[Abstract] port functions, vulnerabilities, and Operation suggestions (1)

Port Concept

In network technology, Ex *] Network g.] # Yu K # The LN Port has two meanings: one is the physical Port, for example, ADSL Modem, Hub, switch, router is used to connect other network equipment interface, such as RJ-45 port, SC port and so on. The second is the logical port, which generally refers to the port in the TCP/IP protocol. The port number ranges from 0 to 65535, for example, port 80 used to browse Web Services,

6b7 T mechanism dsLgC soft #. x = e

Port 21 for the FTP service. Here we will introduce the logical port.

Port category

Logically speaking, ports have multiple classification standards. The following describes two common classifications:

1. Distribution by port number

(1) Well-Known Ports)

A well-known port is a well-known port number ranging from 0 to 1023. These ports are usually allocated to some services. For example, port 21 is allocated to the FTP service,

F $ r ~ Education = teach vMFZmJc 'I

Port 25 is allocated to the SMTP (Simple Mail Transfer Protocol) service, port 80 is allocated to the HTTP service, and port 135 is allocated to the RPC (Remote Procedure Call) service.

(2) Dynamic Ports)

The range of dynamic ports is from 1024 to 65535,

W9; | g ~ UJ: 7

These port numbers are generally not allocated to a service, that is, many services can use these ports. As long as the program runs to the system to request access to the network, the system can assign a port number for the program to use. For example, port 1024 is allocated to the first application to the system. After the program process is closed, the occupied port number is released.

However,

= Network \ | 1 K none ~ I + ADKd '^ $

Dynamic ports are often used by virus and trojan programs, such as the default connection port 7626 of the glacier, 2.4 of the WAY 8011, 3.0 of the Netspy 7306, and 1024 of the YAI virus.

2. Divided by protocol type

Divided by protocol type, can be divided into TCP, UDP, IP, ICMP (Internet Control Message Protocol) and other ports. The following describes TCP and UDP ports:

(1) TCP port

TCP port, that is, the transmission control protocol port, must be connected between the client and the server to provide reliable data transmission. Common include port 21 of the FTP service, port 23 of the Telnet service, port 25 of the SMTP service, and port 80 of the HTTP service.

(2) UDP port

UDP port, that is, the user data packet protocol port, does not need to establish a connection between the client and the server, security is not guaranteed. Common services include DNS Service port 53, SNMP (Simple Network Management Protocol) Service port 161, and QQ port 8000 and port 4000.

View port

To view the port in Windows 2000/XP/Server 2003, run the Netstat command:

Click Start> Run, type cmd, and press enter to open the Command Prompt window. Type "netstat-a-n" in the command prompt. Press the Enter key to view the TCP and UDP connection port numbers and statuses (displayed in numbers (.

TIPS: Netstat command usage

Command Format: Netstat-a-e-n-o-s

-A indicates that all active TCP connections and TCP and UDP ports listened by the computer are displayed.

-E indicates the number of bytes sent and received over the Ethernet, and the number of packets.

-N indicates that only the active TCP connection addresses and port numbers are displayed in numbers.

-O indicates that active TCP connections are displayed and the process ID (PID) of each connection is included ).

-S indicates displaying statistics of various connections by protocol,

"] %} 'Z of the network SC

Including the port number.

Close/enable port

Before introducing the functions of various ports, we will first introduce how to disable/enable ports in Windows, because the default situation is, many insecure or useless ports are enabled, for example, port 23 of the Telnet service, port 21 of the FTP service, port 25 of the SMTP service, and port 135 of the RPC service. To ensure system security, we can disable/enable the port through the following methods.

Close the port

For example, to disable port 25 of the SMTP service in Windows 2000/XP, you can do this: first open "Control Panel", double-click "Administrative Tools", and then double-click "service ". In the displayed service window, find and double-click the "Simple Mail Transfer Protocol (SMTP)" service and click "stop" to stop the service, select "disabled" in "Start type" and click "OK. In this way, closing the SMTP service is equivalent to closing the corresponding port.

Enable Port

If you want to enable this port, you only need to select "Auto" in "Start type", click "OK", and then open the service, in "service status", click "start" to enable the port. Finally, click "OK.
Tip: the "service" option is not available in Windows 98. You can use the firewall rule setting function to disable/enable the port.
Port 21:Port 21 is mainly used for FTP (File Transfer Protocol,

W2-q | do0FRqgT (Yu mu

File Transfer Protocol) service.

