Restrict firewall ports to prevent illegal intrusion

In general, we adopt some powerful anti-Black software and firewall to ensure the security of our system. This article proposes a simple method to help you prevent illegal intrusion by limiting ports.

Illegal intrusion

In short, illegal intrusion can be roughly divided into four types:

1. Scan the port to attack the host through known System bugs.

2. Planting Trojans and using backdoors opened by Trojans to access the host.

3. Use Data overflow to force the host to provide a backdoor to access the host.

4. Use software design vulnerabilities to directly or indirectly control hosts.

The main illegal intrusion methods are the first two. In particular, some popular hacker tools are used to attack the host in the first mode, which is the most common and common; in the latter two ways, only hackers with superb means can exploit the vulnerability, and the software service provider will soon provide patches as long as these two problems arise, repair the system in time.

Therefore, if you can restrict the first two illegal intrusion methods, it can effectively prevent illegal intrusion by using hacker tools. In addition, the first two illegal intrusion methods share one thing: Entering the host through a port.

A port is like a house (server) with several doors. Different doors lead to different rooms (servers provide different services ). The default FTP port we commonly use is 21, while the default WWW webpage port is 80. However, some careless network administrators often open port services that are vulnerable to intrusion, such as port 139, and some Trojans, for example, glaciers, BO, and Guang Wai all automatically open a port that you do not notice. So, as long as we block all ports we cannot use, will these two illegal intrusions be eliminated?

Port restriction Method

For individual users, You can restrict all ports because you do not have to allow your machine to provide any external services. For servers that provide external network services, open necessary ports (such as WWW port 80, FTP port 21, email service port 25, and 110), and close all other ports.

Here, users who use Windows 2000 or Windows XP do not need to install any other software. You can use the "TCP/IP filter" function to restrict the server ports. The specific settings are as follows:

1. Right-click "Network neighbors", select "properties", and double-click "Local Connection". (If you are a dial-up Internet user, select the "my connections" icon ), the "local connection status" dialog box is displayed.

2. Click the [properties] button to bring up "Local Connection Properties". Select "Internet Protocol (TCP/IP)" from "Use the following items for this connection )", click [properties.

3. In the pop-up "Internet Protocol (TCP/IP)" dialog box, click the [advanced] button. In the "Advanced TCP/IP Settings" dialog box that appears, select the "options" tab, select "TCP/IP filtering", and click the [properties] button.

4. In the displayed "TCP/IP filtering" dialog box, select the check box "enable TCP/IP filtering, select "only allow" on the "TCP port" on the left (see the figure below ).

In this way, you can add or delete your TCP or UDP or IP Ports by yourself.

After the machine is added or deleted, your server will be protected after the machine is restarted.

Finally, remind individual users not to add any ports if you only browse the Internet. However, some network contact tools, such as OICQ, should be used to open the port "4000". Similarly, if a common network tool cannot work, find out the port opened on your host, and add a port in "TCP/IP filtering ".