This presentation is the property of its rightful owner.
Sponsored Links
1 / 122

计算机安全与保密技术 PowerPoint PPT Presentation


  • 90 Views
  • Uploaded on
  • Presentation posted in: General

计算机安全与保密技术. 教案 邓亚平 2002 年 9 月. 第 1 章 安全技术概述 1.1 计算机应用技术的演变 ● 主机计算 (mainframe computing) ● 分布式客户机 / 服务器计算 (distributed client/serer computing) ● 网络计算 (network computing) 1.1.1 主机计算模式 主机 —— 终端计算模式:系统软件和硬件集中管理,用户界面单一, 可扩展性差(前十年)

Download Presentation

计算机安全与保密技术

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


5107266

20029


5107266

  • 1

  • 1.1

  • (mainframe computing)

  • /(distributed client/serer computing)

  • (network computing)

  • 1.1.1

  • FORTRANCOBOL GOTO

  • 2 PASCAL

  • SQL

  • (CASE:computer aided software engineering)

  • 1.1.2 /

  • 1 DOS

  • 2

  • //


5107266

  • RPC

  • 1.1.3

  • 1

  • APPLET

  • 1.2

  • 1.2.1

  • 1

  • 2 hacker

  • 3

  • 1.2.2 200

  • 1

  • 2

  • 3

  • 4

  • 5

  • 1.2.3


5107266

  • 1/

  • 2

  • 3

  • 4

  • 5

  • 6

  • 1.2.4

  • 1

  • 2

  • 3

  • 4

  • 5

  • 6

  • 1

  • 2

  • 1.2.5

  • 1


5107266

  • 2

  • 1

  • 2

  • 1.2.6

  • 1

  • 2

  • 3

  • 4

  • 5

  • 6

  • 7

  • 8

  • 1ISO7489-2OSI5

  • (authentication)(access control)(data

  • confidentiality)(data integrity)(non-reputation)

  • 8

  • (enciphering mechanisms )(digital signature

  • mechanisms)(access control mechanisms)

  • (data integrity mechanisms)(authentication mechanisms)

  • (traffic padding mechanisms)(routing

  • control mechanisms)(notarization mechanisms)

  • 2ITSEC1991

  • CTCPEC1993

  • FC1993

  • CC for ITSEC1993.6


5107266

  • 99,9,132001,1,1

  • 1.3

  • 1.3.1

  • 1.3.2

  • 1.3.3

  • 1

  • 2 Internet/Intranet

  • 3

  • 1997

  • 2.1

  • 2.1.1RASReliability, A Safegard ,

  • 1

  • 2

  • 3

  • 2.1.2

  • 1 10-2540-60%

  • 2 <1000/

  • 3 26800mA/m,64dB

  • 4


5107266

  • 5

  • 6 UPS

  • 2.2

  • 2.2.1

  • 1 //

  • 2 //

  • 1234

  • 5

  • 2.2.2

  • 1

  • 2

  • 3

  • 4

  • 5

  • 2.3

  • 2.3.1

  • 1

  • 2

  • 3

  • 4

  • 5

  • 2.3.2

  • 1 QAPlus,Norton

  • 2

  • 3

  • 4

  • 5

  • 6

  • 2.3.3

  • 1

  • 3

  • 4


5107266

  • /

  • 2.4

  • 2.4.1

  • CPUROM BIOSPOSTDOS/WINDOWS

  • 1

  • 2

  • 36

  • 2.4.2

  • 1 80%

  • CPU

  • 2

  • 1CPU

  • 2ISAEISAPCI

  • 3ATATXNLXCPU

  • 4CPU

  • 3

  • PCIISA

  • QAPlus,PC bench,WinBench,Winstone

  • 4

  • 5 P8P9

  • 6 /

  • 7


5107266

2.4.3 CPU

1 CPU

1PentiumCeleron, PentiumIII, Pentium 4

2AMDK7AthlonThunderbrirdDulon

2 CPU

CPU50WinBench 97ZDWinstone

CPUSPECint,SPECfpCPUCPUCPU

SPECSystem Performance Evaluation CooperativeSPECSPEC

SPEC9220614SPECSPECSPECmarkSPECDEC VAX11/780SPEC92SPECSPECSPECmark20SPEC

InteliCOMP,IBM,AMD,CyrixP-Rating

1iCOMP

iCOMPintel Comparative Microprocessor PerformanceIntelIntel


5107266

1996iCOMP Index 2.0,432IntelMedia Benchmark1-1

P

CPUmark32 40%

Norton SI32 15%

SPEC int_base 95 20%

SPEC fp_base 95 5%

Intel Media Benchmark 20%

iCOMP Index 2.0Pentium 120(120MHz,60MHziCOMP100

iCOMP=100[BM1/Base_BM1)P1+ BM2/Base_BM2)P2+ + BM5/Base_BM5)P5]

