Port: 25 Service: SMTP Description: The port opened by SMTP server for sending mail.
Port: 1 10 service: SUN's RPC service. Description of all ports: Common RPC services include rpc.mountd, NFS, rpc.statd, rpc.csmd, rpc.ttybd, amd, etc.
Port concept, what is a port?
In network technology, ports have two meanings:
One is physical ports, such as interfaces used by ADSL modems, hubs, switches and routers to connect other network devices, such as RJ-45 ports and SC ports.
The second is logical port, which generally refers to the port in TCP/IP protocol. Port numbers range from 0 to 65535, such as port 80 for browsing web services, port 2 1 for FTP services and so on. What I want to introduce here is the logical port.
To view the port in Windows 2000/XP/Server 2003, you can use the Netstat command: click Start → Run, type "cmd" and press enter to open the command prompt window. Type "netstat -a -n" at the command prompt, and then press Enter to view the port number and status of TCP and UDP connections displayed in digital form.
Close/Open Ports How to close/open ports in Windows, because by default, many unsafe or useless ports are open, such as port 23 for Telnet service, port 2 1 for FTP service, port 25 for SMTP service, port 135 for RPC service, etc. In order to ensure the security of the system, we can close/open the port by the following methods.
1. To close a port, such as port 25 of SMTP service in Windows 2000/XP, you can do this: first open the control panel, double-click the administrative tools, and then double-click the service. Then find and double-click the Simple Mail Transfer Protocol (SMTP) service in the opened service window, click the Stop button to stop the service, then select Disable in the Startup Type, and finally click the OK button. In this way, closing the SMTP service is equivalent to closing the corresponding port.
2. Open the port If you want to open the port, just select Automatic in the startup type, click OK, then open the service, click Start Enable Port in the service status, and finally click OK. Tip: There is no "service" option in Windows 98. You can use the rule setting function of the firewall to close/open the port.
Functions of various ports: 0 Service: Reserved Description: Usually used to analyze the operating system. This method is effective because "0" is an invalid port in some systems, and when you try to connect it to a port that is usually closed, it will produce different results. A typical scan uses the IP address 0.0.0.0, sets the ACK bit and broadcasts it in the Ethernet layer.
Port: 1 Service: tcpmux Description: This indicates that someone is looking for SGI Irix machine. Irix is the main provider of tcpmux, which is turned on by default in this system. Irix machine contains several default password-free accounts when it is released, such as: IP, guest UUCP, NUUCP, DEMOS, TUTOR, DIAG, OUTOFBOX, etc. Many administrators forget to delete these accounts after installation. So hackers searched for tcpmux online and used these accounts.
Port: 7 Service: Echo Description: When searching for Fraggle power amplifier, you can see the information sent by many people to X.X.X.0 and X.X.X.255
Port: 19 Service: Character generator Description: This is a service that only sends characters. The UDP version will respond to packets containing junk characters after receiving UDP packets. When TCP connects, it sends a data stream containing junk characters until the connection is closed. Hackers can use IP spoofing to launch DoS attacks. Forge UDP packets between two chargen servers. Similarly, the Fraggle DoS attack will broadcast a packet with a forged victim IP to this port of the target address, and the victim will be overloaded in response to the data.
Port: 2 1 Service: FTP Description: the port opened by FTP server for uploading and downloading.
Port: 22 Service: Ssh Description: The connection between TCP established by PcAnywhere and this port may be to find Ssh.
Port: 23 Service: Telnet Description: Telnet remote login.
Port: 25 Service: SMTP Description: The port opened by SMTP server for sending mail.
Port: 3 1 service: MSG authentication description: Trojan Master Paradise and Hacker Paradise open this port.
Port: 42 Service: WINS Replication Description: WINS Replication
Port: 53 Service: Domain Name Server (DNS) Description: The port opened by DNS server, and intruders may try to conduct TCP, spoof DNS(UDP) or hide other communication. Therefore, firewalls usually filter or record this port.
