Port 21: port 21 is mainly used for FTP (file transfer protocol) services.
Port Description: port 21 is mainly used for the FTP (file transfer protocol) service. The FTP service is mainly used to upload and download files between two computers, one computer acts as the FTP client, and the other computer acts as the FTP server. you can log on to the FTP server using anonymous logon and authorized username and password logon. Currently, file transmission through the FTP service is the most important method for uploading and downloading files on the Internet. In addition, Port 20 is the default port number for FTP data transmission.
In Windows, you can use Internet Information Service (IIS) to provide FTP connection and management, or install FTP server software to implement FTP functions, such as common FTP Serv-U.
Suggestion: Some FTP servers can be used by hackers to log on anonymously. In addition, port 21 will be used by some Trojans, such as Blade Runner, FTP Trojan, Doly Trojan, and WebEx. If you do not set up an FTP server, we recommend that you disable port 21.
Port 23: port 23 is mainly used for telnet (Remote logon) services. It is a common logon and simulation service on the Internet.Program.
Port Description: port 23 is mainly used for the telnet (Remote logon) service and is a common logon and simulation program on the Internet. You also need to set the client and server. The client that enables the telnet service can log on to the remote telnet server and use the authorized user name and password to log on. After logging on, you can use the Command Prompt window to perform corresponding operations. In Windows, you can type the "Telnet" command in the Command Prompt window to remotely log on using telnet.
Suggestion: using the telnet service, hackers can search for UNIX services remotely and scan the operating system type. In addition, the telnet service in Windows 2000 has multiple serious vulnerabilities, such as permission escalation and denial of service, which can cause remote server crash. Port 23 of the Telnet service is also the default port of the TTS (Tiny Telnet Server) Trojan. Therefore, we recommend that you disable port 23.
Port 25: port 25 is open to SMTP (Simple Mail Transfer Protocol) servers and is mainly used to send emails. Most mail servers use this Protocol today.
Port Description: port 25 is open to the SMTP (Simple Mail Transfer Protocol) server, which is mainly used to send emails. Currently, most mail servers use this protocol. For example, when using the e-mail client program, we need to enter the SMTP server address when creating an account. By default, this server address uses port 25.
Port vulnerabilities:
1. Using port 25, hackers can find SMTP servers to forward spam.
Port 2. 25 is opened by many Trojans, such as ajan, antigen, email password sender, promail, Trojan, tapiras, Terminator, winpc, and winspy. For winspy, open port 25 to monitor all windows and modules running on the computer.
Operation suggestion: if you do not want to set up an SMTP mail server, you can disable this port.
Port 53: port 53 is open to DNS (Domain Name Server) servers and is mainly used for domain name resolution. DNS is the most widely used in the NT System.
Port Description: port 53 is open to DNS (Domain Name Server) servers and is mainly used for domain name resolution. DNS is the most widely used in the NT System. You can use the DNS server to convert the domain name to the IP address. You only need to remember the domain name to quickly access the website.
Port Vulnerability: If the DNS service is enabled, hackers can analyze the DNS server to directly obtain the IP addresses of hosts such as web servers, and use port 53 to break through some unstable firewalls to launch attacks. Recently, a U.S. company also announced 10 most vulnerable vulnerabilities, the first of which is the BIND vulnerability of DNS servers.
Operation suggestion: if the current computer is not used to provide the domain name resolution service, we recommend that you disable this port.
Port 67, port 68: port 67, and port 68 are opened for the Bootstrap Protocol server and Bootstrap Protocol client of The BOOTP service respectively.
Port Description: port 67 and port 68 are opened for the Bootstrap Protocol server and Bootstrap Protocol client of The BOOTP service respectively. BOOTP is a remote startup protocol generated in early UNIX versions. The DHCP service we often use is extended from the BOOTP service. Through the BOOTP service, you can dynamically allocate IP addresses to computers in the LAN without having to set static IP addresses for each user.
Port Vulnerability: If the BOOTP service is enabled, Hackers often use a assigned IP address as a local router to launch attacks in man-in-middle mode.
Operation suggestion: We recommend that you disable this port.
Port 69: TFTP is a simple file transfer protocol developed by Cisco, similar to FTP.
