How can I get to Shanghai Qingpu Aolai shopping center
get on from Shanghai Qing special line (Pu'an Road (people's Square) station, take 18 stops to get off (outlets Station), about 26 km, it takes 100 minutes, there is no subway
attached:
bus information of Shanghai Qing special line:
ticket selling method (ticket seller); Ticket price (7-8 yuan); Time (to Qingpu bus station: 06:00-23:00, to Pu'an Road: 5:30-19:00); Departure interval (5 minutes)
smooth journey..
bus line: Metro Line 2 → rail transit line 17, the whole journey is about 29.0km
1. Take Metro Line 2 from people's Square, pass 10 stations, and reach Hongqiao Railway Station
2. Take rail transit line 17, pass 5 stations, and reach Jiasong Middle Road Station
3. Walk about 930m, and reach Bailian outlets
in the control window of windows (command interpreter of Windows 95 / 98 / me and CMD interpreter of Windows NT / 2000), you can see the description of this command by running Ping. It is a command to detect the speed of information transmission between local computer and remote computer. This command needs the support of TCP / IP protocol, Ping will calculate the time required for a message to be sent from local to remote and then returned. Hackers use this command to decide whether to attack the server
in addition, this command can also find the IP address of the other server through the domain name. We know that the domain name is only used for browsing web pages. When we see a domain name address, we want to connect it through telnet, You must know the IP address of the other party. Here you also need to use the ping command
the basic format of this command can be obtained by running Ping directly. Now suppose the target is http://www.abc.com/ , you can enter Ping in the console www.abc.com , The results are as follows:
pinging www.abc.com [204.202.136.32] with 32 bytes of data:
Reply from 204.202.136.32: bytes=32 time=302ms TTL=240
Reply from 204.202.136.32: bytes=32 time=357ms TTL=240
Reply from 204.202.136.32: bytes=32 time=288ms TTL=240
Reply from 204.202.136.32: bytes=32 time=274ms TTL=240
Ping statis Tips for 204.202.136.32:
packets: sent = 4, received = 4, lost = 0 (0% loss),
approximate round trip times in milli seconds:
minimum = 274ms, maximum = 357ms, average = 305ms
these messages mean: www.abc.com His IP address is 204.202.136.32. He has sent four packets to him. The packet size is 32 bytes, Each return time is 302ms, 357ms, 288ms, 274ms respectively. In summary, the minimum time for sending all four packets is 274ms, the maximum time is 357ms, and their average time is 305ms
in this way, hackers can know when to connect to the other server. In addition, this command has some special usages. For example, you can check the NetBIOS name of the server through the IP address. Now take 211.100.8.87 as an example, use Ping with "- a" and enter the command Ping - a 211.100.8.87 under the console, Its return result is:
Ping popnet-fbz9jdfv [211.100.8.87] with 32 bytes of data:
reply from 211.100.8.87: bytes = 32 time = 96ms TTL = 120
reply from 211.100.8.87: bytes = 32 time = 110ms TTL = 120
reply from 211.100.8.87: bytes = 32 time = 110ms TTL = 120
Ping stat Statistics for 211.100.8.87:
packets: sent = 4, received = 4, lost = 0 (0% loss),
approximate round trip times in milli seconds:
minimum = 96ms, maximum = 110ms, average = 106ms
from this result, we can know that the NetBIOS name of the server is popnet-fbz9jdfv. In addition, in general, you can ping the TTL value returned by the other party to roughly judge whether the system type of the target host is windows series or UNIX / linux series. In general, the TTL value returned by the windows series system is between 100-130, while the TTL value returned by the UNIX / linux series system is between 240-255, such as the above www.abc.com The TTL returned is 240, The other party's system is likely to be Linux, while the TTL of the second target is 120, which means that the system it uses may be windows< Second, net command:
in Windows Me / NT / 2000, many network functions start with net command, Through net help, you can see the detailed introction of these commands:
net config displays system network settings
net diag runs MS diagnostics program to display network diagnostic information
net help displays help information
net init loads protocol or network card driver without binding
net logo FF disconnected shared resources
net logo logs in workgroup < br />Net password changes the system login password
net print displays or controls the print job and print queue
net start starts the service, or displays the list of started services
net stop stops the network service
net time synchronizes the computer clock with the time of another computer or domain
net use connects the computer or disconnects the computer from shared resources, Or display the connection information of the computer
net ver displays the network connection type and information in use in the LAN
net view displays the domain list, computer list or the list of shared resources of the specified computer
these commands are less supported in Win95 / 98, only a few are basically common, and they are more common in nt or 2000, The most commonly used are net view and net use. Through the two commands, you can connect to the open remote sharing system on the network and get information. This kind of remote sharing was originally designed for convenient operation, but many network administrators ignored its security, which resulted in the exposure of a lot of information that should not be shared,
for example, entering net view & # 92 under the console&# 92; 202.96.50.24 can get the system shared directory of the corresponding IP, and then find their shared files. Of course, there is a shared directory in 202.96.50.24 system.
