Thursday, October 14, 2010

Starting from the machine filter ARP cheating worm eradication



ARP does not need to deceive the power of the virus writer to say, especially now that many viruses have a similar worm ARP feature, should up more trouble. There are many online articles are introduced to how to respond to the enterprise network ARP cheating virus appeared, but most of all we need to address the core switch MAC address filtering or binding, if we do not have administrative rights on the switch how should it ? today, let us start from the machine filter ARP cheating worm eradication of it.

First, install 8Signs Firewall filtering software:

This article focuses on the machine to filter out from the error of false ARP packets to deceive, we pass the name 8Signs Firewall software to implement this feature. He is an easy to use software firewall, use it to help the user to restrict the illicit network connections to access local resources, and he can also help users to limit access to the local computer network, the bad resources.

Step one: Run 8Signs Firewall setup, we use the V3.01a Beta version, point "NEXT" button to continue. (Figure 1)






Step two: install the agreement agreed to select the installation directory, the default path is c: program files8signs firewall. Point "NEXT" button to continue. (Figure 2)






Step three: Set after the ready to begin installing the software, copy files to the local hard disk to be. (Figure 3)






Step four: The next is written to the registry, self-starting services and related processes, pop-up dialog box is initialized for 8Signs Firewall settings. First of all, the software user setting, we choose the first "Make my ruleset for me" (set rules on this account) can be. (Figure 4)






Step Five: The software supports remote management capabilities, we can set the password and the default management port for remote control and monitoring. Of course, for the most part we do not need this feature, directly select "NO" can be. (Figure 5)






Step six: Set the startup mode of the software firewall, YES is the start and start with the system. (Figure 6)






Step Seven: Finally, a crucial step, certainly can not choose the wrong, he is let you set the default, if the firewall is not open, then allow or block communication communications. This should be determined based on actual use, I suggest that you select ALLOW allowed, otherwise no Internet access, the firewall was not any more difficult to find the driving source of the problem was. (See Figure 7)






Step eight: After installation, restart the computer before they could set to take effect, point "Finish" button to end the installation. (Figure 8)






So far we have completed the 8Signs Firewall software firewall installation, then on him to help us eradicate the worm ARP cheating.

Second, starting from the local filter ARP cheating worm eradication:

ARP cheating attack the virus lies to deceive ARP mapping table corresponding to the gateway MAC address information pointing to the wrong address. When we execute arp-a view the local ARP cache should be able to see a different IP address corresponding to the same MAC address, in particular, the gateway address the existence of such correspondence. (Figure 9)






To deal with this error bound relationship, we can use 8Signs Firewall rules in the law.

The first step: restart the computer after install and then start the original program 8Signs Firewall default firewall rules prohibit or delete ARP, ARP tab directly above and the corresponding selection rules can disable right click select disable. (Figure 10)






Step Two: Rule menu and then set up trusted IP Address Group, the address group for the establishment of a name. (Figure 11)






Step Three: In the newly created group to add a IP address corresponding to the message that the gateway IP address to join. (Figure 12)






Step four: After the establishment of complete IP address of group MAC address groups also need to build, we build trust through the Rules menu and the MAC Group. (Figure 13)






Step five: the same group as the MAC address of a name and enter the real MAC address of the gateway device to establish rules for the default rule. (Figure 14)






Step Six: Return to the software's main interface, under the rules in the network adapters to create a new ARP rules, remember to select the ARP tab on the right. (Figure 15)






Step Seven: In the Add Rule window, select filtering Filter tab, then select the previous match had been allowed to set a good group of filtering rules. (Figure 16)






Step eight: in the same window actions Action tab, select "ALLOW" allowed, so that only the matching rules of the ARP packet will be sent and received, the other does not meet the rules of the packet is discarded. (Figure 17)






Ninth step: If there is a network worm ARP deception, then we will see after opening 8Signs Firewall LOG logging a lot of information in the article shows that this error does not match ARP packets discarded information. (Figure 18)






10th step: Finally, we let 8Signs Firewall program with the system start or add to the Group Policy startup script or you can start the script.

So far we have completed the ARP from the machine to start cheating worm eradication work, this paper is the use of filtering software firewall 8Signs Firewall rules to achieve the eradication of function, of course, this method is very effective, than simply using the arp-s to bind ARP cache information better, to know arp-s command encountered the virus after a strong point about losing the role of ARP.

Third, sum up:

This article only describes 8Signs Firewall software firewall, in fact, many software firewalls have this feature, we only need to follow this line of thought to the firewall software to find information about ARP filtering function can, by scanning all sent and received ARP data to achieve the filtering effect, would be a false ARP packets stop cheating outside of the operating system, let us be more stable and secure internal networks running.

Tip:

This article describes the method of prevention is only a passive approach, the network that Taiwan ARP cheating virus infected machines will continue to attack, so the key is to identify the machine to his isolation and anti-virus.







Recommended links:



You do the boot screen will MOVE you



M2TS Converter



ANOTHER pair of eyes CMMI [2]



Mac can become the third MONEY-MAKER Jobs



Compression bag watch the HIGHLIGHTS (2)



MKV to Zune



VOB to WMV



Five new features JSP2.0



EAM intense competition



brief E-Mail CLIENTS



Characteristics of GIS



How to trace cell phone numbers free



Wizard Newsgroup Clients



DPAL apartment door machine



Cheap Bargain Delphi is legendary



Saturday, October 9, 2010

Distributed PowerBuilder works



Chapter XVI Distributed PowerBuilder works
16.1 Virtual Machine

In this chapter, we describe in detail the working mechanism of Distributed PowerBuilder.

PowerBuilder in the server virtual machine model is achieved. Whenever a link to the client and server, the server for the client to open a separate memory, the formation of an independent virtual machine.

If we have four client applications to link to the server, PowerBuilder will set up four virtual machines, the four virtual machines are independent of each other, each with four different memory blocks, they are not directly between Sharing.

In addition, we need to point out that so far as to, PowerBuilder of all function calls are synchronous, which also includes the realization of Distributed PowerBuilder. When an application is called a proxy defined function, this application will be in a wait state until the service side of the NVO to final results to return. Before the return of the NVO, the application will be temporarily suspended the operating system.

PowerBuilder can not be directly shared memory, and the client and server session is synchronized.

16.2 remote call function parameters

Client call a remote NVO may use the function parameters. The function parameter can be any simple data type (Simple Data Types), including the structure, array, etc., reference method (By Reference) or directly by value (By Value) can be. PowerBuilder also supports NVO object parameters.

However, PowerBuilder does not support the use of the object pass parameters by reference. In PowerBuilder, there are a number of complex objects, such as the data window, window object and so on, we can not pass parameters by reference. This is a remote call parameters PowerBuilder restrictions.







Recommended links:



C # event mechanism of induction (B)



Communities of Practice: KNOWLEDGE Capital Optimization



Power Protection Get Ready For 2012 Olympics



WPS form with a control tool TO insert Flash animation



RM TO AVI



AVI to FLV



MKV To PSP



Rotating pear tree production Xiangjie



Make a IPhunter



Recommend Dial Up And Connection Tools



Column To Add Or Modify The Rules



Jie Mi Classic 10 strokes to create SUPER-PROMOTERS



Icons Shop



Sunny Chen wins on: From the opening PRACTICE game against Daohao value-added internal strength