Another one!
First, the port encyclopedia
Port: 0
Service: reserved
Description: Usually used to analyze the operating system. This method is effective because "0" is an invalid port in some systems, and when you try to connect it to a port that is usually closed, it will produce different results. A typical scan uses the IP address 0.0.0.0, sets the ACK bit and broadcasts it in the Ethernet layer.
Port: 1
Service: tcpmux
Description: This means that someone is looking for SGI Irix machine. Irix is the main provider of tcpmux, which is turned on by default in this system. Irix machine contains several default password-free accounts when it is released, such as: IP, guest UUCP, NUUCP, DEMOS, TUTOR, DIAG, OUTOFBOX, etc. Many administrators forget to delete these accounts after installation. So hackers searched for tcpmux online and used these accounts.
Port: 7
Service: echo
Description: When searching for Fraggle amplifier, you can see many messages sent by people to X.X.X.0 and X.X.X.255.
Port: 19
Service: Character Generator
Description: This is a service that only sends characters. The UDP version will respond to packets containing junk characters after receiving UDP packets. When TCP connects, it sends a data stream containing junk characters until the connection is closed. Hackers can use IP spoofing to launch DoS attacks. Forge UDP packets between two chargen servers. Similarly, the Fraggle DoS attack will broadcast a packet with a forged victim IP to this port of the target address, and the victim will be overloaded in response to the data.
Port: 2 1
Service: FTP
Description: FTP server opens ports for uploading and downloading. The most common attacker is to find a way to open anonymous's FTP server. These servers have read-write directories. Trojan Doly Trojan, Fore, Stealth FTP, WebEx, WinCrash and blade runner open ports.
Port: 22
Service: Ssh
Description: The connection between TCP established by PcAnywhere and this port may be to find ssh. This service has many weaknesses. If configured in a specific mode, many versions that use the RSAREF library will have many loopholes.
Port: 23
Service: Telnet
Description: Remote login, the intruder is searching for the service of remote login UNIX. In most cases, scanning this port is to find the operating system running on the machine. And using other technologies, intruders will also find the password. Trojan mini Telnet server opens this port.
Port: 25
Service: SMTP
Description: The port opened by SMTP server is used to send mail. Intruders are looking for SMTP servers to send their spam. The intruder's account is closed, and they need to connect to a high-bandwidth email server and send simple information to different addresses. Trojan horse antigen, e-mail password sender, Haebu Coceda, Shtrilitz Stealth, WinPC and WinSpy all open this port.
Port: 3 1
Service: message authentication
Description: Trojan Master Park and Hacker Park open this port.
Port: 42
Service: WINS replication
Description: WINS replication
Port: 53
Service: Domain Name Server (DNS)
Description: For the port opened by DNS server, intruders may try to pass TCP, cheat DNS(UDP) or hide other communication. Therefore, the _blank "> firewall usually filters or logs the port.
Port: 67
Service: Boot Protocol Server
Description: Through the s _blank "> firewall of DSL and cable modem, we often see a lot of data sent to the broadcast address 255.255.255.255. These machines are requesting addresses from the DHCP server. Hackers often enter them, assign an address and use themselves as local routers to launch a large number of man-in-the-middle attacks. The client broadcasts the requested configuration to port 68 and the server broadcasts the response request to port 67. This response is broadcast because the client does not know the IP address that can be sent.
Port: 69
Service: cumbersome file transfer
Description: Many servers provide this service together with bootp, so it is convenient to download the startup code from the system. However, they often allow intruders to steal any files from the system due to configuration errors. They can also be used for system writing files.
Port: 79
Service: finger server
Description: Intruders are used to obtain user information, query the operating system, detect known buffer overflow errors, and respond to finger scanning from their own machines to other machines.
Port: 80
Service: HTTP
Description: used for web browsing. The Trojan Executor opened the port.
Port: 99
Service: Metagrammar Relay
Description: Backdoor program ncx99 opens this port.