1-2Pentium, Pentium MMX,Pentium II2.0iCOMP

CPU MHz)MHz) iCOMP

Pentium120 120 60 2 100

Pentium133 133 66 2 111

Pentium150 150 60 2.5 114

Pentium166 166 66 2.5 127

Pentium200 200 66 3 142

PentiumMMX166 166 66 2.5 160

PentiumMMX200 200 66 3 182

PentiumMMX233 233 66 3.5 203

Pentium II233 233 66 3.5 267

PentiumII266 266 66 4 303

Pentium II300 300 66 4.5 332

Pentium II333 333 66 5 366

,3DInternet1999InteliCOMP Index 3.0PC4,3DInternetProductivity) ProductivityPC

iCOMP Index 3.01-3


5107266

P

Productivity CPU mark 99 20%

ProductivityWintune 98 Advanced CPU Interger Test 20%

Multimedia Mark 99 25%

3D3D Winbench 99-3D Lighting and Transformation Test 20%

Productivity/3D WinBench 99-FPU 5%

Internet Jmark 2.0 Processor Test 10%

iCOMP Index 3.0Pentium II-350,iCOMP1000iCOMP

iCOMP=1000[BM1/Base_BM1)P1+ BM2/Base_BM2)P1+ + BM6/Base_BM6)P6]

Pentium II-3506Base_MB:27.8,87.21,883,26.5,1790,6096Pentium II-400BM31.6, 99.25, 999 , 30.1, 12050, 674iCOMP1130.

CPUMHz)MHz) iCOMP3.0

Pentium II350 350 100 3.5 1000

Pentium II400 400 100 4.0 1130

Pentium II450 450 100 4.5 1240

PentiumIII450 450 100 4.5 1500

PentiumIII500 500 100 5.0 1650

PentiumIII550 550 100 5.5 1780

2P-Rating

CPUiCOMPCPU,,IBMAMDCyrix P-Rating

P-RatingWINSTONE96,IntelCPUPentiumCPU WINSTONE96Windows

Cyrix6x86P-Rating

Cyrix 6x86-P166+GP133133MHzPentium-166CPU


5107266

  • P-Rating`CPU

  • P-RatingWINSTONE963DPentiumPentium

  • 3 CPU300

  • 2.4.4

  • 2.4.4.1 RAM

  • RAMSRAM

  • 1SRAM

  • DRAM3 5

  • PCSRAMCache.

  • (2) SRAM

  • SRAMASRAMSRAMSSRAM

  • SRAMPB-SRAM

  • CSRAMSlot 22 Xeon

  • RAMDRAM

  • 1DRAM

  • SRAM

  • PC


5107266

2DRAM

1FPM DRAMFast Page Mode DRAM

DRAM,,,..

,.:,,3.X-Y-Y-Y.60nsDRAM5-3-3-35T3T

33MHz

2EDO DRAMExtended Data Out DRAM

HPM DRAMHyper Page Mode,FPM45-2-2-2

50MHz

3B(Bust)EDO DRAM

EDO DRAM435-1-1-1

66MHz

4SDRAMSynchronous DRAM

66MHzCPURAM430VXSDRAM66MHz7-1-1-1


5107266

  • SDRAMCPU

  • SDRAM IIDDR SDRAMDouble Data Rate)SRAMSDRAMDLLDelay-Locked Loop,16

  • 5SLDRAMSynchronous Link DRAM)

  • SDRAM,416.1.6GB/s

  • 6) RDRAM(Rambus DRAM)

  • RambusDRAM

  • A Rambus28

  • BASIC cells:Application Specific Integrated Circuit)

  • Base RDRAM 600MB/s

  • Direct RDRAM 800MB/s

  • :

  • Concurrent RDRAM 800MB/s

  • Direct RDRAM 1600MB/s(16)

  • CDRAM(Cached DRAM)

  • SRAMCache


5107266

3

1

ASIMMSingle Inline Memory Module)

3072

30FPM DRAM256KB1MB4MB16

70 100ns

72EDO DRAM 4MB8MB16MB32MB32

50 70ns

B) DIMM (Double Inline Memory Module)

72168

72

16864SDRAM16MB32MB64MB

128MB256MB6 15ns

CSO-DIMMSmall Outline DIMM:

DIMM72DIMM144EDO

IC3/972SIMM

ECC4bitECC

2

1NEC 4217405-60

4241/42=DRAM43=SRAM45=SDRAM48=VRAM


5107266

1716/17/18=16Mbit, 4=4Mbit, 1=1Mbit

4040/41=4bit, 80=8bit, 16=16bit, 10=1bit

55=EDO DRAM0=FPM DRAM

6006/60=60ns, 07/70=70ns

2HY 57 V 16 80 10ATC-10

HYHyundai(

57ATC

V3.3v. 5vU=2.5v

1616/17/18=16Mbit, 64/65/72=64Mbit, 128/129=128Mbit

8080=8bit

100=FPM=EDO=SDRAM

-1010ns

2.4.4.2

1. ROMRead Only Memory

2. OTPRPMOne Time Programmable ROM)

3. EPROM(Erasable Programmable ROM)

4. EEPROM(Electronically EPROM)

5.Flash

ROMRAMROM BIOS

6.FRAM(Ferro electric RAM):

DRAM1/0

12

3ROM

4


5107266

  • 2.4.5

  • 1

  • 220/110VDC300V

  • +5V+12V-5V-12VPower Good;150w,220w,230w

  • 2

  • /

  • 3

  • UPS10

  • 2.4.6

  • CRTCathode-Ray Tube:LCDLiquid Crystal Display:

