1. Describe the principle and communication mechanism of Sendmail
After receiving the mail to be sent, the sendmail program determines whether the format of the mail meets the requirements through the keyword @. After the match is successful, the mail suffix domain name information is extracted and the RELEVANT MX(mail special) record is queried in the DNS database. If there is more than one matching message, the host IP with a higher priority is selected for delivery. If there is no MX record of the relevant domain name, it will try to communicate with port 25 of the root domain name (163.com) and send the mail. If the connection succeeds, the mail will be sent. If the connection fails, the mail will be packaged and returned to the sender.
2. Private IP address range of class A, B, and C
A: 10.0.0.0 to 10.255.255.255
B: 172.16.0.0 to 172.31.255.255
C: 192.168.0.0 to 192.168.255.255
3. Mainstream antivirus manufacturers and products (three domestic and three foreign)
Abroad: Mcafee, AVAST, BitDefender, Kaspersky, ESET Nod32, Symantec, AVIRA antivir), Dr. Web
Net: Jinshan, Jiangmin, Micro point, Ruixing, 360, VRV treacherous source, Antinuo, Kuniu, super patrol
Mcafee: Intel Antivirus Software, Mcafee.
AVAST: AVAST is an anti-virus software from the Czech Republic. It has been in the leading position in foreign markets for decades. Avast comes in home, business, mobile, Linux and Mac versions and more. The real-time monitoring function of Avast is very powerful. The free version of Avast anti-virus software has eight protection modules: file system protection, web protection, mail protection, network protection, P2P protection, instant message protection, behavior protection and script protection. The free version requires annual registration, which is free!
BitDefender: BitDefender(Chinese name: Bitvender, BD for short) is an old antivirus software from Romania. BitDefender has a large virus library, an antivirus engine recognized as the industry’s leading, unique game do not touch mode, TopTenREVIEWS website ranked the world’s top antivirus software! With users in more than 100 countries and territories, it ranks first among antivirus software with a new virus response time of less than 4 hours.
Kaspersky: Kaspersky
ESET Nod32: The name ESET originally comes from the Goddess Isis in Egyptian mythology.
Computer security
Slovakia
San Diego,
Malicious software
Virus Bulletin
Avira
Antivirus engine
Russia
Security software
Russia
Russia
Russia
Russia
Russian President
Kremlin
Russia
Russia
Security software
Antivirus engine
4. Advantages and disadvantages of used mainstream leakage products
Nessus: Vulnerability scanner provides several important scanning features, such as high-speed discovery, asset profile, and vulnerability analysis.
Nmap: is a free open source tool for network detection or security auditing.
SAINT: Vulnerability Scanner only provides integrated vulnerability assessment and penetration testing tools.
Metasploit: The Metasploit Project is the culmination of a series of projects that have spawned a plethora of tools that can do almost anything from beating regulatory constraints to evading detection of its most famous software, the Metasploit Framework. Metasploit was not designed as a hacking tool, although it sounds like one. In fact, the main goal of this tool is to investigate security. But, like any tool of this type, its usefulness depends on the user. Remember, “With great power comes great responsibility,” so use it with care
Ps:
What is a vulnerability scanner?
In short, vulnerability scanners are software specifically designed to find and expose vulnerabilities in applications and operating systems. Each scanner may have its own method of scanning and probing, but their results are pretty much the same: reporting problems found or output information.
Host Scaner: COPS, TripeWire, and Tiger can only scan for local vulnerabilities.
Network vulnerability scanner: NSfocus aurora remote security assessment system, advantages: hardware equipment, scanning does not occupy system resources, fast, efficient and accurate. Cons: Premium product and more expensive.
The vulnerability scanning process can be broken down into a series of steps, each of which is a critical task needed to find a vulnerability in an application or operating system:
- Provide the host name and IP of the active system to the scanning software. In this way, the scanner can discover open ports, responding services, and any applications that may be currently running on the system.
- The scanner generates a report informing you of the problem you found. If the scanner ends at this stage, the information it provides may be less operational and require more research. With other scanners, this step might show only ports, services, and running applications so the software can proceed to the next step.
- The scanning software runs probes against the ports and services discovered in Step 2, with the goal of showing information about patch levels, software modifications, or any potential defects. Modern vulnerability scanners contain plug-ins designed to detect new vulnerabilities as they emerge. So, if you run the scanner today and you don’t find a problem, you might find a problem tomorrow when you perform an update.
