Computer "port" is the literal translation of English port, which can be regarded as the exit of computer communication with the outside world. Among them, the ports in the hardware field are also called interfaces, such as USB ports and serial ports. The port in the software field is an abstract software structure, including some data structures and I/O (basic input and output) buffers. According to the port number, it can be divided into three categories: (1) well-known ports: from 0 to 1023, which are closely bound to some services. Usually, the communication of these ports clearly indicates the protocol of a certain service. For example, port 80 has always been HTTP communication. (2) Registration port: from 1024 to 49 15 1. They are loosely bound to some services. In other words, many services are bound to these ports, and these ports are also used for many other purposes. For example, many systems handle a dynamic port of about 1024. (3) Dynamic and/or dedicated ports: from 49 152 to 65535. Theoretically, these ports should not be assigned to services. In fact, machines usually allocate dynamic ports from 1024. But there are exceptions: SUN's RPC port starts at 32768. Some ports are often used by hackers and Trojan viruses to attack computer systems. The following is the introduction of computer ports and the brief methods to prevent being attacked by hackers. 8080 port description: 8080 port, like 80 port, is used for WWW proxy service and can realize web browsing. When visiting a website or using a proxy server, the port number ":8080" is often added, for example: 8080. Port vulnerability: Port 8080 can be used by various virus programs. For example, the BrOwn Hole (Bro) Trojan virus can completely remotely control an infected computer using port 8080. In addition, RemoConChubo and RingZero trojans can also use this port to attack. Operation suggestion: Generally, we use port 80 for web browsing. In order to avoid virus attacks, we can close this port. Port: 2 1 Service: FTP Description: the port opened by FTP server for uploading and downloading. The most common attacker is to find a way to open anonymous's FTP server. These servers have read-write directories. Trojan Doly Trojan, Fore, Stealth FTP, WebEx, WinCrash and blade runner open ports. Port: 22 Service: Ssh Description: The connection between TCP established by PcAnywhere and this port may be to find Ssh. This service has many weaknesses. If configured in a specific mode, many versions that use the RSAREF library will have many loopholes. Port: 23 Service: Telnet Description: Remote login, the intruder is searching for the service of remote login UNIX. In most cases, scanning this port is to find the operating system running on the machine. And using other technologies, intruders will also find the password. Trojan mini Telnet server opens this port. Port: 25 Service: SMTP Description: The port opened by SMTP server for sending mail. Intruders are looking for SMTP servers to send their spam. The intruder's account is closed, and they need to connect to a high-bandwidth email server and send simple information to different addresses. Trojan horse antigen, e-mail password sender, Haebu Coceda, Shtrilitz Stealth, WinPC and WinSpy all open this port. Port: 80 Service: HTTP Description: Used for web browsing. The Trojan Executor opened the port. Port: 102 Service: Message Transfer Agent (MTA)-X.400 description on TCP/IP: Message Transfer Agent. Port: 109 Service: post office protocol -Version3 Description: The POP3 server opens this port to receive mail, and the client accesses the mail service on the server side. POP3 services have many recognized weaknesses. There are at least 20 weaknesses about user name and password exchange buffer overflow, which means that intruders can enter the system before actually logging in. There are other buffer overflow errors after successful login. Port: 1 10 service: Description of all ports of SUN's RPC service: Common RPC services include rpc.mountd, NFS, rpc.statd, rpc.csmd, rpc.ttybd, amd and other ports: 1 19 service: network news transfer protocol description: news. The connection of this port is usually when people are looking for a USENET server. Most ISPs only allow their customers to access their newsgroup servers. Opening the newsgroup server will allow anyone to post/read, access restricted newsgroup servers, post anonymously or send spam. Port: 135 Service: Location Service Description: Microsoft runs DCE RPC endpoint mapper on this port as its DCOM service. This is similar to the function of UNIX11port. Services using DCOM and RPC register their locations with the endpoint mapper on the computer. When remote customers connect to their computers, they will look for the location where the endpoint mapper finds the service. Will a hacker scan this port of a computer to find the Exchange Server running on this computer? What version? There are also some DOS attacks on this port. Ports: 137, 138, 139 Service: NETBIOS Name Service Description: Among them, 137 and 138 are UDP ports, which are used when transmitting files through network neighbors. And port 139: the connection coming through this port attempts to obtain NetBIOS/SMB service. This protocol is used for windows file and printer sharing and SAMBA. WINS Regisrtation also uses it. Port: 16 1 Service: SNMP Description: SNMP allows remote management of devices. All configuration and operation information is stored in the database and can be obtained through SNMP. Many administrators' misconfigurations will be exposed online. Cackers will try to access the system using the default passwords public and private. They will try all possible combinations. SNMP packets may be misdirected to the user's network.