摘要
通过对局域网内所截取的用于数据信息传输的SMB数据包进行分析及重组的方案,从而得到在局域网中传输的关键信息,诸如文件数据、网内主机信息等,并实现了对LAN中的一些主机访问操作进行日志记录。本方案的实现主要通过分析数据包之间的相关性来进行数据的重组等处理,最终实现了对局域网的隐蔽的信息窃取,并可以和远程攻击相结合进行更深入的攻击。此方案实现网络环境为Windows2000Professional建立的局域网,但实现的基本原理是适用于其它NOS建立的局域网。
Aims at analyzing and regrouping the SMB packets captured in LAN for data-information transmission,so as to get the key-information,such as file-information, host-information, and to realize getting the information of accessing operation of the hosts in LAN into the log.The implementation of this project depends on the analysis on the pertinence between the SMB packets,and the processing such as regrouping base on it.This project can finally get the information in LAN snugly, and begin farther attack by cooperating with remote attack.The practice of this project is based on the Windows 2000 Professional,and the rationale is fit in with other NOS.
出处
《微机发展》
2004年第8期114-116,共3页
Microcomputer Development
