March 2017
Intermediate to advanced
262 pages
5h 26m
Chinese
Content preview from 物联网设备安全
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
攻击无线护士站
——
破坏婴儿监视器和其他设施
|
69
3.1.4
利用动态
DNS
除了弱认证机制以外,“
Exploiting Foscam IP Cameras
”还提到了在
Foscam
设备中还存
在一个漏洞,该漏洞与动态
DNS
特性有关。每一个
Foscam
设备都包含一个唯一
6
位字
符用户名(采用
xx####
格式,
x
表示字符,
#
表示数字),这个用户名会印在摄像机的
固定标签上。这个静态值也会被刷入设备的内存中,同时作为动态
DNS
特性的用户名
和密码。
这一特性在本质上是允许每一台摄像机更新它的
IP
地址以指向
xx####.myfoscam.org
的
主机名(已发现的有效主机名范围在
aa0000
到
ep9310
之间)。这就允许用户不在家的
时候都可以使用
web
浏览器登录摄像机,而不需要非得记住
IP
地址。用户只需要记住
与
myfoscam.org
动态域名服务关联的主机名就可以了。
Foscam
设备采用
UDP
协议,通过向
Foscam
服务器发送
UDP
报文来更新主机名映
射。
UDP
报文中包含设备的用户名和密码,值都是主机名。“
Exploiting Foscam IP
Cameras
”论文中描述了攻击者利用上述内容执行钓鱼攻击的步骤:
1.
攻击者在
aa0000
到
ep9310
范围内选择一个主机名,然后通过
ns1.myfoscam.org
网站查询该主机名所属设备对应的当前
IP
地址。这里,我们假定选定的目标是
aa0000
。
2.
攻击者向
Foscam
服务器发送一个含有用户名值和密码值都是
aa0000
的数据包。
3. Foscam ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.