  • Flat CRT(PDPPlasma Display Panel:

  • -

  • PCCRT

  • A/N

  • APA

  • MDACGAEGAVGAVGASVGA/TVGA

  • 3 ISAEISAPCI

  • /640350//800600

  • //

  • 1

  • 20.28mm, 0.31mm, 0.29mm(0.24mm, 0.25mm,0.26mm)

  • 3

  • :TV

  • 85Hz)


5107266

70Hz

5

1/

2

3

4

5/

6

6 47

7 DIP

8 48

2.4.7

1

5.25inch,3.5inch,2.5inch,1.8inch 5400/7200/

HDAHead Disk Assembly)PCB

/

/

2

10-40GB512B

/

4MB/s-100MB/s16.6MB/s

18MB/s-40MB/s

3600-10000r/min

7.5ms-14ms


5107266

3

1IDE

IDEIntegrated Device Electronics)AT-/ATA

40

504MB528MB8.3MB/s

Enhanced IDEATA-2,:

8.4GB(7.88GB),:

(1)(NORMAL)

IDE,528MB(504MB)

C(1024 H16

R63 N2512

(2)LBALogical Block Addressing)

BIOSCHRN28BIOS

SDHSelect Drive Head)

LBA

8.4GB(7.88GB)

C:1024 H:255 R:63 N:2(512B)

(3)(LARGE)

1024,LBA.

2,2,.

1GB(1008MB). H:32

1DMA113.3MB/s

2DMA216.6MB/s

3PIO311.1MB/s

4PIO416.6MB/s

CD-ROM

EIDE


5107266

Ultra DMA33Ultra DMA66

ATA-3

12

34SMARTSelf-Monitor Analysis and Reporting Technology)

ATA-4QuantumIntelUltra ATAUltra DMA

Ultra DMA33

ATA-333MB/s26MB/s - 30MB/s

Ultra DMA66

66MB/s

4080

CRC

Ultra DMA33/66

1

2

3

2SCSI

SCSISmall Computer System InterfaceSCSI

SCSISCSI87LUN


5107266

SCSI

1

2

3

46

6

5SCSI

SCSI

SCSI-18506

1994SCSI-281668

Fast SCSI: 8,10MB/s, 3

Wide SCSI:16,10MB/s, 6

Fast Wide SCSI:16,20MB/s, 3

SCSI-3:

Ultra SCSI: 8,20MB/s,

1.5

Wide Ultra SCSI: 16,40MB/s, 1.5

Ultra-2 SCSI: 8,40MB/s

Wide Ultra-2 SCSI: 16,80MB/s

Ultra-3 SCSI: 16,160MB/s

4

5

1-

2

3CMOS

6


5107266

2.4.8

1

300

34

2

1 COMS

2

3//

3

1A

/

2A

4 54-55

5

/

6

2.4.9 CD-ROM

680MB 4701.44MB

50


5107266

1 CD-ROM

CD-ROM120mm15mm1.2mm

101

1 0 0 1 1 0 0 0 0 1 0 1 0 0 1 1 1 0 0 1

2 CDROM

CDROM

200/500/

DAC

3 CDROM

CDDAdigital audio

588

12

1SYNC HEADER USER DATA EDC SPACE ECC

12B 4B 2048B 4B 8B 276B

2SYNC HEADER USER DATA

12B 4B 2336B

SYNC001FF10001

HEADERMIN1 SEC1SECTOR1 MODE1


5107266

  • 0 730 59

  • 0 7475/

  • 2352

  • 12/3/1

  • 3

  • =

  • CDROMCDDA

  • =

  • CD75/CDDA745mCD14

  • =75/

  • 1 CDROM

  • 7460/75/2048=680MB

  • 6060/75/2048=527MB

  • 2 CDROM742MB601MB

  • 140

  • 2XXX.SYS, MSCDEX.EXE(DOS/WINDOWS)

  • ;;;/

  • 2.4.10

  • 83101102104105104


5107266

1

ATPS/2USB

1ATAT55ATATX

2PS/2PS/2AT4ATPS/2

3USBUSBUSB

4PS/2COMUSB

4

3


5107266

  • (2).

  • 1

  • 2

  • 1

  • 2

  • 3

  • 4

  • 5

  • 6/

  • 2.4.11

  • WINDOWS


5107266

1

1.

IBMAuto CAD

Microsoft

2.

PS/2USB9DPS/2PS/26USBUSBUSBUSB

3.

1

2


5107266

3

2

1.

XY

2.

XY


5107266

3.

0.5mm

3

2.4.12

1


5107266

1.

1

2

2.

1

2

3.

4.


5107266

2

1.

ROM

1


5107266

2

/

CPU

3

24

4

24246.5

2 .

3

1


5107266

2

4

1

CPU

-


5107266

01

0

-

2

3.1

3.1.1

1

2

1

2

3

3

3.1.2

3.2

3.2.1 Shannon

3.2.2

3.2.3


5107266

INT 13H /

/

GAP2CRCCRCCRC

IDIDIDINT 13H 5

1/

(1)PROLOCK

U

INT0H

(2)PROTECT

COPYWRITE

3.3

3.3.1

1

2

OBJ


5107266

  • 3OBJ

  • 3.3.2

  • 1

  • 2

  • Y=FXXY

  • XZFXFZ

  • 3.185

  • 3

  • 16-8

  • 2

  • 3

  • 4

  • 5

  • 3.3.3.

