IANA IPv4 地址空间注册表

IANA IPv4 Address Space Registry

Last Updated
2013-03-22
Description
The allocation of Internet Protocol version 4 (IPv4) address space to various registries is listed
here. Originally, all the IPv4 address spaces was managed directly by the IANA. Later parts of the
address space were allocated to various other registries to manage for particular purposes or
regional areas of the world. RFC 1466 [RFC1466] documents most of these allocations.

This registry is also available in plain text.

Prefix Designation Date Whois Status [1] Note
000/8 IANA – Local Identification 1981-09 RESERVED [2]
001/8 APNIC 2010-01 whois.apnic.net ALLOCATED
002/8 RIPE NCC 2009-09 whois.ripe.net ALLOCATED
003/8 General Electric Company 1994-05 LEGACY
004/8 Level 3 Communications, Inc. 1992-12 LEGACY
005/8 RIPE NCC 2010-11 whois.ripe.net ALLOCATED
006/8 Army Information Systems Center 1994-02 LEGACY
007/8 Administered by ARIN 1995-04 whois.arin.net LEGACY
008/8 Level 3 Communications, Inc. 1992-12 LEGACY
009/8 IBM 1992-08 LEGACY
010/8 IANA – Private Use 1995-06 RESERVED [3]
011/8 DoD Intel Information Systems 1993-05 LEGACY
012/8 AT&T Bell Laboratories 1995-06 LEGACY
013/8 Xerox Corporation 1991-09 LEGACY
014/8 APNIC 2010-04 whois.apnic.net ALLOCATED [4]
015/8 Hewlett-Packard Company 1994-07 LEGACY
016/8 Digital Equipment Corporation 1994-11 LEGACY
017/8 Apple Computer Inc. 1992-07 LEGACY
018/8 MIT 1994-01 LEGACY
019/8 Ford Motor Company 1995-05 LEGACY
020/8 Computer Sciences Corporation 1994-10 LEGACY
021/8 DDN-RVN 1991-07 LEGACY
022/8 Defense Information Systems Agency 1993-05 LEGACY
023/8 ARIN 2010-11 whois.arin.net ALLOCATED
024/8 ARIN 2001-05 whois.arin.net ALLOCATED
025/8 UK Ministry of Defence 1995-01 whois.ripe.net LEGACY
026/8 Defense Information Systems Agency 1995-05 LEGACY
027/8 APNIC 2010-01 whois.apnic.net ALLOCATED
028/8 DSI-North 1992-07 LEGACY
029/8 Defense Information Systems Agency 1991-07 LEGACY
030/8 Defense Information Systems Agency 1991-07 LEGACY
031/8 RIPE NCC 2010-05 whois.ripe.net ALLOCATED
032/8 AT&T Global Network Services 1994-06 LEGACY
033/8 DLA Systems Automation Center 1991-01 LEGACY
034/8 Halliburton Company 1993-03 LEGACY
035/8 Administered by ARIN 1994-04 whois.arin.net LEGACY
036/8 APNIC 2010-10 whois.apnic.net ALLOCATED
037/8 RIPE NCC 2010-11 whois.ripe.net ALLOCATED
038/8 PSINet, Inc. 1994-09 LEGACY
039/8 APNIC 2011-01 whois.apnic.net ALLOCATED
040/8 Administered by ARIN 1994-06 whois.arin.net LEGACY
041/8 AFRINIC 2005-04 whois.afrinic.net ALLOCATED
042/8 APNIC 2010-10 whois.apnic.net ALLOCATED
043/8 Administered by APNIC 1991-01 whois.apnic.net LEGACY
044/8 Amateur Radio Digital Communications 1992-07 LEGACY
045/8 Administered by ARIN 1995-01 whois.arin.net LEGACY
046/8 RIPE NCC 2009-09 whois.ripe.net ALLOCATED
047/8 Administered by ARIN 1991-01 whois.arin.net LEGACY
048/8 Prudential Securities Inc. 1995-05 LEGACY
049/8 APNIC 2010-08 whois.apnic.net ALLOCATED
050/8 ARIN 2010-02 whois.arin.net ALLOCATED
051/8 UK Government Department for Work and Pensions 1994-08 whois.ripe.net LEGACY
052/8 E.I. duPont de Nemours and Co., Inc. 1991-12 LEGACY
053/8 Cap Debis CCS 1993-10 LEGACY
054/8 Administered by ARIN 1992-03 whois.arin.net LEGACY
