Problem description:
How to open the 3389 port of this machine? Detailed description of operation steps
Analysis:
Computer "port" is the literal translation of English port, which can be regarded as the exit of computer communication with the outside world. Among them, the ports in the hardware field are also called interfaces, such as USB ports and serial ports. Ports in the software field generally refer to communication protocol ports in the network for connected services and connectionless services. They are abstract software structures, including some data structures and I/O buffers.
According to the port number can be divided into three categories:
(1) Well-known ports: from 0 to 1023, which are closely bound with some services. Usually, the communication of these ports clearly indicates the protocol of a certain service. For example, port 80 has always been HTTP communication.
(2) Registration port: from 1024 to 49 15 1. They are loosely bound to some services. In other words, many services are bound to these ports, and these ports are also used for many other purposes. For example, many systems handle a dynamic port of about 1024.
(3) Dynamic and/or dedicated ports: from 49 152 to 65535. Theoretically, these ports should not be assigned to services. In fact, machines usually allocate dynamic ports from 1024. But there are exceptions: SUN's RPC port starts at 32768.
Some ports are often used by hackers and Trojan viruses to attack computer systems. The following is the introduction of computer ports and the brief methods to prevent being attacked by hackers.
World Wide Web publishing service
Port description: Port 8080, like port 80, is used for WWW proxy service, which can realize web browsing. When visiting a website or using a proxy server, the port number ":8080" is often added, such as cce:8080.
Port vulnerability: Port 8080 can be used by various virus programs. For example, the BrOwn Hole (Bro) Trojan virus can completely remotely control an infected computer using port 8080. In addition, RemoConChubo and RingZero trojans can also use this port to attack.
Operation suggestion: Generally, we use port 80 for web browsing. In order to avoid virus attacks, we can close this port.
Port: 2 1
Service: FTP
Description: FTP server opens ports for uploading and downloading. The most common attacker is to find a way to open anonymous's FTP server. These servers have read-write directories. Trojan Doly Trojan, Fore, Stealth FTP, WebEx, WinCrash and blade runner open ports.
Port: 22
Service: Ssh
Description: The connection between TCP established by PcAnywhere and this port may be to find ssh. This service has many weaknesses. If configured in a specific mode, many versions that use the RSAREF library will have many loopholes.
Port: 23
Service: telephone
Description: Remote login, the intruder is searching for the service of remote login UNIX. In most cases, scanning this port is to find the operating system running on the machine. And using other technologies, intruders will also find the password. Trojan miniature telephone server opens this port.
Port: 25
Service: SMTP
Description: The port opened by SMTP server is used to send mail. Intruders are looking for SMTP servers to send their spam. The intruder's account is closed, and they need to connect to a high-bandwidth email server and send simple information to different addresses. Trojan horse antigen, e-mail password sender, Haebu Coceda, Shtrilitz Stealth, WinPC and WinSpy all open this port.
Port: 80
Service: HTTP
Description: used for web browsing. The Trojan Executor opened the port.
Port: 102
Service: Message Transfer Agent (MTA)-x.400 over TCP/IP.
Description: Message Transfer Agent.
Port: 109
Service: post office protocol-Version 3
Description: The POP3 server opens this port to receive mail, and the client accesses the mail service on the server side. POP3 services have many recognized weaknesses. There are at least 20 weaknesses about user name and password exchange buffer overflow, which means that intruders can enter the system before actually logging in. There are other buffer overflow errors after successful login.
Port: 1 10
Service: all ports of SUN's RPC service.
Description: Common RPC services include rpc.mountd, NFS, rpc.statd, rpc.c *** d, rpc.ttybd, amd, etc.
Port: 1 19
Service: Neork news transmission protocol
Description: news newsgroup transport protocol, which carries USENET communication. The connection of this port is usually when people are looking for a USENET server. Most ISPs only allow their customers to access their newsgroup servers. Opening the newsgroup server will allow anyone to post/read, access restricted newsgroup servers, post anonymously or send spam.