Port: 102
Service: Message Transfer Agent (MTA)-x.400 over TCP/IP.
Description: Message Transfer Agent.
Port: 109
Service: post office protocol-Version 3
Description: The POP3 server opens this port to receive mail, and the client accesses the mail service on the server side. POP3 services have many recognized weaknesses. There are at least 20 weaknesses about user name and password exchange buffer overflow, which means that intruders can enter the system before actually logging in. There are other buffer overflow errors after successful login.
Port: 1 10
Service: all ports of SUN's RPC service.
Description: Common RPC services include rpc.mountd, NFS, rpc.statd, rpc.csmd, rpc.ttybd, amd, etc.
Port: 1 13
Service: authentication service
Description: This is a protocol that runs on many computers and is used to identify users of TCP connections. You can get information about many computers by using this standard service. But it can be used as a recorder for many services, especially FTP, POP, IMAP, SMTP and IRC. Usually, if many customers access these services through _blank "> when the firewall, it will see many connection requests for this port. Remember, if you block this port, the client will think it is in _ blank ">;; A slow connection to an email server at the other end of the firewall. Many _blank "> firewall supports sending back RST during TCP connection blocking. This will stop the slow connection.
Port: 1 19
Service: network news transfer protocol.
Description: news newsgroup transport protocol, which carries USENET communication. The connection of this port is usually when people are looking for a USENET server. Most ISPs only allow their customers to access their newsgroup servers. Opening the newsgroup server will allow anyone to post/read, access restricted newsgroup servers, post anonymously or send spam.
Port: 135
Services: Location Services
Description: Microsoft runs DCE RPC endpoint mapper on this port as its DCOM service. This is similar to the function of UNIX11port. Services using DCOM and RPC register their locations with the endpoint mapper on the computer. When remote customers connect to their computers, they will look for the location where the endpoint mapper finds the service. Will a hacker scan this port of a computer to find the Exchange Server running on this computer? What version? There are also some DOS attacks on this port.
Ports: 137, 138, 139
Service: NETBIOS name service
Note: Among them, 137 and 138 are UDP ports, which are used when transmitting files through network neighbors. And port 139: the connection coming through this port attempts to obtain NetBIOS/SMB service. This protocol is used for windows file and printer sharing and SAMBA. WINS Regisrtation also uses it.
Port: 143
Service: Temporary Mail Access Protocol v2.
Description: Like the security problem of POP3, many IMAP servers have buffer overflow vulnerabilities. Remember: LINUX worms (admv0rm) will spread through this port, so many scans of this port come from uninformed infected users. These vulnerabilities became popular when REDHAT allowed IMAP by default in its LINUX distribution. This port is also used for IMAP2, but it is not popular.
Port: 16 1
Service: SNMP
Description: SNMP allows remote management of devices. All configuration and operation information is stored in the database and can be obtained through SNMP. Many administrators' misconfigurations will be exposed online. Cackers will try to access the system using the default passwords public and private. They will try all possible combinations. SNMP packets may be incorrectly pointed to the user's network.
Port: 177
Service: X Display Manager Control Protocol
Description: Many intruders access the X-windows console through it, and it needs to open 6000 ports at the same time.
Port: 389
Services: LDAP, ILS
Description: Lightweight Directory Access Protocol and NetMeeting Internet Locator server * * * use this port.
Port: 443
Service: Https
Description: Web browsing port, another HTTP that can provide encryption and transmission through a secure port.
Port: 456
Service: [empty]
Trojan hacker paradise opens this port.
Port: 5 13
Services: login, remote login
Description: It is a broadcast from a UNIX computer that logs on to the subnet using a cable modem or DSL. These people provide information for intruders to enter their systems.
Port: 544
Service: [empty]
Description: kerberos kshell
Port: 548
Service: Macintosh, file service (AFP/IP)
Description: Macintosh, file service.
Port: 553
Service: CORBA IIOP (UDP)
Description: Use a cable modem, DSL or VLAN to view the broadcast on this port. CORBA is an object-oriented RPC system. Intruders can use this information to enter the system.
