1, 21 Ports:
Port Description: Port 21 is mainly used for FTP (file Transfer Protocol, Files Transfer Protocol) service.
Operation suggestion: Because some FTP server can log on anonymously, so it is often used by hackers. In addition, 21 port will also be used by some Trojans, such as Blade Runner, FTP Trojan, Doly Trojan, WebEx and so on. If you do not set up an FTP server, it is recommended to close port 21.
2, 23 Ports:
Port Description: Port 23 is primarily used for Telnet (telnet) service.
Operational recommendations: Using the Telnet service, hackers can search for remote logins to UNIX services, scan the operating system type. And there are several serious vulnerabilities in the Telnet service in Windows 2000, such as elevated permissions, denial of service, and so on, which can crash a remote server. The 23 port of the Telnet service is also the default port for the TTS (Tiny Telnet Server) Trojan. Therefore, it is recommended to close port 23.
3, 25 Ports:
Port Description: Port 25 is open for SMTP (Simple Mail Transfer Protocol, Easy Message Transfer Protocol) server, primarily for sending mail
Port vulnerability:
1. With 25 ports, hackers can look for SMTP servers to forward spam.
2.25 ports are open to many Trojan programs, such as Ajan, Antigen, Email Password Sender, Promail, Trojan, Tapiras, Terminator, WINPC, Winspy, and so on. With Winspy, by opening port 25, you can monitor all the windows and modules that your computer is running.
Operation Recommendation: If you are not setting up an SMTP mail server, you can turn the port off.
4, 53 Ports:
Port Description: 53 port for DNS (domain name server, domain name servers) server open, mainly for domain name resolution.
Port vulnerability: If the DNS service is open, hackers can directly obtain the IP address of a host such as a Web server by analyzing the DNS server, and then use 53 ports to break through some unstable firewalls to implement the attack. In recent days, a U.S. company has also published 10 of the most vulnerable to hacker attacks, the first of which is the DNS server bind vulnerability.
Operation Recommendation: If the current computer is not used to provide a domain name resolution service, it is recommended that the port be closed.
5, 67 and 68 ports:
Port Description: Port 67, 68 ports are open for bootstrap Protocol Server (Bootstrapper protocol Server) and bootstrap Protocol client (Bootstrapper protocol clients) for BOOTP services respectively. The BOOTP service is a remote boot protocol that originated in early Unix, and the DHCP service we use today is extended from BOOTP services. The BOOTP service allows you to dynamically assign IP addresses to computers on your local area network without requiring each user to set up static IP addresses.
Port vulnerabilities: If the BOOTP service is opened, it is often exploited by hackers to use an assigned IP address as a local router to attack through the "Middleman" (man-in-middle) approach.
Action Recommendation: We recommend that you close this port.
6, 69 Ports:
Port Description: Port 69 is open for TFTP (trival file tranfer Protocol, Secondary Files Transfer Protocol) services.
Port vulnerabilities: Many servers and BOOTP services provide TFTP services, primarily for downloading boot code from the system. However, because the TFTP service can write files to the system, hackers can also use the TFTP error configuration to retrieve any files from the system.
Action Recommendation: We recommend that you close this port.
8, 79 ports:
Port Description: Port 79 is open for finger service, and is primarily used to query the details of users on the remote host's online users, operating system types, and buffer overflows. For example, to display information on the USER01 user on the remote computer www.abc.com, you can type "finger user01@www.abc.com" on the command line.
Port vulnerabilities: Generally hackers to attack each other's computers, are through the corresponding port scanning tools to obtain relevant information, such as using "streamer" can use 79 ports to scan the remote computer operating system version, obtain user information, but also to detect known buffer overflow errors. In this way, it is easy to encounter the hacker attack. Moreover, Port 79 is also Firehotcker Trojan as the default port.
Action Recommendation: We recommend that you close this port.
9, 80 ports:
Port Description: Port 80 is open for HTTP (Hypertext Transport Protocol, Hyper-Text Transfer Protocol).
