Close the port
For example, to close port 25 of SMTP service in Windows 2000/XP, you can do this: first open the control panel, double-click the administrative tools, and then double-click the service. Then find and double-click the Simple Mail Transfer Protocol (SMTP) service in the opened service window, click the Stop button to stop the service, then select Disable in the Startup Type, and finally click the OK button. In this way, closing the SMTP service is equivalent to closing the corresponding port.
port
If you want to open the port, just select Automatic in the startup type, click OK, then open the service, click Start Enable Port in the service status, and finally click OK.
Tip: There is no "service" option in Windows 98. You can use the rule setting function of the firewall to close/open the port.
Common network ports
2 1 port
Port Description: Port 2 1 is mainly used for FTP (File Transfer Protocol) service, and is mainly used for uploading and downloading files between two computers. One computer serves as an FTP client and the other computer serves as an FTP server. You can log in to the FTP server by using anonymous login and authorized user name password login. At present, FTP service is the main way to upload and download files on the Internet. In addition, there is a 20 port, which is the default port number for FTP data transmission.
Author: 222.83. 180. * 2005-6- 15: 12 reply to this speech.
17
put through
In Windows, you can provide FTP connection and management through Internet Information Services (IIS), or you can install FTP server software separately to realize FTP functions, such as the common FTP serv-U.
Operation suggestion: Because some FTP servers can log in anonymously, they are often used by hackers. In addition, port 2 1 will be used by some trojans, such as blade runner, FTP Trojan, Dolly Trojan, WebEx and so on. If no FTP server is set, it is recommended to close port 2 1.
Port 23
Port Description: Port 23 is mainly used for Telnet (Remote Login) service, which is a login and simulation program widely used on the Internet. You also need to set up clients and servers so that clients with Telnet services can log in to the remote Telnet server and log in with an authorized user name and password. After logging in, users are allowed to use the command prompt window for corresponding operations. In Windows, you can use Telnet to log in remotely by typing the "Telnet" command in the command prompt window.
Operation suggestion: With the help of Telnet service, hackers can search the service of remote login to Unix and scan the type of operating system. Moreover, in Windows 2000, there are many serious loopholes in the Telnet service, such as privilege elevation and denial of service, which can crash the remote server. Port 23 of Telnet service is also the default port of TTS (Mini Telnet Server) Trojan. Therefore, it is recommended to close port 23.
Simple mail transfer protocol
Port Description: Port 25 is opened by SMTP (Simple Mail Transfer Protocol) server and is mainly used for sending mail. Now, most mail servers use this protocol. For example, when we use an e-mail client program, we will ask the SMTP server address when we create an account. By default, this server address uses a 25-port vulnerability:
1. Through port 25, hackers can find an SMTP server to forward spam.
Port 2.25 was opened by many trojans, such as Ajan, Antigen, Email Password Sender, ProMail, Trojan, Tapiras, Terminator, WinPC, WinSpy and so on. Take WinSpy as an example. By opening port 25, you can monitor all windows and modules that your computer is running.
Action suggestion: If the SMTP mail server is not set, you can close the port.
Port 53
Port Description: Port 53 is opened by DNS (Domain Name Server) server and is mainly used for domain name resolution. DNS service is the most widely used service in NT system. Through DNS server, the conversion of domain name and IP address can be realized. As long as you remember the domain name, you can quickly visit the website.
Port vulnerability: If DNS service is turned on, hackers can directly obtain the IP addresses of hosts such as Web servers by analyzing DNS servers, and then use port 53 to break through some unstable firewalls, thus carrying out attacks. Recently, an American company also published 10 vulnerabilities that are most vulnerable to hackers, the first of which is the BIND vulnerability of DNS servers.
Operation suggestion: If the current computer is not used to provide domain name resolution service, it is recommended to close this port.
Ports 67 and 68
Port description: Ports 67 and 68 are the open ports of Bootstrap Protocol Server and Bootstrap Protocol Client serving Bootp. Bootp service is a remote startup protocol originated from early Unix, and the DHCP service we often use now is extended from Bootp service. Through Bootp service, you can dynamically assign IP addresses to computers in the LAN without setting static IP addresses for each user.
