Port vulnerability: Some Trojans can use port 80 to attack computers, such as Executor and RingZero.
Operation suggestion: In order to surf the Internet normally, port 80 must be opened.
Through the above introduction, we learned about port 69 of TFTP service, port 79 of finger service and port 80 of WWW service on the Internet. The unfamiliar port 99, port 109, port1for POP3 service and port1for RPC service will be introduced respectively.
Port 99
Port Description: Port 99 is used for a service called Metagrammar Relay, which is rare and generally not used.
Port vulnerability: Although Metasyntax Relay service is not commonly used, Trojan programs (such as hidden port and NCx99) will use this port. For example, in Windows 2000, NCx99 can bind the cmd.exe program to port 99, so that you can connect to the server by Telnet, add users and change permissions at will.
Operation suggestion: It is recommended to close this port.
109, 1 10 port
Port description: port 109 is open for post office protocol 2 (post office protocol version 2) service, and port 1 10 is open for POP3 (mail protocol 3) service. POP2 and POP3 are mainly used to receive mail. At present, POP3 is widely used, and many servers support both POP2 and POP3. The client can access the mail service of the server using POP3 protocol, which is now used by most mail servers of ISP. When using the e-mail client program, you will be asked to enter the POP3 server address. By default, the port 1 10 is used (as shown).
Port vulnerabilities: POP2 and POP3 have many vulnerabilities while providing mail receiving services. There are no fewer than 20 vulnerabilities in the user name and password exchange buffer of POP3 service alone, such as the vulnerability of legal user name information disclosure of WebEasyMail POP3 server, through which remote attackers can verify the existence of user accounts. In addition, the 1 10 port is also used by Trojans such as ProMail, and the user name and password of the POP account can be stolen through the 1 10 port.
Operation suggestion: If it is an execution mail server, you can open this port.
1 1 1 port
Port Description: Port11is an open port of SUN's RPC (Remote Procedure Call) service, which is mainly used for internal process communication between different computers in a distributed system. RPC is a very important component in various network services. Common RPC services include rpc.mountd, NFS, rpc.statd, rpc.csmd, rpc.ttybd, amd and so on. In Microsoft Windows, there are also RPC services.
Port vulnerability: SUN RPC has a big vulnerability, that is, the xdr_array function has a remote buffer overflow vulnerability when there are multiple RPC services.
Above, we introduced the unknown 99 port vulnerable to Trojan attacks, the common 109, 1 10 ports of POP service, and the1/port of Sun's RPC service. The following will introduce the 1 13 port closely related to many network services, the 1 19 port used for news newsgroup transmission, and the 135 port attacked by "shock wave".
1 13 port
Port Description: Port 1 13 is mainly used for "authentication service" of Windows. Generally, computers connected to the network run this service, which is mainly used to authenticate users connected to TCP, and information about connecting computers can be obtained through this service. In Windows 2000/2003 Server, there is also a special IAS component, which can facilitate authentication and policy management in remote access.
Port vulnerability: Although 1 13 port can facilitate authentication, it is often used as a recorder for FTP, POP, SMTP, IMAP and IRC, and will be used by corresponding Trojans, such as those controlled by IRC chat rooms. In addition, 1 13 port is also the default open port of Trojan horses such as invisible Identd Deamon and Kazimas.
Operation suggestion: It is recommended to close this port.
1 19 port
Port description: 1 19 port is open for "network news transfer protocol" (NNTP for short), which is mainly used for the transmission of newsgroups, and will be used when searching the USENET server.
Port vulnerability: The well-known Happy99 worm virus opens the port 1 19 by default. If infected, it will continue to send emails to spread, causing network congestion.
Operation suggestion: If you use USENET newsgroup frequently, you should pay attention to closing the port irregularly.
Port 135
Port Description: Port 135 is mainly used to provide DCOM (Distributed Component Object Model) services by using RPC (Remote Procedure Call) protocol. Through RPC, a program running on a computer can successfully execute code on a remote computer. Using DCOM, we can communicate directly through the network and transmit across various networks including HTTP protocol.
Port vulnerability: I believe that many Windows 2000 and Windows XP users were infected with the "Shockwave" virus last year, which used RPC vulnerabilities to attack computers. There are loopholes in RPC itself when dealing with message exchange through TCP/IP, which is caused by improper handling of messages with incorrect format. This vulnerability will affect the interface between RPC and DCOM, which listens on port 135.