Port Description: port 69 is open for the TFTP (trival file tranfer protocol) service. TFTP is a simple file transfer protocol developed by Cisco, similar to FTP. However, compared with FTP, TFTP does not have complex interactive access interfaces and authentication control. This service is suitable for data transmission between clients and servers that do not need complex exchange environments.
Port Vulnerability: many servers and BOOTP services provide the TFTP service, which is mainly used to download and start from the system.Code. However, because the TFTP service can write files to the system, and hackers can also use the incorrect configuration of TFTP to obtain any files from the system.
Operation suggestion: We recommend that you disable this port.
Port 79: port 79 is open for the Finger service. It is mainly used to query details of users such as online users of remote hosts, operating system types, and whether a buffer overflow occurs.
Port Description: port 79 is open for the Finger service. It is mainly used to query details of users such as online users of remote hosts, operating system types, and whether a buffer overflow occurs. For example, to display the user01 user information on the remote computer www.abc.com, you can type "Finger user01@www.abc.com" in the command line.
Port vulnerabilities: Generally, hackers must use port scanning tools to obtain relevant information to attack the other's computers, for example, you can use port 79 to scan remote computer operating system versions, obtain user information, and detect known buffer overflow errors. In this way, hackers are prone to attacks. Port 79 is also used as the default port by the firehotcker Trojan.
Operation suggestion: We recommend that you disable this port.
--------------------------------------------------------------------------------
Port 80: Port 80 is open for HTTP (HyperText Transport Protocol, Hypertext Transfer Protocol), which is the most widely used protocol for surfing the Internet. It is mainly used in WWW (World Wide Web, World Wide Web) the Protocol for transmitting information on the service.
Port Description: Port 80 is open for HTTP (HyperText Transport Protocol, Hypertext Transfer Protocol), which is the most widely used protocol for surfing the Internet. It is mainly used in WWW (World Wide Web, World Wide Web) the Protocol for transmitting information on the service. We can access the website through the HTTP address plus ": 80" (that is often referred to as "web site"), such as http://www.cce.com.cn: 80, because the default port number of browser Web Service is 80, therefore, you only need to enter the URL without entering ": 80 ".
Port vulnerabilities: some Trojans can use port 80 to attack computers, such as executor and Ringzero.
Operation suggestion: In order to surf the Internet normally, we must enable port 80.
Port 99: port 99 is used for a service named "metemedirelay" (sub-countermeasure delay). This service is rare and generally unavailable.
Port Description: port 99 is used for a service named "metemedirelay" (sub-countermeasure delay). This service is rare and generally unavailable.
Port Vulnerability: although the metemedirelay service is not commonly used, trojan programs such as Hidden Port and ncx99 use this port. For example, in windows, ncx99can bind the cmd.exe program to port 99, in this way, you can use Telnet to connect to the server, add users at will, and change permissions.
Operation suggestion: We recommend that you disable this port.
Port 109 and port 110: Port 109 is open for the pop2 (Post Office Protocol Version 2, Post Office Protocol 2) service, and port 110 is open for the POP3 (mail protocol 3) service, pop2 and POP3 are mainly used to receive emails.
Port Description: Port 109 is open for the pop2 (Post Office Protocol Version 2, Post Office Protocol 2) service, and port 110 is open for the POP3 (mail protocol 3) service, pop2 and POP3 are mainly used to receive mails. Currently, many POP3 servers support both pop2 and POP3. The client can use the POP3 protocol to access the mail service on the server. Currently, most mail servers on the ISP use this protocol. When using the email client, you must enter the POP3 server address. By default, port 110 is used.
Port vulnerabilities: pop2 and POP3 have many vulnerabilities while providing the mail receiving service. The POP3 Service has no less than 20 vulnerabilities in the user name and password exchange Buffer Overflow. For example, the webeasymail POP3 server legal user name information leakage vulnerability allows remote attackers to verify the existence of user accounts. In addition, port 110 is also used by trojan programs such as promail Trojan. port 110 can steal the user name and password of the POP account.
Suggestion: Open this port if the email server is running.
