Shulou(Shulou.com)06/01 Report--

I. New problems faced by enterprise network security management

Nowadays, computers and mobile smart devices are becoming more and more popular. some enterprise network users are no longer satisfied with letting only real-name registered computers with practical office use go online. They bring their laptops, smartphones and tablet computers at home to the company. They illegally set up SOHO routers, carry WIFI, install free WIFI software, etc., to bypass the detection of network administrators and achieve illegal access to the corporate network. Then they can implement some network applications on the mobile platform through their own devices. One of the big selling points of these SOHO routers and portable WIFI is that they can bypass detection and conceal access, because these devices can turn off the wide broadcast and transmission of signals, and can not be found through signal detection.

The problem of illegal access has perplexed the administrators of various corporate networks, and all kinds of discussion posts can be seen everywhere in Internet forums, but there is no good solution. The illegal access behavior of users has a serious impact on the entire enterprise network in three aspects:

1. The strongest fortresses are often breached from the inside. The user who erected these access points may not mean to destroy the network, but he has left a gap for the security of the network. Ubiquitous access points allow a stranger entering the corporate area to access the corporate network, and expensive network boundary devices at all levels are bypassed. The existence of many illegal access points, in a sense, makes some areas of the enterprise network into an open network, if someone really wants to engage in some behavior within the network is very easy.

2. A large number of legitimate network users complain about "where is the bandwidth?" and illegally connected computers and mobile devices occupy a lot of bandwidth, which reduces the operation efficiency of the whole enterprise network.

3. It destroys the seriousness of network management and makes users think that "what is not discovered is what can be done", which sets a bad precedent for the subsequent destruction of the network.

Second, several common methods of illegal access to the enterprise network

The author has been engaged in network management for many years and knows a lot about the methods of users' illegal access to the network. Now I would like to introduce in detail that these methods all take advantage of the loophole of IP-MAC address binding. IEEE stipulates that the MAC address of each computer's network card is unique in the world, so it is basically through the MAC address plus IP address to identify a networked device in the networking device management of the enterprise network. But this kind of management method has now faced challenges.

1. SOHO router access (wireless and wired) method

SOHO router access is a "traditional" illegal access method, the earliest home broadband users, through this method to connect multiple Internet equipment at home, multiple families share a broadband, and so on. In the early years, China Telecom was also deeply troubled by this device. In home broadband, all users are isolated by PLAN. If home users use it in this way, there is no impact on the telecommunications sector in terms of security. At most, some traffic is used, but this kind of access has a great impact on security in the enterprise network, because security isolation is rarely done between users of the enterprise network.

This illegal access method is divided into four steps:

(1) Zhang San applied for an IP address from the network management department through a legal process and asked for networking.

(2) when the network administrator inspects the user's computer on the spot, he connects to the Internet and completes the real-name registration of IP address and IP-MAC binding. Because IEEE stipulates that MAC address is "unique" in the world, it is no problem to identify Zhang San's computer through the binding of MAC address and IP address. At this point, the normal networking process is over, and Zhang San can go online, as shown in figure 1:

(3) Zhang San privately purchased and installed the SOHO router. One of the major features of this kind of router is that the MAC address can be cloned, that is, the interface MAC address of the router can be changed to exactly the same as the MAC address of Zhang San's computer network card, so that what the network administrator sees is still Zhang San's computer. In fact, that MAC address has become a router, and more than N computers can be connected under the router. The SOHO router clone MAC interface is shown in figure 2.

Figure 2:SOHO router can change its MAC address at will.

(4) after the private connection of the SOHO router is successful, Zhang San has mastered an enterprise network access point, and he can connect his own and colleagues' Internet access equipment to the enterprise network. If he saves the router access password well, the range of users who may access it is very small. If he unselfishly disclose the password, anyone in his range can connect to the enterprise network. After Zhang San Private connects to the SOHO router, the network topology is shown in figure 3.

