Joke Collection Website - Blessing messages - How to guard against other people's P2P terminators, don't reply if they are useless! ! ! !

How to guard against other people's P2P terminators, don't reply if they are useless! ! ! !

Try this now

The following article is reproduced from Yingzheng Tianxia Forum

Anti-p2p Terminator (Say Goodbye to Traffic Control) Simplified Special Edition

< p> Due to the recent popularity of the cracked version of p2p Terminator on the Internet, it has been abused by many people, causing many people to have slow Internet speeds, unable to access the Internet normally, and suffering from traffic control. After downloading and decompressing, there will be two applications: WinPcap_3_0 and ap2pover; first execute WinPcap_3_0 to install, then run ap2pover, select the type of network card you are using, and then click to kill the p2p terminator. Haha, everything ends here. You have bid farewell to the p2p terminator's control of your traffic. I hope this software can help all friends who love learning but suffer from traffic control~~

Download: /downinfo/201.html

The following article is reproduced from the Feifan Forum

In the face of LAN users abusing the Network Law Enforcement Officer, p2p Terminator and other network management software cracking methods

Summary of the Network Law Enforcement Officer, p2p Terminator How to prevent network management software from using arp spoofing

First of all, let me explain. After BT and Xunlei are upgraded, this software will block them. In other words, the BT download speed is likely to become 0. Solution Just set it up.

Change BT to permanently trust this program. Also, do not record the program's records. Xunlei also needs to be set up.

First of all, introduce a super good firewall For everyone: Outpost Firewall. It can protect against malware such as p2p terminator. The effect is super good. It can also find out which machine is in use on the LAN. This firewall is powerful, takes up less resources, and has a personal rating of 5 stars. Everyone can go online. Look it up.

I have been very depressed these days. My classmates on the same LAN often use p2p terminators to limit the traffic of users on the network. This makes everyone very annoyed, but since they are classmates, it is hard to explain clearly. , and later successfully solved this problem with the help of the search function of Feifan Forum

Let me state in advance that I am a novice, but I would also like to suggest here that Feifan friends who are at the same level as me should use Feifan more The search function is really much faster than posting in the "Help Area" (in some respects), and you can also learn things by yourself

The information I searched for is summarized as follows: In order to facilitate my friends who encounter the same problem in the future to search for complete information, I would also like to thank "zzswans", my friend, for helping me!

In fact, network management software like this uses arp spoofing to achieve its purpose.

The principle is to prevent the computer from finding the MAC address of the gateway.

So what exactly is ARP spoofing?

First of all, let me tell you what ARP is. ARP (Address Resolution Protocol) is an address resolution protocol, which is a protocol that converts IP addresses into physical addresses. There are two ways to map from IP addresses to physical addresses: tabular and non-tabular.

To be specific, ARP resolves the address of the network layer (IP layer, which is equivalent to the third layer of OSI) into the data connection layer (MAC layer, which is equivalent to the second layer of OSI). MAC address.

ARP principle: When a machine A wants to send a message to host B, it will query the local ARP cache table. After finding the MAC address corresponding to B's IP address, the data will be transmitted. If not found, A will broadcast an ARP request message (carrying host A's IP address Ia - physical address Pa), requesting host B with IP address Ib to reply with physical address Pb. All hosts on the network, including B, receive the ARP request, but only host B recognizes its own IP address, so it sends an ARP response message back to host A. It contains B's MAC address. After A receives B's response, it will update the local ARP cache. Then use this MAC address to send data (the MAC address is appended by the network card). Therefore, the ARP table of the local cache is the basis for local network circulation, and this cache is dynamic.

The ARP protocol does not only receive ARP replies after sending ARP requests. When the computer receives an ARP reply packet, it updates the local ARP cache and stores the IP and MAC addresses in the reply in the ARP cache. Therefore, when a machine B in the local network sends a forged ARP response to A, and if this response is forged by B pretending to be C, that is, the IP address is the IP of C and the MAC address is forged, then when A After receiving B's forged ARP reply, the local ARP cache will be updated, so that from A's perspective, C's IP address has not changed, but its MAC address is no longer the original one. Because network traffic on the LAN is not based on IP addresses, but is transmitted based on MAC addresses. Therefore, the forged MAC address is changed to a non-existent MAC address on A, which will cause network failure and cause A to be unable to ping C! This is a simple ARP spoofing.

Solution

To sum up, there are the following methods:

1. Use VLAN

As long as your PC and P2P terminator software are not In the same VLAN, he can't do anything to you.

2. Use two-way IP/MAC binding

Bind the MAC address of your egress router on the PC, P2P termination Terminator software cannot spoof ARP on you, and naturally it cannot control you. However, it is only the MAC of the router bound to the PC.

