What router will be infected with mining virus
Hello
1, the router itself may be poisoned, but the probability is very small
2, if you have slow access to the Internet or network disconnection, it may be caused by too much cache or ARP attack
3, you can download a computer housekeeper from the official website of Tencent computer housekeeper
4, and then open the computer manager - Computer clinic - abnormal Internet access, slow Internet access, according to the computer manager tips, graally optimize your computer network
if you have any other questions, please come to the computer manager enterprise platform again and we will try our best to solve them for you
rubbing the Internet is just to use your Internet access. Generally, your computer is not connected, so the computer will not be infected with virus.
BT is a popular distributed data sharing and dissemination software based on P2P technology in recent years. Different people have different views on this kind of application. People who support it say that it fully embodies the idea of "I am for all" and "everyone is for me". Anyone can provide others with their own documents or software downloads on the Internet. When there are more and more people downloading, the speed of downloading becomes faster and faster; Opponents say it infringes the right of software authors and consumes a lot of network bandwidth, which should be banned. No matter what people think of this software, as a university mainly engaged in ecation, we should first protect the author's intellectual property rights from infringement, and also ensure that the school's network resources can be reasonably used to ensure the normal development of teaching and other applications. For any university, its network bandwidth resources are very valuable, but the use of BT software consumes a lot of bandwidth, which affects some applications that need to be guaranteed. The use of theoretical preaching often can not make people who like this kind of software give up this preference, so it is necessary to limit this kind of software from the technical means. The following is to analyze the working principle of BT download software, find the basis that can be used to limit such applications, and then limit
first of all, the general port used by BT class download software is a fixed range, and the common range is: 6881 ~ 6890. If we can limit the port in this section in the router, we can limit this kind of software. But there are also some BT software that can automatically update the port. This kind of software has a common feature is that it takes up a lot of bandwidth when working, which often exceeds the normal application, so we limit this kind of software from two aspects: one is to limit its application port, the other is to limit the abnormal traffic. These two aspects are configured as follows:
1. Use class based routing policy to control
1. Port restrictions: www.2000year.com
access list 101 deny TCP any EQ range 6881 6890 any range 6881 6890
access list 101 permit any any
2. Traffic limit:
class map match all BT_ updown
match access-group 101
policy-map drop-bt_ updown
class bt_ Up down
police 1024000 51200 51200 form action drop exceeded action drop vialate action drop, Cisco router provides a special pdlm (packet description language mole) package description language mole from the protocol layer, and describes the protocol used by this kind of software. Therefore, the router can analyze the protocol used by the data packet. When the transmitted data packet conforms to the description of the protocol, the router can identify and control the data (such as allowing or discarding) with the corresponding class strategy, so as to fundamentally solve the problem of dynamic port control. However, because pdlm mole is a non-public resource, Cisco company strictly controls the download and dissemination of the resource. Only router users with CCO qualification can download and use it. Since the pdlm is not a startup add-on of the router, when the router is restarted, it must be manually loaded through TFTP:
IP nbar pdlm tftp://192.168.100.2/bittorrent.pdlm //Bittorrent.pdlm is the file name of the downloaded pdlm mole
class map match all BT_ Updown / / define class BT_ Updown
match protocol BitTorrent / / match BitTorrent protocol
policy map limit BT / / define policy map limit_ bt
class bt_ Updown / / add the class BT_ The updown is loaded into the policy diagram as a trigger event
police CIR 240000 conform action transaction exceeded action drop / / the size of the conforming and overloaded transport stream is 240000 bits
police CIR 8000 conform action transaction exceeded action drop
load the service policy on the corresponding port of the router:
service policy input limit bit / / restrict the download, Inflow
service policy output limit bit / / restrict upload, outflow
Nimda virus (Nimda) and red code virus appeared in 2001 are worm viruses. These viruses spread through the network with high speed and strong damage to infected computers. Once the user is infected with this virus, as long as there is such a virus in the network, it is difficult to remove it in general. Here, we don't want to discuss the working principle of viruses and how to remove these viruses too much, but mainly discuss how the network behavior of these viruses can be identified in the router and how to use the corresponding strategies to block or discard these packets
the main characteristics of Nimda virus spreading in the network are as follows:
1. Using the virus host to send a large number of "readme. EML" e-mails containing "readme. Exe" attachments in a short time through the network
2. Search for the backdoor program left by previous IIS worms that has been or has been infected with code red and left a virus backdoor. Nimda virus will use the backdoor program to scan for vulnerabilities; www.2000year.com