Figure 3: Zhang San networking topology after privately connecting to the SOHO router

2. Portable WIFI access method

Since the company first launched the 19.9 yuan 360WIFI in June 2013, Xiaomi and Baidu have also launched Xiaomi WIFI and Xiaodu WIFI, and portable WIFI has been rampant in the corporate network. on the one hand, these products are indeed, as advertised by their company, "no training, plug and play, small and exquisite, cheap, easy to install, and necessary for home travel." it greatly simplifies the access of wired intelligent devices to the network. But on the other hand, the proliferation of WIFI hotspots in the enterprise network is a nightmare for network administrators. Access points with extremely low security can be seen everywhere in the enterprise network, which seriously threatens the security of the enterprise network, and all kinds of information of the enterprise is also in an insecure state, so it is important to put an end to the flooding of this kind of portable WIFI.

In order to better study this product, the author bought 360WIFI, Xiaomi WIFI, Xiaodu WIFI, and tested it. Now take 360WIFI as an example to explain the illegal access process of users, which is divided into three steps.

(1) Li Si, an enterprise network user, owns a computer that can access the Internet legally, and the network administrator has also made an IP-MAC binding.

(2) if Li Si plugs 360WIFI into the USB port of the computer, then all the installation work is basically automatic. Soon after the installation is completed, the screen shown in figure 4 will pop up.

Figure 4: interface after 360WIFI installation is complete

(3) Li Si's computer has the function of WIFI hotspot. Now all kinds of wireless devices within a range of about 30 meters can search for wireless signals and enter the WIFI password to surf the Internet. The topology of Li Si's computer's access to the network has become shown in figure 5.

Figure 5: the computer on which 360WIFI is installed becomes an AP device

3. "Free WIFI" access method

This is also a more popular method, in fact, it is a kind of software, its implementation method is very simple, it is required to install a USB wireless network card on the networked computer. The restriction on the use of wireless in the enterprise network is very strict, and the notebook computer of the unit is generally connected to the network through wired, so the wireless network card of the notebook computer is idle, and the wireless network card can be turned into a wireless AP by installing "free WIFI" software. Desktop computers can also achieve the same function by installing a USB wireless network card and then installing "free WIFI" software. there are many "free WIFI" software, such as "360free WIFI", "WIFI sharing wizard" and so on. The effect after installation is basically the same as that of portable WIFI, which will not be described in detail here. The location of the free WIFI software is shown in figure 6.

Figure 6: location of the "Free WIFI" software

4. Several methods that are not strong in concealment and are rarely used by people.

There are also ICS (Internet connection sharing), Proxy proxy server, window open routing service and so on. These methods have low concealment and tedious setup, so there are few people using them in the enterprise network, so I won't introduce them too much here. There is a network review that portable WIFI also uses ICS mode. After in-depth testing, the author is sure that 360 portable WIFI and 360 free WIFI do not use ICS method.

Third, the technical principle analysis of the method of illegal access to enterprise network.

If you want to identify illegal access points, you have to understand the technology used by the other party, understand it in order to find targeted solutions, and now introduce the technical principles of several access methods.

1. Access principle of SOHO router.

Routers have core routers located in the center of the network, corporate routers that connect to enterprise networks, and SOHO routers that connect home or small unit users to the network. SOHO router can realize automatic configuration and basic packet routing and filtering functions. Strictly speaking, the SOHO router can not be completely called a router, it only implements some of the functions of the traditional router. SOHO router uses NAPT (Network Address Port Translation) translation technology to convert multiple private IP addresses into a legal public network IP address, so that multiple hosts in the private network share a legitimate IP address to access the Internet. In summary, what can be determined is that the SOHO router uses NAPT technology.

2. The principle of portable WIFI access

There are three popular brands of portable WIFI: 360WIFI, Xiaomi WIFI and Xiaodu WIFI. In fact, their methods of sharing the Internet are not the same. Tests show that 360WIFI technology is advanced, and it is designed for concealment. Let me introduce:

(1) 360WIFI

When 360WIFI was launched in 2013, it quickly caused a sensation because of its low price, good performance and easy operation. Many hardware evaluation websites, such as Zhongguancun online and Tianji Network, evaluated it. Now these evaluation articles can be found everywhere on the Internet. It is said that 360wifi uses the ICS function of windows system, and then the evaluation will come to a conclusion: "products like 360wifi." The technology content is low, the availability is not high, is ICS+ virtual AP technology. " Through the author's test, it is proved that the company used ICS technology at the beginning, but soon used the NAPT technology developed by their own company, and they called this kind of NAT QHNAT, 360WIFINAT inside the product, which is powerful and highly hidden. So 360WIFI also uses NAPT technology.