Port Description: port 21 is mainly used for the FTP (File Transfer Protocol) service. The FTP service is mainly used to upload and download files between two computers, one computer acts as the FTP client, and the other computer acts as the FTP server. you can log on to the FTP server using anonymous logon and authorized username and password logon. Currently, file transmission through the FTP service is the most important method for uploading and downloading files on the Internet. In addition, Port 20 is the default port number for FTP data transmission.

In Windows, you can use Internet Information Service (IIS) to provide FTP connection and management, or install FTP server software to implement FTP functions, such as common FTP Serv-U.

Suggestion: Some FTP servers can be used by hackers to log on anonymously. In addition,

P, Sx6Y QdowsY

Port 21 is also exploited by some Trojans, such as Blade Runner, FTP Trojan, Doly Trojan, and WebEx. If you do not set up an FTP server, we recommend that you disable port 21.

　　Port 23:Port 23 is mainly used for the Telnet (Remote logon) service, {login ^ ZB? Yin + Jiao? Enetwork YIIq} is a common logon and simulation program on the Internet.

Port Description: port 23 is mainly used for the Telnet (Remote logon) service and is a common logon and simulation program on the Internet. You also need to set the client and server. The client that enables the Telnet service can log on to the remote Telnet server and use the authorized user name and password to log on. After logging on, you can use the Command Prompt window to perform corresponding operations. In Windows, you can type the "Telnet" command in the Command Prompt window to remotely log on using Telnet.

Suggestion: using the Telnet service, hackers can search for Unix services remotely and scan the operating system type. In addition, the Telnet service in Windows 2000 has multiple serious vulnerabilities, such as permission escalation and denial of service, which can cause remote server crash. Port 23 of the Telnet service is also the default port of the TTS (Tiny Telnet Server) Trojan. Therefore, we recommend that you disable port 23.

　　Port 25:Port 25 is SMTP (Simple Mail Transfer Protocol, M] pZ ~ O Yu 7 @ z's simple network Mail Transfer Protocol) is open to the server and is mainly used to send emails. Today, most mail servers use this protocol.

Port Description: port 25 is SMTP (Simple Mail Transfer Protocol, Yu Z Network 3uu Network +) HXx? Simple Mail Transfer Protocol) The server is open for sending mails. Most mail servers use this Protocol today. For example, when using the e-mail client program, we need to enter the SMTP server address when creating an account. By default, this server address uses port 25 ().

Port vulnerabilities:

1. Use port 25 to teach k! B5T4gc8GAk; P7c6 hackers can search for SMTP servers to forward spam.

Port 2. 25 is opened by many Trojans, such as Ajan, Antigen, Email Password Sender, ProMail, trojan, Tapiras, Terminator, WinPC, and WinSpy. For WinSpy,

8w5, I +? I1 % W6 in EA & I

By enabling port 25, you can monitor all windows and modules running on your computer.

Operation suggestion: if you do not want to set up an SMTP mail server, you can disable this port.
Port 53:Port 53 is open to DNS (Domain Name Server) servers and is mainly used for Domain Name resolution. DNS is the most widely used in NT systems.

Port Description: port 53 is open to DNS (Domain Name Server) servers and is mainly used for Domain Name resolution. DNS is the most widely used in the NT System. You can use the DNS server to convert the domain name to the IP address. You only need to remember the domain name to quickly access the website.

Port Vulnerability: If the DNS service is enabled, hackers can analyze the DNS server to directly obtain the IP addresses of hosts such as Web servers, and use port 53 to break through some unstable firewalls to launch attacks. Recently, a U.S. company also announced 10 most vulnerable vulnerabilities, the first of which is the BIND vulnerability of DNS servers.

Operation suggestion: if the current computer is not used to provide the domain name resolution service, we recommend that you disable this port.
------------------------------------------

　　Port 67 and port 68:Port 67 and port 68 are opened for the Bootstrap Protocol Server and Bootstrap Protocol Client of The Bootp service.
Port Description: port 67 and port 68 are opened for the Bootstrap Protocol Server and Bootstrap Protocol Client of The Bootp service respectively. Bootp is a remote startup protocol generated in early Unix versions. The DHCP service we often use is extended from the Bootp service. Through the Bootp service, you can dynamically allocate IP addresses to computers in the LAN without having to set static IP addresses for each user.