3. Sending and scanning a large number of e-mails containing viruses will lead to DOS
after analyzing the main characteristics of Nimda virus, It can be configured on the router to prevent and prevent the spread of Nimda virus:
A. blocking port
access list 101 deny TCP any EQ 25 Any EQ 25 / / blocking SMTP protocol port
access list 101 deny TCP any EQ 69 Any EQ 69 / / blocking TFTP port
access list 101 deny TCP any EQ 135 any EQ 135 / / blocking NetBIOS protocol
access list 101 deny TCP any EQ 445 any EQ 445 / / blocking NetBIOS protocol
access list 101 deny TCP any EQ range 138 139 any range 138 139 / / blocking NetBIOS protocol
access list 101 permit any
B. configuration strategy diagram
class map match all Nimda / / defining class Nimda
match Protocol HTTP URL & quot; * ida*" // The URL address in the matching HTTP protocol contains the. IDA keyword
match Protocol HTTP URL & quot* cmd.exe*" // The URL address in the matching HTTP protocol contains the keyword of cmd.exe
match Protocol HTTP URL & quot* root.exe*" // The URL address in the matching HTTP protocol contains the root.exe keyword
match Protocol HTTP URL & quot* readme.eml*" // The URL address in the HTTP protocol contains the readme.eml keyword
policy map block_ Nimda / / define policy graph block_ Nimda
class Nimda / / load Nimda class into the policy diagram as a trigger event
police 512000 128000 256000 form action transaction exceeded action drop vialate action drop / / define router rate limit policy
conclusion: all the above QoS based router configurations have passed the test on Cisco 2621xm router. Through the test, it can not only significantly rece the impact of BT, Nimda and other viruses on the network and the massive consumption of network resources, protect the normal computer users' demand for network resources, but also effectively prevent the attack of other similar network worms. The actual value is very obvious.
-
the router is almost virus free
-
router, also known as gateway, is used to connect multiple logically separated networks. The so-called logical network represents a single network or a subnet. When the data is transmitted from one subnet to another, it can be completed through the router's routing function. Therefore, the router has the function of judging the network address and selecting the IP path. It can establish flexible connections in the multi network interconnection environment. It can connect various subnets with completely different data packets and media access methods. The router only accepts the information from the source station or other routers, and belongs to an interconnection device of the network layer
in general, routers are less threatened.
it must be the problem of the wireless router.
restore the factory settings and try to reconfigure them
you can check whether someone is controlling your computer or network speed first
Start Run enter CMD enter
Enter ARP / a enter
normally, only one gateway IP: 192.168.1.1
all other IP is the host computer controlled in the network
you can write down the physical address of the computer corresponding to these IP Find the person who manages the router to find out who is using these computers, or download a control software to counter control these computers (he won't let you use them, and you won't let him use them)
network search gathering network management
reports that Chinese tourists brush Alipay in Japan, making about 70 Japanese banks plan to launch virtual currency jointly to fight Alipay's "attack the city". p>
the ecosystem thinking of Chinese Internet companies is deeply rooted. One of the most important reasons is the weakness of traditional instries, which makes it convenient for Internet companies to overtake, leading to "different offensive and defensive trends". The underdevelopment of China's retail instry makes the substitution advantage of e-commerce obvious. However, the physical retail stores in Japan are too developed, and e-commerce has been slow to develop. As for social networking, games and the Internet, it is because they are in the vacuum of traditional economy that "the sea is wide with fish and the sky is high with birds flying". In addition, the strategic tolerance of regulators to new things has made the new procts such as net car and Alipay not strangled in cradles. As a result, bats graally save the first bucket of capital and have obvious advantages in base areas and base camp, so they can build their own closed-loop ecosystem
most Internet companies in China are driven by business models from the very beginning. This has also been criticized. In short, what Silicon Valley has is to localize and see who is faster and more grounded. When happy enclosure is successfully listed in the United States, the story telling routine is the same. This is the Chinese version ××× BAT is prototypical in foreign countries. Micro-blog Alipay also has prototypes, replicating mature and successful business models. Nowadays, it's becoming more and more fashionable to claim to be a technology company, but the technology companies that really have the killer's mace are still scarce, and the giants large and small are still in the transition from business type to technology type. Even Alibaba and Tencent are more "business" than "technology". However, there is no doubt that Chinese Internet companies are no longer bad imitators and marginal entrants. Instead, they have established their own business paradigm and business civilization to gain more lasting competitive advantages through a large and comprehensive ecosystem
whether it's a black cat or a white cat, it's a good cat to catch mice. One Internet, two kinds of business view, mutually to the table, mutually project, very good. Development is the last word. However, bats should not change from entrepreneurs to capitalists, from pursuing value innovation to seeking profits, and from a win-win ecology to a dominant "empire"