Port: 67 Service: Bootstrap Protocol Server Description: A large amount of data sent to the broadcast address of 255.255.255.255 is often seen through the firewall of DSL and Cable modem. These machines are requesting addresses from the DHCP server. Hackers often enter them, assign an address and use themselves as local routers to launch a large number of man-in-the-middle attacks. The client broadcasts the requested configuration to port 68 and the server broadcasts the response request to port 67. This response is broadcast because the client does not know the IP address that can be sent.
Port: 69 service: tedious file transfer Note: Many servers provide this service together with bootp, which is convenient for downloading startup code from the system. However, they often allow intruders to steal any files from the system due to configuration errors. They can also be used for system writing files.
Port: 79 Service: Finger Server Description: Intruders are used to obtain user information, query the operating system, detect known buffer overflow errors, and respond to Finger scans from their own machines to other machines.
Port: 80 Service: HTTP Description: Used for web browsing. The Trojan Executor opened the port.
Port: 99 Service: Metagram Relay Description: Backdoor program ncx99 opens this port.
Port: 102 Service: Message Transfer Agent (MTA)-X.400 description on TCP/IP: Message Transfer Agent.
Port: 109 Service: post office protocol -Version3 Description: The POP3 server opens this port to receive mail, and the client accesses the mail service on the server side. POP3 services have many recognized weaknesses. There are at least 20 weaknesses about user name and password exchange buffer overflow, which means that intruders can enter the system before actually logging in. There are other buffer overflow errors after successful login.
Port: 1 10 service: SUN's RPC service. Description of all ports: Common RPC services include rpc.mountd, NFS, rpc.statd, rpc.csmd, rpc.ttybd, amd, etc.
Port: 1 13 Service: Authentication Service Description: This is a protocol that runs on many computers and is used to authenticate users of TCP connections. You can get information about many computers by using this standard service. But it can be used as a recorder for many services, especially FTP, POP, IMAP, SMTP and IRC. Usually, if many customers access these services through firewalls, they will see many connection requests to this port. Remember, if you block this port, the client will feel that the connection to the email server on the other side of the firewall is slow. Many firewalls support sending back RST during blocking of TCP connections. This will stop the slow connection.
Port: 1 19 Service: network news transfer protocol Description: News newsgroup transport protocol, which carries USENET communication. The connection of this port is usually when people are looking for a USENET server. Most ISPs only allow their customers to access their newsgroup servers. Opening the newsgroup server will allow anyone to post/read, access restricted newsgroup servers, post anonymously or send spam.
Port: 135 Service: Location Service Description: Microsoft runs DCE RPC endpoint mapper on this port as its DCOM service. This is similar to the function of UNIX11port. Services using DCOM and RPC register their locations with the endpoint mapper on the computer. When remote customers connect to their computers, they will look for the location where the endpoint mapper finds the service. Will a hacker scan this port of a computer to find the Exchange Server running on this computer? What version? There are also some DOS attacks on this port.
Ports: 137, 138, 139 Service: NETBIOS Name Service Description: Among them, 137 and 138 are UDP ports, which are used when transmitting files through network neighbors. And port 139: the connection coming through this port attempts to obtain NetBIOS/SMB service. This protocol is used for windows file and printer sharing and SAMBA. WINS Regisrtation also uses it.
Port: 143 Service: Temporary Mail Access Protocol v2 Description: Like the security problem of POP3, many IMAP servers have buffer overflow vulnerabilities. Remember: LINUX worms (admv0rm) will spread through this port, so many scans of this port come from uninformed infected users. These vulnerabilities became popular when REDHAT allowed IMAP by default in its LINUX distribution. This port is also used for IMAP2, but it is not popular.
Port: 16 1 Service: SNMP Description: SNMP allows remote management of devices. All configuration and operation information is stored in the database and can be obtained through SNMP. Many administrators' misconfigurations will be exposed online. Cackers will try to access the system using the default passwords public and private. They will try all possible combinations. SNMP packets may be incorrectly pointed to the user's network.