Port 111: port 111 is the port opened by Sun's Remote Procedure Call service. It is mainly used for internal process communication between different computers in a distributed system, RPC is an important component in a variety of network services.
Port Description: port 111 is the port opened by Sun's Remote Procedure Call service. It is mainly used for internal process communication between different computers in a distributed system, RPC is an important component in a variety of network services. Common RPC services include rpc. mountd, NFS, rpc. statd, rpc. csmd, rpc. ttybd, and AMD. The RPC service is also available in Microsoft Windows.
Port vulnerability: a major vulnerability in Sun RPC is the remote buffer overflow vulnerability in xdr_array functions in multiple RPC services. This vulnerability allows attackers to transmit excessive
Port 113: port 113 is mainly used for authentication service in windows ).
Port Description: port 113 is mainly used for "authentication service" (authentication service) of windows. Generally, this service is run on computers connected to the network, and is mainly used to verify users connected to TCP, you can use this service to obtain information about the connected computer. In Windows 2000/2003 server, there is also a dedicated IAS component, through which you can easily perform authentication and policy management during remote access.
Port Vulnerability: although port 113 can facilitate authentication, it is often used as a recorder for FTP, Pop, SMTP, IMAP, IRC, and other network services, this will be exploited by the corresponding trojan program, such as the trojan controlled based on the IRC chat room. In addition, port 113 is also the default port opened by trojans such as invisible identd deamon and kazimas.
Operation suggestion: We recommend that you disable this port.
Port 119: port 119 is open for "Network News Transfer Protocol" (NNTP.
Port Description: port 119 is open for "Network News Transfer Protocol" (NNTP) and is mainly used for the transmission of newsgroups, this port is used when you search for the Usenet server.
Port Vulnerability: the famous happy99 worm opens port 119 by default. If the virus is in progress, it will continuously send emails for transmission and cause network congestion.
Suggestion: If USENET newsgroup is frequently used, you must disable this port from time to time.
Port 135: port 135 is mainly used to use the Remote Procedure Call Protocol and provide the DCOM (Distributed Component Object Model) service.
Port Description: port 135 is mainly used to use the RPC (Remote Procedure Call, remote process call) Protocol and provide the DCOM (Distributed Component Object Model) service, by using RPC, programs running on a computer can smoothly execute code on a remote computer. By using DCOM, you can directly communicate through the network, it can transmit data across multiple networks, including HTTP.
Port Vulnerability: it is believed that many Windows 2000 and Windows XP users suffered the "Shock Wave" virus last year. The virus uses the RPC vulnerability to attack computers. RPC itself has a vulnerability in the message exchange through TCP/IP. This vulnerability is caused by incorrectly processing incorrectly formatted messages. This vulnerability affects an interface between RPC and DCOM. The port that the interface listens on is 135.
Operation suggestion: to avoid the "Shock Wave" virus attack, we recommend that you disable this port.
Port 137: port 137 is mainly used for "NetBIOS name service" (NetBIOS Name Service ).
Port Description: port 137 is mainly used for "NetBIOS name service" (NetBIOS Name Service) and belongs to the UDP port, you only need to send a request to a LAN or port 137 of a computer on the Internet to obtain the name and User Name of the computer, and whether the master domain controller is installed, and whether IIS is running.
Port Vulnerability: because it is a UDP port, attackers can easily obtain information about the target computer by sending requests. Some information can be exploited directly and analyzed, for example, the IIS service. In addition, by capturing information packets that are using port 137 for communication, you may also get the start time and close time of the target computer, so that you can use a dedicated tool to attack.
Operation suggestion: We recommend that you disable this port.
Port 139: port 139 is provided for "NetBIOS Session Service" and is mainly used to provide Windows file and printer sharing and SAMBA service in UNIX.
Port Description: port 139 is provided for "NetBIOS Session Service" and is mainly used to provide Windows file and printer sharing and SAMBA service in UNIX. To share files in a LAN in Windows, you must use this service. For example, in Windows 98, you can open the "control panel" and double-click the "network" icon, on the "configuration" tab, click the "file and print share" button and select the corresponding settings to install and enable the Service. in Windows 2000/XP, you can open the "control panel ", double-click the "Network Connection" icon to open the local connection properties. In the "General" tab of the Properties window, select "Internet Protocol (TCP/IP)" and click "properties; in the displayed window, click the "advanced" button. In the "Advanced TCP/IP Settings" window, select the "wins" tab, enable NetBIOS on TCP/IP in the "NetBIOS Settings" area.