055/8 DoD Network Information Center 1995-04 LEGACY
056/8 US Postal Service 1994-06 LEGACY
057/8 SITA 1995-05 LEGACY
058/8 APNIC 2004-04 whois.apnic.net ALLOCATED
059/8 APNIC 2004-04 whois.apnic.net ALLOCATED
060/8 APNIC 2003-04 whois.apnic.net ALLOCATED
061/8 APNIC 1997-04 whois.apnic.net ALLOCATED
062/8 RIPE NCC 1997-04 whois.ripe.net ALLOCATED
063/8 ARIN 1997-04 whois.arin.net ALLOCATED
064/8 ARIN 1999-07 whois.arin.net ALLOCATED
065/8 ARIN 2000-07 whois.arin.net ALLOCATED
066/8 ARIN 2000-07 whois.arin.net ALLOCATED
067/8 ARIN 2001-05 whois.arin.net ALLOCATED
068/8 ARIN 2001-06 whois.arin.net ALLOCATED
069/8 ARIN 2002-08 whois.arin.net ALLOCATED
070/8 ARIN 2004-01 whois.arin.net ALLOCATED
071/8 ARIN 2004-08 whois.arin.net ALLOCATED
072/8 ARIN 2004-08 whois.arin.net ALLOCATED
073/8 ARIN 2005-03 whois.arin.net ALLOCATED
074/8 ARIN 2005-06 whois.arin.net ALLOCATED
075/8 ARIN 2005-06 whois.arin.net ALLOCATED
076/8 ARIN 2005-06 whois.arin.net ALLOCATED
077/8 RIPE NCC 2006-08 whois.ripe.net ALLOCATED
078/8 RIPE NCC 2006-08 whois.ripe.net ALLOCATED
079/8 RIPE NCC 2006-08 whois.ripe.net ALLOCATED
080/8 RIPE NCC 2001-04 whois.ripe.net ALLOCATED
081/8 RIPE NCC 2001-04 whois.ripe.net ALLOCATED
082/8 RIPE NCC 2002-11 whois.ripe.net ALLOCATED
083/8 RIPE NCC 2003-11 whois.ripe.net ALLOCATED
084/8 RIPE NCC 2003-11 whois.ripe.net ALLOCATED
085/8 RIPE NCC 2004-04 whois.ripe.net ALLOCATED
086/8 RIPE NCC 2004-04 whois.ripe.net ALLOCATED
087/8 RIPE NCC 2004-04 whois.ripe.net ALLOCATED
088/8 RIPE NCC 2004-04 whois.ripe.net ALLOCATED
089/8 RIPE NCC 2005-06 whois.ripe.net ALLOCATED
090/8 RIPE NCC 2005-06 whois.ripe.net ALLOCATED
091/8 RIPE NCC 2005-06 whois.ripe.net ALLOCATED
092/8 RIPE NCC 2007-03 whois.ripe.net ALLOCATED
093/8 RIPE NCC 2007-03 whois.ripe.net ALLOCATED
094/8 RIPE NCC 2007-07 whois.ripe.net ALLOCATED
095/8 RIPE NCC 2007-07 whois.ripe.net ALLOCATED
096/8 ARIN 2006-10 whois.arin.net ALLOCATED
097/8 ARIN 2006-10 whois.arin.net ALLOCATED
098/8 ARIN 2006-10 whois.arin.net ALLOCATED
099/8 ARIN 2006-10 whois.arin.net ALLOCATED
100/8 ARIN 2010-11 whois.arin.net ALLOCATED [5]
101/8 APNIC 2010-08 whois.apnic.net ALLOCATED
102/8 AFRINIC 2011-02 whois.afrinic.net ALLOCATED
103/8 APNIC 2011-02 whois.apnic.net ALLOCATED
104/8 ARIN 2011-02 whois.arin.net ALLOCATED
105/8 AFRINIC 2010-11 whois.afrinic.net ALLOCATED
106/8 APNIC 2011-01 whois.apnic.net ALLOCATED
107/8 ARIN 2010-02 whois.arin.net ALLOCATED
108/8 ARIN 2008-12 whois.arin.net ALLOCATED
109/8 RIPE NCC 2009-01 whois.ripe.net ALLOCATED
110/8 APNIC 2008-11 whois.apnic.net ALLOCATED
111/8 APNIC 2008-11 whois.apnic.net ALLOCATED
112/8 APNIC 2008-05 whois.apnic.net ALLOCATED
113/8 APNIC 2008-05 whois.apnic.net ALLOCATED
114/8 APNIC 2007-10 whois.apnic.net ALLOCATED
115/8 APNIC 2007-10 whois.apnic.net ALLOCATED
116/8 APNIC 2007-01 whois.apnic.net ALLOCATED
117/8 APNIC 2007-01 whois.apnic.net ALLOCATED
118/8 APNIC 2007-01 whois.apnic.net ALLOCATED
119/8 APNIC 2007-01 whois.apnic.net ALLOCATED
120/8 APNIC 2007-01 whois.apnic.net ALLOCATED
121/8 APNIC 2006-01 whois.apnic.net ALLOCATED
122/8 APNIC 2006-01 whois.apnic.net ALLOCATED
123/8 APNIC 2006-01 whois.apnic.net ALLOCATED
124/8 APNIC 2005-01 whois.apnic.net ALLOCATED
