. The biggest feature is the download speed, but also to support more intelligent functions. In fact, we have found, in the electric mule can find more resources available for download, and even more popular resources can be found. But it is slow download times are downloading is not down, only looking "anxious." Now this new version of Thunder 5 solved the problem of the "electric mule download speed" written into the annals of history forever. Advanced users a truly comprehensive "Fast download"! In addition, this version of Thunder 5 also support the change in BT task to download the file, you can save more time. Support more downloading of virus scanning module, fully enhance the security of experience.







相关链接:



Photoshop Effect Of Manufacturing Flames Soar



PowerBuilder Menu Creation



Audio Presentation Tools Comments



Brief Audio CD Players



Assembly instructions and the machine code of each conversion



Free download mp4 to 3gp



Mp3 To M4a



Job 10 Kinds Of Unhealthy Attitude Towards Students



Rising 2008, accused of dangerous: not considered extreme?



Evaluate Java And JavaScript



AOC and NEC's high-end chess game



Department of soft-set and sub-scores by major strategy [2]



convert avi to mpeg4



avi to Flash



Premier ANIMATION Tools



"Torch Light," The Game Features Seven New



Posted by at No comments:

Thursday, July 15, 2010

Their "pot of gold" mean?





"Entrepreneurial state" cover story

Editor's note: Most people like to enjoy talking about the legendary winner, and one of the many hardships as a "seasoning" - to further strengthen the legendary. When we are successful as far as possible to restore the early struggle, trying to find the so-called "pot of gold" the secret, they found the truth of life is tortuous, legend does not exist.

Many successful entrepreneurs dug "pot of gold" of the flash points, and was not really big in the main line.

Most people like to relish in the successful legend and one of the many hardships as a "seasoning" - to further strengthen the legendary. When we are successful as far as possible to restore the early struggle, trying to find the so-called "pot of gold" the secret, they found the truth of life is tortuous, legend does not exist.

And now some start-up entrepreneurs at every turn that "the next Google" ambitious goals such as these compared to the beginning of many successful ideas in business are simple, they even just because life is hard or want to change their status quo. In 1980, Far Eastern Group founder Jiang Xipei after the university entrance refused to repeat, insisted on learning to repair watches, Hangzhou, his goal is just to earn enough to 50,000 yuan. Is this year's Liu Xinjin had four brothers are more stable, but her second child Liu Yongxing order to allow the son to eat meat, crying, and Spring streets were put up to electrical repair shop, see Only one chance to make money to stimulate the entrepreneurial brothers desire.

Suffering is indeed a valuable asset. "Superman" Li Ka-shing youth, experienced a Family Decline, uprooted from their homes, school, parent injury pain, with a stubborn will persist in working hard, grow from apprentice richest Chinese. Taiwan has just gone, "god of business," Wang Yung-ching is born poor, working away from home after graduating from elementary school, after several setbacks laid the Formosa Plastics Group, Albert. Wahaha founder Zong and Alibaba founder Jack Ma had one so-called "origin" issues faced hardships, but as the number of words, which are to start laying a solid foundation.

Must be recognized that these successful entrepreneurs are good at seizing the trend of economic development, aimed at one of the big opportunities. Fuyao founder Caode Wang and Lu Guanqiu, founder of Universal Group, coincidentally in the early 1980s saw the start of China's car market, eventually became a global influence of accessory manufacturers. Wang is also with the economic recovery after World War II the opportunities, not only from the timber business is done in real primitive accumulation, but also a successful transition to the petrochemical industry. Shi Zhengrong by virtue of their years of research on solar energy, see the trend of energy restructuring, founded Suntech, one of the industry leaders.

Looking on the generation of entrepreneurial journey, not difficult to find: they even dug the first starting point to the "pot of gold" of the flash points, and was really big in the main were not in agreement. With social progress and mature business environment, start the beginning of a new generation of entrepreneurs have a more clear plan, but also take a lot less "detour." Wang Chuanfu on battery technology with its own accumulation, the creation of BYD quickly become the industry leader, and gradually expand to the field of electric vehicles.

In order to find direction, many people have experienced the beginning and hard to explore, ongoing flexibility to adjust, and eventually clear the main. Local level has become the godfather entrepreneur Liu, in just the time when the sea do not know what to do, in order to survive, sold skates, electronic watches, but also because of reselling TV deceived. Baidu founder Robin Li despite sights on the future of search, but initially could not find a clear profit model, has learned the U.S. Inkotomi, Akamai Technologies, Verity, Google and other companies, eventually find their own way. In fact, this is typical of many of the early pioneering multinational state, such as HP, what business is done from a consulting firm started.