  • MAC)

  • 2

    DESIDEA

    1

    902

    2

    3

    UNIX

    R W X R W X R W X

    1 1 1 1 0 1 0 0 0


5107266

3.4

3.4.1

1 DEBUG

1DEBUG

2DEBUG/

2 DEBUG

ADGTQ

3.4.2

1 TG

2 CRT

3

3.5

3.5.1

3.5.2

1

2

3

4

I/O

3.5.3

1

2

3 /

[BREAK][RESET]/

3.6

3.6.1

1 IBMBIO.COMIBMDOS.COMCOMMAND.COM


5107266

2 : CONFIG.SYS

3 :

4 :I(Ignore)

5

6

7

3.6.2

1

2

3

3.6.3 DOS

1 DOS

COPYXCOPYBACKUPATTRIBRENAMEFDISKFC

2

CMOSCMOSCMOS

3

WPSWORDEXCEL/

4 PCTOOLS

2000

5

1695[ALT][255][]

6

0DHOAH1AH00

7

A

8 DOSASSIGN.COM: ABCD

9

DOSKEY DIR/RD/CD/DELTRREE=INVALID DIRECTORY


5107266

  • (FAT)():

  • DOS5120

  • 32 FCB26-27/27-28

  • 12-21

  • 0FF7H

  • 12

  • DEBUG/PCTOOLSE5H

  • 3.6.4 Windows

  • WIN.INI, SYSTEM.INI, PROGRAM.INI

  • 2 XXX..GRP

  • 3 WIN.INISYSTEM.INI

  • 3.6.5 Windows NT

  • 1 ID

  • 2

  • 3

  • 4 /

  • 5 NTFS

  • 6

  • 7

  • 8

  • 9

  • 4.1

  • 4.1.1

  • 4.1.2 1983113 Fred Cohen)

  • 1 DOS2

  • 2 DOS.COM,.EXE

  • 3 Flip, Ghost


5107266

  • 1992,EXEEXECOM

  • COMCOMEXE

  • DOS

  • DOS

  • 1994

  • 1995

  • VCL

  • DOS

  • 1996DS.3873

  • 3873100

  • CIHFlash ROMBIOS

  • 9 Word

  • 10 MS CONFIG.exe

  • REGEDIT .exeOUTLOOKE-mail(Worm.vbs(3132

  • 4.1.3

  • 1

  • 2

  • 3

  • 4

  • 5

  • 6

  • 4.1.4


5107266

  • 1 FAT

  • 2

  • 3

  • 4

  • 5

  • 6 CMOS

  • 7

  • 8

  • 4.1.5

  • 1

  • 2

  • 3

  • 4

  • 5

  • 4.1.6

  • 1

  • 2

  • 4.2 DOS

  • 4.2.1 DOS

  • 1 DOS

  • 1I/O

  • 2I/O

  • 3

  • 4SHELLCOMMAND.com

  • DOS

  • 113

  • 2

  • 3

  • 4


5107266

  • 5

  • CONFIGSYS

  • 6COMMANDAOTUEXECBAT

  • DOS

  • 1I/O19128

  • 211

  • 3BIOS

  • DOS

  • 1FDT

  • 2FAT1/

  • DOS

  • 1COMMANDCOM

  • 2EXEPSP

  • 3COM100H64KB

  • DOS

  • 1

  • 2

  • 3

  • 4

  • INT 13H/

  • INT 25H/26H/

  • INT 1CH55msIRET

  • INT 8H55ms1

  • INT 10H

  • INT 21H35H25H

  • 4.2.2 DOS


5107266

  • 1IO.SYS

  • DOS.SYS.BIOS,

  • ,,,

  • 1;INT 13H:/,?,.

  • ,(640KB).