125/8 APNIC 2005-01 whois.apnic.net ALLOCATED
126/8 APNIC 2005-01 whois.apnic.net ALLOCATED
127/8 IANA – Loopback 1981-09 RESERVED [6]
128/8 Administered by ARIN 1993-05 whois.arin.net LEGACY
129/8 Administered by ARIN 1993-05 whois.arin.net LEGACY
130/8 Administered by ARIN 1993-05 whois.arin.net LEGACY
131/8 Administered by ARIN 1993-05 whois.arin.net LEGACY
132/8 Administered by ARIN 1993-05 whois.arin.net LEGACY
133/8 Administered by APNIC 1997-03 whois.apnic.net LEGACY
134/8 Administered by ARIN 1993-05 whois.arin.net LEGACY
135/8 Administered by ARIN 1993-05 whois.arin.net LEGACY
136/8 Administered by ARIN 1993-05 whois.arin.net LEGACY
137/8 Administered by ARIN 1993-05 whois.arin.net LEGACY
138/8 Administered by ARIN 1993-05 whois.arin.net LEGACY
139/8 Administered by ARIN 1993-05 whois.arin.net LEGACY
140/8 Administered by ARIN 1993-05 whois.arin.net LEGACY
141/8 Administered by RIPE NCC 1993-05 whois.ripe.net LEGACY
142/8 Administered by ARIN 1993-05 whois.arin.net LEGACY
143/8 Administered by ARIN 1993-05 whois.arin.net LEGACY
144/8 Administered by ARIN 1993-05 whois.arin.net LEGACY
145/8 Administered by RIPE NCC 1993-05 whois.ripe.net LEGACY
146/8 Administered by ARIN 1993-05 whois.arin.net LEGACY
147/8 Administered by ARIN 1993-05 whois.arin.net LEGACY
148/8 Administered by ARIN 1993-05 whois.arin.net LEGACY
149/8 Administered by ARIN 1993-05 whois.arin.net LEGACY
150/8 Administered by APNIC 1993-05 whois.apnic.net LEGACY
151/8 Administered by RIPE NCC 1993-05 whois.ripe.net LEGACY
152/8 Administered by ARIN 1993-05 whois.arin.net LEGACY
153/8 Administered by APNIC 1993-05 whois.apnic.net LEGACY
154/8 Administered by AFRINIC 1993-05 whois.afrinic.net LEGACY
155/8 Administered by ARIN 1993-05 whois.arin.net LEGACY
156/8 Administered by ARIN 1993-05 whois.arin.net LEGACY
157/8 Administered by ARIN 1993-05 whois.arin.net LEGACY
158/8 Administered by ARIN 1993-05 whois.arin.net LEGACY
159/8 Administered by ARIN 1993-05 whois.arin.net LEGACY
160/8 Administered by ARIN 1993-05 whois.arin.net LEGACY
161/8 Administered by ARIN 1993-05 whois.arin.net LEGACY
162/8 Administered by ARIN 1993-05 whois.arin.net LEGACY
163/8 Administered by APNIC 1993-05 whois.apnic.net LEGACY
164/8 Administered by ARIN 1993-05 whois.arin.net LEGACY
165/8 Administered by ARIN 1993-05 whois.arin.net LEGACY
166/8 Administered by ARIN 1993-05 whois.arin.net LEGACY
167/8 Administered by ARIN 1993-05 whois.arin.net LEGACY
168/8 Administered by ARIN 1993-05 whois.arin.net LEGACY
169/8 Administered by ARIN 1993-05 whois.arin.net LEGACY [7]
170/8 Administered by ARIN 1993-05 whois.arin.net LEGACY
171/8 Administered by APNIC 1993-05 whois.apnic.net LEGACY
172/8 Administered by ARIN 1993-05 whois.arin.net LEGACY [8]
173/8 ARIN 2008-02 whois.arin.net ALLOCATED
174/8 ARIN 2008-02 whois.arin.net ALLOCATED
175/8 APNIC 2009-08 whois.apnic.net ALLOCATED
176/8 RIPE NCC 2010-05 whois.ripe.net ALLOCATED
177/8 LACNIC 2010-06 whois.lacnic.net ALLOCATED
178/8 RIPE NCC 2009-01 whois.ripe.net ALLOCATED
179/8 LACNIC 2011-02 whois.lacnic.net ALLOCATED
180/8 APNIC 2009-04 whois.apnic.net ALLOCATED
181/8 LACNIC 2010-06 whois.lacnic.net ALLOCATED
182/8 APNIC 2009-08 whois.apnic.net ALLOCATED
