Therefore, if we can limit the first two illegal intrusion methods, we can effectively prevent illegal intrusion by using hacker tools. And the first two illegal intrusion methods have one thing in common, that is, they enter the host through the port.
Ports are like several doors of a house (servers), and different doors lead to different rooms (servers (servers) provide different services). Our common FTP default port is 2 1, while the default port of WWW page is 80. However, some sloppy network administrators often open some port services that are easy to be invaded, such as139; There are also some Trojan horse programs, such as Glacier, Bo, Guangwai and so on. It will automatically open a port you don't know. Then, as long as we block all the unused ports, won't we put an end to these two illegal intrusions?
Examples of closed ports here are: 135, 137, 138, 139, 445, 1025, 2475, 3 127 and 6/kloc.
The specific operation is as follows:
By default, Windows has many open ports. When you surf the Internet, network viruses and hackers can connect to your computer (computer) through these ports. In order to turn your system into an iron wall, you should close these ports, mainly TCP 135,139,445,593, 1025 and UDP 135, 137,/kloc-0. The following describes how to close these network ports under WinXP/2000/2003.
Step 1: Click Start Menu/Settings/Control Panel/Management Tools, double-click to open the local security policy, select the IP security policy on the local computer (computer), right-click the blank position in the right pane to pop up the shortcut menu, and select Create IP security policy to pop up a wizard. Click Next in the wizard to name the new security policy; Press Next again, and the Secure Communication Request screen will be displayed. Remove the check mark to the left of "Activate default mapping rule" on the screen, and then click "Finish" to create a new IP security policy.
Step 2, click OK and return to the filter list dialog box. You can see that a policy has been added. Repeat the above steps, continue to add TCP 137, 139, 445, 593 ports and UDP 135, 139, 445 ports, and establish corresponding filters for them.
Step 3: Repeat the above steps, add the shielding policies of TCP ports 1025, 2745, 3 127, 6 129 and 3389, establish the filters of the above ports, and finally click OK.
Step 4: In the "New Rule Properties" dialog box, select "New IP Filter List", then click the circle on its left to add a dot to indicate that it has been activated, and finally click the "Filter Action" tab. In the Filter Actions tab, remove the hook on the left side of Using the Add Wizard, click the Add button, and then add the Block action: in the Security Measures tab of the New Filter Action Properties, select Block, and then click the OK button.
Step 5: Enter the "New Rule Attribute" dialog box, click "New Filter Action", and a dot will be added in the left circle, indicating that it has been activated. Click Close to close the dialog box; Finally, return to the "New IP Security Policy Properties" dialog box, check the "New IP Filter List" on the left, and then press "OK" to close the dialog box. In the Local Security Policy window, right-click the newly added IP security policy and select Assign.
At this time, you can start the computer. After restarting, the above network ports in the computer will be closed. At this time, viruses and hackers should have been unable to connect to these ports, thus protecting your computer.
The following is how to close the default C$, D$, Admin$ and IPC$ in WINDOWS.
As we all know, WINDOWS 2000 and WINDOWS XP have the default * * * enjoyment, and viruses and hackers can also enter your computer (computer) in this way, thus destroying your files and even remotely controlling your computer (computer). At this time, you have to delete these default * * * enjoyment (in fact, these default * * * enjoyment is only harmful to you personally.
Step 2: Right-click the IP security policy, remove the hook on the left side of the Use Add Wizard in the properties dialog box, then click Add to add a new rule, and then the new rule properties dialog box pops up, and then click Add to pop up the IP filter list window. In the list, first remove the check mark on the left of "Use the Add Wizard", and then click the "Add" button on the right to add a new filter.
Step 3, enter the Filter Properties dialog box. The first thing you see is the address. Select "any IP address" as the source address and "My IP address" as the destination address. Click the "Protocol" tab, select "TCP" in the "Select Protocol Type" drop-down list, then enter "135" in the text box under "To this port" and click the "OK" button, thus adding a filter to block the TCP 135(RPC) port, which can prevent the outside world from passing through 6544.
Let's start with the operating system of WINDOWS XP. XP is not as easy to deal with as 2000. Before I found a way, I met "Love Seal" on QQ. I asked, but I didn't expect him to think of a way at that time. After about 15 minutes, I found that net share *$ /del was used online, and Aifeng also told me to use this command.
If you are only a computer that is rarely used occasionally, you can select "Run" in the start menu and then enter "Network Share * $/del" (* stands for the name of * * * you want to delete). But you will have this default * * * enjoyment after the next boot. How can I completely turn off these default * * * enjoyment after booting? Come with me. Let's go.
Now let's talk about how to automatically turn off all the default * * * enjoyment after WINDOWS starts. WINDOWS 2000 and WINDOWS XP are similar here. Select "Run" in the start menu, fill in "regedit" to open the branch of registry [HKEY _ local _ machine \ software \ Microsoft \ Windows \ current version \ Run], and create a new "string value" under it. The name can be arbitrary, such as "delshareC$". Right-click, click Modify in the pop-up shortcut menu, enter "net share C$ /del" (without quotation marks) in the numerical data column of the edit string window that appears next, and click OK. Similarly, add "string values" such as "delshareD$" and "numerical data" as "net share D$ /del" and so on. , there are several partitions, including "net share Admin$ /del" and so on. Note: There is a case difference here. After saving the registry and restarting the computer (computer), these special resources can be automatically shut down at startup.
However, have you noticed that the command "net share IPC$ /del" has no effect on "IPC$" at all, and still maintains the default enjoyment of * * *. In fact, this is enough, and there is no need to close IPC$.
Here, I would also like to thank my training teacher "Mozart", who instructed me how to permanently shut down IPC$ and the default * * * dependent service: lanmanserver, that is, server service. I also need to go to Administrative Tools in the control panel, find Services in Server Services, enter Properties, and click General. However, this will have some negative effects. Once the default * * * of IPC$ is turned off, many server services cannot be used, and other computers (computers) in the local area network may be inaccessible. Please be careful!