You are considered a hacker. TCP: Transmission control protocol TCP is a connection-oriented, reliable and byte-stream based transport layer communication protocol, which is stipulated by RFC 793 of IETF. In the simplified OSI model of computer network, it completes the functions specified by the fourth layer transport layer, and UDP is another important transport protocol at the same layer. Someone once compared the server to a house and the port to a door leading to different rooms (services), which is a good metaphor if details are not considered. If an intruder wants to occupy the house, he will definitely break into the house (physical invasion is another word), so it is very important for the intruder to know how many doors the house has opened, what kind of doors it is and what is behind them. Intruders usually use scanners to scan the ports of the target host to determine which ports are open. From the open port, intruders can know what services the target host provides, and then guess the possible vulnerabilities. Therefore, scanning ports can help us better understand the target host. For administrators, scanning the open ports of this machine is also the first step to do a good job of security prevention. Ports in the field of classified software generally refer to the communication protocol ports for connected services and connectionless services in the network. They are abstract software structures, including some data structures and I/O (basic input and output) buffers. Friends who are new to the network are generally sensitive to their own ports. They are always afraid that their computers will have too many ports, and they are even more afraid that there will be ports for backdoor programs. But because I am not familiar with the port and have no solution, I dare not surf the Internet. In fact, it is not so difficult to protect your own port, as long as you do the following: 1) check: always check the local open port with commands or software to see if there are suspicious ports; 2) Judgment: If there is something you are not familiar with in the opened port, you should immediately check the information such as port encyclopedia or Trojan common ports (there are many on the Internet) to see the description of the role of your suspicious port, or check the process of opening this port through software to judge; 3) Close: If it is a Trojan port or there is no description of this port in the data, then this port should be closed. You can use a firewall to block this port, or you can use local connection -TCP/IP- Advanced-Options -TCP/IP filtering to enable the filtering mechanism to filter the port. Note: Be careful when judging, because some dynamically allocated ports are also easy to cause unnecessary suspicion. Such ports are usually low and continuous. Also, some cunning backdoor software, they will borrow some common ports such as 80 to communicate (penetrate the firewall), so it is impossible to prevent, so it is the key not to run unfamiliar programs easily. How to view ports A server uses a large number of ports. How to view ports? There are two ways: one is to use the commands built into the system, and the other is to use the third-party port scanning software.

1. Use "netstat /an" to check the port status.

In Windows 2000/XP, you can use "netstat /na" at the command prompt to check the port status of the system, and you can list the port numbers that the system is opening and their status.

