Network Port Security Protection Skills Remote Desktop Port Settings 2009-03-24 2 1:02 As we all know, communication between computers is carried out through ports. For example, if you visit a website, Windows will open a port (such as 1025 port) on this computer, and then connect to the port of a remote website server, so will others when they visit you. By default, Windows will open many service ports on your computer, and hackers often use these ports to invade. Therefore, mastering the knowledge of ports is a necessary skill for safe internet access. 1. Common ports and their classified computers need to use TCP/IP protocol to communicate with each other on the Internet. According to the TCP/IP protocol, the computer has 256×256(65536) ports, which can be divided into TCP ports and UDP ports. According to the port number, it can be divided into the following two categories: 1. System reserved port (from 0 to 1023). You are not allowed to use these ports. They all have exact definitions and correspond to some common services on the Internet. Each open port of this type represents a system service. For example, port 80 represents a Web service. 2 1 corresponds to FTP, 25 corresponds to SMTP, 1 10 corresponds to POP3, etc. 2. Dynamic port (from 1024 to 65535) When you need to communicate with others, Windows will assign a dynamic port on this machine from 1024. If the 1024 port is not closed, it will allocate the 1025 port to you when you need another port, and so on. However, individual system services will be bound to ports 1024 to 49 15 1, such as port 3389 (Remote Terminal Service). From 49 152 to 65535, there is usually no bundled system service, allowing Windows to dynamically assign it to you. Second, how to check which ports are open on this computer? By default, Windows will open many "service ports". If you want to check which ports are open on this computer and which computers are connected to this computer, you can use the following two methods. 1. Using the netstat command Windows provides the netstat command, which can display the current TCP/IP network connection. Note: The netstat command can only be used if the TCP/IP protocol is installed. Operation method: Click "Start → Programs → Accessories → Command Prompt", enter the DOS window, and enter the command netstat-na, which will display the connection status and open port of this machine. The LocalAddress indicates the local IP address and the opened port number, the ForeignAddress indicates the IP address and port number of the remote computer, the State indicates the current TCP connection status, and the LISTENING state indicates that the local computer is opening the 135 port monitor and waiting for the connection of the remote computer. If you enter the netstat-nab command in the DOS window, it will also show which programs created each connection. This machine was created by svchost.exe program in the port monitor of 135. It called five components (WS2_32.dll, RPCRT4.dll, rpcss.dll, svchost.exe and ADVAPI32.dll) to complete the creation. If you find that this machine has opened a suspicious port, you can use this command to see which components it has called, and then check the creation time and modification time of each component. If you find anything unusual, you may have been hit by a Trojan horse. 2. Using port monitoring software is similar to netstat command. Port monitoring software can also check which ports are open on this machine. There are many such softwares, such as Tcpview, PortReporter, green eagle PC general wizard, network port viewer and so on. It is suggested that you start Tcpview when surfing the Internet, and closely monitor the port connection of this machine to prevent illegal connection and ensure your network security. Third, close the ports not used by this machine. By default, many ports in Windows are open. Once you get online, hackers can connect to your computer through these ports, so you should close these ports. Mainly including: TCP 139, 445, 593, 1025 ports and UDP 123, 137, 138, 445, 1900 ports, and In the NetBIOS Vertcpip properties window that opens, click Do not use this device (disabled) under the General tab, click OK and restart. ② Close UDP port UDP 123: Click Start → Settings → Control Panel, and then double-click Administrative Tools → Services to stop the WindowsTime service. Closing UDP 123 port can prevent some worms. ③ Close UDP port UDP 1900: Double-click "Administrative Tools → Services" in the control panel to stop the SSDPDiscoveryService service. Closing this port can prevent DDoS attacks. ④ Other ports: you can close them with network firewall, or double-click Administrative Tools → Local Security Policy in the control panel, select IP security policy on the local computer, and create an IP security policy to close them. Fourth, redirect the default port of this machine to protect system security. If the default port of this machine cannot be closed, you should "redirect" it. Redirect the port to another address, thus hiding the identified default port, reducing the probability of being destroyed and protecting the system security. For example, if the TerminalServer port is open on your computer (default is 3389), you can redirect it to another port through 1 (for example, 1234). Modify and locate the following two registry keys on this computer (server side) and set the port number. Just change them all into custom ports (for example, 1234): [HKEY _ local _ machine \ system \ current control set \ control \ terminal server \ WDS \ rdpwd \ TDS \ TCP] [HKEY _ local _ machine \ system \ current control set \ control \ Rdp-TCP] 2. Click Start → Programs → Attachments → Communication → Remote Desktop Connection to open the Remote Desktop Connection window, click Options to expand the window, fill in the relevant parameters, and then click Save As under normal conditions. Open the file with notepad and add a line at the end of the file: serverport:i: 1234 (fill in your server-defined port here). Double-click this later. The rdp file is directly connected to this custom port of the server.