(2) Xiaomi WIFI, Xiaodu WIFI

These two products are launched after 360WIFI, may be affected by 360WIFI evaluation, both products use ICS technology, so compared with 360WIFI, these two products have poor concealment and low performance. In fact, to put it bluntly, ICS is a simplified version of NAT. When ICS shares a connection, both hosts and submachines should have the same service support. Using a 7-layer model, ICS occurs at the high level, while NAT occurs at layer 3, which is a transition at the middle level. ICS is less efficient and less hidden than NAT. Xiaomi WIFI and Xiaodu WIFI use the simplified NAPT technique (ICS).

3. Principle of "free WIFI" access

Like the portable WIFI, the so-called "free WIFI" is to install the USB wireless network card with the portable WIFI software, realizing the main functions of the portable WIFI, but not as good as the portable WIFI in some proprietary details. The technology they use is nothing more than NAPT technology.

4. What is NAPT technology?

It can be seen that there are many ways to access the enterprise network illegally, but in the final analysis, they all use NAPT technology. What is NAPT technology? NAPT is widely used in access devices, it can hide small and medium-sized networks behind a legitimate IP address, it maps the internal connection to a separate IP address in the external network, and at the same time adds a NAT port number selected by the TCP device, that is, using the "port multiplexing" technology, several private IP are mapped to a legitimate corporate network IP to realize the network communication of private devices.

Fourth, discuss the recognition method from the principle.

It is said in the RFC3022 document that NAPT works in the IP layer and translates the internal address into a legal IP address through NAPT, which is used in the enterprise network. The specific method is to replace the private IP address + port in the IP packet with the legal IP address + port. The NAPT device maintains a state table for mapping illegal IP addresses to legitimate IP addresses. When each IP packet passes through the NAPT device, it is disassembled and reassembled, and the new IP packet is sent to the enterprise network, so an IP address connected to the enterprise network may be used by countless users behind the NAPT device.

It can be understood simply that the difference in communication between the legitimate access computer and the illegal access computer is that the legal access computer sends the IP packet directly to the network, and the IP data packet illegally connected to the Internet equipment has passed through the privately connected NAPT device or software. We need to find out what modifications these privately connected NAPT devices or software made to IP packets when they passed them. If we can find out the modification points, we will be able to identify illegal access devices.

The standard protocol to realize Internet communication is TCP/IP protocol. No matter which device wants to achieve Internet communication, it must run TCP/IP protocol and have an IP address. Similarly, NAPT devices need to communicate through the TCP/IP protocol if they want to communicate over the network. IP protocol is the core protocol in the TCP/IP protocol family. All upper layer protocols, such as TCP,UDP,ICMP,IGMP, including HTTP, FTP, DNS and other applications at the application layer, are transmitted in IP packet format, which is shown in figure 7:

Figure 7: IP package format

The normal IP header is 20 bytes long, and several important data segments are as follows:

(1) Source IP Address (source IP address), indicating the sender.

(2) Destination IP Address (destination IP address), indicating the recipient.

(3) Time to live (time to live), indicating how long IP packets are allowed to survive in the network.

(4) Identification (identification), used to identify messages originating from the same IP address using the same protocol, this value is unique to the same during its lifetime.

Now that you know the key data segments of the IP packet, the identification method is introduced as follows:

1. Identify illegally connected Internet devices through the TTL data segment in the IP package.

The TTL (Time To Live) lifetime field sets the maximum number of routers that an IP Datagram can pass through. The TTL field is initially set by the sender. Each router that processes the Datagram needs to subtract its TTL value by 1. When the router receives a Datagram with a TTL value of 0, the router discards it. The purpose of the TTL field is to prevent the Datagram from flowing endlessly through the network during routing. The change in the TTL value is shown in figure 8.

Figure 8: TTL changes after standard NAPT devices

A standard NAPT routing software or device will subtract 1 from the TTL value in the IP packet sent by it. What we are talking about here is standard, and there are also non-standard ones. If they are all standard, the identification problem of very close access is very simple.

