16th Day: Port explanation

This topic simply understands the content of the port;

Brief introduction:

"Port" is the translation of the English port, it can be considered as the export of communication between the equipment and the outside world.

The ports can be divided into virtual ports and physical ports, where the virtual (protocol) port refers to the inside of the computer or the port within the switch router and is not visible.

For example, 80 ports, 21 ports, 23 ports, and so on in the computer.

The physical port, also known as the interface, is the visible port, the RJ45 network port of the computer backplane, the switch router hub, and so on RJ45 ports. Phones using RJ11 sockets also belong to the category of physical ports.

Port classification:

Hardware port: The CPU transmits data via interface registers or specific circuitry to peripherals, these registers or specific

The circuit is called a port. Where the hardware domain port is also called interface, such as: Parallel port, serial

Ports, and so on.

Network port: There are several meanings of port in network technology. Hubs, switches, routers

Port refers to an interface that connects other network devices, such as the RJ-45 port, the serial port, and so on.

The port we refer to is not a physical sense, but a port in the TCP/IP protocol, which is the logical

The port on the album.

Software port: Just as a buffer;

Protocol Port: The port of the TCP or UDP protocol that we commonly use, the port of an IP address can have

65536 (i.e.: 2^16)

Protocol Port:

A port is a number of registers in an interface circuit that are used to hold data information, control information, and status information, respectively, and the corresponding ports are called data ports, control ports, and status ports.

Computer System program is like a rope, cut off, the kind of fracture is the system of the port, can be defined by each fracture of the use;

Protocol Port Classification:

Tcp:transmission Control Protocol Protocol TCP is a byte-stream-based transport layer

(Transport layer) communication protocol, in the simplified computer network OSI model, it completes the fourth

The functionality specified by the Layer transport layer.

UDP: A connectionless transport-layer protocol in the OSI Reference model that provides simple, transaction-oriented information that is unreliable

Transfer service. The UDP protocol is basically the interface between IP protocol and upper layer protocol.

Type of protocol port:

Weekly Port: The range is from 0 to 1023, where 80 ports are assigned to the WWW service, and 21 ports are assigned to the FTP service. Because

For the default 80 to WWW, so in the IE address bar without the input port number;

Dynamic port: The range is from 49152 to 65535. is called a dynamic port because it is generally not a fixed point

With a service, instead of a dynamic allocation.

Register PORT: The range is from 1024 to 49151, assigned to a user process or application. These processes are mainly used

The user chooses some of the installed applications, rather than the commonly used programs that have been assigned well-known ports.

Illegal intrusion:

In short, there are roughly 4 ways of trespassing:

1, scan the port, through a known system bug into the host.

2, planting Trojan Horse, using the backdoor to open the door to enter the host.

3, the use of data overflow means, forcing the host to provide backdoor access to the host.

4, the use of some software design vulnerabilities, direct or indirect control of the host.

Coping Strategies:

1) View: Often use the command or software to see the local ports open to see if there are suspicious ports;

2) Judge: If you are unfamiliar with the open port, you should find the port encyclopedia or the common port of the Trojan immediately.

Information, look at the description of the role of your suspicious port, or use the software view to open the

The process of the port to be judged;

3) off: If it is a Trojan port or the data does not have the description of this port, then you should close this end

Firewall to shield this port, and local connection-tcp/ip-advanced-option-

TCP/IP filtering, enabling filtering mechanisms to filter ports;

Port Example:

Port Description: 8080 port with 80 port, is used for WWW Proxy service, can realize web browsing, often

When you visit a website or use a proxy server, the ": 8080" port number is added.

Port vulnerability: port 8080 can be exploited by various virus programs, such as Brown orifice (BrO)

The Trojan virus can use 8080 ports to fully remotely control infected computers. Other than that

Remoconchubo,ringzero Trojan can also use this port for attack.

Operation suggestions: Generally we use 80 port for web browsing, in order to avoid the virus attack, we can

To close the port.

Common ports:

Port: 21

Services: FTP

Description: The FTP server is open to the port for uploading, downloading. The most common attackers are used to look for ways to open an anonymous FTP server. These servers have a read-write directory. Trojan doly ports open for Trojan, Fore, Invisible FTP, WebEx, Wincrash, and Blade Runner.

Port: 22

Service: Ssh

Description: The connection between TCP and this port established by pcanywhere may be to look for SSH. This service has many weaknesses, and if configured in a specific mode, many of the versions that use the RSAREF library will have a number of vulnerabilities.

Port: 23

Services: Telnet

Description: Telnet, the intruder is searching for services that Telnet to UNIX. In most cases, this port is scanned to find the operating system that the machine is running on. and using other technologies, intruders will also find passwords. Trojan Tiny Telnet Server will open this port.

Port: 25

Service: SMTP

Description: The port that the SMTP server is open for sending messages. Intruders look for SMTP servers to pass their spam. The intruder's account is closed and they need to be connected to a high-bandwidth e-mail server to pass simple information to different addresses. Trojan antigen, Email Password Sender, Haebu Coceda, Shtrilitz Stealth, WINPC, winspy all open this port.

PORT: 80

Service: HTTP

Description: Used for web browsing. Trojan Executor open this port.

Port: 102

Service: Message transfer agent (MTA)-x.400 over TCP/IP

Description: The message transfer agent.

Port: 110

Service: Post Office Protocol-version3

Description: The POP3 server opens this port for receiving mail and client access to the server-side mail service. The POP3 service has many recognized weaknesses. There are at least 20 weaknesses in the user name and password Exchange buffer overflow, which means intruders can enter the system before a real login. There are other buffer overflow errors after successful login.

PORT: 111

Service: All ports for the RPC service of sun Company

Description: Common RPC services include RPC.MOUNTD, NFS, RPC.STATD, RPC.CSMD, RPC.TTYBD, AMD, etc.

Port: 119

Service: Network News Transfer Protocol

Description: The News newsgroup transport protocol, which hosts Usenet communications. This port is usually connected to people looking for Usenet servers. Most ISPs limit that only their customers can access their newsgroup servers. Opening a newsgroup server will allow you to send/read anyone's posts, access restricted newsgroup servers, post anonymously or send spam.

Port: 135

Service: Location Service

Description: Microsoft runs DCE RPC end-point Mapper for its DCOM service on this port. This is similar to the functionality of UNIX 111 ports. Services that use DCOM and RPC use end-point mapper on the computer to register their locations. When a remote client connects to the computer, they find the location of the service end-point mapper. Hacker scan this port of your computer to find out if you are running Exchange Server on this computer? What version? There are also some Dos attacks directed at this port.

Ports: 137, 138, 139

Service: NETBIOS Name Service

Note: where 137, 138 is a UDP port, this port is used when transferring files over a network neighbor. and port 139: The connection entered through this port attempts to obtain the NETBIOS/SMB service. This protocol is used for Windows file and printer sharing and for Samba. And WINS Regisrtation also uses it.

Port: 161

Services: SNMP

Description: SNMP allows remote management of devices. All configuration and operational information is stored in the database and is available through SNMP. Many administrator error configurations will be exposed to the Internet. Cackers will attempt to use the default password public, private access system. They may be experimenting with all possible combinations. SNMP packets may be incorrectly directed to the user's network

PORT: 177

Service: X Display Manager Control Protocol

Description: Many intruders access the X-windows console, which also needs to open port 6000.

PORT: 389

Services: LDAP, ILS

Description: The Lightweight Directory Access Protocol and NetMeeting Internet Locator server share this port.

More detailed ports:

Http://www.360doc.com/content/11/1202/09/8209768_169068538.shtml

16th Day: Port explanation