Tencent was founded at the beginning is a system integration has to do not only do the so-called software development outsourcing company, QQ, but is presented with the product of the project, Mr. Ma had once wanted to bring rolling in wealth now sell a small penguin. Ding in the most depressed period of days, but also want to NetEase shot. These can not explain their lack of fortitude will, Maybe it is a true portrayal of business in: anxious, confused, helpless ... ... but they persevered and eventually became the symbol of Chinese Internet enterprises.

Mr. Ma and Ding Lei is no doubt this generation is much more to luck: more relaxed environment for the development of a more equal opportunity, venture capital and other capital assistance, can help enhance the strength of capital markets and the rapid amplification of wealth ... ... Smith Barney Fashion Week into a building is by the founder of a Granular buttons started, and Liu brothers then sold the quail eggs make a sub-penny, they looked long and hard primitive accumulation. In contrast, Ding founded NetEase listed on the realization of 3 years, however, has three years to become China's richest man on paper; Zhengrong Shi founded Suntech 5 years after the landing the NYSE, also occupied the richest man in the place.

British Hoogewerf produced in the same year came up with an idea that China's rich list, I wonder if it is expected that the "wealth" of the subject even in China can cause a huge controversy, "original sin", "Grey King" and even "black gold" as the media and the public focus of attention. It is undeniable that to some extent Hoogewerf awakened people, "wealth" of the new understanding, the rational desire for wealth, inspired more and more people set foot on his own. At the same time, successful entrepreneur who has wealth has a more profound thinking, recently, such as Cao Dewang who to his family held 70% stake in Fuyao charitable foundation set up to help more people access to wealth.







Recommand Link:



Best Converters And Optimizers



mov to avi converter Free



Hope DVD YouTube Video To Pocket PC



Digital CD-R Midi Music to MP2 Player



Youtube Video to Apple TV Plus



flv to mp4 converter free download



Facebook Registration. Cn Domain Name Eagerly Want To Move Into China



CHRISTMASGIFT DVD to M4V



mts FORMAT



YOUTUBE Video to RMVB Popular



Youtube to PS3 Pro



Youtube Movie To PDA Today



My favorite Graphic Viewers



Guide Audio CD Burners



What Is Mov



Posted by at No comments:

Friday, July 2, 2010

Youtube Video to Cell Phone Guide

It's most popular and very easy to use YouTube tools. helps you Fast download, convert, play, manage your favorite YouTube videos. If you're a YouTube fan, you'll love YouTube tool! is the most powerful YouTube assistant on the planet. YouTube tool easily: 1. Fast downloads YouTube videos, 2. Supports unlimited simultaneous downloads (a real time saver!), 3. Automatically names the downloaded video the same as the YouTube title, 4. Converts YouTube videos to various video formats, including Video, DVD, VCD, AVI, MPG, MPEG, Divx, Xvid, WMV, RM, RMVB, MOV, MP4, 3GP, SWF, DAT, H264, VOB, Flash, PDA, M4V, 3G2, AMV, CDA, DV,QuickTime, ASX, TV, VHS, FLV, H264, BDMV, MAC, Apple TV, Zune, iPod, PDA, PSP, PS2, PS3, Xbox, Xbox 360, Mobile Phone, Cell Phone, Blackberry, Wii, Laptops, Printers, Palm OS, Pocket PC, PPC, Treo, Psion, EPOC, iphone.
Easily Convert all popular video formats. Provides the highest speed to download YouTube video. Support unlimited simultaneous downloading tasks. Supports auto-name your downloaded video title as the YoutTube page shows. Offers you the most convenient task management and the easiest control capability. About Conversion Features. - is the most powerful YouTube assistant on the planet.



Recommand Link:



Download video to Cowon D2 Plus soft



DVD to Sony NWZ-E444 software



Bliss CD APE ID3 to M4P Conversion



Explosion WMV Converter



A-one DVD RIPPER



Youtube FLV to BDMV PLUS



video format



Evaluate Pager Tools



reviews Covert Surveillance



Youtube Video to iPod UTILITY



Youtube Video to MPEG Top Rated



Dr.Tag Plus!



Youtube FLV To Xvid Now



Catalogs Icon Tools



ColeSoft DVD to PSP Video Converter



Posted by at No comments:
Labels:
Subscribe to: Posts (Atom)