Also called interface, such as USB port and serial port. Ports in the software field generally refer to connection-oriented and connectionless services in the network.
Protocol port is a software structure, including some data structures and I/O (basic input and output) buffers.
You can learn about connection-oriented and connectionless protocols first.
The main characteristics of connection-oriented service are: the connection-oriented service goes through three stages: before data transmission, the connection is established first, and the connection is established.
Then transmit the data, and release the connection after the data transmission. Connection-oriented service can ensure the order and reliability of data transmission.
The characteristic of connectionless service is that connectionless service only has the stage of data transmission. Eliminate other expenses except data communication. Just send
The entity is active, and the entity that does not receive it is also active. Its advantages are flexibility, convenience and quickness, and it is especially suitable for the transmission of a small number of sporadic newspapers.
Text, but connectionless services cannot prevent messages from being lost, duplicated or out of order.
Distinguish between the concepts of "connection-oriented service" and "connectionless service", especially simple and vivid examples are: calling and writing letters. The two are like this.
If you want to make a phone call, you must first establish a connection-dial, wait for an answer before passing information to each other, and finally release the connection-hang up. write
This letter is not that complicated. After filling in the address and name, throw it directly into the mailbox and the recipient will receive it. The network layer lacks TCP/IP protocol.
Connected (packets are only sent to the network, such as how to transmit arrival, and whether they arrive or not is managed by network devices). And the "port" is the transmission.
The content of the layer is connection-oriented. The ports below 1024 in the protocol have exact definitions, which correspond to some common ones on the Internet.
Service.
These common services can be divided into two types: using TCP port (face-to-face connection such as calling) and using UDP port (no connection such as writing letters).
Kindness
Communication ports that can be named and addressed in the network are allocatable resources of the operating system. Reference by network OSI (Open Systems Interconnection)
Model, open system interconnection reference model) The seven-layer protocol shows that the biggest difference between the transport layer and the network layer is
The transport layer provides process communication capability, and the final address of network communication includes not only the host address, but also some identifiers that can describe the process. place
The protocol port proposed by TCP/IP protocol can be regarded as the identification of network communication process.
After an application (called a process after being called into memory) establishes a connection (binding) with a port through a system call.
The data sent by the transport layer to this port is received by the corresponding process, and the data sent by the corresponding process to the transport layer is output from this port. exist
In the implementation of TCP/IP protocol, the port operation is similar to the general I/O operation, and the process obtains a port, which is equivalent to obtaining a local unique one.
I/O files can be accessed in a general way similar to file descriptors, and each port has an integer descriptor called port number.
, used to distinguish between different ports. Because the TCP and UDP protocols of the TCP/IP transport layer are two completely independent software modules, each of which
The port numbers of are also independent of each other. For example, the port number of TCP is 255, and UDP can also be 255. There is no conflict between them.
There are two basic ways to allocate port numbers: the first is called global allocation, which is a centralized allocation method and is determined by a recognized authoritative center computer.
According to the needs of users, the structure is uniformly distributed and the results are made public. The second is local allocation, also known as dynamic connection, that is, the process needs access.
When requesting the transport layer service, apply to the local operating system, and the operating system returns the local unique port number, and then the process passes through the corresponding system.
Call to bind itself to the port. The assignment of TCP/IP port numbers combines the above two methods and will end.
Slogan is divided into two parts, a few of which are reserved ports, which are allocated to service processes in a global way. Every standard server has a complete
The ports recognized by the bureau are called well-known ports, and even on different machines, their port numbers are the same. The rest are free ports, which are carried out locally.
Distribution. TCP and UDP stipulate that ports smaller than 256 can be used as reserved ports.
According to the port number can be divided into three categories:
(1) Well-known ports: from 0 to 1023, which are closely bound with some services. This is usually the case.
The communication of these ports clearly shows the protocols of some services. For example, port 80 has always been HTTP communication.