183/8 APNIC 2009-04 whois.apnic.net ALLOCATED
184/8 ARIN 2008-12 whois.arin.net ALLOCATED
185/8 RIPE NCC 2011-02 whois.ripe.net ALLOCATED
186/8 LACNIC 2007-09 whois.lacnic.net ALLOCATED
187/8 LACNIC 2007-09 whois.lacnic.net ALLOCATED
188/8 Administered by RIPE NCC 1993-05 whois.ripe.net LEGACY
189/8 LACNIC 1995-06 whois.lacnic.net ALLOCATED
190/8 LACNIC 1995-06 whois.lacnic.net ALLOCATED
191/8 Administered by LACNIC 1993-05 whois.lacnic.net LEGACY
192/8 Administered by ARIN 1993-05 whois.arin.net LEGACY [9][10]
193/8 RIPE NCC 1993-05 whois.ripe.net ALLOCATED
194/8 RIPE NCC 1993-05 whois.ripe.net ALLOCATED
195/8 RIPE NCC 1993-05 whois.ripe.net ALLOCATED
196/8 Administered by AFRINIC 1993-05 whois.afrinic.net LEGACY
197/8 AFRINIC 2008-10 whois.afrinic.net ALLOCATED
198/8 Administered by ARIN 1993-05 whois.arin.net LEGACY [11]
199/8 ARIN 1993-05 whois.arin.net ALLOCATED
200/8 LACNIC 2002-11 whois.lacnic.net ALLOCATED
201/8 LACNIC 2003-04 whois.lacnic.net ALLOCATED
202/8 APNIC 1993-05 whois.apnic.net ALLOCATED
203/8 APNIC 1993-05 whois.apnic.net ALLOCATED [12]
204/8 ARIN 1994-03 whois.arin.net ALLOCATED
205/8 ARIN 1994-03 whois.arin.net ALLOCATED
206/8 ARIN 1995-04 whois.arin.net ALLOCATED
207/8 ARIN 1995-11 whois.arin.net ALLOCATED
208/8 ARIN 1996-04 whois.arin.net ALLOCATED
209/8 ARIN 1996-06 whois.arin.net ALLOCATED
210/8 APNIC 1996-06 whois.apnic.net ALLOCATED
211/8 APNIC 1996-06 whois.apnic.net ALLOCATED
212/8 RIPE NCC 1997-10 whois.ripe.net ALLOCATED
213/8 RIPE NCC 1993-10 whois.ripe.net ALLOCATED
214/8 US-DOD 1998-03 LEGACY
215/8 US-DOD 1998-03 LEGACY
216/8 ARIN 1998-04 whois.arin.net ALLOCATED
217/8 RIPE NCC 2000-06 whois.ripe.net ALLOCATED
218/8 APNIC 2000-12 whois.apnic.net ALLOCATED
219/8 APNIC 2001-09 whois.apnic.net ALLOCATED
220/8 APNIC 2001-12 whois.apnic.net ALLOCATED
221/8 APNIC 2002-07 whois.apnic.net ALLOCATED
222/8 APNIC 2003-02 whois.apnic.net ALLOCATED
223/8 APNIC 2010-04 whois.apnic.net ALLOCATED
224/8 Multicast 1981-09 RESERVED [13]
225/8 Multicast 1981-09 RESERVED [13]
226/8 Multicast 1981-09 RESERVED [13]
227/8 Multicast 1981-09 RESERVED [13]
228/8 Multicast 1981-09 RESERVED [13]
229/8 Multicast 1981-09 RESERVED [13]
230/8 Multicast 1981-09 RESERVED [13]
231/8 Multicast 1981-09 RESERVED [13]
232/8 Multicast 1981-09 RESERVED [13]
233/8 Multicast 1981-09 RESERVED [13]
234/8 Multicast 1981-09 RESERVED [13][14]
235/8 Multicast 1981-09 RESERVED [13]
236/8 Multicast 1981-09 RESERVED [13]
237/8 Multicast 1981-09 RESERVED [13]
238/8 Multicast 1981-09 RESERVED [13]
239/8 Multicast 1981-09 RESERVED [13][15]
240/8 Future use 1981-09 RESERVED [16]
241/8 Future use 1981-09 RESERVED [16]
242/8 Future use 1981-09 RESERVED [16]
243/8 Future use 1981-09 RESERVED [16]
244/8 Future use 1981-09 RESERVED [16]
245/8 Future use 1981-09 RESERVED [16]
246/8 Future use 1981-09 RESERVED [16]
247/8 Future use 1981-09 RESERVED [16]
248/8 Future use 1981-09 RESERVED [16]
249/8 Future use 1981-09 RESERVED [16]
250/8 Future use 1981-09 RESERVED [16]
251/8 Future use 1981-09 RESERVED [16]
252/8 Future use 1981-09 RESERVED [16]
253/8 Future use 1981-09 RESERVED [16]
254/8 Future use 1981-09 RESERVED [16]
255/8 Future use 1981-09 RESERVED [16][17]