- The scanner may attempt to investigate vulnerabilities (if this feature is supported), but this depends on how advanced the scanner is. In fact, some modern scanners can configure their attack level at this step so that the scanner is not so aggressive that it crashes the system during the scan (they can, and it has happened).
5. Frequently visited network security sites at home and abroad
www.nsfocus.com
forum.eviloctal.com
www.xfocus.net
www.hackline.net
www.chinacissp.com
6. Differences between TCP and UDP
When the connection is established, each end allocates a buffer to store the received data and sends the size of the buffer to the other end
The recipient sends an acknowledgement containing its remaining buffer size
The amount of remaining buffer space is called a window
TCP requires three handshakes to establish and four waves to disconnect. Baotou structure:
Source port 16 bit Destination port 16 bit Sequence number 32 bit Response Number 32 bit TCP header Length 4 bits Reserved 6 bits Control code 6 bits window size 16 bits offset 16 bits checksum 16 bits option 32 bits (optional) In this way, we obtain the minimum length of the TCP header. The value is 20 bytes.
Udp User data packet protocol
(1) UDP is a disconnected protocol. The source and the terminal do not establish a connection before transmitting data. When it wants to transmit data, it simply grabs the data from the application and throws it on the network as quickly as possible. On the sending side, the speed at which UDP can transmit data is limited only by the speed at which the application can generate the data, the power of the computer, and the transmission bandwidth; At the receiving end, UDP queues each message segment, and the application reads one message segment at a time from the queue. (2) Because the transmission of data does not establish a connection, so there is no need to maintain the connection state, including the transceiver state, so a service machine can simultaneously transmit the same message to multiple clients. (3) THE header of a UDP packet is very short, only 8 bytes, and the extra overhead is small compared to the 20 bytes of a TCP packet. (4) Throughput is not regulated by the congestion control algorithm, but only limited by the rate of data generated by application software, transmission bandwidth, and the performance of source and terminal hosts. (5) UDP uses best effort delivery, i.e. reliable delivery is not guaranteed, so hosts do not need to maintain complex linked state tables (which have many parameters). (6) UDP is packet oriented. The UDP packets sent by the sender to the application are forwarded to the IP layer after the header is added. Instead of splitting or merging, the boundaries of these messages are preserved, so the application needs to select the appropriate message size. The ping command is often used to test whether TCP/IP communication between two hosts is normal. In fact, the ping command sends UDP packets to the host of the other host, and then the host of the other host confirms receipt of the packets. If the message whether the packets have arrived is returned in time, the network is normal. UDP packet header structure: source port 16 bits Destination port 16 bits Length 16 bits checksum 16 bits
The difference between
TCP UDP
Connection-oriented Or not Connection-oriented Or not
Transmission reliability Reliability
Application Scenarios Transfer large amounts of data small amounts of data
System resources
Complex and simple structure
Data correctness is ordered and disordered
Slow speed is fast
7. Three technologies of firewall
1). Application of agent technology
2). Circuit layer gateway technology
3). Adaptive agent technology
8. What are the security risks of using Linux?
Account and permission security with multi-user systems. This includes account permissions brought by multiple users and difficulty in file ownership management. Threats to Linux security and its top applications. The Chef Linux system, which has not been hardened by professional security personnel, is vulnerable to attackers, and the open source programs running on the top are not maintained in time and have vulnerabilities. The system's own service security, the default services running on Linux are interdependent and the security Settings are independent of each other. For ordinary users, it is impossible to develop suitable and effective security policies.
9. Mainstream firewall manufacturers and products
1. Checkpoint firewall-1
2.Cisco cisco pix
3.Netscreen netscreen
Domestic: 1.360 360 security guard
2. Lenovo Network royal
3. Tianrongxin Network Guard
4. China hackers worry
10. What is unsafe about using select queries?
For example, db_Datareader grants select privileges to all objects in the database. While you can grant select privileges using the DB_Datareader role and then selectively deny select privileges to individual users or groups, you may forget to set privileges for a particular user or object using this method.
11. Implement plain text operations
Requirements: the program can create a new file, open the file, view the file, in a line to insert the file, delete a line of text, run the display menu. Prompts the user to select operation or exit operation, input file name, line number or text, select exit, the program ends, otherwise after completion should return to the menu to continue.
