The difference between TCP and UDP
The advantages of TCP:
Reliable and stable. TCP is reliably reflected in TCP before the data is transmitted, there will be three handshaking to establish a connection, and in the data transfer, there are confirmation, window, retransmission, congestion control mechanism, after the data is transmitted, it will also be disconnected Save system resources.
Disadvantages of TCP:
slow, low efficiency, high system resources, and easy to be attacked. Before TCP can transfer data, it must first establish a connection, which will take time, and when the data is transmitted, the confirmation mechanism, retransmission mechanism, congestion control mechanism, etc. will consume a lot of time, and all transmissions should be maintained on each device. Connections, in fact, each connection occupies the system’s CPU, memory and other hardware resources. Moreover, because TCP has an acknowledgment mechanism and a three-way handshake mechanism, these also cause TCP to be easily utilized, and implement attacks such as DOS, DDOS, and CC.
Advantages of UDP:
Faster, slightly safer than TCP. UDP does not have TCP handshake, acknowledgment, window, retransmission, congestion control, etc. UDP is a stateless transport protocol, so it is very fast when passing data. Without these mechanisms of TCP, UDP is less vulnerable to exploits than TCP. But UDP is also unable to avoid attacks, such as: UDP Flood attack…
Disadvantages of UDP:
Unreliable and unstable. Because UDP does not have a reliable mechanism for TCP, it is easy to lose packets if the network quality is not good during data transfer.
Based on the above advantages and disadvantages, when should I use TCP?
When there is a requirement for the quality of network communication, for example, the entire data should be accurately transmitted to the other party, which is often used for some reliable applications, such as HTTP, HTTPS, FTP and other protocols for transferring files, POP, SMTP, etc. Agreement.
In daily life, the common applications using the TCP protocol are as follows:
Outlook, POP, SMTP
Putty, Telnet, SSH
QQ file transfer
What is the process of penetration testing?
Overview of the penetration testing process:
pre-interaction phase, intelligence gathering phase, threat modeling phase, vulnerability analysis phase, infiltration attack phase (Exploitation), post-infiltration attack phase (how to control, maintain access), reporting phase.
What is a CC attack?
This is also to know some, know that he is a variant of DDos, normal request forgery, server resources exhausted, and finally look at the encyclopedia answer: CC attack is a kind of DDOS (distributed denial of service), compared to other DDOS attacks CC It seems to be more technical. You can’t see the real source IP in this kind of attack, and you can’t see the unusually large abnormal traffic, but the server can’t connect normally. The principle of CC attack is that the attacker controls some hosts to continuously send a large number of data packets to the other server, causing the server resources to run out until the crash occurs. CC is mainly used to attack the page. Everyone has this experience: when a web page has a large number of people accessing it, the web page is slow. CC is to simulate multiple users (how many threads are users). Accessing pages that require a lot of data operations (that is, requiring a lot of CPU time) causes a waste of server resources. The CPU is at 100% for a long time, and there are always connections that cannot be processed until the network is congested, and normal access is aborted
Talk about your understanding of DLL files
DLL (Dynamic Link Library) files, which are dynamic link libraries , are also called application extensions. In the Windows application, the modular design is implemented, that is to say, not every application has written all the function code, but the DLL of the corresponding function is called during the running process, and the function that does not need to be run is not called, so It greatly speeds up the loading speed and efficiency of the program. Other applications can also call related DLLs, which also helps to promote code reuse and memory usage, reduce resource consumption, and update the relevant DLLs when the program is updated. . It should be noted that some viruses also pretend to be DLL files and replace the system DLL files, we need to guard against.
DLL hijacking principle
Since the input table contains only the DLL name and no path name, the loader must search for DLL files on disk. First try to load the DLL from the directory where the current program is located. If it is not found, look it up in the Windows system directory, and finally find it in the various directories listed in the environment variable. Using this feature, first fake a DLL with the same name, provide the same output table, and each output function turns to the real system DLL. When the program calls the system DLL, it will first call the forged DLL in the current directory. After completing the related functions, it will jump to the system DLL with the same name function. This process uses an image of the word to describe that the system DLL is hijacked. After the fake dll is created, it is placed in the current directory of the program, so that when the original program calls the original function, the function of the same name of the forged dll is called, and the code of the hijacked DLL is entered. After the processing is completed, the original DLL is called.
How to prevent the DLL hijacking
DLL hijacking by using the search path of the system unknown DLL, so that the program loads the system with the same name DLL in the current directory. So you can tell the location of the system DLL, change the order of loading the system DLL is not the current directory, but directly to the system directory to find.