网络犯罪侦察技术3.ppt

Cyber-crime investigative techniques ;chapter3 Analysis key technology Principle of Common network attacks;3.1 crack passwords;3.1.2 Password attack conditions and technical methodology The attacker to carry out attacks usually require a password following conditions:  High-performance computers;  Large-capacity on-line dictionary or other characters List; Known encryption algorithm;  The password readable document;  Password a higher probability included in the dictionary of the attack.; Generally speaking, password attacks include the following two steps: ? First step: access password file; ? Second step: using a variety of encryption algorithms dictionary table or other characters in the text encryption, and the results were compared with the password file. Attacks technology commonly used passwords are: ?? Violence crack; ?? Speculation attack.;3.2 Sniffer;The principle of sniffer;Sniffer Programming;3.3 Network port Scanning;3.3.2 Technology analysis 1、Connectivity scanning A: Client-SYN B:Client-SYN Server-SYN/ACK Server-RST|ACK Client-ACK Client-RST ;2、Semi-connected scanning 3、SYN scanning 4、ID head scanning ; 5、Concealed scanning 6、SYN|ACK scanning 7、FIN scanning; 8、ACK scanning 9、NULL scanning 10、XMAS scanning To sum up, through port scanning technology are set up TCP format of the value of a particular field, and then returned to the mainframe under target information to judge whether the fracture open.;3.4 Buffer Overflow;What is buffer overflow;Overview To put it simply, is to stack buffer overflow in the allocation of local data block written into the beyond its actual size distribution data, resulting in cross-border data, the results cover the original stack data.; int main(int argc,char **argv) { char buf[10]; strcpy(buf,argv[1]); printf(bufs 0x%8x\n,buf); return 0; } ;#include stdio.h int main() { char name[8]; printf(your name:); gets(name);