In network technology, ports have two meanings: one is physical ports, such as interfaces used by ADSL modems, hubs, switches and routers to connect other network devices, such as RJ-45 ports and SC ports. The second is logical port, which generally refers to the port in TCP/ IP protocol. Port numbers range from 0 to 65535, such as port 80 for browsing web services, port 2 1 for FTP services and so on. What I want to introduce here is the logical port. To view the port in Windows 2000/XP/Server 2003, you can use the Netstat command: click Start → Run, type "cmd" and press enter to open the command prompt window. Type "netstat -a -n" at the command prompt, and then press Enter to view the end slogan displayed in digital form and the status of TCP-UDP connection. Close/Open Ports Before introducing the functions of various ports, first introduce how to close/open ports in Windows, because by default, many unsafe or useless ports are open, such as port 23 for Telnet service, port 2 1 for FTP service, port 25 for SMTP service and port 135 for RPC service. In order to ensure the security of the system, we can close/open the port by the following methods. To close a port, such as port 25 of SMTP service in Windows 2000/XP, you can do this: first open Control Panel, double-click Administrative Tools, and then double-click the service. Then find and double-click the Simple Mail Transfer Protocol (SMTP) service in the opened service window, click the Stop button to stop the service, then select Disable in the Startup Type, and finally click the OK button. In this way, closing the SMTP service is equivalent to closing the corresponding port. Open a port If you want to open a port, just select Automatic in the startup type, click OK, then open the service, click Start Enable Port in the service status, and finally click OK. Tip: There is no "service" option in Windows 98. You can use the rule setting function of the firewall to close/open the port. In the logical sense of port classification, there are many classification standards for ports. Two common classifications will be introduced below: 1. Well-known ports are divided (1) according to the port number distribution, that is, well-known port numbers range from 0 to 1023, which are generally fixed in some services. For example, port 2 1 is assigned to FTP service, port 25 is assigned to SMTP (Simple Mail Transfer Protocol) service, port 80 is assigned to HTTP service, port 135 is assigned to RPC (Remote Procedure Call) service and so on. (2) Dynamic Ports Dynamic ports range from 1024 to 65535, and these port numbers are generally not assigned to a service, which means that many services can use these ports. As long as a running program requests the system to access the network, the system can assign one of these port numbers to the program. For example, port 1024 is assigned to the first program that sends an application to the system. After closing the program process, the occupied port number will be released. However, dynamic ports are often used by virus Trojans. For example, the default connection port of Glacier is 7626, WAY 2.4 is 80 1 1, Netspy 3.0 is 7306, and YAI virus is 1024. 2. According to the protocol type, it can be divided into TCP, UDP, IP and ICMP (Internet Control Message Protocol) ports. The following mainly introduces TCP and UDP ports: (1)TCP port TCP port, that is, the transmission control protocol port, needs to establish a connection between the client and the server, which can provide reliable data transmission. Common ports are 2 1 port of FTP service, 23 port of Telnet service, 25 port of SMTP service and 80 port of HTTP service. (2)UDP port UDP port, that is, the user datagram protocol port, does not need to establish a connection between the client and the server, so the security cannot be guaranteed. Common ones are port 53 for DNS service, port 16 1 for SNMP service, ports 8000 and 4000 used by QQ and so on. Basic knowledge of common network ports! Port-to-port: 0 Service: Reserved Description: Usually used to analyze the operating system. This method is effective because "0" is an invalid port in some systems, and when you try to connect it to a port that is usually closed, it will produce different results. A typical scan uses the IP address 0.0.0.0, sets the ACK bit and broadcasts it in the Ethernet layer. Port: 1 Service: tcpmux Description: This indicates that someone is looking for SGI Irix machine. Irix is the main provider of tcpmux, which is turned on by default in this system. Irix machine contains several default password-free accounts when it is released, such as: IP, guest UUCP, NUUCP, DEMOS, TUTOR, DIAG, OUTOFBOX, etc. Many administrators forget to delete these accounts after installation. So hackers searched for tcpmux online and used these accounts. Port: 7 Service: Echo Description: When searching for Fraggle power amplifier, you can see the information sent by many people to X.X. X.0 and X.X.X.255 Port: 19 Service: Character generator Description: This is a service that only sends characters. The UDP version will respond to packets containing junk characters after receiving UDP packets. When TCP connects, it sends a data stream containing junk characters until the connection is closed. Hackers can use IP spoofing to launch DoS attacks. Forge UDP packets between two chargen servers. Similarly, a fragledos attack will broadcast a packet with a forged victim IP to this port of the target address, and the victim will be overloaded in response to these data. Port: 2 1 Service: FTP Description: the port opened by FTP server for uploading and downloading. The most common attacker is to find a way to open anonymous's FTP server. These servers have read-write directories. Trojan Doly Trojan, Fore, Stealth FTP, WebEx, WinCrash and blade runner open ports. Port: 22 Service: Ssh Description: The connection between TCP established by PcAnywhere and this port may be to find Ssh. This service has many weaknesses. If configured in a specific mode, many versions that use the RSAREF library will have many loopholes. Port: 23 Service: Telnet Description: Remote login, the intruder is searching for the service of remote login UNIX. In most cases, scanning this port is to find the operating system running on the machine. And using other technologies, intruders will also find the password. Trojan mini Telnet server opens this port. Port: 25 Service: SMTP Description: The port opened by SMTP server for sending mail. Intruders are looking for SMTP servers to send their spam. The intruder's account is closed, and they need to connect to a high-bandwidth email server and send simple information to different addresses. Trojan horse antigen, e-mail password sender, Haebu Coceda, Shtrilitz Stealth, WinPC and WinSpy all open this port. Port: 3 1 service: MSG authentication description: Trojan Master Paradise and Hacker Paradise open this port.