Port: 177 Service: X Display Manager Control Protocol Description: Many intruders access the X-windows console through it, and it also needs to open 6000 ports.
Port: 389 Service: LDAP, ILS Description: Lightweight Directory Access Protocol and NetMeeting Internet Locator server * * * use this port.
Port: 443 Service: Https Description: Web browsing port, another HTTP that can provide encryption and transmission through a secure port.
Port: 456 Service: [NULL] Description: Trojan Hacker Paradise opens this port.
Port: 5 13 Service: Login, Remote Login Description: It is a broadcast from a UNIX computer, using a cable modem or DSL to login to the subnet. These people provide information for intruders to enter their systems.
Port: 544 Service: [NULL] Description: kerberos kshell
Port: 548 Service: Macintosh, File Service (AFP/IP) Description: Macintosh, File Service.
Port: 553 Service: CORBA IIOP(UDP) Description: You will see the broadcast of this port by using cable modem, DSL or VLAN. CORBA is an object-oriented RPC system. Intruders can use this information to enter the system.
Port: 555 service: DSF description: Trojan PhAse 1.0, stealth spy, and IniKiller open this port.
Port: 568 Service: Member DPA Description: Member DPA.
Port: 569 Service: Member MSN Description: Member MSN.
Port: 635 Service: mountd Description: mountd Bug of Linux. This is a common error in scanning. The scanning of this port is mostly based on UDP, but the mountd based on TCP is increased (mountd runs on two ports at the same time). Remember that mountd can run on any port (which port is it, you need to query portmap on port11), but the default port of Linux is 635, just like NFS runs on port 2049.
Port: 636 Service: LDAP Description: SSL (Secure Sockets Layer)
Port: 666 Service: Doom Id Software Description: Trojan attacks FTP and Satanz backdoor to open this port.
Port: 993 Service: IMAP Description: SSL (Secure Sockets Layer)
Port: 100 1,1kloc-0/Service: [NULL] Description: Trojan silencer and WebEx open port 100 1. Trojan open port 10 1 1.
Port: 1024 service: reserved description: is the beginning of a dynamic port. Many programs don't care which port to use to connect to the network. They asked the system to assign them the next free port. Based on this, the allocation starts from port 1024. This means that the first person to send a request to the system will be assigned to port 1024. You can restart the machine, open Telnet, and then open a window to run natstat -a A. You will see that Telnet is assigned the port 1024. And SQL sessions also use this port and 5000 port.
Port: 1025, 1033 Service: 1025: Net21Point 1033: [null] Description: Trojan netspy opens these two ports.
Port: 1080 Service: SOCKS Description: This protocol tunnels through the firewall, allowing people behind the firewall to access the Internet through an IP address. Theoretically, it should only allow internal communication to reach the Internet. However, due to the wrong configuration, attacks outside the firewall will pass through the firewall. WinGate often makes this mistake and often sees it when joining IRC chat rooms.
Port: 1 170 Service: [NULL] Description: Trojan streaming audio Trojan, Psyber streaming server and voice open this port.
Ports: 1234, 1243, 671,6776 Service: [NULL] Description: Trojan SubSeven2.0 and Ultors Trojan Open Ports 1234 and 6776. Trojan Subeven 1.0/ 1.9 Open ports 1243, 671and 6776.
Port: 1245 Service: [NULL] Description: Trojan Waldo opens this port.
Port: 1433 Service: SQL Description: Microsoft's SQL service is an open port.
Port: 1492 Service: stone-design- 1 Description: Trojan FTP99CMP opens this port.
Port: 1500 service: RPC client fixed port session query description: RPC client fixed port session query.
Port: 1503 Service: NetMeeting T. 120 Description: NetMeeting T. 120.
Port: 1524 Service: Portal Description: Many attack scripts will install a backdoor shell on this port, especially for the vulnerabilities of Sendmail and RPC services in SUN system.