Footnotes

[1]
Indicates the status of address blocks as follows:
RESERVED: designated by the IETF for specific non-global-unicast purposes as noted.
LEGACY: allocated by the central Internet Registry (IR) prior to the Regional Internet Registries
(RIRs). This address space is now administered by individual RIRs as noted, including maintenance
of WHOIS Directory and reverse DNS records. Assignments from these blocks are distributed globally
on a regional basis.
ALLOCATED: delegated entirely to specific RIR as indicated.
UNALLOCATED: not yet allocated or reserved.
[2]
0.0.0.0/8 reserved for self-identification [RFC1122], section 3.2.1.3. 
Reserved by protocol. For authoritative registration, see [IANA registry iana-ipv4-special-registry].
[3]
Reserved for Private-Use Networks [RFC1918].
Complete registration details for 10.0.0.0/8 are found in [IANA registry iana-ipv4-special-registry].
[4]
This was reserved for Public Data Networks [RFC1356]. See [IANA registry public-data-network-numbers].
It was recovered in February 2008 and was subsequently allocated to APNIC in April 2010.
[5]
100.64.0.0/10 reserved for Shared Address Space [RFC6598]. 
Complete registration details for 100.64.0.0/10 are found in [IANA registry iana-ipv4-special-registry].
[6]
127.0.0.0/8 reserved for Loopback [RFC1122], section 3.2.1.3. 
Reserved by protocol. For authoritative registration, see [IANA registry iana-ipv4-special-registry].
[7]
169.254.0.0/16 reserved for Link Local [RFC3927].
Reserved by protocol. For authoritative registration, see [IANA registry iana-ipv4-special-registry].
[8]
172.16.0.0/12 reserved for Private-Use Networks [RFC1918]. 
Complete registration details are found in [IANA registry iana-ipv4-special-registry].
[9]
192.0.2.0/24  reserved for TEST-NET-1 [RFC5737]. 
Complete registration details for 192.0.2.0/24 are found in [IANA registry iana-ipv4-special-registry].
192.88.99.0/24 reserved for 6to4 Relay Anycast [RFC3068]
Complete registration details for 192.88.99.0/24 are found in [IANA registry iana-ipv4-special-registry].
192.88.99.2/32 reserved for 6a44 Relay Anycast [RFC6751] (possibly collocated with 6to4 Relay 
at 192.88.99.1/32 - see [RFC3068] section 2.4)
192.168.0.0/16 reserved for Private-Use Networks [RFC1918]. 
Complete registration details for 192.168.0.0/16 are found in [IANA registry iana-ipv4-special-registry].
[10]
192.0.0.0/24 reserved for IANA IPv4 Special Purpose Address Registry [RFC5736]. 
Complete registration details for 192.0.0.0/24 are found in [IANA registry iana-ipv4-special-registry].
[11]
198.18.0.0/15 reserved for Network Interconnect Device Benchmark Testing [RFC2544]. 
Complete registration details for 198.18.0.0/15 are found in [IANA registry iana-ipv4-special-registry].
198.51.100.0/24 reserved for TEST-NET-2 [RFC5737]. 
Complete registration details for 198.51.100.0/24 are found in [IANA registry iana-ipv4-special-registry].
[12]
203.0.113.0/24 reserved for TEST-NET-3 [RFC5737]. 
Complete registration details for 203.0.113.0/24 are found in [IANA registry iana-ipv4-special-registry].
[13]
Multicast (formerly "Class D") [RFC5771] registered in [IANA registry multicast-addresses]
[14]
Unicast-Prefix-Based IPv4 Multicast Addresses [RFC6034]
[15]
Administratively Scoped IP Multicast [RFC2365]
[16]
Reserved for future use (formerly "Class E") [RFC1112].
Reserved by protocol. For authoritative registration, see [IANA registry iana-ipv4-special-registry].
[17]
255.255.255.255 is reserved for "limited broadcast" destination address [RFC919] and [RFC922].
Complete registration details for 255.255.255.255/32 are found in [IANA registry iana-ipv4-special-registry].

相关资源:

 

根域名服务器 Root Servers

root-servers

Internet Domain Name System Root Servers

全球13个根域名服务器以英文字母A到M依序命名,网域名称格式为“字母.root-servers.net”。其中7个并不只有单一个服务器,是以任播(anycast)技术在全球多个地点设立镜像站。

字母 IPv4地址 IPv6地址 自治系统编号(AS-number)[1] 旧名称 运作单位 设置地点 #数量(全球性/地区性)[2] 软件
A 198.41.0.4 2001:503:ba3e::2:30 AS19836 ns.internic.net VeriSign 以任播技术分散设置于多处 6/0 BIND
B 192.228.79.201 (2004年1月起生效,旧IP地址为128.9.0.107)[3] 2001:478:65::53 (not in root zone yet) none ns1.isi.edu 南加州大学信息科学研究所 (Information Sciences Institute, University of Southern California)  美国加州马里纳戴尔雷伊 (Marina del Rey) 0/1 BIND
C 192.33.4.12 AS2149 c.psi.net Cogent Communications 以任播技术分散设置于多处 6/0 BIND
D 128.8.10.90 AS27 terp.umd.edu 马里兰大学学院市分校 (University of Maryland, College Park)  美国马里兰州大学公园市 (College Park) 1/0 BIND
E 192.203.230.10 AS297 ns.nasa.gov NASA  美国加州山景城 (Mountain View) 1/0 BIND
F 192.5.5.241 2001:500:2f::f AS3557 ns.isc.org 互联网系统协会 (Internet Systems Consortium) 以任播技术分散设置于多处 2/47 BIND 9[4]
G 192.112.36.4 AS5927 ns.nic.ddn.mil 美国国防部国防信息系统局 (Defense Information Systems Agency) 以任播技术分散设置于多处 6/0 BIND
H 128.63.2.53 2001:500:1::803f:235 AS13 aos.arl.army.mil 美国国防部陆军研究所 (U.S. Army Research Lab)  美国马里兰州阿伯丁(Aberdeen) 1/0 NSD
I 192.36.148.17 2001:7fe::53 AS29216 nic.nordu.net 瑞典奥托诺米嘉公司(Autonomica) 以任播技术分散设置于多处 36 BIND
J 192.58.128.30 (2002年11月起生效,旧IP地址为198.41.0.10) 2001:503:c27::2:30 AS26415 VeriSign 以任播技术分散设置于多处 63/7 BIND
K 193.0.14.129 2001:7fd::1 AS25152 荷兰RIPE NCC 以任播技术分散设置于多处 5/13 NSD[5]
L 199.7.83.42 (2007年11月起生效,旧IP地址为198.32.64.12)[6] 2001:500:3::42 AS20144 ICANN 以任播技术分散设置于多处 37/1 NSD[7]
M 202.12.27.33 2001:dc3::35 AS7500 日本WIDE Project 以任播技术分散设置于多处 5/1 BIND

