Tuesday, August 3, 2010

Rising 2008, accused of dangerous: not considered extreme?



Reporters on the Rising Antivirus 2008 reports of alleged dangerous than the virus and the antivirus vendors of enterprise caused great concern, and the most concerned about is whether there are any problems Rising 2008? Whether there is any design flaw or just did not take into account the extreme conditions?

Status: can not confirm the official version no problem

To this end, the reporter contacted the marketing department Rising Hao Ting, ARP broadcast packets received on the latest events. She said, "The Rising sent to Jilin University and Jilin University team has done a very good communication, both sides reached a consensus on some issues. Jilin University has made it clear that a notice 浼?up with another, to explain the incident, Is this some of the media He are in question, there will be an official statement. I believe the recent announcement on this website can be seen in Jilin University. And if the network Jilin University, later a security issues, Rising will be the first to send experts to assist them in solving problems. "For the Sichuan University, where she also said everything went smoothly.

Press again to connect the Information Management Center of Sichuan University ginger teacher about the situation. He said: "The lifting of restrictions, although sometimes network segment still have a lot of ARP broadcast packets to send, but we have no definitive evidence that this is because the problems Rising send so many broadcast packets, because the virus may be Send. "When asked to Rising team ARP broadcast packet whether the results of the survey questions, Jiang teacher said:" Rising on the River is not a big problem to clear conclusions, in the end is the question of which party. but according to our school the specific situation, they said the new upgrade package has changed a number of strategies. We are still watching to see there to no avail. to the official version of the use also in the observation, the official version can not be completely sure there is no problem. "

CCERT: ARP ARP protocol is used to deceive their own shortcomings

China Education and Research Network Emergency Response Team (CCERT) refers to the CERNET network security emergency response system in general, on the China Education and Research Network and the members of the network to provide fast response to security incidents or technical support services.

The agency's network security engineer Zhengxian Wei said in an interview, "I have not tested Rising firewall protection mechanism will send a large number of ARP packets. But from the principle of the protection, the virus host to the gateway for each packet sent an ARP cheating , the client firewall to correct the gateway to the ARP cache table must also be a gateway to send the correct ARP packets, which means that as long as the virus kept the hair, the firewall will not stop the hair. outset, we developed called ARPFix of firewall also used this method, but then take into account may generate a large number of ARP packets, so in the end gave up. "

In CCERT site "ARP cheating virus topic", the reporter also saw this passage, "because ARP ARP protocol is used to deceive their own shortcomings, so far, we still do not have a very effective way to control this attack. present difficulties mainly in the gateway switch, we have not yet found an effective way to prevent the gateway's ARP list of changes is not to be deceived. Therefore, the most effective way to quickly block or the source of such attacks. This requires to quickly detect and locate the attacker attacks the host location to be addressed. "

Jinshan: Rising did not consider the extreme case

As the home of another well-known anti-virus software development company of Kingsoft's anti-virus drugs based on ARP software. Kingsoft's anti-virus engineer Li Tiejun, told this reporter: "the method used to inform the gateway to prevent ARP spoofing is one way to respond to ARP cheating, using this approach, taking into account extreme cases, such as the complex in the Campus Network network environment, if all clients are doing, it will lead to network anomalies. better to use other methods, prevent users from misuse. Therefore, antivirus manufacturers to adopt such an approach in as carefully as possible. Yong users saying Juyu Wang Many of the client machine to inform the gateway of the methods to prevent ARP attacks, is 1000 kills, 1200 losses from the practice can easily lead to network storm, security vendor should guide the user to avoid incorrect settings, such as product interface should be informed risks, to remind users to be careful Operation. "

Li Tiejun said recently Kingsoft Duba also released its own defense ARP attack software. The two-way firewall is used to intercept packets ARP attacks, including other computers on the local ARP attacks and the native ARP attacks on other computers. It will prevent other machines in LAN ARP attack launched from a largely played a controlled flood of ARP packets to deceive the problem. In addition, the reporter also found that the ARP firewall Jinshan has a similar option with the Rising, but the default is not checked. Li Tiejun this explanation: "When necessary, they can check on this option, and can set their own definition of the number of contracting. This is like the need to set up according to their cry or not cry, cry, then Han Jisheng. This When you can take the initiative to inform the gateway must also be able to network resources on their own within the scope of control. "But, he said Jinshan not recommended to inform the gateway of the way to prevent ARP deception, and will products interface to the user in an appropriate reminder.







相关链接:



Wave escort firm in Hefei



google video FORMAT



Vob converter free download



Failure from shutdown trouble



Two Errors in the exchange of Links



Frequently Asked Questions based on C # language summary (2)



what is a vob file



"Tencent Night Awards" announced this year's Great Wall Advertising Festival award the fifteenth



How To Compile Kernel



Easy Astrology Or Biorhythms Or Mystic



Assembly INSTRUCTIONS and the machine code of each conversion



Genealogy reviews



ts File extension