Port vulnerability: If the Bootp service is enabled, hackers will often use the assigned IP address as a local router to attack in a "man-in-the-middle" way.
Operation suggestion: It is recommended to close this port.
Port Description: Port 69 is open for TFTP (Simple File Transfer Protocol) service. TFTP is a simple file transfer protocol developed by Cisco, similar to FTP. However, compared with FTP, TFTP has no complicated interactive access interface and authentication control. This service is suitable for data transmission between client and server, and does not need a complicated exchange environment.
Port vulnerability: Many servers provide both TFTP service and Bootp service, which are mainly used to download startup code from the system. However, because TFTP service can write files in the system, so can hackers.
Author: 222.83. 180. * 2005-6- 15: 13 reply to this speech.
18
put through
Port 79
Port Description: Port 79 is open for Finger service, which is mainly used to query the online users of the remote host, operating system type, whether the buffer overflows and other details. For example, to display the information of user0 1 on the remote computer www.abc.com, you can type "finger user 0 1@www.abc.com" on the command line.
Port vulnerability: Generally, hackers want to attack each other's computers by using the corresponding port scanning tools to obtain relevant information. For example, using Streamer, they can scan the operating system version of the remote computer by using port 79 to obtain user information, and can also detect known buffer overflow errors. In this way, it is easy to be attacked by hackers. In addition, port 79 is also used as the default port by Firehotcker Trojan Company.
Operation suggestion: It is recommended to close this port.
Hypertext transfer protocol
Port Description: Port 80 is open to HTTP (Hypertext Transfer Protocol), which is the most widely used protocol on the Internet, and is mainly used for transmitting information on WWW (World Wide Web) services. We can visit the website by adding ":80" (commonly known as "website") to the HTTP address, for example: 80. Because the default port number of the web browsing service is 80, we only need to enter the website address instead of ":80".
Port vulnerability: Some Trojans can use port 80 to attack computers, such as Executor and RingZero.
Operation suggestion: In order to surf the Internet normally, port 80 must be opened.
Port 99
Port Description: Port 99 is used for a service called Metagrammar Relay, which is rare and generally not used.
Port vulnerability: Although Metasyntax Relay service is not commonly used, Trojan programs (such as hidden port and NCx99) will use this port. For example, in Windows 2000, NCx99 can bind the cmd.exe program to port 99, so that you can connect to the server by Telnet, add users and change permissions at will.
Operation suggestion: It is recommended to close this port.
★ 109, 1 10 port
Port description: port 109 is open for post office protocol 2 (post office protocol version 2) service, and port 1 10 is open for POP3 (mail protocol 3) service. POP2 and POP3 are mainly used to receive mail. At present, POP3 is widely used, and many servers support both POP2 and POP3. The client can access the mail service of the server using POP3 protocol, which is now used by most mail servers of ISP. When using the e-mail client program, you will be asked to enter the address of the POP3 server. By default, the port vulnerability of 1 10 is used: POP2 and POP3 provide mail receiving services, but there are also many vulnerabilities. There are no fewer than 20 vulnerabilities in the user name and password exchange buffer of POP3 service alone, such as the vulnerability of legal user name information disclosure of WebEasyMail POP3 server, through which remote attackers can verify the existence of user accounts. In addition, the 1 10 port is also used by Trojans such as ProMail, and the user name and password of the POP account can be stolen through the 1 10 port.
Operation suggestion: If it is an execution mail server, you can open this port.
★11/port
Port Description: Port11is an open port of SUN's RPC (Remote Procedure Call) service, which is mainly used for internal process communication between different computers in a distributed system. RPC is a very important component in various network services. Common RPC services include rpc.mountd, NFS, rpc.statd, rpc.csmd, rpc.ttybd, amd and so on. In Microsoft Windows, there are also RPC services.
Port vulnerability: SUN RPC has a big vulnerability, that is, xdr_array function has a remote buffer overflow vulnerability when there are multiple RPC services, through which attackers are allowed to pass super.
1 13 port
Port Description: Port 1 13 is mainly used for "authentication service" of Windows. Generally, computers connected to the network run this service, which is mainly used to authenticate users connected to TCP, and information about connecting computers can be obtained through this service. In Windows 2000/2003 Server, there is also a special IAS component, which can facilitate authentication and policy management in remote access.
