Analysis:
Each service corresponds to a corresponding port. For example, as we all know, the port of WWW service is 80, TP is 25 and ftp is 2 1. These services are started by default in win2000 installation. Individual users are really unnecessary. Closing a port means closing useless services. In the control panel "Administrative Tools" in "Services".
1, close ports such as 7.9: close simple TCP/IP services and support the following TCP/IP services: character generator, daytime, discard, echo and quotation of the day.
2. Close port 80: Close the WWW service. The name displayed in "Service" is "World Wide Web Publishing Service", which provides web connection and management through the snap-in of Inter Information Service.
3. Close port 25: Close the Simple Mail Transfer Protocol (SMTP) service, which provides the function of sending e-mail across the network.
4. Close port 2 1: Close the FTP publishing service, which provides FTP connection and management through the management unit of the Inter information service.
5. Close port 23: Close the Tel service, which allows remote users to log in to the system and run console programs using the command line.
6. It is also important to shut down the server services that provide RPC support, files, printing and naming pipes. Turning it off will turn off win2k's default * * * enjoyment, such as ipc$, c$, admin$ and so on. The shutdown of this service will not affect your other operations.
7. The other port is 139, which is a NetBIOS session port for file and print * * *. Note that the unix machine running samba has also opened the 139 port, which has the same function. In the past, streamer 2000 was not very accurate in judging the host type of the other party. It is estimated that the 139 port is open, and it is considered to be an NT machine, but it is ok now. The way to turn off 139 listening is to select the Inter Protocol (TCP/IP) attribute in the local connection in the network and dial-up connection, enter the advanced TCP/IP settings and WINS settings, one of which is "Disable NETBIOS of TCP/IP", and then tick off the 139 port. For individual users, it can be set to "Disabled" in various service attribute settings to avoid restarting the service and opening the port next time.
Each service corresponds to a corresponding port. For example, as we all know, the port of WWW service is 80, TP is 25 and ftp is 2 1. These services are started by default in win2000 installation. Individual users are really unnecessary. Closing a port means closing useless services.
In the control panel "Administrative Tools" in "Services".
1, close ports such as 7.9: close simple TCP/IP services and support the following TCP/IP services: character generator, daytime, discard, echo and quotation of the day.
2. Close port 80: Close the WWW service. The name displayed in "Service" is "World Wide Web Publishing Service", which provides web connection and management through the snap-in of Inter Information Service.
3. Close port 25: Close the Simple Mail Transfer Protocol (SMTP) service, which provides the function of sending e-mail across the network.
4. Close port 2 1: Close the FTP publishing service, which provides FTP connection and management through the management unit of the Inter information service.
5. Close port 23: Close the Tel service, which allows remote users to log in to the system and run console programs using the command line.
6. It is also important to shut down the server services that provide RPC support, files, printing and naming pipes. Turning it off will turn off win2k's default * * * enjoyment, such as ipc$, c$, admin$ and so on. The shutdown of this service will not affect your other operations.
7. The other port is 139, which is a NetBIOS session port for file and print * * *. Note that the unix machine running samba has also opened the 139 port, which has the same function. In the past, streamer 2000 was not very accurate in judging the host type of the other party. It is estimated that the 139 port is open, and it is considered to be an NT machine, but it is ok now.
The way to turn off 139 listening is to select the Inter Protocol (TCP/IP) attribute in the local connection in the network and dial-up connection, enter the advanced TCP/IP settings and WINS settings, one of which is "Disable NETBIOS of TCP/IP", and then tick off the 139 port.
For individual users, it can be set to "Disabled" in various service attribute settings to avoid restarting the service and opening the port next time.
We usually use some powerful anti-hacking software and firewalls to ensure the security of our system, but some users do not have the above conditions. What can we do? Here is a simple way to help you prevent illegal intrusion by restricting ports.
The way of illegal invasion
Simply put, the ways of illegal invasion can be roughly divided into four types:
1, scan the port and break into the host through known system bugs.
2. Planting Trojans, using the back door opened by Trojans to enter the host.
3. Force the host to provide a back door to enter the host through data overflow.
4. Use some software design vulnerabilities to directly or indirectly control the host.
The methods of illegal intrusion are mainly the first two, especially using some popular hacking tools. The first way is the most common and common way to attack the host. For the latter two methods, only some highly skilled hackers can use them, and the coverage is not extensive. And as long as these two problems appear, software service providers will soon provide patches and repair the system in time.
Therefore, if we can limit the first two illegal intrusion methods, we can effectively prevent illegal intrusion by using hacker tools. And the first two illegal intrusion methods have one thing in common, that is, they enter the host through the port.
Ports are like several doors of a house (server), and different doors lead to different rooms (server provides different services). Our common FTP default port is 2 1, while the default port of WWW page is 80. However, some sloppy network administrators often open some port services that are easy to be invaded, such as139; There are also some Trojan horse programs, such as Glacier, Bo, Guangwai and so on. It will automatically open a port you don't know. Then, as long as we block all the unused ports, won't we put an end to these two illegal intrusions?
Method for limiting port
For individual users, you can limit all ports, because you don't have to let your machine provide any services to the outside world at all; For servers providing network services to the outside world, we need to open necessary ports (such as WWW port 80, FTP port 2 1, mail service port 25, 1 10, etc.). ), all other ports are closed.
Here, for users who use Windows 2000 or Windows XP, there is no need to install any other software, and the port of the server can be restricted by using the "TCP/IP filtering" function. The specific settings are as follows:
1. Right-click My Neighbors, select Properties, and then double-click Local Area Connection (if you are a dial-up Internet user, select My Connection icon) to open the Local Area Connection Status dialog box.
2. Click [Properties] to open the Local Connection Properties, select "TCP/IP" in "This connection uses the following items", and then click [Properties].
3. In the "Inter Protocol (TCP/IP)" dialog box that pops up, click the [Advanced] button. In the pop-up advanced TCP/IP settings, select the Options tab, select TCP/IP filtering, and then click the [Properties] button.
4. In the pop-up TCP/IP filtering dialog box, select the Enable TCP/IP filtering check box, and then select "Allow Only" on the TCP port on the left (see attached figure).
In this way, you can add or delete your own TCP or UDP or IP ports.
Your server will be protected after adding or removing the machine and restarting it.
If you just browse the Internet, you don't need to add any ports. But if you want to use some network communication tools, such as OICQ, you should open the port "4000". Similarly, if you find that a common network tool doesn't work, please find the port it opens on your host, and then add the port in TCP/IP filtering.