参见

Hostname IP Addresses Manager
a.root-servers.net 198.41.0.4, 2001:503:ba3e::2:30 VeriSign, Inc.
b.root-servers.net 192.228.79.201 University of Southern California (ISI)
c.root-servers.net 192.33.4.12 Cogent Communications
d.root-servers.net 199.7.91.13, 2001:500:2d::d University of Maryland
e.root-servers.net 192.203.230.10 NASA (Ames Research Center)
f.root-servers.net 192.5.5.241, 2001:500:2f::f Internet Systems Consortium, Inc.
g.root-servers.net 192.112.36.4 US Department of Defence (NIC)
h.root-servers.net 128.63.2.53, 2001:500:1::803f:235 US Army (Research Lab)
i.root-servers.net 192.36.148.17, 2001:7fe::53 Netnod
j.root-servers.net 192.58.128.30, 2001:503:c27::2:30 VeriSign, Inc.
k.root-servers.net 193.0.14.129, 2001:7fd::1 RIPE NCC
l.root-servers.net 199.7.83.42, 2001:500:3::42 ICANN
m.root-servers.net 202.12.27.33, 2001:dc3::35 WIDE Project

Win2000/XP系统缺省进程

Win2000/XP系统缺省进程

在Windows 2000 和XP中,系统包含以下缺省进程:
Csrss.exe
Explorer.exe
Internat.exe
Lsass.exe
Mstask.exe
Smss.exe
Spoolsv.exe
Svchost.exe
Services.exe
System
System Idle Process
Taskmgr.exe
Winlogon.exe
Winmgmt.exe 下面列出更多的进程和它们的简要说明 进程名描述 smss.exeSessionManager
csrss.exe 子系统服务器进程
winlogon.exe管理用户登录
services.exe包含很多系统服务
lsass.exe 管理 IP 安全策略以及启动 ISAKMP/Oakley (IKE) 和 IP 安全驱动程序。
svchost.exe Windows 2000/XP 的文件保护系统
SPOOLSV.EXE 将文件加载到内存中以便迟后打印。)
explorer.exe资源管理器
internat.exe托盘区的拼音图标)
mstask.exe允许程序在指定时间运行。
regsvc.exe允许远程注册表操作。(系统服务)->remoteregister
winmgmt.exe 提供系统管理信息(系统服务)。
inetinfo.exemsftpsvc,w3svc,iisadmn
tlntsvr.exe tlnrsvr
tftpd.exe 实现 TFTP Internet 标准。该标准不要求用户名和密码。
termsrv.exe termservice
dns.exe 应答对域名系统(DNS)名称的查询和更新请求。
tcpsvcs.exe 提供在 PXE 可远程启动客户计算机上远程安装 Windows 2000 Professional 的能力。
ismserv.exe 允许在 Windows Advanced Server 站点间发送和接收消息。
ups.exe 管理连接到计算机的不间断电源(UPS)。
wins.exe为注册和解析 NetBIOS 型名称的 TCP/IP 客户提供 NetBIOS 名称服务。
llssrv.exe证书记录服务
ntfrs.exe 在多个服务器间维护文件目录内容的文件同步。
RsSub.exe 控制用来远程储存数据的媒体。
locator.exe 管理 RPC 名称服务数据库。
lserver.exe 注册客户端许可证。
dfssvc.exe管理分布于局域网或广域网的逻辑卷。
clipsrv.exe 支持“剪贴簿查看器”,以便可以从远程剪贴簿查阅剪贴页面。
msdtc.exe 并列事务,是分布于两个以上的数据库,消息队列,文件系统或其它事务保护护资源管理器。
faxsvc.exe帮助您发送和接收传真。
cisvc.exe 索引服务
dmadmin.exe 磁盘管理请求的系统管理服务。
mnmsrvc.exe 允许有权限的用户使用 NetMeeting 远程访问 Windows 桌面。
netdde.exe提供动态数据交换 (DDE) 的网络传输和安全特性。
smlogsvc.exe配置性能日志和警报。
rsvp.exe为依赖质量服务(QoS)的程序和控制应用程序提供网络信号和本地通信控制安装功功能。
RsEng.exe 协调用来储存不常用数据的服务和管理工具。
RsFsa.exe 管理远程储存的文件的操作。
grovel.exe扫描零备份存储(SIS)卷上的重复文件,并且将重复文件指向一个数据存储点,以节省磁盘空间(只对 NTFS 文件系统有用)。
SCardSvr.ex 对插入在计算机智能卡阅读器中的智能卡进行管理和访问控制。
snmp.exe包含代理程序可以监视网络设备的活动并且向网络控制台工作站汇报。
snmptrap.exe接收由本地或远程 SNMP 代理程序产生的陷阱(trap)消息,然后将消息传递到运行在这台计算机上 SNMP 管理程序。
UtilMan.exe 从一个窗口中启动和配置辅助工具。
msiexec.exe依据 .MSI 文件中包含的命令来安装、修复以及删除软件。
]]>