It is not safe because the P2P terminator software can spoof the router, so the best solution is Use PC and bidirectional IP/MAC binding on the route. That is to say, bind the MAC address of the outgoing route on the PC

and bind the IP and MAC address of the PC on the route. This requires the route to support IP/MAC binding, such as HIPER router.

3. Use IP/MAC address theft + IP/MAC binding

Simply change your MAC address and IP address to The IP and MAC are the same as those of the person running the P2P terminator software. It depends on how he manages it. This is a lose-lose approach.

There must be some tricks in the changes, otherwise IP conflicts will be reported. The MAC must be changed first. address, and then change the IP, so that WINDOWS will not report an IP conflict (windows is stupid))), this step is not over yet, it is best for you to bind the MAC address of the router on the PC, so that P2P Terminator's efforts to spoof routing are in vain.

I think the above methods are not suitable for my environment, so I adopted the following solution:

Use Look N Stop firewall to prevent arp spoofing

1. Prevent network law enforcement officers from controlling

Network law enforcement officers use ARp spoofing to achieve control purposes.

The ARP protocol is used to resolve the correspondence between IP and MAC, so the following methods can be used to resist the control of network law enforcement officers.

If your machine is not ready to communicate with machines on the LAN, you can use the following method:

A. In "Internet Filtering" there is an "ARP: Authorize all ARP" packets" rule, put a prohibition mark in front of this rule;

B. But this rule will also prohibit the gateway information by default. The solution is to change the MAC address of the gateway (usually the gateway is fixed) Place it in the "Destination" area of ??this rule, select "Not equal to" in "Ethernet: Address", and fill in the MAC address of the gateway at that time; put your own MAC address in the "Source" area, in the " Select "Not equal to" in "Ethernet: Address".

C. In the last "All other packet", modify the "Destination" area of ??this rule, select "Not equal to" in "Ethernet: Address", and fill in FF:FF in the MAC address. :FF:FF:FF:FF; put your MAC address in the "Source" area, and select "Not equal to" in "Ethernet: Address". No other changes will be made.

In this way, cyber law enforcement officers are powerless.

This method is suitable for situations where it does not communicate with other machines in the LAN and the gateway address is fixed.

If your machine needs to communicate with machines on the LAN and only needs to get rid of the control of the network law enforcement officer, then the following method is simpler and more practical (this method has nothing to do with firewalls):

Enter the command line state and run "ARP -s Gateway IP Gateway MAC". To obtain the gateway's MAC, just ping the gateway and then use the Arp -a command to view the correspondence between the gateway's IP and MAC. This method should be more general and work well when the gateway address is variable, just repeat "ARP -s gateway IP gateway MAC". This command is used to create a static ARP resolution table.

In addition, I heard that OP firewall can also block, but I have not tried it, so friends who are interested can try it

Interlude:

In the meantime, I I also used network agents to find out who was using the p2p terminator. Through detection

I found that the host was sending data to me through UDP port 137,

So As a newbie, I imagined blocking this port with a firewall

and then blacklisting everyone on the LAN,

preventing them from communicating with me

It seems that it can also achieve the purpose of preventing being controlled

As suggested by zzswans friends here, arp is not based on ports. Ports are only included in the tcpip protocol, and there is no concept of ports in the arp protocol. , so maybe this method won’t work

But I think I have thought about it and gained experience, which is the most important thing

Also, Feifan’s friends are very It's good. If you have any questions, ask them. Everyone is very enthusiastic to help you. I really like the atmosphere of Feifan.

Because there is no way to restore too much text in the text message, I posted it again.

Reposted articles from other forums.

Network Law Enforcement Officer is a network management software that can be used to manage local area networks and prohibit any machine on the local area network from connecting to the network. For network administrators, this function is naturally very good, but it will be troublesome if others in the LAN also use this function. Because this will at least cause others to be unable to access the Internet, and at worst it will cause the entire local area network to be paralyzed. What's the solution? Please take a look at the following tricks and their principles.

1. Introduction to the Network Law Enforcement Officer

We can run the main program NetRobocop.exe of the Network Law Enforcement Officer on any machine in the LAN. It can penetrate firewalls, monitor in real time, Record the entire LAN user online status, limit the IP and time period used by each user when online, and kick illegal users off the LAN. The software is applicable within the LAN and cannot monitor or manage machines outside the gateway or router. It is suitable for use by LAN administrators.