Port Vulnerability: If the Bootp service is enabled, Hackers often use a assigned IP address as a local router to launch attacks in man-in-middle mode.

Operation suggestion: We recommend that you disable this port.
-------------------------------------------

　　Port 69:TFTP is a simple file transfer protocol developed by Cisco, similar to FTP.

Port Description: port 69 is open for the TFTP (Trival File Tranfer Protocol) service. TFTP is a simple File transfer Protocol developed by Cisco, similar to FTP. However, compared with FTP, TFTP does not have complex interactive access interfaces and authentication control. This service is suitable for data transmission between clients and servers that do not need complex exchange environments.

Port vulnerabilities: many servers and Bootp services provide the TFTP service together,

L soft CGQM 'net P @ NI {

It is mainly used to download startup code from the system. However, because the TFTP service can write files to the system, and hackers can also use the incorrect configuration of TFTP to obtain any files from the system.

Operation suggestion: We recommend that you disable this port.
------------------------------------------

　　Port 79:Port 79 is open for the Finger service and is mainly used to query the details of users such as online users of remote hosts, operating system types, and whether a buffer overflow occurs.

Port Description: port 79 is open for the Finger service. It is mainly used to query details of users such as online users of remote hosts, operating system types, and whether a buffer overflow occurs. For example, to display the user01 user information on the remote computer www.csai.cn, you can type "finger user01@www.csai.cn" in the command line.

Port vulnerabilities: Generally, hackers must use port scanning tools to obtain relevant information to attack the other's computers, for example, you can use port 79 to scan remote computer operating system versions, obtain user information, and detect known buffer overflow errors. In this way, hackers are prone to attacks. Port 79 is also used as the default port by the Firehotcker Trojan.

Operation suggestion: We recommend that you disable this port.

　　Port 80:Port 80 is open for HTTP (HyperText Transport Protocol), which is the most widely used Protocol for surfing the Internet. It is mainly used in WWW (World Wide Web, World Wide Web) the Protocol for transmitting information on the service.

Port Description: Port 80 is open for HTTP (HyperText Transport Protocol, HyperText Transfer Protocol), which is the most widely used Protocol for surfing the Internet. It is mainly used in WWW (World Wide Web, World Wide Web) the Protocol for transmitting information on the service. We can access the website through the HTTP address plus ": 80" (that is often referred to as "web site"), such as http://www.csai.cn: 80, because the default port number of browser Web Service is 80, therefore, you only need to enter the URL without entering ": 80 ".

Port vulnerabilities: some Trojans can use port 80 to attack computers, such as Executor and RingZero.

Operation suggestion: In order to surf the Internet normally, we must enable port 80.
Port 99:Port 99 is used for a service named "metemedirelay" (sub-countermeasure delay,

Teach DVgBaYqJ network 7

This service is rare and generally unavailable.

Port Vulnerability: although the metemedirelay service is not commonly used, trojan programs such as Hidden Port and NCx99 use this Port. For example, in Windows, ncx99can bind the cmd.exe program to Port 99, in this way, you can use Telnet to connect to the server, add users at will, and change permissions.

Operation suggestion: We recommend that you disable this port.

-------------------------------------
　　Ports 109 and 110:Port 109 is open for the POP2 (Post Office Protocol Version 2, Post Office Protocol 2) service, and port 110 is open for the POP3 (mail Protocol 3) service,

Component s86QLk for network E & dv component C soft Education Network

POP2 and POP3 are mainly used to receive emails.

Port Description: The port 109 is POP2 (Post Office Protocol Version 2,

L? S [Bw1gR8 soft 2a7 soft 4n

Post Office Protocol 2) the service is open, and port 110 is open for POP3 (mail protocol 3) services. POP2 and POP3 are mainly used to receive emails. Currently, POP3 is widely used, many servers support both POP2 and POP3. The client can use the POP3 protocol to access the mail service on the server. Currently, most mail servers on the ISP use this protocol. When using the email client, you must enter the POP3 server address. By default, port 110 is used.