(2) Registration port: from 1024 to 49 15 1. They are loosely bound to some services. Which means there is
Many services are bound to these ports, which are also used for many other purposes. For example, many systems handle a dynamic port of about 1024.
Here we go.
(3) Dynamic and/or dedicated ports: from 49 152 to 65535. Theoretically, it shouldn't
The service allocates these ports. In fact, machines usually allocate dynamic ports from 1024. But there is an exception: SUN's RPC port is opened from 32768.
Let's begin.
System administrators can "redirect" ports:
A common technique is to redirect a port to another address. For example, the default HTTP port is 80, and many people redirect it.
Go to another port, such as 8080. If so, you should use this address to visit this article.
:8080。
Port vulnerability: Port 8080 can be used by various virus programs. For example, the BrOwn Hole (Bro) Trojan virus can completely remotely control an infected computer using port 8080. In addition, RemoConChubo and RingZero trojans can also use this port to attack.
Operation suggestion: Generally, we use port 80 for web browsing. In order to avoid virus attacks, we can close this port.
Port: 2 1
Service: FTP
Description: FTP server opens ports for uploading and downloading. The most common attacker is to find a way to open anonymous's FTP server. These servers have read-write directories. Trojan Doly Trojan, Fore, Stealth FTP, WebEx, WinCrash and blade runner open ports.
Port: 22
Service: Ssh
Description: The connection between TCP established by PcAnywhere and this port may be to find ssh. This service has many weaknesses. If configured in a specific mode, many versions that use the RSAREF library will have many loopholes.
Port: 23
Service: Telnet
Description: Remote login, the intruder is searching for the service of remote login UNIX. In most cases, scanning this port is to find the operating system running on the machine. And using other technologies, intruders will also find the password. Trojan mini Telnet server opens this port.
Port: 25
Service: SMTP
Description: The port opened by SMTP server is used to send mail. Intruders are looking for SMTP servers to send their spam. The intruder's account is closed, and they need to connect to a high-bandwidth email server and send simple information to different addresses. Trojan horse antigen, e-mail password sender, Haebu Coceda, Shtrilitz Stealth, WinPC and WinSpy all open this port.
Port: 80
Service: HTTP
Description: used for web browsing. The Trojan Executor opened the port.
Port: 102
Service: Message Transfer Agent (MTA)-x.400 over TCP/IP.
Description: Message Transfer Agent.
Port: 109
Service: post office protocol-Version 3
Description: The POP3 server opens this port to receive mail, and the client accesses the mail service on the server side. POP3 services have many recognized weaknesses. There are at least 20 weaknesses about user name and password exchange buffer overflow, which means that intruders can enter the system before actually logging in. There are other buffer overflow errors after successful login.
Port: 1 10
Service: all ports of SUN's RPC service.
Description: Common RPC services include rpc.mountd, NFS, rpc.statd, rpc.csmd, rpc.ttybd, amd, etc.
Port: 1 19
Service: network news transfer protocol.
Description: news newsgroup transport protocol, which carries USENET communication. The connection of this port is usually when people are looking for a USENET server. Most ISPs only allow their customers to access their newsgroup servers. Opening the newsgroup server will allow anyone to post/read, access restricted newsgroup servers, post anonymously or send spam.
Port: 135
Services: Location Services
Description: Microsoft runs DCE RPC endpoint mapper on this port as its DCOM service. This is similar to the function of UNIX11port. Services using DCOM and RPC register their locations with the endpoint mapper on the computer. When remote customers connect to their computers, they will look for the location where the endpoint mapper finds the service. Will a hacker scan this port of a computer to find the Exchange Server running on this computer? What version? There are also some DOS attacks on this port.
Ports: 137, 138, 139
Service: NETBIOS name service
Note: Among them, 137 and 138 are UDP ports, which are used when transmitting files through network neighbors. And port 139: the connection coming through this port attempts to obtain NetBIOS/SMB service. This protocol is used for windows file and printer sharing and SAMBA. WINS Regisrtation also uses it.
