Analysis:
TCP (Trans * * * Issue Control Protocol) is a connection-based protocol, that is, a reliable connection must be established with the other party before sending and receiving data formally. A TCP connection can only be established after three sessions, and the process is very complicated. We only make a simple and vivid introduction here, as long as you can understand the process. Let's take a look at the simple process of these three conversations: Host A sends a connection request packet to Host B: "I want to send you data, can I?" This is the first conversation; Host B sends a data packet to host A, and host A agrees to connect and asks for synchronization (synchronization means that the two hosts are sending and receiving and coordinating their work): "OK, when will you send it?" This is the second conversation; Host A sends another data packet to confirm the request of synchronizing host B: "I'll send it now, you can continue!" " "This is the third conversation. The purpose of the three sessions is to synchronize the sending and receiving of data packets. After three conversations, Host A will formally send data to Host B..
So what exactly does a port mean? How to check the port number? Will the port become the entrance of malicious network attacks? , how to face the shape of the * * * port? The following will introduce this aspect for your reference. ?
2 1 port: 2 1 port is mainly used for FTP (file transfer protocol) service.
Port Description: Port 2 1 is mainly used for FTP (File Transfer Protocol) service, and is mainly used for uploading and downloading files between two computers. One computer serves as an FTP client and the other computer serves as an FTP server. You can log in to the FTP server by using anonymous login and authorized user name password login. At present, FTP service is the main way to upload and download files on the Internet. In addition, there is a 20 port, which is the default port number for FTP data transmission.
In Windows, you can provide FTP connection and management through Inter Information Service (IIS), or you can install FTP server software separately to realize FTP functions, such as the common FTP serv-U.
Operation suggestion: Because some FTP servers can log in anonymously, they are often used by hackers. In addition, port 2 1 will be used by some trojans, such as blade runner, FTP Trojan, Dolly Trojan, WebEx and so on. If no FTP server is set, it is recommended to close port 2 1.
Port 23: Port 23 is mainly used for Tel (Remote Login) service, which is a login and simulation program commonly used on Inter.
Port Description: Port 23 is mainly used for Tel (Remote Login) service, and is a login and simulation program commonly used on Inter. You also need to set up the client and server. Clients who open the Tel service can log in to the remote Tel server and log in with an authorized user name and password. After logging in, users are allowed to use the command prompt window for corresponding operations. In Windows, you can use Tel to log in remoTely by typing the "tel" command in the command prompt window.
Operation suggestion: Through the Tel service, hackers can search the service of remote login to Unix and scan the type of operating system. Moreover, there are many serious loopholes in the Tel service in Windows 2000, such as privilege elevation and denial of service, which can crash the remote server. Port 23 of telephone service is also the default port of TTS Trojan. Therefore, it is recommended to close port 23.
Port 25: Port 25 is opened by SMTP (Simple Mail Transfer Protocol) server and is mainly used for sending mail. Now, most mail servers use this protocol.
Port Description: Port 25 is opened by SMTP (Simple Mail Transfer Protocol) server and is mainly used for sending mail. Now, most mail servers use this protocol. For example, when we use an e-mail client program, we will ask the SMTP server address when we create an account. By default, the server address uses port 25.
Port vulnerability:
1. Through port 25, hackers can find an SMTP server to forward spam.
Port 2.25 was opened by many trojans, such as Ajan, Antigen, Email Password Sender, ProMail, Trojan, Tapiras, Terminator, WinPC, WinSpy and so on. Take WinSpy as an example. By opening port 25, you can monitor all windows and modules that your computer is running.
Action suggestion: If the SMTP mail server is not set, you can close the port.
Port 53: Port 53 is opened by DNS (Domain Name Server) server and is mainly used for domain name resolution. DNS service is the most widely used service in NT system.
Port Description: Port 53 is opened by DNS (Domain Name Server) server and is mainly used for domain name resolution. DNS service is the most widely used service in NT system. Through DNS server, the conversion of domain name and IP address can be realized. As long as you remember the domain name, you can quickly visit the website.