关于清除QQ空间人气精灵V3.5生成的isignup.dll和isignup.sys病毒文件

“QQ空间人气精灵”是TT86开发的一款免费刷QQ空间人气的软件.
本来是件很好的事,3.4版我就一直用它,可不幸的是更新的v3.5版却捆绑了恶意的盗号木马!
运行QQ空间人气精灵后,卡巴斯基(Kaspersky)提示:

被感染: 木马程序 Trojan-Dropper.Win32.Agent.wf
C:\Documents and Settings\Administrator\桌面\v3.5\QQ空间人气精灵.exe 350 KB
被感染: 木马程序 Trojan-PSW.Win32.Hangame.dz
c:\program files\internet explorer\connection wizard\isignup.dll 40.3 KB
被感染: 木马程序 Trojan-PSW.Win32.Hangame.ea
C:\Program Files\Internet Explorer\Connection Wizard\isignup.sys 54.3 KB

我在此重点只是告诉大家是为什么感染的该病毒,
至于清除方法,安装卡巴斯基(Kaspersky)的用户不用手动清除,杀毒软件会在提示几次后自动重启,重启后的文件已经不被系统再调用,可以直接删除病毒文件isignup.dll和isignup.sys,或者再扫描一遍
C:\Program Files\Internet Explorer\Connection Wizard 文件夹.
如果你不是卡巴斯基(Kaspersky)用户,建议先恢复注册表的EXE文件关联

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
“{B8A170A8-7AD3-4678-B2FE-F2D7381CC1B5}”
[HKEY_CLASSES_ROOT\CLSID\{B8A170A8-7AD3-4678-B2FE-F2D7381CC1B5}]
[HKEY_CURRENT_USER\Software\Microsoft\qqjdd]

重启系统,然后手动删除病毒文件isignup.dll和isignup.sys.
更详细的说明可以搜索 Google 或 Baidu !!

Windows Internet 服务器安全配置

Windows Internet服务器安全配置

原理篇

我们将从入侵者入侵的各个环节来作出对应措施
一步步的加固windows系统.
加固windows系统.一共归于几个方面
1.端口限制
2.设置ACL权限
3.关闭服务或组件
4.包过滤
5.审计

我们现在开始从入侵者的第一步开始.对应的开始加固已有的windows系统.

 

1.扫描
这是入侵者在刚开始要做的第一步.比如搜索有漏洞的服务.
对应措施:端口限制
以下所有规则.都需要选择镜像,否则会导致无法连接
我们需要作的就是打开服务所需要的端口.而将其他的端口一律屏蔽

2.下载信息
这里主要是通过URL SCAN.来过滤一些非法请求
对应措施:过滤相应包
我们通过安全URL SCAN并且设置urlscan.ini中的DenyExtensions字段
来阻止特定结尾的文件的执行

3.上传文件
入侵者通过这步上传WEBSHELL,提权软件,运行cmd指令等等.
对应措施:取消相应服务和功能,设置ACL权限
如果有条件可以不使用FSO的.
通过 regsvr32 /u c:\windows\system32\scrrun.dll来注销掉相关的DLL.
如果需要使用.
那就为每个站点建立一个user用户
对每个站点相应的目录.只给这个用户读,写,执行权限,给administrators全部权限
安装杀毒软件.实时杀除上传上来的恶意代码.
个人推荐MCAFEE或者卡巴斯基
如果使用MCAFEE.对WINDOWS目录所有添加与修改文件的行为进行阻止.

4.WebShell
入侵者上传文件后.需要利用WebShell来执行可执行程序.或者利用WebShell进行更加方便的文件操作.
对应措施:取消相应服务和功能
一般WebShell用到以下组件
WScript.Network
WScript.Network.1
WScript.Shell
WScript.Shell.1
Shell.Application
Shell.Application.1
我们在注册表中将以上键值改名或删除
同时需要注意按照这些键值下的CLSID键的内容
从/HKEY_CLASSES_ROOT/CLSID下面对应的键值删除

5.执行SHELL
入侵者获得shell来执行更多指令
对应措施:设置ACL权限
windows的命令行控制台位于\WINDOWS\SYSTEM32\CMD.EXE
我们将此文件的ACL修改为
某个特定管理员帐户(比如administrator)拥有全部权限.
其他用户.包括system用户,administrators组等等.一律无权限访问此文件.

