今年的會議內容很是精彩，但是所住的九華山莊的網絡卻出現了一些問題。這在開心就好的博客里也有所提到，我想應該問題類似吧。
表現是網絡速度非常慢，網頁經常需要刷新才能打開。
首先給大家看幾個截圖：

我想做安全的朋友應該都很熟悉了，典型的ARP攻擊。
再看看AST的判斷：

看來我們的判斷沒有錯，經過確認，這個主機不是酒店的電腦。那么，他是誰呢？

我掃了一下，初步判斷
這臺機器使用最常見的XP:
172.26.1.40 resolves as A1120.
Remote operating system : Microsoft Windows XP Service Pack 2


漏洞也是存在的（3個)：
05-027,06-035,06-040

Synopsis :

Arbitrary code can be executed on the remote host due to a flaw in the
'server' service.

Description :

The remote host is vulnerable to a buffer overrun in the 'Server' service
which may allow an attacker to execute arbitrary code on the remote host
with the 'System' privileges.

Synopsis :

Arbitrary code can be executed on the remote host due to a flaw in the
SMB implementation.

Description :

The remote version of Windows contains a flaw in the Server Message
Block (SMB) implementation which may allow an attacker to execute arbitrary
code on the remote host.

An attacker does not need to be authenticated to exploit this flaw.

Arbitrary code can be executed on the remote host due to a flaw in the
'server' service.

Description :

The remote host is vulnerable to heap overflow in the 'Server' service which
may allow an attacker to execute arbitrary code on the remote host with
the 'System' privileges.

In addition to this, the remote host is also vulnerable to an information
disclosure vulnerability in SMB which may allow an attacker to obtain
portions of the memory of the remote host.

此時看來，更像是某個無辜的朋友中了ARP病毒，想想就算了吧。因為我向來以善意來猜測別人。

但是后來的情況讓我覺得恐怕這并非那么簡單：


從上邊的圖片看來，所有訪問HTTP的請求都被插入了一個js來掛馬，這“可愛的馬兒”還集多個exploit于一身，正所謂居家旅行........之必備....
真不知有多少弟兄在此中招。實在不忍通知了幾位朋友和會務組，會務組也很快通知了酒店，但是當會議結束離開時，酒店仍然沒有給任何答復...：（

如果你有耐心看到這里，請修改一下你的密碼，雖然我們大家向來都以善意來揣測別人～

轉載于:https://www.cnblogs.com/liuyuer/archive/2007/11/10/955111.html

總結

以上是生活随笔為你收集整理的提醒参加北京Tech.Ed2007会议并在九华山庄上网的朋友注意！的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。