Port: 135
Services: Location Services
Description: Microsoft runs DCE RPC endpoint mapper on this port as its DCOM service. This is similar to the function of UNIX11port. Services using DCOM and RPC register their locations with the endpoint mapper on the computer. When remote customers connect to their computers, they will look for the location where the endpoint mapper finds the service. Will a hacker scan this port of a computer to find the Exchange Server running on this computer? What version? There are also some DOS attacks on this port.
Ports: 137, 138, 139
Service: NETBIOS name service
Note: Among them, 137 and 138 are UDP ports, which are used when transmitting files through network neighbors. And port 139: the connection coming through this port attempts to obtain NetBIOS/SMB service. This protocol is used for windows file and printer sharing and SAMBA. WINS Regisrtation also uses it.
Port: 16 1
Service: SNMP
Description: SNMP allows remote management of devices. All configuration and operation information is stored in the database and can be obtained through SNMP. Many administrators' misconfiguration will be exposed. Cackers will try to access the system using the default passwords public and private. They will try all possible combinations. SNMP packets may be misdirected to the user's network.
By default, Windows has many open ports. When you surf the Internet, network viruses and hackers can connect to your computer through these ports. In order to turn your system into an iron wall, you should close these ports, mainly TCP 135,139,445,593, 1025 and UDP 135, 137,/kloc-0. The following describes how to close these network ports under WinXP/2000/2003:
Step 1: Click Start Menu/Settings/Control Panel/Management Tools, double-click to open the local security policy, select the IP security policy on the local computer, right-click the blank position in the right pane to pop up the shortcut menu, and select Create IP security policy (as shown in the right figure), and a wizard will pop up. Click Next in the wizard to name the new security policy; Press Next again, and the Secure Communication Request screen will be displayed. Remove the check mark to the left of "Activate default mapping rule" on the screen, and then click "Finish" to create a new IP security policy.
Step 2: Right-click the IP security policy, remove the hook on the left side of the Use Add Wizard in the properties dialog box, then click Add to add a new rule, and then the new rule properties dialog box pops up, and then click Add to pop up the IP filter list window. In the list, first remove the check mark on the left of "Use the Add Wizard", and then click the "Add" button on the right to add a new filter.
Step 3, enter the Filter Properties dialog box. The first thing you see is the address. Select "any IP address" as the source address and "My IP address" as the destination address. Click the "Protocol" tab, select "TCP" in the "Select Protocol Type" drop-down list, then enter "135" in the text box under "To this port" and click the "OK" button (as shown in the left figure), thus adding a filter to block the TCP 135(RPC) port.
Click OK and return to the filter list dialog box. You can see that a policy has been added. Repeat the above steps, continue to add TCP 137, 139, 445, 593 ports and UDP 135, 139, 445 ports, and establish corresponding filters for them.
Repeat the above steps, add the shielding policies of TCP ports 1025, 2745, 3 127, 6 129 and 3389, establish the filters of the above ports, and finally click OK.
Step 4: In the "New Rule Properties" dialog box, select "New IP Filter List", then click the circle on its left to add a dot to indicate that it has been activated, and finally click the "Filter Action" tab. In the Filter Actions tab, remove the hook to the left of Using the Add Wizard, click the Add button, and then add the Block action (right): in the Security Measures tab of the New Filter Action Properties, select Block, and then click the OK button.
Step 5: Enter the "New Rule Attribute" dialog box and click "New Filter Action". A dot will be added in the circle on the left to indicate that it has been activated. Click Close to close the dialog box; Finally, return to the "New IP Security Policy Properties" dialog box, check the "New IP Filter List" on the left, and then press "OK" to close the dialog box. In the Local Security Policy window, right-click the newly added IP security policy and select Assign.
So after the restart, the above network ports in the computer are closed, and viruses and hackers can no longer connect to these ports, thus protecting your computer.
I hope it works for you ~