Copy the code?
| 12 34 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 109 110 111 112 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 | / * * * File name :file.c * Author :kangkangliang * File desc :file operator * Mail :[email protected] * Create time :2016-09-19 * / / * * * headfile * / #include <stdio.h> #include <stdlib.h> void show() { printf("------------------\n"); printf("1.show line code\n"); printf("2.insert line code\n"); printf("3.delete line code\n"); printf("4.show all line code\n"); printf("0.exit\n"); printf("------------------\n"); } void printLine(FILE *fp ,int line) { int count = 0; char buf[1024]; // read line while(!feof(fp)){ if(count == line){ fgets(buf,1024,fp); printf("%d %s\n", line,buf); break; } if(fgets(buf,1024,fp) ! = NULL) ++count; else if(fgets(buf,1024,fp) == NULL && count < line){ printf("your line too big over file line number" ); break; } } } void insertLine(FILE *fp,int line, char *buf) { int count = 0; // Ensure that the line is within range // read line while(!feof(fp)){ if(count == line){ fprintf(fp, "%s\n", buf); break; } if(fgets(buf,1024,fp) ! = NULL) ++count; } } void deleteLine(FILE *fp,int line) { / * * The simplest way is to read the list and delete one of the nodes. And then overwrite it back to the file. Two, find the location to delete, fseek to the location, will need to retain the file content, from here to write. 3. Use memory mapping to map files to memory, and modify the memory directly. However, the modification of memory also needs to be similar to method 2, which moves the content to be retained. * / int count = 0; char buf[1024]; // Ensure that the line is within range // read line while(!feof(fp)){ if(count == line){ break; } if(fgets(buf,1024,fp) ! = NULL) ++count; } } void showAll(FILE *fp) { char buf[1024]; int count = 0; while(!feof(fp)){ count++; fgets(buf,1024,fp); printf("%d %s",count, buf); } } / * * * main function * / int main(int argc,char **argv) { char file_name[10]; printf("please input filename:\n"); scanf("%s",file_name); FILE *fp; if((fp = fopen(file_name, "rw")) == NULL){ printf("open file error\n" ); exit(1); } int code; int line; char buf[1024]; while(1) { fseek(fp, 0, 0); <br>/ / rewind (fp); // Move the position pointer inside the file to the beginning of the file show(); printf("input operateor code:" ); scanf("%d",&code); if(0 == code) break; switch(code){ case(1) : { printf ("input line number:"); scanf ("%d",&line); if (line <= 0){ printf("your line invalid\n"); break; } printLine(fp,line); break ; } case(2) : { printf("input line context:"); scanf("%s",buf); insertLine(fp,line,buf); break; } case(3) : { printf("input delete line number:"); scanf("%d",&line); deleteLine(fp,line); break; } case(4) : { showAll(fp); break; } default : printf("input error\n"); break; } } return 0; } |
Copy the code12. Linuxshell implementation
Assume that the host does not have a firewall, the IP address of the host is carried by the command, which ports are open on the host, and the result is entered into a file
Using the netstat command, you can solve this problem
# netstat -tln
The netstat -tln command is used to view the port usage of Linux
/etc/init.d/ VSFTP start Is used to start FTP port ~! ESTABLISHED ESTABLISHED ESTABLISHED ESTABLISHED ESTABLISHED ESTABLISHED ESTABLISHED ESTABLISHED ESTABLISHED ESTABLISHED ESTABLISHED ESTABLISHED ESTABLISHED ESTABLISHED ESTABLISHED) sudo netstat -ap view all the service ports and display the corresponding service program name nmap < scan type > < scan parameters >
13.139 and 445 ports
Port 139: NetBIOS File and Print Sharing Connections entering through this port attempt to obtain NetBIOS/SMB services. This protocol is used for Windows File and printer sharing and SAMBA. Sharing your hard drive over the Internet is probably the most common problem.
Port 445: Port 445 is a port with both reputation and reputationPort 139Together are the main channels for IPC$intrusion. With it we can easily access all kinds of LANShared folderOr share a printer, but hackers can use this port to secretly share your hard drive, or even format it without anyone noticing! All we can do is figure out a way to block port 445 from hackers.