2. Identify illegally connected Internet devices through the Identification field in the IP package.

In the IP protocol, the Identification field is used to identify different IP packets. In order to ensure the normal service, it is necessary to ensure that IP packets from the same IP address using the same protocol should have their unique Identification identity. Under normal circumstances, the ID numbers in the IP packets sent by the same computer within a period of time are consecutive. As shown in figure 9:

Figure 9: ID changes in a computer's IP package over a period of time

Because a number of Internet access devices are connected behind the NAPT equipment, the values in the IP packets issued by these Internet devices are different, and the NAPT devices do not change the ID value of these IP packets. In this case, when multiple devices surf the Internet through NAPT, the IP packet ID sent out by the IP end of the NAPT enterprise network is discontinuous, and when multiple different continuous ID tracks are detected, it can be determined whether the NAPT device is used. As shown in figure 10:

Figure the ID value change in the IP packet of the 10:NAPT device over a period of time

As can be seen in figures 9 and 10, 137.12.36.2 is a computer that accesses the Internet normally, while 137.12.36.1 is a NAPT device, followed by two Internet access devices, because its ID field is actually divided into two sequences, each representing a device. And his TTL value is also 63, indicating that the IP packet passed through a router before it was sent out by 137.12.36.1.

3. Application feature recognition

With the identification of TTL and ID values, it seems that all illegal access devices can be detected, but in fact, it is not possible. Why? It has been mentioned earlier that many companies, such as some SOHO router manufacturers, have developed their own NAPT software, but they have deliberately done some hidden technology, and the TTL of the IP package converted by their NAPT devices is not reduced by 1. 5%.

Figure 11: a non-standard NAPT device whose TTL value does not decrease by 1.

137.12.36.19 is a SOHO router, the IP packet TTL it sends is an IP packet sent by a standard windowsXP system, and the TTL value is not reduced by 1 as we expected, so the detection method of TTL is invalid to it. Take another example of a 360 portable WIFI, as shown in figure 12.

Figure 12: a computer with 360WIFI, after its package, the TTL value does not decrease by 1.

Figure 12 shows a computer with 360wifi installed, but the TTL value of the NAPT,IP package is not reduced by 1. From the discontinuity of his ID value, we can see that there are two devices on the Internet. So as mentioned earlier, 360WIFI's technology is the leader in the portable WIFI, and the TTL values of Xiaomi and Xiaodu WIFI can be easily detected. Therefore, the use of TTL method to detect illegal access is not comprehensive, there are many can not be detected.

So is it accurate to use the ID logo? In fact, this is not the case, because if you know that this IP address corresponds to a NAPT device, targeted detection of this IP address can verify whether this computer is illegally connected to the device. However, there are thousands of computers in the enterprise network, so it is impossible to detect each address separately at first. In most cases, the ID logo in the second IP packet is distributed linearly, but there are also special cases, such as a device using the RSTP protocol, the initialization of the sender's TCP/IP protocol stack, and so on, so that the ID performance is not continuous, as shown in figure 13.

Figure 13: a computer using the RTSP protocol, the ID value varies greatly

Under the existing hardware conditions, it is difficult to analyze the continuity of IP tags in a large number of ID packets sent out by thousands of computers in the enterprise network, which is too difficult and unrealistic. Therefore, we need to use the third identification method, the application of feature identification: from a behavioral point of view, there is a purpose for corporate network users to access NAPT devices privately, that is, to enable mobile devices to access the Internet. If they cannot access the Internet, no one will spend money on private devices, and if they do, they will use one of the most commonly used HTTP protocols. HTTP protocol is used to transfer hypertext from a WWW server to a local browser. Generally speaking, you will use the HTTP protocol no matter what settings you use to open a web page.

A feature of HTTP protocol is that when a request is made using HTTP protocol, User-Agent is added to the header of HTTP protocol. This information can identify some information of the requester, such as the type and version of browser, operating system, language, and so on. The system used by the mobile device platform is different from the desktop computer. If the User-Agent finds the logo of the mobile platform in the head of the HTTP protocol, then it can be determined that the user is privately connected to the NAPT device.

Figure 14: protocol signature recognition

As shown in figure 14, 137.12.37.168 this computer is privately connected to a 360WIFI and is putting his iPhone phone on the Internet. Some people may think, if I connect a set, I do not open the web page, but on QQ, Wechat, games, it will not be detected? In fact, these software do not seem to open the web page, did not use the HTTP protocol, in fact, they are more or less using the HTTP protocol, such as QQ, Wechat pages, pop-up ads, require you to enter some information, are in the form of HTTP protocol communication. Therefore, as long as the device information in the User-Agent field of the request packet in the HTTP protocol can be identified, the privately connected device can be found.