Port vulnerability: If DNS service is turned on, hackers can directly obtain the IP addresses of hosts such as Web servers by analyzing DNS servers, and then use port 53 to break through some unstable firewalls, thus carrying out attacks. Recently, an American company also published 10 vulnerabilities that are most vulnerable to hackers, the first of which is the BIND vulnerability of DNS servers.
Operation suggestion: If the current computer is not used to provide domain name resolution service, it is recommended to close this port.
Ports 67 and 68: Ports 67 and 68 are open ports for Boot Protocol Server and Boot Protocol Client serving Bootp respectively.
Port description: Ports 67 and 68 are the open ports of Bootstrap Protocol Server and Bootstrap Protocol Client serving Bootp. Bootp service is a remote startup protocol originated from early Unix, and the DHCP service we often use now is extended from Bootp service. Through Bootp service, you can dynamically assign IP addresses to computers in the LAN without setting static IP addresses for each user.
Port vulnerability: If the Bootp service is enabled, hackers will often use the assigned IP address as a local router to attack in a "man-in-the-middle" way.
Operation suggestion: It is recommended to close this port.
Port 69: TFTP is a simple file transfer protocol developed by Cisco, similar to FTP.
Port Description: Port 69 is open for TFTP (Simple File Transfer Protocol) service. TFTP is a simple file transfer protocol developed by Cisco, similar to FTP. However, compared with FTP, TFTP has no complicated interactive access interface and authentication control. This service is suitable for data transmission between client and server, and does not need a complicated exchange environment.
Port vulnerability: Many servers provide both TFTP service and Bootp service, which are mainly used to download startup code from the system. However, because TFTP service can write files in the system, and hackers can also use the wrong configuration of TFTP to get any files from the system.
Operation suggestion: It is recommended to close this port.
Port 79: Port 79 is open for Finger service, and is mainly used to query the online users of remote hosts, operating system types, whether the buffer overflows and other details.
Port Description: Port 79 is open for Finger service, which is mainly used to query the online users of the remote host, operating system type, whether the buffer overflows and other details. For example, to display the information of user0 1 on the remote computer abc, you can type "finger user0 1@abc" on the command line.
Port vulnerability: Generally, hackers want to attack each other's computers by using the corresponding port scanning tools to obtain relevant information. For example, using Streamer, they can scan the operating system version of the remote computer by using port 79 to obtain user information, and can also detect known buffer overflow errors. In this way, it is easy to be attacked by hackers. In addition, port 79 is also used as the default port by Firehotcker Trojan Company.
Operation suggestion: It is recommended to close this port.
Port 80: Port 80 is open to HTTP (Hypertext Transfer Protocol), which is the most commonly used protocol for surfing the Internet and is mainly used for transmitting information on WWW (World Wide Web) services.
Port Description: Port 80 is open to HTTP (Hypertext Transfer Protocol), which is the most widely used protocol on the Internet, and is mainly used for transmitting information on WWW (World Wide Web) services. We can visit the website by adding ":80" to the HTTP address (commonly known as "URL"), because the default port number of the web browsing service is 80, so we only need to enter the URL without adding ":80".
Port vulnerability: Some Trojans can use port 80 to attack computers, such as Executor and RingZero.
Operation suggestion: In order to surf the Internet normally, port 80 must be opened.
Port 99: Port 99 is used for a service called Metasyntax Relay (sub-game delay), which is rare and generally not used.
Port Description: Port 99 is used for a service called Metagrammar Relay, which is rare and generally not used.
Port vulnerability: Although Metasyntax Relay service is not commonly used, Trojan programs (such as hidden port and NCx99) will use this port. For example, in Windows 2000, NCx99 can bind the cmd.exe program to port 99, so that you can connect to the server with Tel, add users at will, and change permissions.
Operation suggestion: It is recommended to close this port.
109 and 1 10 ports: 109 port is open for post office protocol 2 service, and 1 10 port is used for POP3 (mail protocol 3).