  • 2

  • 35

  • 1BCH

  • 2

  • 1COM

  • COM3COM

  • COM

  • 2EXE

  • EXECSIP

  • EXE

  • 3SYS

  • Strategy,Interrupt,

  • 3

  • 4.3

  • 4.3.1

  • WordNormal.dotWord Basic

  • WordDOCDOT

  • 1DOCDOT

  • 2/

  • 3AutoOpen,AutoClose,AutoNew,AutoExit


5107266

  • 4/

  • 5BFF

  • 4.3.2

  • 1

  • 1WordNormal.dotFileSave,FileSaveAs,FileExit

  • 2Word/

  • 3WordNormal.dot

  • 4DOC

  • 5Word

  • 6WordDOC

  • 1

  • 2Word

  • 4.4

  • 4.4.1

  • Java/ActiveX

  • --

  • 4.4.2

  • EXEEXE

  • Internet

  • Internet

  • 4.4.3 GPI


5107266

  • Get Password I.NovellINT 21H

  • 4.4.4

  • Melissa,HAPPY99,Papa

  • 1

  • 1ANSIUNIX

  • 2

  • 3Outlook/Outlook ExpressVBA

  • 4Windows 98 Windows Scripting Host, *.SHS

  • 5

  • 1

  • 2

  • 3EXECOM

  • 4*VBS*SHS

  • 5Outlook/Outlook Express

  • 4.5

  • 4.5.1

  • 4.5.2

  • 4.5.3

  • 1

  • 2

  • 3

  • 4


5107266

4.5.4

1 :DEBUG

2

3

4.5.5

EXE

4.6

4.6.1

XX ** YY ZZ BB UU ** YY

GD12

4.6.2

1

2

3

4

5

4.6.3

CRC

4.6.4

/


5107266

  • 1

  • 2

  • 3

  • 4

  • 5

  • 4.6.5

  • 1

  • 2 /

  • 3

  • 4

  • 5

  • 6

  • 7

  • 8

  • 9 BOOTSAFE

  • 10

  • 11

  • 12

  • ROM BIOS

  • VSAFEVSHI ELD

  • 14 LAN PROTECT

  • 4.6.6

  • 1 :

  • 2

  • KB00400013HINT 12H

  • ROM BIOSDOS

  • 4.6.7

  • 1


5107266

  • 1SYS AFORMAT A/U

  • 2FDISK/MBR

  • 3

  • 1

  • 2ONE-HALF3783FLIP

  • 3

  • 4

  • 1

  • 2

  • 3

  • 4.7

  • 4.7.1 CIH

  • Flash BIOS

  • Windows95/98*.EXEPE

  • 184

  • CIHVXD

  • 1998426/626/26

  • 4.7.2 Win32/Klez.worm.91978

  • Windows13


5107266

90KB91978

WinSvc.exeKRN132.exe*.EXE*.TXT.EXE,*.JPE.EXE

WQK.EXE(11722

4.7.3 Win32.Kriz

PEEXEWindows95/98/NT

1225CMOSBIOSKERNEL32.DLL

KERNEL32.DLLKERNEL32.DLLKRIZED.TT6Wininit.ini:

[rename]

C:\WINDOWS\SYSTEM\ KERNEL32.DLL=

C:\WINDOWS\SYSTEM\ KRIZED.TT6

CopyFileA, CopyFileW, CreateFileA, CreateFileW, MoveFileA, MoveFileW, DeleteFileA, DeleteFileW, GetFileAttributesA

PEEXE

7.4.4 Melissa

WORDWORDNormal.dotWindowsHKEY-CURRENT-USER\Software\Microsotf\Office,Melissa?,by KwyjiboOutlook50Important Message From,Here is that document you asked for dont show anyone else;-)list.doc


5107266

5PaPa,

7.4.5 [email protected])

Hi; Hello; How are you?; Can you help me?; We want peace;

Where will you go?; Congratulations!!!; Dont Cry; Lok at the pretty;

Some advice on your shortcoming; Free XXX Pictures; A free hot porn site:

Why dont you reply to me?; How about have dinner with me together?

Never kiss stranger

Im sorry to do so, but its helpless to say sorry.

I want a good job,I must support my parents.

Now you have seen my technical capabilities.

How much my year-salary now? NO more than $5,500.

What do you think of this fact?

Dont call my names,I have no hostility.

Can you help me?

Nxrj.exe,Uruo.exe,Vws.exe

OutlookC:\WINDOWS\SYSTEMKrnl32.exeWqk.exe

H_L_M\Software\Microsoft\Windows\CurrentVersion\Run\Krnl32=C:

\WINDOWS\SYSTEM\Krnl32.exe

H_L_M\Software\Microsoft\Windows\CurrentVersion\Run\WQK=C:

\WINDOWS\SYSTEM\Wqk.exe

PE.SCR

Outlook13

1MSIfram ExecCommand

IE


5107266

2

3

4

7.4.6 VBS.HappyTime

VBSHTMLVB Script

HTML10Help.vbsChtaCHelp.hta

VBS13CEXEDLLCHTMLVBSHTMASPmailtoUnititled.htm)

366Outlook ExpressUnititled.htm

HelpUnititled.htm

Help.htmhtm

CHelp.vbs%Windows%Untitled.htmHKEY_CURRENT_USER\Identities\XXXXXXXX\Software\Microsoft\OutlookExpress\5.0\MailXXXXXXXXID3Windows\WebHTMHTTVBS


5107266

ASPmailtoUnititled.htm)Rem I am sorry! Happy time

7.4.7 Code Red

MS IIS IIS 4.05.0Windows NT, Windows2000,Windows XP betaHacked by Chinese

Code Red I2001/7/18

W32/Bady.worm

MS Index Server 2.0WIN2000

Indexing Service

TCP/IP80TCP/IPWebC:\notworm

Code Red II

2002/10

Code Red II

1Windows NT:

Winnt\system32\logfiles\w3svc1GET,/default.ida,XXXXXXXXXXXXXXXXXXXXXXXXXXXX

%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u000%u00=a

2 netstat a1025SYS-SENT1025Listening


5107266

3Root.exe

C:\inetpub\Scripts\

D:\inetpub\Scripts\

C:\progra~1\Common~1\System\MSADC\

D:\progra~1\Common~1\System\MSADC\

2

C:\Explorer.exe, D :\Explorer.exe

4NTWebFTP

4.8

4.8.1 KV3000

KV300+

KV300+4

DOSWindows 3.x , 95/98/Me/NT/2000/XP

F10CIH

ZIPARJRARMS CABWWPACKLZHPKLITELZEXEWWPACKASPACKUPX

4.8.2 2003

60*4

IEActiveX,


5107266

  • (Wantjob,Klez)(Nimda)