15.Cisco which command can make login password in clear text
service password xxxxx
Copy the code16. Specify the size of the ping packet
The default value is four packets. You can specify this value by using -n: ping baidu.com -n 100
17.ACL number Indicates the supported protocols
1-99 Standard IP-based ACL 100-199 Extended IP-based ACL 200-299 Access control list based on protocol type code
18. List the historical distributions of Unix, Linux, and FreeBSD
Unix: V1, V4, V6, V7
Famous and popular Linux distributions: Red hat Centos, SUSE, Debian, GNU/Linux and Ubuntu, Fedora
FreeBSD:1.x developed from 386bsd 0.1, version 2.x comes from 4.4bSD Lite.
19. Explain the noun
Ddos :(Distirbuted Denial of service) distributed Denial of service
Worm: indicates a Worm that spreads malicious code across networks
IP Spoof: Spoofing an IP address disguised as a trusted IP address.
SYN Flood: SYN Flood attack, a denial of service attack. By forging SYN packets in TCP three-way handshake, denial of service attack is implemented.
Brute Attack
Social Engineering: to achieve an end by any other means other than technical
Honeybot: Honeybot system, usually used to track attackers by monitoring an unprotected virtual host (honeypot)
ShellCode: an overflow code, usually a pointer bit code that can obtain specific permissions for a system overflow vulnerability
20. Cybersecurity standards
Iso9000: ISO9000 quality management system is the fundamental of enterprise development and growth, ISO9000 does not refer to a standard, but a class of standards collectively. Is by TC176 (TC176 refers to the quality management system technical committee) formulated all international standards, is ISO12000 more than the best-selling, the most common products.
Includes: BS 7799(ISO/IEC17799): that is, the international information security management standard system, in December 2000, the international Organization for Standardization ISO officially released the information security international standard ISO17799, this standard includes information system security management and security certification two major, It refers to the British national standard BS7799.
SQL injection:
The so-called SQL injection is to trick the server into executing malicious SQL commands by inserting SQL commands into Web form submission or query string for entering domain names or page requests. Specifically, it takes advantage of an existing application’s ability to inject (malicious) SQL commands into the back-end database engine to execute them. It can get a database on a vulnerable website by typing (malicious) SQL statements into a Web form, rather than executing the SQL statements intended by the designer. [1] For example, the passwords of VIP members leaked by many film and television websites were mostly submitted through WEB forms, which are particularly vulnerable to SQL injection attacks. 20. How to mine database vulnerabilities
The principle of
data
attack
The stored procedure
pangolin
The form
The stored procedure
variable
protective
Regular expression
The stored procedure
The administrator
The error message
software
Site safety
MDCSOFT-IPS
21. There are several stages of a typical cyber attack. What techniques are used in each stage
Basic steps of attack: Collect information invasion upload of the implementation process, download data using some methods to keep access, such as the back door, a Trojan horse hide traces in information gathering 】 【 attacker attacks on specific network resources, they need to know will attack of environment, the need to collect collect all kinds of information related to the target system, This includes the number of machines, types, operating systems, and so on. The purpose of both scouting and scanning is to gather information.
Attackers generally use seven basic steps to collect target information, each step has available tools, attackers use them to obtain the information needed by the attack target. Find the initial information find the address range of the network find the active machines find the open ports and the entry points figure out the operating system figure out what service each port is running and plot the network
22. What scanners are known?
Retina: Retina is the product of eEye Company (www.eeye.com). Powerful network vulnerability detection technology can effectively detect and repair various security risks and vulnerabilities, and generate detailed security detection reports, compatible with various mainstream operating systems, firewalls, routers and other network devices. It has been ranked first in the evaluation of foreign security assessment software.
Iss (Internet Security Scanner) is a commercial vulnerability scanner developed and maintained by ISS. It is portable and flexible, and can be run on many UNIX platforms.
22. Dynamic and static routes
Static routes are fixed routing tables set up in routers. Static routes do not change unless the network administrator intervenes. Static routes cannot respond to network changes and are generally used on a small network with a fixed topology. Static routes are simple, efficient, and reliable. Among all routes, static routes have the highest priority. When a dynamic route conflicts with a static route, the static route prevails
Dynamic routing is a process in which routers on the network communicate with each other, transmit routing information, and update the router table using the received routing information. It can adapt to the change of network structure in real time. If the routing update indicates that a network change has occurred, the routing software recalculates the route and issues a new routing update. This information passes through each network, causing each router to restart its routing algorithm and update its routing table to dynamically reflect network topology changes. Dynamic routing applies to networks with large scale and complex network topology.