In Network Law Enforcement Officer, if you want to restrict a certain machine from accessing the Internet, just click "Permissions" in the "Network Card" menu, select the specified network card number or click on the row of the network card in the user list, and then Select "Permissions" from the right-click menu, and you can restrict the user's permissions in the pop-up dialog box. For unregistered network cards, you can limit their online access in this way: as long as all known users are set (registered), change the default permissions of the network card to prohibit online to prevent all unknown network cards from going online. Using these two functions, users can be restricted from accessing the Internet. The principle is to send the attacked computer a fake MAC corresponding to the gateway IP address through ARP spoofing, so that it cannot find the real MAC address of the gateway, so that it can be prohibited from accessing the Internet.

2. The principle of ARP spoofing

The ARP spoofing used in network law enforcement prevents the attacked computer from accessing the Internet. The principle is to prevent the computer from finding the MAC address of the gateway. So what exactly is ARP spoofing?

This is the principle that Internet law enforcement officers use! Once you know its principle, it will be much easier to break through its defenses.

3. Modify the MAC address to break through the blockade of network law enforcement officers

Based on the above analysis, it is not difficult for us to conclude that as long as the MAC address is modified, the scanning of network law enforcement officers can be deceived. , thereby achieving the purpose of breaking through the blockade. The following is how to modify the MAC address of the network card:

Enter regedit in "Run" in the "Start" menu, open the registry editor, and expand the registry to: HKEY_LOCAL_

MACHINE\ System\CurrentControl

Set\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE103

18} subkey, 0000, 0001, 0002 and other branches under the subkey Search for DriverDesc (if you have more than one network card, there are 0001, 0002... Information about your network card is saved here, and the content of DriverDesc is the information description of the network card. For example, my network card is Intel 210

41 based Ethernet Controller), here it is assumed that your network card is in the 0000 subkey.

Add a string under the 0000 subkey and name it "NetworkAddress". The key value is the modified MAC address, which must be 12 consecutive hexadecimal numbers. Then create a new subkey named NetworkAddress in NDI\params under the "0000" subkey, and add a string named "default" under the subkey. The key value is the modified MAC address.

Continue to create a string named "ParamDesc" under the subkey of NetworkAddress, which is used to specify the description of Network

Address, and its value can be "MAC Address".

In this way, after opening the "Properties" of Network Neighborhood, double-click the corresponding network card, you will find an "Advanced" setting, under which there is an option for MAC Address, which is the new item "NetworkAddress" you added to the registry. In the future, just Just modify the MAC address.

Close the registry and restart. Your network card address has been changed. Open the properties of Network Neighborhood, double-click the corresponding network card item, and you will find an advanced setting item for MAC Address, which can be used to directly modify the MAC address.

The MAC address is also called the physical address, hardware address or link address. It is written inside the hardware when it is produced by the network equipment manufacturer. This address has nothing to do with the network, that is, no matter where the hardware with this address (such as a network card, hub, router, etc.) is connected to the network, it will have the same MAC address. The MAC address generally cannot be changed and cannot be changed by the user himself. set up. The MAC address is usually expressed as 12 hexadecimal numbers, and each two hexadecimal numbers are separated by colons. For example: 08:00:20:0A:8C:6D is a MAC address, of which the first 6 hexadecimal digits are System number, 08:00:20 represents the number of the network hardware manufacturer, which is assigned by IEEE, and the following 3-digit hexadecimal number 0A:8C:6D represents the series of a certain network product (such as a network card) manufactured by the manufacturer Number. Each network manufacturer must ensure that every Ethernet device it makes has the same first three bytes and different last three bytes. This ensures that every Ethernet device in the world has a unique MAC address.

In addition, the principle of the network law enforcement officer is to use ARP spoofing to send the MAC address corresponding to the fake gateway IP address to a certain computer, so that it cannot find the real MAC address of the gateway. Therefore, as long as we modify the IP to MAC mapping, we can invalidate the ARP spoofing of the Network Law Enforcement Officer and break through its limitations. You can ping the gateway in advance, then use the ARP -a command to get the gateway's MAC address, and finally use the ARP -s IP network card MAC address command to map the gateway's IP address to its MAC address.

4. Find the other party that prevents you from accessing the Internet

After unblocking the network law enforcement officer, we can use Arpkiller's "Sniffer Killer" to scan the entire LAN IP segment and then find the address. Computers in "promiscuous" mode can discover each other. The specific method is: run Arpkiller, then click "Sniffer Monitoring Tool", enter the starting and ending IP of the detection in the "Sniffer Killer" window that appears, and click "Start Detection".

After the detection is completed, if the corresponding IP is a green hat icon, it means that the IP is in normal mode. If it is a red hat icon, it means that the network card is in promiscuous mode. That's what we're targeting, that's this guy using Cyber ??Enforcement to cause trouble.

I am also in mixed mode when scanning, so I cannot be counted among them!