4. The back door left by the portable WIFI and "free WIFI"

After many tests by the author, whenever users plug the portable WIFI into the computer to get online, in fact, the first thing these devices do is not to let your device access the Internet, but to send your device information to their company's server, let them do user statistics (personal information security is very important! ).

(1) take 360WIFI as an example

When the user plugs in 360WIFI, 360WIFI sends a HTTP request packet to the s.360.cn website: / 360wifi/freewifi_fail.htm.

(2) take Xiaomi WIFI as an example

When a user plugs in Xiaomi WIFI, Xiaomi WIFI sends a request packet to xiaomi.net website: grayupgarde?..

(3) take small WIFI as an example.

When a user plugs in a small WIFI, a request package will be sent to the xdu.baidu.com website: getupdateinfo.

This is true for all kinds of other portable WIFI and free WIFI products, and I won't repeat them.

5. Summarize the identification methods:

(1) you can use the TTL field of the IP package to detect standard NAPT devices.

(2) use the ID logo of the IP package to further confirm the private connection behavior of the user and the number of devices privately connected by the user.

(3) use the User-Agent field in the HTTP protocol to detect the mobile devices connected to the Internet privately, so as to confirm that the users are privately connected to the NAPT devices.

(4) the back doors of several portable WIFI and free WIFI are used to identify the illegal access behavior of users.

5. according to the recognition theory, develop the recognition system.

Now we have theoretically known how to identify illegal access SOHO routers and WIFI hotspots, and now what we need to do is to express these theories in a software system.

1. Selection of development tools

The author chooses Microsoft Visual Studio 2012 as the development tool, WinPcap+SharpPcap as the development language and WinPcap+SharpPcap as the message component. Vs2012 is the strongest IDE development tool on windows platform, without one. C # is the most suitable development language for. Net FrameWorks architecture. WinPcap is an open source library for capturing and processing network packets in Win32/64 environment. SharpPcap is an open source library that encapsulates WinPcap with C # language to make it suitable for the object-oriented features of C # language.

Install WinPcap4.1.3, install VS2012 flagship version, set up solutions and projects, reference SharpPcap4.2 in the project, and debug the development environment.

2. Design ideas and system functions.

This software uses a lot of C # advanced programming, such as protocol analysis, delegation, threading, etc., involving a lot of knowledge of TCP/IP underlying packets, a packet disassembly class may have to write a few pages of content, a filter string that conforms to the syntax of the WinPcap filtering engine may have to be written on a page. Because the source code is too long to post, in addition, I do not want to write this into VS2012, C#, WinPcap instructions, if you need the source code, please contact the author.

First of all, let me talk about the design idea: the design idea of the system is to set up a WinPcap filter to send the network segment packets that need to be analyzed to a mirror interface through SPAN technology. The network card connected to the image interface will capture these data packets. In the software, the packet arrival thread keeps putting the packet in a queue, and the background processing thread keeps taking out and disassembling the packet to analyze whether there are any illegal access characteristics. If there is, the display thread is displayed, and if not, it is discarded.

Introduce the function of the system according to the interface of the software.

Figure 15: identifying functional areas of the system

(1) Select the network card to analyze the packet

A computer may have multiple network cards, physical network cards and virtual network cards. This combo box allows the user to select the network card that needs to capture the packet.

(2) start button

When the start button is clicked, and the user chooses to capture the network card, the first step is to set up the selected network card: register the processing method in the packet arrival event, register the handling method in the packet stop event, set the filter, start the interface refresh thread, set the network card work in hybrid mode, start the packet capture thread, and the software begins to work.

(3) end button

When the end button is clicked: terminate the packet capture thread, close the Nic capture, cancel the packet arrival processing method, stop the packet stop method, and synchronize the end interface to refresh the thread.

(4) Storage capture package function

The user can choose whether to store the captured data packet, because after the software is turned off, the data packet displayed in the software interface will be emptied. If the illegally accessed user removes the privately connected device and does not admit his illegal access behavior, the stored data packet can be called up to reproduce the illegal access behavior data of the user at the time of capture. The stored data packets conform to the WinPcap standard, and the most commonly used protocol analysis software in the world, such as Sniffer, WireShark, Omnipeek, etc., can be opened.