Port: 16 1
Service: SNMP
Description: SNMP allows remote management of devices. All configuration and operation information is stored in the database and can be obtained through SNMP. Many administrators' misconfigurations will be exposed online. Cackers will try to access the system using the default passwords public and private. They will try all possible combinations. SNMP packets may be misdirected to the user's network.
What is a port?
Before we begin to discuss what a port is, let's discuss what a port is. I often hear on the Internet, "How many ports does my host have? Will it be invaded? " ! ? Or "Is it safer to open that port? In addition, what port should my service correspond to? "Ha ha! Isn't it amazing? Why are there so many strange ports on the host? What is the function of this port? !
Because the service function of each network is different, different data packets need to be sent to different services for processing, so when your host starts FTP and WWW services at the same time, the data packets sent by others will be processed by FTP or WWW services according to the port number on TCP, and there will be no confusion! (Note: Hehe! Some friends who have little contact with the internet often ask, "Hey! Why does your computer have so many services such as FTP, WWW and E-Mail at the same time, but how does your computer know how to judge when people send data? Does the computer really not misjudge? ! "Do you know why now? ! Yes, because the port is different! You can think of it this way. One day, if you want to deposit money in a bank, that bank can be considered as a "mainframe". Then, of course, a bank can't have only one kind of business, and there are quite a few windows inside. Then as soon as you enter the gate, the service staff at the door will ask you, "Hello! Hello! what are you going to do? You tell him, "I want to save money! ",the waiter will then tell you:" Drink! Then please go to window three! The staff over there will help you! " You shouldn't run to other windows at this time, should you? ! ""These windows can be considered as "ports"! So! Every service has a specific listening port! You don't have to worry about computer misjudgment! )
Every TCP connection must be initiated by one end (usually the client). This port is usually carried out by randomly selecting a port number greater than 1024! Its TCP packet will set (and only set) the SYN flag! This is the first packet of the whole connection;
If the other end (usually the server) accepts this request (of course, special services need to be carried out with special ports, such as 2 1 port of FTP), then the second package of the whole connection will be sent back to the requester! In addition to the SYN flag, the ACK flag is also set, and resources are established at the local side for connection.
Then, after the requester obtains the first response packet from the server, it must respond to the other party with an acknowledgement packet, which only carries the ACK flag (in fact, all packets in subsequent connections must carry the ACK flag);
Only when the server receives the acknowledgement (ACK) packet of the requester (that is, the third packet of the whole connection) can the connection between the two ends be formally established. This is the so-called three-way handshake principle of TCP online.
After three-way handshake, hehe! The port of the client is usually a randomly obtained port larger than 1024. As for the host side, it depends on which port was opened at that time. For example, WWW chooses 80, and FTP takes 2 1 as the normal access channel!
In a word, the port we are talking about here is not the I/O port of computer hardware, but the concept of software form. There are two kinds of ports, one is TCP port and the other is UDP port, depending on the service type provided by the tool. When computers communicate with each other, there are two ways: one is to confirm whether the information has arrived after sending, that is, to reply, mostly using TCP protocol; One is to leave it alone after sending it, and not confirm whether the information has arrived. Most of these methods use UDP protocol. The ports provided by services corresponding to these two protocols are also divided into TCP ports and UDP ports.
Then, if the attacker uses software to scan the target computer and gets the port opened by the target computer, he will know what services the target computer provides. As we all know, there must be loopholes in service software when providing services. According to these, the attacker can get a preliminary understanding of the target computer. If the port of the computer is too big for the administrator to know, there are two situations: one is that the service is provided and the administrator does not pay attention. For example, when installing IIS, the software will automatically add a lot of services, which administrators may not notice; One is that the server is installed by the attacker and communicates through a special port. Both situations are very dangerous. In the final analysis, the administrator does not understand the services provided by the server, which reduces the safety factor of the system.
Environmental work summary and work summary 1
In order to further promote the work of creating a national health city, and coop