Three: telnet and FTP commands:
these two commands can remotely log in to the system by telnet and FTP respectively. The two kinds of login use different protocols, FTP is a remote file sharing service, that is to say, it can upload and download its own data, but it does not have too many rights to upload files on the remote computer; Telnet belongs to the remote login service, that is to say, it can log on to the remote system and obtain an interpreter permission. Having an interpreter means having certain permissions, which may be basic file operation, file management, and other functions It can also control the administrator authority of the system
4: netstat command:
it can display the details of the currently active network connection, such as the protocol type used, the IP address of the current host and the remote connected host (one or more), and the connection status between them. Using netstat? The command format and parameter description can be displayed:
netstat [- A] [- e] [- n] [- S] [- P proto] [- R] [interval] the parameter description is as follows:
- a displays the port numbers of all hosts
- e displays Ethernet statistics
- N displays the address and port in the form of digital table
- P proto displays the specific usage information of a specific protocol
- R displays the contents of the local routing table
- s displays the usage status of each protocol (including TCP, UDP and IP)
interval displays the selected status again, and the number of intervals (in seconds) between each display
the main purpose of the netstat command is to detect the open ports of the local system. In this way, you can know what services your system has opened and preliminarily infer whether there is a Trojan horse in the system, because the default open ports of common network services are not easily occupied by Trojans. For example, the port used for FTP (File Transfer Protocol) is 21; The port for telnet is 23; The port for SMTP is 25; The port used for DNS is 53; The port for HTTP is 80; The port for pop3 is 110; The open port in windows is 139. In addition, if there are other strange ports in the system, it may be used by Trojan horse program. Through netstat or netstat - A, you can observe the open ports. If you find the following ports, it means that there are Trojan horse programs in the system:
port 31337 is the default port of backoffice Trojan horse; 1999 is Yai Trojan horse program; 2140 or 3150 are ports used by deep thread Trojan horse; In addition, Trojan programs such as netbus, glacier or sub7 can customize the port, so we must be vigilant when we find a strange port, and use firewall or virus detection software to detect it.
V: tracert command:
the function of this command is to determine the path of the data packet to the destination host Display the relay node list and arrival time of the packet. The format of tracert command is as follows:
tracert [- D] [- H maximum_ hops] [-j host-list] [-w timeout] target_ Name
the parameter - D in the command line requires tracert not to parse the host name, - H is to specify the maximum number of rounds to search the destination address, - J is to release the source route along the host list, - W is to set the timeout interval
through tracert, we can judge whether a server belongs to domestic or international (the physical unknown of the network server can not be judged by the domain name). According to the routing path, we can judge which IP the information is sent from our own system to the network, and which IP has passed to the server of the other party. Only when we know the transmission path of our own information, we can have a clearer understanding of the network Attack the server< 6. Winipcfg:
winipcfg and ipconfig are used to display the configuration information of IP protocol in the host. Only winipcfg is suitable for Windows 95 / 98, and ipconfig is suitable for Windows NT. Winipcfg does not use parameters. If it runs directly, it will display specific information in the form of windows window. The information includes the physical address of the network adapter, the IP address of the host, the subnet mask, and the default gateway. Click "other information" to view the information about the host, such as the host name, DNS server, node type, etc. The physical address of the network adapter is very useful in detecting network errors
the command format of ipconfig is as follows: ipconfig [/? |/ All | / release [adapter] | / renew [adapter]]
the parameters are described as follows:
the following information can be obtained by using ipconfig command without parameters: IP address, subnet mask and default gateway. But using ipconfig
/? English description of ipconfig format and parameters
/ all displays all configuration information
/ release releases the IP address for the specified adapter (or all adapters) (only applicable to DHCP)
/ renew updates the IP address for the specified adapter (or all adapters) (DHCP only)
/ all, you can get more information: host name, DNS server, node type, physical address of network adapter, IP address of host, subnet mask, default gateway, etc
At present, the most common Trojan horse is usually based on TCP / UDP protocol for communication between client and server. Since the use of these two protocols, it is inevitable to open the listening port on server (that is, the machine planted with Trojan horse) to wait for connection. For example, the famous glacier uses 7626 as its monitor port, and the back origin 2000 uses 54320 as its monitor port. Then, we can check whether we have been planted with Trojan horse or other hacker program by checking the local open port. The following is a detailed description of the method<
1. The netstat command of windows itself
about the netstat command, let's first take a look at the introction in the windows help file:
netstat
displays the protocol statistics and the current TCP / IP network connection. This command can only be used after TCP / IP protocol is installed
netstat [- A] [- e] [- n] [- S] [- P protocol] [- R] [interval]
parameters
- a
display all connection and listening ports. Server connections are usually not displayed
- e
displays Ethernet statistics. This parameter can be used in combination with the - s option
- N
displays the address and port number in numeric format (rather than trying to find the name)
- s