(5) Export illegal IP

The IP address of the user identified as illegal access can be exported to a separate export.txt file to facilitate the user to view.

(6) define the analysis network segment

There are many IP address segments within an enterprise network, which can be defined by yourself. this function is mainly to increase the versatility of the software, that is to say, copy it out and get it anywhere. In order to prevent piracy, the definition and analysis network segment function of this software is locked by the author and cannot be changed, so it can only be used within Huainan Mining Group.

(7) packet identification window

This window is refreshed by a background thread, which works with the packet capture thread to capture the packet arriving by the packet thread and put it in a queue. Its function is to take the packet out of the queue and disassemble the packet to see if there are any illegal access characteristics in the previous chapter. If the key attribute of this packet is given to the display thread, it will be displayed in the identification window.

(8) recognition result window

This window is also refreshed by the background thread. When a new IP address that meets the characteristics of illegal access appears, the IP address and the reason are displayed in the identification window.

(9) Protocol Analysis window

The data in this window is triggered by the user's selection in the packet identification window. When the user needs to find out the detailed header information of a packet, he can click on a specific entry. This window will list the Ethernet header, IP header, TCP header / UDP header information of the packet for user analysis.

(10) packet content display window

The data in this window is synchronized with the data in the Protocol Analysis window, which displays the header information of the packet and the payload information of the packet.

(11) packet capture status statistics

The synchronous refresh shows how many packets have been identified, how many IP packets are among them, how many TCP packets are, and so on.

6. How to deploy the illegal access identification system

First, let's take a look at the logical structure of the simplified enterprise network:

Figure 16: simplified logical structure diagram of enterprise network

As can be seen from figure 16, all XXXX computers surf the Internet through an enterprise network convergence switch (that is, the core switch of XXXX). Take an enterprise network user computer as an example, there are many standard TTL values, different operating systems, issued IP packets have different TTL standard values, the standard values are: TTL=255, TTL=128, TTL=64, TTL=32 and so on. Assuming the TTL=64 of the IP packet of this computer, if the subordinate does not have routing equipment, the TTL is still 64 when it arrives at the aggregation layer switch.

Take the XXXX network as an example, other mines and administrators at a higher level can use the same method.

Figure 17: identify the location of the system deployment

The SPAN technology is used on the mine core switch, which is mainly used to monitor the data flow on the switch. by using the SPAN technology, we can send a copy of the data flow COPY or MIRROR of some of the monitoring ports (hereinafter referred to as the controlled ports) on the switch to the computer with the identification system connected to the monitoring port.

The steps are as follows:

(1) set SPAN

Set up on the mine core switch

XZK-C4506#show run | in monitor

Monitor session 1 source vlan 2-4094 / / packets for all vlan

Monitor session 1 destination interface Gi6/29 / / mirror to gi6/ 29

(2) connect the computer with illegal access identification system to the gi6/29 interface.

(3) double-click to open "illegal access Identification system", select the network card, and click the start button.

VII. Practical application effect

Through all kinds of careful preparation, the identification of illegal access system has been put into operation, now let's see the effect.

Figure 18: practical application effect diagram

After the identification system started running, the identification results surprised network managers. Except for those registered legally, more than a dozen users privately connected devices to the Internet, and without the identification system, it was impossible to find them, because they all used MAC cloning technology, turned off wireless signal transmission, and could not be found under the noses of network administrators using traditional methods. With the identification system, the problem of illegal access to the enterprise network has been solved.

VIII. Summary

The problem of illegal access of users in the enterprise network has been bothering the managers of the enterprise network, including the author himself. There are help posts seeking solutions everywhere on the major technical forums of the Internet. Some systems that claim to be identifiable have been tested by the author, and the results are very poor. For example, a domestic software that sells well claims to be able to identify illegal access. After testing, it is found that it is identified by the first 24 digits of the MAC address. The MAC address consists of a 48-bit binary number, and the first 24 digits are the manufacturer's segment, which identifies the manufacturer, that is, as long as it is produced by this manufacturer, the software is considered to be a router. This identification method is unreasonable. Illegal access is the Cologne MAC address to bypass detection, and then use MAC as the basis for identifying illegal access, which will not succeed, and what is certain is that It is impossible for the identification system without protocol analysis ability to identify illegal access.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.