  • 1

  • wantjob,klez**

  • 2 MSN/QQ/ICQ

  • MSNQQQQICQMSN(Goner)

  • NetAnts/FlashGet

  • ,NetAntsFlashGet

  • Office

  • Microsoft OfficeWordExcelPowerPoint


5107266

DOSWindows8

ZIPCABRARARJ,WinZip9

CIH10 11

12

,4.8.3 2003

2003959095


5107266

  • NTFS2003

  • 5 5.1

  • 5.1.1

  • 123

  • 2

  • Plaintext, P)

  • Ciphertext C

  • Enciphering, E)

  • Deciphering, D)

  • Key, K)

  • 1

  • 2

  • C=EKP

  • P=DKC

  • 5.1.2

  • 1


5107266

2

(1)

KZA

F(a) = (a+k) mod n

A:0,B:1,C:2,D:3;E:4,F:5,G:6,H:7,I:8,,V:21,W:22,X:23,Y:24,Z:25

k=3COMPUTER

FC= 2+3MOD 26 =5=F

FR= 17+3MOD 26=20=U

C=FRPSXWHU

DR=17-3MOD 26=14=O

DP=15-3MOD 26=12=M

HOW

HOWABCDEFGIJKLMNPQRSTUVXYZ

ETAON

THHEINERANREED

THEINGANDHERENTION

(2) Vigenere

K=k1k2kn, M= m1m2mn

C= c1c2cn

Ci=(mi+ki) mod 26

BANDRENAISSANCE

RENA ISSA NCE

BAND BAND BAN

SEAD JSFD OCR


5107266

  • 1N

  • WHAT YOU CAN LEARN FROM THIS BOOK5W H A T Y

  • O U C A N

  • L E A R N

  • F R O M T

  • H I S B O

  • O K X X X

  • WOLFHOHUERIKACAOSXTARMBXYNNTOX

  • 2

  • ENGINEERING34

  • 1 2 3 4

  • E N G I

  • N E E R

  • I N G

  • 1 2 3 4

  • f= 2 4 1 3

  • 1 2 3 4

  • N I E G

  • E R N E

  • N I G

  • NIEGERNE IG 34f

  • f 1 2 3 4

  • 3 1 4 2


5107266

5.1.3 DES

1973519748NBSIBMLucifierNBS1977146DES

DES6486464

5617

5-18DES

(1)

64IPIP58502IP6432L0R0


5107266

IP: 58 50 42 34 26 18 10 2

60 60 52 44 36 28 20 12 4

62 54 46 38 30 22 14 6

64 56 48 40 32 24 16 8

5749 41 33 25 17 9 1

59 51 43 35 27 19 11 3

61 53 45 37 29 21 13 5

63 55 47 39 31 23 15 7

(2)

641648645664888816243240485664

K

57 49 41 33 25 17 9 63 55 47 39 31 23 15

1 58 50 42 34 26 18 7 62 54 46 38 30 22

10 2 59 51 43 35 27 14 6 61 53 45 37 29

19 11 3 60 52 44 36 21 13 5 28 20 12 4

PC-1

C028 D028

1 1

C128 D128

K1

C1528 D1528

1 1

K16


5107266

177

3

Li-1(32b) Ri-1(32b)

E48 Ke(56)

ki

+

48

S32

P

+

Li(32b) Ri(32b)

Li= Ri-1 Ri= Li-1 + ( Ri-1, ki) i=1,2,,16

E48 175

S32

48868S

Si6b1b2b3b4b5b6,Sb1b6b2b3b4b54

S3110101b1b6=(11)=3, b2b3b45b=(1010)=10,

S3(3,10)=14=(1110), S31110

P:

16 7 20 21 29 12 28 17

1 15 23 26 5 18 31 10

2 8 24 14 32 27 3 9

19 13 30 6 22 11 4 25

16


5107266

5.1.4 RSA

1.

1977DiffieHellman

1DKd(EKe(P))=P

2DKe(EKe(P))P

3KeKd

4KeKd

5EKe (DKd (P))=P

2.RSA

MITRivest,ShamirAdleman

1pq10100

2 n=pq n

n(n)

(n)=(p-1) (q-1) nn

n=21,p=3,q=7 (21)=12

211245810111316171920

3 2(n)-1(n)e

4 ed=1 (mod(n)),d

PCP<n,C<n

C=Pe(mod n) P=Cd(mod n)

p=5,q=11,n=55, (55)=40

e=723940

7d=1(mod 40), d=23

P=2C=27mod 55=18

P=1823mod 55=181821841816mod 55

=18493626mod 55=2


5107266

3 RSA

RSA

100 200 300 500 750 1000

30 3 9 2109 61015

p>10100q>10100n>102002664

RSA

RSAn5121024

19916101551995512RSA

4 RSA

DES

5.2

5.2.1

64048024/7.37Mb/100MB10025184M184M/

123

5.2.2 Huffman

Huffman

HuffmanHuffman 1952

Huffman

Huffman


5107266

(1)

