Answer the question
In order to leave comments, you need to log in
F
F
fpir2019-06-05 10:51:54
fpir, 2019-06-05 10:51:54
What's going on with the TCP-IP stack?
The bottom line: sites nslooup-yatsya but do not respond, swearing at the impossibility of detection, respectively, do not open in the browser. It is clear that the virus that violated TCP-IP. Personally, I will cure one of the functions of the AVZ utility, then run the cureit.
But I'm wondering how this is done theoretically and practically, how the stack is broken, can it be fixed simply by hand, well, what does the virus do, provided that it has already entered the system, can someone explain?
3 answer(s)
@DDwrt100
@mindtester
- nslooup finds out the existence of a name, a name by IP address, or an IP address by name. and all. it does not check the availability of
ahtung ! - in the context of fears of malware, you can also allow the substitution of DNS servers (and the enemy's DNS servers could break / glitch). but you can check the DNS with the provider's instructions, or hard-hit the well-known Google ones - 8.8.8.8 / 8.8.4.4
- ping checks the availability of the site, more precisely the host, or more precisely, its public router. very rare, almost impossible for public sites, but still it is possible that ping to the host is simply prohibited
- you can add the tracert command to the weapon box
I would do a check from a clean system, for example a Linux live-sd*, ping and proterase sites, compare the target ips visible under the clean system and visible under the failing system. I would also pay attention to the router, if it exists. as an option - check from a clean system a direct connection to the provider. you need to find some reference variant
* (the second akhtung!) - live-sd assembly of Windows, under no circumstances, can be considered a clean system .. only if you yourself collected
ps AVZ up to seven inclusive, treated perfectly. the network stack. from 8.* onwards, I don’t remember that I needed it at least once, so I can’t comment on the risks
D
DDwrt100, 2019-06-05 @DDwrt100
Very broad question, there are many attack vectors from the system. You can override the settings, for example, change routes, or fix the Hosts file, change the settings of the built-in firewall, play around with group policies. You can attack "system services" by damaging them or replacing them with rewritten ones.
If the stack is corrupted, Windows has the netsh winsock reset command. In theory, this restores the TCP stack if it is corrupted.
#
#, 2019-06-05 @mindtester
sites nslooup but not pingedtwo things that are not connected in principle
- nslooup finds out the existence of a name, a name by IP address, or an IP address by name. and all. it does not check the availability of
ahtung ! - in the context of fears of malware, you can also allow the substitution of DNS servers (and the enemy's DNS servers could break / glitch). but you can check the DNS with the provider's instructions, or hard-hit the well-known Google ones - 8.8.8.8 / 8.8.4.4
host disappears, sites resolve correctly, when changing the route, the pign would answer that "the site is not available", and not "the site was not found"this is an overly optimistic position. met malware that blocks access to hosts. and there was even such a scenario at least once - the malware skillfully slipped fake hosts, quite civil in content
- ping checks the availability of the site, more precisely the host, or more precisely, its public router. very rare, almost impossible for public sites, but still it is possible that ping to the host is simply prohibited
- you can add the tracert command to the weapon box
I would do a check from a clean system, for example a Linux live-sd*, ping and proterase sites, compare the target ips visible under the clean system and visible under the failing system. I would also pay attention to the router, if it exists. as an option - check from a clean system a direct connection to the provider. you need to find some reference variant
* (the second akhtung!) - live-sd assembly of Windows, under no circumstances, can be considered a clean system .. only if you yourself collected
ps AVZ up to seven inclusive, treated perfectly. the network stack. from 8.* onwards, I don’t remember that I needed it at least once, so I can’t comment on the risks
Similar questions
W
M
I
E
S
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question