Port vulnerability: Although 1 13 port can facilitate authentication, it is often used as a recorder for FTP, POP, SMTP, IMAP and IRC, and will be used by corresponding Trojans, such as those controlled by IRC chat rooms. In addition, 1 13 port is also the default open port of Trojan horses such as invisible Identd Deamon and Kazimas.
Author: 222.83. 180. * 2005-6- 15: 14 reply to this speech.
2 1
put through
Operation suggestion: Besides using WinGate frequently to enjoy surfing the Internet, other suggestions are to close the port.
Port 1755
Port Description: By default, port 1755 is used for "Microsoft Media Server" (MMS for short), which is a streaming media protocol released by Microsoft. Through MMS protocol, streaming media files in Windows Media Server can be transmitted and played on the Internet. These documents include. asf,。 Wmv, etc. , which can be played in real time by using media playing software such as Windows Media Player. Specifically, the 1755 port can be divided into MMS protocols of TCP and UDP, namely MMST and MMSU, and generally adopts the MMS protocol of TCP, namely MMST. At present, most streaming media and commonly used download software support MMS protocol.
Port vulnerability: At present, from the point of view that Microsoft officials and users use MMS protocol to transmit and play streaming media files, there is no obvious vulnerability. Mainly the compatibility of MMS protocol with firewall and NAT (Network Address Translation).
Operation suggestion: In order to play and download streaming media files of MMS protocol in real time, it is recommended to open this port.
Port 4000
Port description: Port 4000 is used for QQ chat tools that people often use, specifically, it is an open port of QQ client, and the port used by QQ server is 8000. Through port 4000, QQ client program can send information to QQ server to realize identity authentication and message forwarding. By default, messages sent between QQ users are transmitted through this port. Neither port 4000 nor port 8000 belongs to TCP protocol, but belongs to UDP protocol.
Port vulnerability: Because port 4000 belongs to UDP port, although it can directly transmit messages, there are also various vulnerabilities. Such as worm _ wit. (Vidy) The worm uses port 4000 to send a virus to a random IP, and masquerades as an ICQ packet, resulting in writing random data to the hard disk. Besides, Troy. The Tianwu Trojan virus also uses this port.
Operational suggestion: In order to chat with QQ, it is no problem to leave 4000 doors open.
Port 5554
Port Description: On April 30th this year, it was reported that a new worm virus, WORM, appeared. Sasser, appear for the lsass service of Microsoft. This virus can use TCP 5554 port to open FTP service, which is mainly used for the spread of the virus.
Port vulnerability: After being infected with the "shock wave" virus, it will spread the worm virus to other infected computers through port 5554, and try to connect to TCP port 445 to send an attack. Poisoned computers will restart the system repeatedly, running slowly, unable to surf the Internet normally, and even be used by hackers to seize control of the system.
Operation suggestion: In order to prevent the infection of "shock wave" virus, it is recommended to close port 5554.
Port 5632
Port description: Port 5632 is a port opened by the familiar remote control software pcAnywhere, which is divided into TCP and UDP. Through this port, you can control the remote computer on the local computer, view the screen of the remote computer, transfer files, and realize synchronous file transfer. After the computer with installable PC is started, the PCA where main program will automatically scan the port.
Port vulnerability: Through the 5632 port, the main control computer can control the remote computer and carry out various operations, which may be used by criminals to steal accounts, important data and carry out various damages.
Operation suggestion: In order to avoid scanning through port 5632 and remotely controlling the computer, it is recommended to close this port.
World Wide Web publishing service
Port description: Port 8080, like port 80, is used for WWW proxy service, which can realize web browsing. When visiting a website or using a proxy server, the port number ":8080" is often added, for example: 8080.
Port vulnerability: Port 8080 can be used by various virus programs. For example, the BrOwn Hole (Bro) Trojan virus can completely remotely control an infected computer using port 8080. In addition, RemoConChubo and RingZero trojans can also use this port to attack.
Operation suggestion: Generally, we use port 80 for web browsing. In order to avoid virus attacks, we can close this port.