(2) 2(4)

(3) (2)

(4) 01HUFFMAN

ABCDE0.400.180.150.150.12HuffmanHuffman

(1)

(2) 5-14

(3) DE5-15


5107266

  • (4) (2)(3)Huffman

  • (5) 01Huffman

  • Huffman5-16

  • Huffman

  • A0B100C101D110E111

  • AHuffman

  • 6

  • 6.1

  • 6.1.1

  • DBMA

  • /

  • 6.1.2

  • G

  • 6.1.3

  • 1


5107266

  • 1

  • 2

  • 123

  • 1

  • 213

  • 3

  • 6.1.4

  • DBMS

  • DBA

  • 6.2

  • 6.2.1

  • Transaction:COMMITROLLBACK

  • T1B100

  • 200T2B200T1B100

  • T2200


5107266

  • 2

  • CPUOS

  • 6.2.2

  • 1

  • 199

  • 1

  • 2

  • 3

  • 4

  • 1

  • 2

  • 3

  • SQL

  • 202-203

  • Locking

  • X

  • 204

  • 6.3

  • 6.3.1


5107266

205

1

2

3

6.3.2

6.3.3

COMMIT

RR

FMAXFIND R

UMAXUPD R

T FIND RUPD RtT

FIND R : if t>=UMAX

then /*FIND*/

FMAX : = max ( t, FMAX) ;

else /**/

restart T ;

UPD R : if t>=FAMX and t>=UMAX

then /*UPD*/


5107266

  • UMAX := t ;

  • else/**/

  • restart T ;

  • 6.4

  • 6.4.1

  • 6.4.2

  • 1

  • 2/

  • 3//

  • 4//

  • 5/

  • 6

  • 6.4.3

  • 1

  • 1

  • 2

  • 1logging

  • Log

  • 2

  • COMMIT

  • UNDOREDO


5107266

6.5 SQL Server

6.5.1 SQL Server

(sa)DBASQL Server

DBO

DBOO

6.5.2 SQL Server

1 SQL Server

2Windows NTSQL Server

3

6.5.3

SQL Serversa, guest

1 SQL Serversp_addlogin

2 sp_adduser

3 sp_addgroup;public

4 sp_password

6.5.4

sa,DBO,DBOO

6.5.5 SQL Server

1 SQL Server

2 1DUPM DATABASE

2DUMP TRANSACTIONmaster

6.5.6 SQL Server

1 SP_dbremoveLAOD DATABASE

2 : LAOD TRANSACTION

3master 216

4DISK REINIT DISK REFTT


5107266

7

7.1

7.1.1

7.1.2 TCP/IP

7.1.3

1

2FTP

FTPISPFTPFTP

3Telnet

TelnetTelnetTelnet

4Usenet News

6

NNTP


5107266

5WWW

WebFTP HTMLJPEGGIF

7.1.4

1

TCPUDP

2

TelnetFTPIP

3

IPTCPUDP


5107266

lIP

2

3

4

5

UnixASCIITelnetSMTP

4


5107266

5

UnixBSDBSD

6

7.2 Web

7.2.1 Web

7.2.2 Web

7.2.3

1Web

1

2

3

4

5

6IP


5107266

2

WebIPE-mailURLE-mail

Web

1IP

2/

3

4Unix

5URL

6

7

8

7.2.4 Web

IP Web IP

l

2

3


5107266

1

2Web

3

4

5

6 HTTPAppletCGI

7Windows NTWebUnixSun

7.2.5

1WebIPDNS

2Applet Applet

3

4


5107266

7.2.6 Web

Web

1

1

2

3

4

5

6

2

1

2

3

WebHTMLWebWebWebWeb

4WebWebWebWeb


5107266

7.3.