displays statistics for each protocol. By default, the statistics of TCP, UDP, ICMP and IP are displayed- The P option can be used to specify the default subset
- P protocol
displays the connection of the protocol specified by the protocol; The protocol can be TCP or UDP. If used with the - s option to display statistics for each protocol, the protocol can be TCP, UDP, ICMP, or IP
- R
displays the contents of the routing table
interval
redisplay the selected statistics and pause the interval seconds between each display. Press Ctrl + B to stop redisplaying statistics. If this parameter is omitted, netstat will print the current configuration information once
well, after reading these help files, we should understand how to use the netstat command. Let's learn how to use it now. Let's take a look at the open port of our machine with this command. In the command line, use the A and n parameters of netstat command:
C: & gt; As part of the network, you can < br / < br /
active connections < br / < br / < br / < br /
active connections < br / < br / < br / < br / < br / < br / < br /
active connections < br / < br / < br / < br / < br / < br / < br / < br / < br / < br / < br / < br / < br / < br / < br / < br / < br / < br / < br / < br / < br / < br / < br / < br / < br / < br / < br / < br / < br / < br / < br / < br / < br / < br / < br / < br / < br / < br / < br / < br / < br / < br / < br / < br / < br / < br / < br / < br / < br / < br /
> > > > > > > > > > > < br / < br / < br / < BR and, Active connections refers to the current local active connection, proto refers to the protocol name used by the connection, local address refers to the IP address of the local computer and the port number being used by the connection, foreign address refers to the IP address and port number of the remote computer connecting to the port, and state refers to the TCP connection status. You can see that the listening port in the next three lines is UDP protocol, So there is no state represented by a state. Look! My machine's 7626 port has been opened, is listening and waiting for connection, like this situation is very likely to have been infected with the ice! It is correct to cut off the network in a hurry and check and kill the virus with anti-virus software
2. The command-line tool fport working under Windows 2000
friends who use Windows 2000 are luckier than those who use Windows 9x, because fport can be used to display the corresponding relationship between the local open port and the process
fport is a software proced by foundstone, which is used to list all open TCP / IP and UDP ports in the system, as well as the complete path, PID identification, process name and other information of their corresponding applications. For example:
D: & gt; fport.exe
FPort v1.33 - TCP/IP Process to Port Mapper
Copyright 2000 by Foundstone,Inc.
Pid Process Port Proto Path
748 tcpsvcs -> 7TCP C:WINNTSystem32 cpsvcs.exe
748 tcpsvcs -> 9TCP C:WINNTSystem32 cpsvcs.exe
748 tcpsvcs -> 19TCP C:WINNTSystem32 cpsvcs.exe
416 svchost -> 135 TCP C: WinNT, system32, svchost. Exe
is it clear at a glance. In this case, what programs are open on each port is under your eyes. If you find that a suspicious program has opened a suspicious port, don't be careless. Maybe it's a cunning Trojan horse
the latest version of fport is 2.0. Download is available on many websites, but for the sake of security, it's better to go to its hometown:
3. Active ports, a graphical interface tool similar to fport, is proced by smartline. You can monitor all open TCP / IP / UDP ports of your computer, and display all your ports, It also shows the path of the program corresponding to all ports, and whether the local IP and remote IP (trying to connect to your computer IP) are active. The following is a screenshot of the software:
is it very intuitive? Even better, it also provides a function to close the port. When you use it to find the open port of the Trojan, you can close the port immediately. This software works on Windows NT / 2000 / XP platform. You can get it at home
in fact, users using Windows XP can get the corresponding relationship between port and process without the help of other software, because the netstat command of Windows XP has one more o parameter than the previous version, and the corresponding relationship between port and process can be obtained by using this parameter
the above describes several ways to view the local open port and the corresponding relationship between the port and the process. Through these methods, we can easily find the Trojan horse based on TCP / UDP protocol, hoping to bring help to your beloved machine. But the focus of Trojan prevention, and if the rebound port Trojan, the use of driver and dynamic link library technology to make a new Trojan, these methods are difficult to find traces of the Trojan. So we must develop a good habit of surfing the Internet. Don't run the attachment in the email at will. Install a set of anti-virus software. For example, rising in China is a good helper to check and kill viruses and Trojans. The software downloaded from the Internet should be checked with antivirus software before use, and the network firewall and virus real-time monitoring should be turned on when surfing the Internet, so as to protect your machine from being invaded by hateful Trojans
glacier Trojan horse was developed in 1999, similar to grey pigeon. At the beginning of the design, the original intention of the developer was to write a powerful remote control software. But once launched, relying on its powerful function, it became a tool for hackers to launch invasion, and ended the situation of foreign Trojan horse dominating the world. With the later gray pigeon, it became the symbol and pronoun of domestic Trojan horse. HK alliance mask has used it to invade thousands of computers, including foreign computers
before 2006, glacier has always been an unshakable leading Trojan horse in China. People who have never used glacier in China have never used Trojan horse, which shows the great influence of glacier Trojan horse in China
purpose: remote access and control.
take subway line 9 to Sheshan station first
walk to the bus stop of Sheshan subway station, take Jiasong line, pass 4 stops, and get to fangjiayao station on Jiasong middle road
get off and get off at Qingpu outlets