Port vulnerability: Some Trojans can use 80 of ports to attack computers, such as executor, RingZero, and so on.
Operation suggestion: In order to be able to surf the internet normally, we must open 80 ports.
10, 99 Ports:
Port Description: 99 port is used for a service called "Metagram Relay" (sub game delay), the service is relatively rare, generally is not used.
Port vulnerabilities: Although the "Metagram Relay" service is not commonly used, but hidden port, NCx99 and other Trojans will use the port, such as in Windows 2000, NCx99 can take cmd. EXE program is bound to Port 99, so you can use Telnet to connect to the server, add users at random, change permissions.
Action Recommendation: We recommend that you close this port.
11, 109 and 110 ports:
Port Description: Port 109 is open for POP2 (Post office Protocol Version 2, Post Office Protocol 2) service, 110 port is open for POP3 (Mail Protocol 3), POP2, POP3 are mainly used to receive mail, POP3 is currently used more, and many servers support both POP2 and POP3.
Port vulnerability: POP2, POP3 in the provision of mail reception services, but also a number of vulnerabilities. Only POP3 services overflow the username and password Exchange buffer in less than 20 vulnerabilities, such as Webeasymail POP3 Server legal User name Information Disclosure vulnerability, through which remote attackers can authenticate the existence of user accounts. In addition, the 110 port is also Promail Trojan and other Trojan programs, through 110 port can steal POP account username and password.
Operation Recommendation: If you are executing a mail server, you can open the port.
12, 111 Ports:
Port Description: Port 111 is a port that is opened by Sun's RPC (remote Procedure call, remoted procedure calls) service, primarily for internal process communication of different computers in a distributed system, and RPC is an important component in a variety of network services. The common RPC service has RPC. Mountd, NFS, RPC. STATD, RPC. CSMD, RPC. TTYBD, AMD and so on. RPC services are also available in Microsoft Windows.
Port vulnerability: One of the more significant vulnerabilities of SUN RPC is the existence of a remote buffer overflow vulnerability in the Xdr_array function at multiple RPC services, which allows an attacker to obtain root permissions remotely or locally.
113 Port:
Port Description: Port 113 is primarily used for Windows Authentication Service (authentication services), which is typically run by computers that are connected to the network, primarily to authenticate users of TCP connections, through which information about connecting computers can be obtained. In Windows 2000/2003 Server, there are also specialized IAS components that allow for easy authentication and policy management in remote access.
Port vulnerability: 113 Port Although it can facilitate authentication, but also often be used as FTP, POP, SMTP, IMAP and IRC network services, such as the recorder, which will be used by the corresponding trojan, such as based on IRC chat room control Trojan. In addition, 113-Port or Invisible Identd Deamon, kazimas, such as the default port open Trojan.
Action Recommendation: We recommend that you close this port.
13, 119 Ports:
Port Description: Port 119 is open for the "Network News Transfer Protocol" (Network newsgroup transport protocol, NNTP), which is used primarily for newsgroup transmissions and is used when locating Usenet servers.
Port vulnerability: The famous Happy99 worm virus is open by default is 119 port, if the virus will continue to send e-mail to spread, and caused the network congestion.
Operational advice: If you are using Usenet newsgroups frequently, be careful to turn off the port periodically.
14, 135 ports:
Port Description: Port 135 is primarily used for RPC (remote Procedure call, remote procedure Calls) protocol and provides DCOM (distributed Component Object Model) services that enable programs running on a single computer to successfully execute code on a remote computer Use DCOM to communicate directly over a network and to transmit across multiple networks, including HTTP protocols.
Port vulnerability: It is believed that many Windows 2000 and Windows XP users had a "shockwave" virus last year that exploited RPC vulnerabilities to attack computers. RPC itself has a vulnerability in the processing of the message exchange over TCP/IP, which is caused by incorrectly handling malformed messages. This vulnerability affects an interface between RPC and DCOM, which listens on a port that is 135.
Operation recommendation: In order to avoid the "shockwave" virus attack, we recommend that the port be closed.