Port concept
In network technology, ports have two meanings: one is physical ports, such as interfaces used by ADSL modems, hubs, switches and routers to connect other network devices, such as RJ-45 ports and SC ports. The second is logical port, which generally refers to the port in TCP/IP protocol. Port numbers range from 0 to 65535, such as port 80 for browsing web services, port 2 1 for FTP services and so on. What I want to introduce here is the logical port.
Port classification
There are many classification standards for ports in the logical sense. The following will introduce two common classifications:
1. divided by port number distribution
(1) well-known ports
Well-known ports are well-known port numbers from 0 to 1023, which are generally assigned to some services. For example, port 2 1 is assigned to FTP service, port 25 is assigned to SMTP (Simple Mail Transfer Protocol) service, port 80 is assigned to HTTP service, port 135 is assigned to RPC (Remote Procedure Call) service and so on.
(2) Dynamic port.
Dynamic ports range from 1024 to 65535, and these port numbers are generally not fixed to a service, which means that many services can use these ports. As long as a running program requests the system to access the network, the system can assign one of these port numbers to the program. For example, port 1024 is assigned to the first program that sends an application to the system. After closing the program process, the occupied port number will be released.
However, dynamic ports are often used by virus Trojans. For example, the default connection port of Glacier is 7626, WAY 2.4 is 80 1 1, Netspy 3.0 is 7306, and YAI virus is 1024.
2. According to the protocol type.
According to the protocol type, it can be divided into TCP, UDP, IP and ICMP (Internet Control Message Protocol) ports. The following mainly introduces TCP and UDP ports:
(1)TCP port
TCP port, transmission control protocol port, needs to establish a connection between the client and the server, which can provide reliable data transmission. Common ports are 2 1 port of FTP service, 23 port of Telnet service, 25 port of SMTP service and 80 port of HTTP service.
(2)UDP port
UDP port, that is, user datagram protocol port, does not need to establish a connection between the client and the server, so the security cannot be guaranteed. Common ones are port 53 for DNS service, port 16 1 for SNMP service, ports 8000 and 4000 used by QQ and so on.
viewport
To view the ports in Windows 2000/XP/Server 2003, you can use the Netstat command:
Click "Start → Run" in turn, enter "cmd" and press enter to open the command prompt window. Type "Netstat -a -n" at the command prompt, and then press Enter to digitally view the port number and status of TCP and UDP connections.
Command format: Netstat? -a-a -n -o -s?
-a shows all active TCP connections and TCP and UDP ports that the computer listens to.
-e indicates the number of bytes and packets sent and received by Ethernet.
-n indicates that only the addresses and port numbers of all active TCP connections are displayed in digital form.
-o displays the active TCP connections, including the process ID(PID) of each connection.
-s indicates that statistics of various connections, including port numbers, are displayed by protocol.
Close/open port
Before introducing the functions of various ports, let's introduce how to close/open ports in Windows, because by default, many unsafe or useless ports are open, such as port 23 for Telnet service, port 2 1 for FTP service, port 25 for SMTP service, port 135 for RPC service and so on. In order to ensure the security of the system, we can close/open the port by the following methods.
Close the port
For example, to close port 25 of SMTP service in Windows 2000/XP, you can do this: first open the control panel, double-click the administrative tools, and then double-click the service. Then find and double-click the Simple Mail Transfer Protocol (SMTP) service in the opened service window, click the Stop button to stop the service, then select Disable in the Startup Type, and finally click the OK button. In this way, closing the SMTP service is equivalent to closing the corresponding port.
port
If you want to open the port, just select Automatic in the startup type, click OK, then open the service, click Start Enable Port in the service status, and finally click OK.
Tip: There is no "service" option in Windows 98. You can use the rule setting function of the firewall to close/open the port.
Common network ports
2 1 port
Port Description: Port 2 1 is mainly used for FTP (File Transfer Protocol) service, and is mainly used for uploading and downloading files between two computers. One computer serves as an FTP client and the other computer serves as an FTP server. You can log in to the FTP server by using anonymous login and authorized user name password login. At present, FTP service is the main way to upload and download files on the Internet. In addition, there is a 20 port, which is the default port number for FTP data transmission.
In Windows, you can provide FTP connection and management through Internet Information Services (IIS), or you can install FTP server software separately to realize FTP functions, such as the common FTP serv-U.
Operation suggestion: Because some FTP servers can log in anonymously, they are often used by hackers. In addition, port 2 1 will be used by some trojans, such as blade runner, FTP Trojan, Dolly Trojan, WebEx and so on. If no FTP server is set, it is recommended to close port 2 1.
Port 23
Port Description: Port 23 is mainly used for Telnet (Remote Login) service, which is a login and simulation program widely used on the Internet. You also need to set up clients and servers so that clients with Telnet services can log on to the remote Telnet server and log on with an authorized user name and password. After logging in, users are allowed to use the command prompt window for corresponding operations. In Windows, you can use Telnet to log in remotely by typing the "Telnet" command in the command prompt window.
Operation suggestion: With the help of Telnet service, hackers can search the service of remote login to Unix and scan the type of operating system. Moreover, in Windows 2000, there are many serious loopholes in the Telnet service, such as privilege elevation and denial of service, which can crash the remote server. Port 23 of Telnet service is also the default port of TTS (Mini Telnet Server) Trojan. Therefore, it is recommended to close port 23.