| Modern military information system is becoming more and more intelligent and dependent on network. The information war targeting at military information system has stepped into the stage of modern war as a kind of new form. Counterpart in war both treat the deterring and destroying the other's information network as the key symbol of achieving information domination and network domination. Modern high technical war can't live without network. Long-distance scanning technique plays a very important role in the network attacking and defending. To enhance the development of our network attacking technique and to defend our network information system, long-distance scanning technique must be deeply studied.Firstly, different kinds of skills and policies of the long-distance scanning technique on the Internet are analyzed and compared in this paper. Then, the prevalent problems of the scanning-implements on the network are pointed out. And on the basis of the forward studies, a long-distance synthetical scanner is designed and realized. Moreover, some measures are taken to optimize the implement. At last, the trend of the long-distance scanning technique in the future is predicted.In this paper, the main contribution is as follows: After analyzing the network protocols and their weakness, the long-distance scanning technique are studied and divided, according to the different scanning objects, into three parts: port-scan, OS-detect and hole-scan. Furthermore, every type of the scanning technique is deeply analyzed and compared, and the principles, characters, environments of the different skills are detailed summarized. Policies used by the long-distance scanning technique are researched and relevant models are presented. A scanner of long-distance is designed, which has better synthetical performance. Firstly, it can offer multi port-scan skills. Secondly, through many kinds of detecting ways, it can get the OS-fingerprints of the long-distance computer, and then guess the faraway operation system exactly. Thirdly, on the basis of designing the hole-scan module, it can detect the holes of'CGI Abuse'. By using Winsock API and WinPcap API, the author has designed and realized each module of the implement, including data-send/receive module, port-scan module, OS-detect module, hole-scan module, and a simple database. By using the policies of disordering the port number, sending data simultaneously, adjusting the control time and the threshold of the fingerprint matching dynamically, and the spoof scanning model, the scanner is optimized in the secret, accuracy, and speed.
|
PDF Full Text Request