Operation suggestion: In order to avoid the attack of "shock wave" virus, it is recommended to close this port.
Through the above introduction, you must know the port of authentication service 1 13, the port of network news group 1 19, and the port used by "shock wave" virus 135. Next, the author will introduce 137 port of NetBIOS name service, 139 port of Windows file and printer, and 143 port of IMAP protocol.
Port 137
Port description: Port 137 is mainly used for "NetBIOS name service" and belongs to UDP port. Users only need to send a request to the port 137 of a computer on the local area network or the Internet to get the computer name, registered user name, whether the main domain controller is installed, and whether IIS is running.
Port vulnerability: Because it is a UDP port, it is easy for an attacker to obtain the information of the target computer by sending a request, and some information can be directly used to analyze vulnerabilities, such as IIS services. In addition, by capturing the data packets being communicated through port 137, the startup and shutdown times of the target computer can be obtained, so that special tools can be used to attack.
Operation suggestion: It is recommended to close this port.
Port 139
Port Description: Port 139 is provided for "NetBIOS session service", which is mainly used to provide access to Windows files and printers and Samba services in Unix. In Windows, you must use this service to enjoy files on the LAN. For example, in Windows 98, you can open the Control Panel, double-click the Network icon, click the File and Print * * * button in the Configuration tab and select the corresponding settings to install and enable the service; In Windows 2000/XP, you can open the "Control Panel" and double-click the "Network Connection" icon to open the local connection properties; Next, select Internet Protocol (TCP/IP) in the general tab of the property window, and click the property button; Then in the window that opens, click the Advanced button; Select the WINS tab in the advanced TCP/IP settings window and enable NetBIOS over TCP/IP in the NetBIOS settings area.
Port vulnerability: Although the open port 139 can provide * * * access service, it is often used by attackers to attack. For example, using port scanning tools such as Streamer and SuperScan, you can scan the port 139 of the target computer. If you find a loophole, you can try to get a user name and password, which is very dangerous.
Operation suggestion: If you don't need to provide files and printers, it is recommended to close this port.
Above, we introduced the port 137 that can get the name information of remote computers and the port 139 that can provide files and printers for Windows. The following will introduce the port 143 of the mail receiving service (IMAP), the port16 of the SNMP service and the port 443 of the HTTPS service.
Port 143
Port Description: Port 143 is mainly used for Internet Message Access Protocol V2 (Internet Message Access Protocol for short), which, like POP3, is a protocol for receiving e-mail. Through IMAP protocol, we can know the contents of the mail without receiving it, which is convenient for managing the mail in the server. However, it is more responsible than the POP3 protocol. Today, most mainstream email client software supports this protocol.
Port vulnerability: Like the 1 10 port of POP3 protocol, the 143 port used by IMAP also has a buffer overflow vulnerability, through which the user name and password can be obtained. In addition, a Linux worm named "admv0rm" will use this port to spread.
Operation suggestion: If it is not an IMAP server operation, the port should be closed.
16 1 port
Port Description: Port 16 1 is used for Simple Network Management Protocol (SNMP), which is mainly used to manage network protocols in TCP/IP networks. In Windows, SNMP service can provide status information of hosts and various network devices on TCP/IP network. At present, almost all network equipment manufacturers support SNMP.
To install SNMP service in Windows 2000/XP, we can first open the Windows Component Wizard, select management and monitoring tools in the component, click Details to view Simple Network Management Protocol (SNMP), and then select this component. Then, click Next to install.
Port vulnerability: Because the status information of various devices in the network can be obtained through SNMP, it can also be used to control network devices, so hackers can completely control the network through SNMP vulnerability.
Operation suggestion: It is recommended to close this port.
Port 443
Port Description: Port 443, a web browsing port, is mainly used for HTTPS service, which is another HTTP that provides encryption and transmission through a secure port. In some websites with high security requirements, such as banks, securities, shopping, etc. , using HTTPS service, so that the information exchanged on these websites can not be seen by others, ensuring the security of transactions. The address of the web page can be used to transfer the streaming media file to RealPlayer for playing, which can effectively maximize the use.