Port: 555
Service: DSF
Description: Trojan horse PhAse 1.0, stealth spy and IniKiller open this port.
Port: 568
Service: member DPA
Description: Membership DPA.
Port: 569
Service: Member MSN
Description: Member MSN.
Port: 635
Service: install d
Description: mountd Bug of Linux. This is a common error in scanning. The scanning of this port is mostly based on UDP, but the mountd based on TCP is increased (mountd runs on two ports at the same time). Remember that mountd can run on any port (which port is it, you need to query portmap on port11), but the default port of Linux is 635, just like NFS runs on port 2049.
Port: 636
Service: LDAP
Description: SSL (Secure Sockets Layer)
Port: 666
Service: Doom Id software
Description: Trojan attacks FTP and Satanz backdoor to open this port.
Port: 993
Service: IMAP
Description: SSL (Secure Sockets Layer)
Port: 100 1,101/
Service: [empty]
Description: Trojan silencer and WebEx open port 100 1. Trojan open port 10 1 1.
Port: 1024
Service: reserved
Description: It is the beginning of a dynamic port. Many programs don't care which port to use to connect to the network. They asked the system to assign them the next free port. Based on this, the allocation starts from port 1024. This means that the first person to send a request to the system will be assigned to port 1024. You can restart the machine, open Telnet, and then open a window to run natstat -a A. You will see that Telnet is assigned the port 1024. And SQL sessions also use this port and 5000 port.
Port: 1025, 1033
Service: 1025: network black jack 1033:[ empty]
Description: Trojan netspy opens these two ports.
Port: 1080
Service: socks
Description: this agreement is passed by _ blank ">;; Firewall, allow _blank "> People behind the firewall access the Internet through IP addresses. Theoretically, it should only allow internal communication to reach the Internet. However, due to a configuration error, it will be allowed to be located in _ blank ">;; Attacks outside the firewall pass through _blank "> firewall. WinGate often makes this mistake and often sees it when joining IRC chat rooms.
Port: 1 170
Service: [empty]
Description: Trojan streaming audio Trojan, Psyber streaming server and voice open this port.
Ports: 1234,1243,6711,6776.
Service: [empty]
Description: Trojan and Autes Trojan open ports 1234 and 6776. Trojan Subeven 1.0/ 1.9 Open ports 1243, 671and 6776.
Port: 1245
Service: [empty]
Caption: Troy Waldo opened this port.
Port: 1433
Service: SQL
Description: Microsoft SQL service open port.
Port: 1492
Service: stone-design-1
Description: Trojan FTP99CMP opens this port.
Port: 1500
Service: RPC client fixed port session query.
Description: RPC client fixed port session query
How to open a port in a firewall:
1. Click Start, click Control Panel, click Network and Internet Connections, and then
Click Network Connection.
2. If you are using a dial-up Internet connection, under Dial-up Networking, click For.
Internet connection. If you use a cable modem or a digital subscriber line (DSL)
Connect, under LAN or high-speed Internet, click the connection you use for the Internet.
3. Under Network Tasks, click Change the settings for this connection.
4. On the Advanced tab, ensure that "By restricting or blocking Internet traffic" is selected.
Visit this computer to protect my computer and network "check box.
5. Click "Settings".
On the Services tab, click Add.
7. Type a name in the service description to identify the port you want to open. example
Such as "Windows Messenger file transfer". Type a name that will help you remember the service and the end.
The name of the mouth. You can use any name you want. This name has no effect on the function.
Only helpful for memory.
8. In the name or IP address of the computer hosting this service on the network, type ".
127.0.0. 1"。
9. In External Port Number of this service and Internal Port Number of this service, type the port numbers.
(The numbers typed in both boxes are the same). To find the port number, please check the list above.
Check the program documentation or the information sources listed earlier in this article.
10. Click TCP or UDP, and then click OK.
1 1. Repeat this process for each port that needs to be opened.