2. Use third-party port scanning software.

There are many third-party port scanning software. Although the interfaces are quite different, their functions are similar. Take "Fport" as an example to illustrate here. Using "Fport" at the command prompt, the running result is similar to "netstat -an", but it can not only list the port number and type being used, but also list which application is using the port. Some ports are often used by hackers and some Trojan viruses to attack computer systems. The following is an introduction to computer ports and a brief method to prevent hacker attacks. 8080 port description: 8080 port, like 80 port, is used for WWW proxy service and can realize web browsing. When visiting a website or using a proxy server, the port number ":8080" is often added. Port vulnerability: Port 8080 can be used by various virus programs. For example, the BrOwn Hole (Bro) Trojan virus can completely remotely control an infected computer using port 8080. In addition, RemoConChubo and RingZero trojans can also use this port to attack. Operation suggestion: Generally, we use port 80 for web browsing. In order to avoid virus attacks, we can close this port. Port: 2 1 Service: FTP Description: the port opened by FTP server for uploading and downloading. The most common attacker is to find a way to open anonymous's FTP server. These servers have read-write directories. Trojan Doly Trojan, Fore, Stealth FTP, WebEx, WinCrash and blade runner open ports. Port: 22 Service: Ssh Description: The connection between TCP established by PcAnywhere and this port may be to find Ssh. This service has many weaknesses. If configured in a specific mode, many versions that use the RSAREF library will have many loopholes. Port: 23 Service: Telnet Description: Remote login, the intruder is searching for the service of remote login UNIX. In most cases, scanning this port is to find the operating system running on the machine. And using other technologies, intruders will also find the password. Trojan mini Telnet server opens this port. Port: 25 Service: SMTP Description: The port opened by SMTP server for sending mail. Intruders are looking for SMTP servers to send their spam. The intruder's account is closed, and they need to connect to a high-bandwidth email server and send simple information to different addresses. Trojan horse antigen, e-mail password sender, Haebu Coceda, Shtrilitz Stealth, WinPC and WinSpy all open this port. Port: 80 Service: HTTP Description: Used for web browsing. The Trojan Executor opened the port. Port: 102 Service: Message Transfer Agent (MTA)-X.400 description on TCP/IP: Message Transfer Agent. Port: 1 10 Service: post office protocol -Version3 Description: The POP3 server opens this port to receive mail, and the client accesses the mail service on the server side. POP3 services have many recognized weaknesses. There are at least 20 weaknesses about user name and password exchange buffer overflow, which means that intruders can enter the system before actually logging in. There are other buffer overflow errors after successful login. Port:11Service: Description of all ports of SUN's RPC service: Common RPC services include rpc.mountd, NFS, rpc.statd, rpc.ttybd, amd and other ports: 1 19 Service: Description of network news transfer protocol:. Opening the newsgroup server will allow anyone to post/read, access restricted newsgroup servers, post anonymously or send spam. Port: 135 Service: Location Service Description: Microsoft runs DCE RPC endpoint mapper on this port as its DCOM service. This is similar to the function of UNIX11port. Services using DCOM and RPC register their locations with the endpoint mapper on the computer. When remote customers connect to their computers, they will look for the location where the endpoint mapper finds the service. Will a hacker scan this port of a computer to find the Exchange Server running on this computer? What version? There are also some DOS attacks on this port. Ports: 137, 138, 139 Service: NETBIOS Name Service Description: Among them, 137 and 138 are UDP ports, which are used when transmitting files through network neighbors. And port 139: the connection coming through this port attempts to obtain NetBIOS/SMB service. This protocol is used for windows file and printer sharing and SAMBA. WINS Regisrtation also uses it. Port: 16 1 Service: SNMP Description: SNMP allows remote management of devices. All configuration and operation information is stored in the database and can be obtained through SNMP. Many administrators' misconfigurations will be exposed online. Cackers will try to access the system using the default passwords public and private. They will try all possible combinations. SNMP packet may be wrongly pointed to the user's network port: 177 Service: X Display Manager Control Protocol Description: Many intruders access the X-windows console through it, and it needs to open 6000 ports at the same time. Port: 389 Service: LDAP, ILS Description: Lightweight Directory Access Protocol and NetMeeting Internet Locator server * * * use this port. Restrict ports to prevent illegal intrusion [sharing] Generally speaking, we use some powerful anti-hacking software and firewalls to ensure the security of our system. This paper plans to use a simple method-to help you prevent illegal intrusion by limiting ports. Simply put, there are four ways of illegal intrusion: 1, scanning ports, and breaking into the host through known system bugs. 2. Planting Trojans, using the back door opened by Trojans to enter the host. 3. Force the host to provide a back door to enter the host through data overflow. 4. Use some software design vulnerabilities to directly or indirectly control the host. The methods of illegal intrusion are mainly the first two, especially using some popular hacking tools. The first way is the most common and common way to attack the host. For the latter two methods, only some highly skilled hackers can use them, and the coverage is not extensive. And as long as these two problems appear, software service providers will soon provide patches and repair the system in time. For individual users, you can limit all ports, because you don't have to let your machine provide any services to the outside world at all; For servers providing network services to the outside world, we need to open necessary ports (such as WWW port 80, FTP port 2 1, mail service port 25, 1 10, etc.). ), all other ports are closed. Here, for users who use Windows 2000 or Windows XP, there is no need to install any other software, and the port of the server can be restricted by using the "TCP/IP filtering" function. The specific settings are as follows: 1. Right-click My Network Places, select Properties, and then double-click Local Area Connection (if you are a dial-up Internet user, select My Connection icon) to pop up the Local Area Connection Status dialog box. 2. Click the [Properties] button to open the Local Connection Properties, select "Internet Protocol (TCP/IP)" in "This connection uses the following items", and then click the [Properties] button. 3. In the pop-up "Internet Protocol (TCP/IP)" dialog box, click the [Advanced] button. In the pop-up advanced TCP/IP settings, select the Options tab, select TCP/IP filtering, and then click the [Properties] button. 4. Select the Enable TCP/IP Filtering checkbox in the TCP/IP Filtering dialog box that pops up, and then select "Allow Only" on the TCP port on the left. In this way, you can add or delete your own TCP or UDP or IP ports. Your server will be protected after adding or removing the machine and restarting it. Finally, remind individual users that if they just browse the Internet, they don't need to add any ports. But if you want to use some network communication tools, such as OICQ, you should open the port "4000". Similarly, if you find that a common network tool doesn't work, please find the port it opens in your host, and then open this port in TCP /IP.