6.利用已有用户或添加用户
入侵者通过利用修改已有用户或者添加windows正式用户.向获取管理员权限迈进
对应措施:设置ACL权限.修改用户
将除管理员外所有用户的终端访问权限去掉.
限制CMD.EXE的访问权限.
限制SQL SERVER内的XP_CMDSHELL

7.登陆图形终端
入侵者登陆TERMINAL SERVER或者RADMIN等等图形终端,
获取许多图形程序的运行权限.由于WINDOWS系统下绝大部分应用程序都是GUI的.
所以这步是每个入侵WINDOWS的入侵者都希望获得的
对应措施:端口限制
入侵者可能利用3389或者其他的木马之类的获取对于图形界面的访问.
我们在第一步的端口限制中.对所有从内到外的访问一律屏蔽也就是为了防止反弹木马.
所以在端口限制中.由本地访问外部网络的端口越少越好.
如果不是作为MAIL SERVER.可以不用加任何由内向外的端口.
阻断所有的反弹木马.

8.擦除脚印
入侵者在获得了一台机器的完全管理员权限后
就是擦除脚印来隐藏自身.
对应措施:审计
首先我们要确定在windows日志中打开足够的审计项目.
如果审计项目不足.入侵者甚至都无需去删除windows事件.
其次我们可以用自己的cmd.exe以及net.exe来替换系统自带的.
将运行的指令保存下来.了解入侵者的行动.
对于windows日志
我们可以通过将日志发送到远程日志服务器的方式来保证记录的完整性.
evtsys工具(https://engineering.purdue.edu/ECN/Resources/Documents)
提供将windows日志转换成syslog格式并且发送到远程服务器上的功能.
使用此用具.并且在远程服务器上开放syslogd,如果远程服务器是windows系统.
推荐使用kiwi syslog deamon.

我们要达到的目的就是
不让入侵者扫描到主机弱点
即使扫描到了也不能上传文件
即使上传文件了不能操作其他目录的文件
即使操作了其他目录的文件也不能执行shell
即使执行了shell也不能添加用户
即使添加用户了也不能登陆图形终端
即使登陆了图形终端.拥有系统控制权.他的所作所为还是会被记录下来.

额外措施:
我们可以通过增加一些设备和措施来进一步加强系统安全性.
1.代理型防火墙.如ISA2004
代理型防火墙可以对进出的包进行内容过滤.
设置对HTTP REQUEST内的request string或者form内容进行过滤
将SELECT.DROP.DELETE.INSERT等都过滤掉.
因为这些关键词在客户提交的表单或者内容中是不可能出现的.
过滤了以后可以说从根本杜绝了SQL 注入
2.用SNORT建立IDS
用另一台服务器建立个SNORT.
对于所有进出服务器的包都进行分析和记录
特别是FTP上传的指令以及HTTP对ASP文件的请求
可以特别关注一下.

本文提到的部分软件在提供下载的RAR中包含
包括COM命令行执行记录
URLSCAN 2.5以及配置好的配置文件
IPSEC导出的端口规则
evtsys
一些注册表加固的注册表项.

实践篇

下面我用的例子.将是一台标准的虚拟主机.
系统:windows2003
服务:[IIS] [SERV-U] [IMAIL] [SQL SERVER 2000] [PHP] [MYSQL]
描述:为了演示,绑定了最多的服务.大家可以根据实际情况做筛减

1.WINDOWS本地安全策略 端口限制
A.对于我们的例子来说.需要开通以下端口
外->本地 80
外->本地 20
外->本地 21
外->本地 PASV所用到的一些端口
外->本地 25
外->本地 110
外->本地 3389
然后按照具体情况.打开SQL SERVER和MYSQL的端口
外->本地 1433
外->本地 3306
B.接着是开放从内部往外需要开放的端口
按照实际情况,如果无需邮件服务,则不要打开以下两条规则
本地->外 53 TCP,UDP
本地->外 25
按照具体情况.如果无需在服务器上访问网页.尽量不要开以下端口
本地->外 80
C.除了明确允许的一律阻止.这个是安全规则的关键.
外->本地 所有协议 阻止

2.用户帐号
a.将administrator改名,例子中改为root
b.取消所有除管理员root外所有用户属性中的
远程控制->启用远程控制 以及
终端服务配置文件->允许登陆到终端服务器
c.将guest改名为administrator并且修改密码
d.除了管理员root,IUSER以及IWAM以及ASPNET用户外.禁用其他一切用户.包括SQL DEBUG以及TERMINAL USER等等

3.目录权限
将所有盘符的权限,全部改为只有
administrators组 全部权限
system 全部权限
将C盘的所有子目录和子文件继承C盘的administrator(组或用户)和SYSTEM所有权限的两个权限
然后做如下修改
C:\Program Files\Common Files 开放Everyone 默认的读取及运行 列出文件目录 读取三个权限
C:\WINDOWS\ …