7.3.1

hacker

9.3.2

1

SNMP

TraceRoute


5107266

WhoisDNS

DNSIP

Finger

Ping

WardialingMODEM

2

1

2

3

1

2TelnetFTP

3


5107266

7.3.3

1

2

3

4

1

Unixrmlogin/bin/shperlWindows NTEvent LogSecurity Log

2

l

FTPGopherTelnet

2


5107266

3

4

3

1wtmp

2

3

410shell script


5107266

7.4

7.4.1

1

66 MHz32 MB

Distributed Cracking

2

9.4.2

78


5107266

l

2

3

4

5

6

7

7.5

7.5.1

Ethernet


5107266

IPRFRFTVTV

7.5.2

IP


5107266

IP

I/OUnixWindows 98

7.5.3

1

l IPping

2


5107266

3Windows 98UnixWindows NT

4Unix

2

SSH-Secure ShellTelnetSSH

SSHssdUnix SSHscp

3

Switch


5107266

7.6

7.6.1

TCP

TCPUnixUnixrusershost

7.6.2

1

TCP/IP/FTPTelnet

2

7.6.3

1SATAN

SATANSATAN

FTPDNFSNISNISRSHSendmailXTFTPFTP


5107266

2NSS

NSS

lSendmail

2FTP

3NFS

4TFTP

5Hosts.equiv

6Xhost

3Strobe

TCPStrobeTCPStrobeStrobe

StrobeStrobe

7.7 E-mail

7.7.1 E-mail

1 E-mailSMTPPOP

2 E-mail

E-mail

E-mailE-mail

E-mail


5107266

7.7.2

7.7.3 E-mail

E-mailE-mailE-mail

SMTPE-mailSMTPE-mail

E-mail.exe.comWORD/EXCEL.do.xl

7.7.4 E-mail

1E-mail

E-mailE-mail

2E-mail

UP Yours

E-mail


5107266

7.7.5 E-mail

E-mailPretty Good Privacy PGPE-mailE-mail

PGP/

SMTPE-mailSMTPE-mailE-mail

7.8

7.8.1

OS

7.8.2

7.8.3

1 object reconciliation

2

3 MD5

7.8.4


5107266

7.9IP

7.9.1 IP

IPIPIPIPIPIPIPIPIP

IPIPIPIPIPARPARPARPAPRIP

7.9.2 IP

IPIPIPIPRAW SocketIPIPIPIP


5107266

IPIPIPIP

IP

1

2

3

7.9.3 IP

1IP

IPTCP/IPTCP/IPTCPIP

2IP

r


5107266

ABBCNET

lBAC

2ACB

CBCC

7.9.4 IP

IP

IPWeb

IPIP

7.10

7.10.1FTP

WINDOWS NT/2000Web


5107266

  • 1

  • 2Resource KitFTP

  • 3FTP

  • 7.10.2 FTP

  • FTP

  • 1

  • 2FTP

  • 3FTP

  • FTP

  • FTP daemon/

  • 1FTPFTP

  • 2rootFTP

  • 3

  • 4~/ftp/etc/passwd/etc/passwd

  • 5

  • 6~/ftp/etc

  • 7.10.3 UNIXFTP

  • 8

  • 8.1

    8.1.1

    1

    Web


5107266

1

2

3

WebCPU

Web


5107266

2

1

2

3

4

3

1

2

3

4

8.1.2

1IPTCPUDPICMP

2IP

3IP

4IP

5TCPUDP

6TCPUDP

7ICMP


5107266

l

2

3

4

8.1.3

FTPTelnet

8.1.4

1

IP

IP


5107266

1


5107266

1

2

3


5107266

1

1


5107266

2

FTPFTP

3

TelnetFTPWAISArchieGopher

4


5107266

8.1.5

l

2

3

4

5

6

7

8

8.1.6


5107266

1

2

3


5107266

4

l

2

3

4

5

6

DNSSMTP

8.2

8.2.1

1


5107266

2

8.2.2

Usenet

8.2.3

1

2

3

4

1

2


5107266

8.2.4

1

2

3

4

SMTP

FTP

WAIS

HTTP

NNTPUsenet

Gopher

DNS

8.2.5

l

2

3

4

5

6


5107266

1

2

3Checklist

4

8.2.6

1

l

2CPU

3

2

8.2.7


5107266

8.3

IP

IP

8.3.1

1

2

3

1Telnet

2SMTP

3NNTP

1Telnet

2


5107266

1

1

2

1

2

3


5107266

8.3.2

1

2

3

8.3.3

8.3.4

1


5107266

2

3

l

2IPTCPUDP

3

4

5

6

4

CREE-PHOST


5107266

SMTP

[1]CREE-PHOST

[2]

*

1*CREE-PHOST**

2**Mail-GW

3 SMTP25SMTP25SMTP

2525SMTP


5107266

8.3.5

l

2IP

8.3.6

/

8.3.7

1Telnet

Telnet

2Telnet

3

root


5107266

8.4

8.4.1

1

1

2

2

1

2

3

4

5

8.4.2

1

2


5107266

8.4.3

1

2

3

8.4.4

1TCP

TCP

TCPUDPTCP


5107266

2

SMTPNNTP

l

2

3

4

3

1

2

3

8.4.5

E-mailSMTPPOPFTPTelnetNNTPWWWDNS

1E-mail

1

2

3


5107266

2SMTP

SMTPSMTPSMTPSMTP

3POP

POPPOPPOP

4FTP

FTP1023TCPFTPFTPFTPFTP

FTPTCPTCPFTPTCP

TCP

5Telnet

Telnet

6NNTP

NNTP


5107266

7WWW

HTTPNetscape NavigatorExplorer

8DNS

DNSDNSDNSDNSDNSDNS

8.5

1

2

1IPIP Address Translation

IPIPIPIP


5107266

2 DNS

IPIPDNSIPIPDNSDNS

3VPN

VPNClient

4

5

E-mailFTP

3

1

2

3

4


5107266

<>

1

13

25

36

43

58

2

13

25

36

4CPU2

54

6

73

84

94

106

114

3

13

24

33

45

5

63

77

8WINDOWS NT9

4


5107266

16

28

33

45

54

614

73

5

1

2

3

4DES

5RSA

6Huffman

6

13

2

34

4

5SQL Server3

6SQL Servermaster

7

16

2Web4

3

42

54

64

73


5107266

8

1 4

2 4

3 3

43

53

65

2020

202020


  • Login