Port Vulnerability: Although enabling port 139 can provide shared services, it is often exploited by attackers. For example, port scanning tools such as streamer and superscan can scan port 139 of the target computer, if a vulnerability is found, attackers can try to obtain the user name and password, which is very dangerous.
Operation suggestion: if you do not need to provide file and printer sharing, we recommend that you disable this port.
Port 143: port 143 is mainly used for "Internet Message Access Protocol" V2 (Internet Message Access Protocol (IMAP ).
Port Description: port 143 is mainly used for "Internet Message Access Protocol" V2 (Internet Message Access Protocol (IMAP). Like POP3, it is used for receiving emails. Through the IMAP protocol, we can know the content of the mail without receiving it, so as to facilitate the management of emails on the server. However, the POP3 protocol is more responsible than the POP3 protocol. Today, most mainstream email client software supports this protocol.
Port Vulnerability: Same as port 110 of POP3 protocol, port 143 used by IMAP also has a buffer overflow vulnerability. This vulnerability allows you to obtain the user name and password. In addition, a Linux worm named "admv0rm" uses this port to breed.
Suggestion: if you are not using the IMAP server, disable the port.
Port 161: port 161 is used for "Simple Network Management Protocol" (SNMP ).
Port Description: port 161 is used for "Simple Network Management Protocol" (SNMP). This protocol is mainly used to manage network protocols in TCP/IP networks, in Windows, you can use the SNMP service to provide status information about hosts on TCP/IP networks and various network devices. Currently, almost all network device vendors support SNMP.
To install the SNMP service in Windows 2000/XP, open the "Windows component wizard" and select "management and monitoring tools" in "components ", click "details" to view "Simple Network Management Protocol (SNMP)", select this component, and click "Next" to install it.
Port vulnerabilities: SNMP can be used to obtain the status information of various devices in the network and control network devices. Therefore, hackers can use SNMP to completely control the network.
Operation suggestion: We recommend that you disable this port.
Port 443: port 443 is the Web browsing port. It is mainly used for HTTPS services and is another type of HTTP that provides encryption and transmission through secure ports.
Port Description: port 443 is the Web browsing port, which is mainly used for HTTPS services. It is another type of HTTP that provides encryption and transmission through secure ports. Websites with high security requirements, such as banks, securities, and shopping, all Use https services, so that information exchange on these websites cannot be seen by others, this ensures transaction security. The webpage address starts with https: //, rather than common http ://.
Port vulnerabilities: https services generally use SSL (Secure Socket Layer) to ensure security. However, SSL vulnerabilities may be attacked by hackers, such as hacking the online banking system, steal credit card accounts.
Operation suggestion: We recommend that you enable this port for secure webpage access. In addition, to prevent hacker attacks, install the latest security patch released by Microsoft for SSL vulnerabilities in a timely manner.
Port 554: port 554 is used by default for "Real Time Streaming Protocol" (RTSP ).
Port Description: port 554 is used by default for "Real Time Streaming Protocol" (RTSP). This protocol is jointly proposed by RealNetworks and Netscape, the RTSP protocol can be used to transmit streaming media files to RealPlayer for playback over the Internet, and effectively and to maximize the use of limited network bandwidth. The transmitted streaming media files are generally published by the Real Server, including. rm ,. ram. Nowadays, many download software support the RTSP protocol, such as flashget and audio and video conveyor belts.
Port Vulnerability: currently, the RTSP protocol has discovered a buffer overflow vulnerability in the Helix Universal Server released in RealNetworks. port 554 is relatively secure.
Operation suggestion: to enjoy and download the RTSP Streaming Media file, we recommend that you enable port 554.
Port 1024: Port 1024 is generally not allocated to a service. It is interpreted as "Reserved" in English ).
Port Description: Port 1024 is generally not allocated to a service. It is interpreted as "Reserved" in English ). Previously, we mentioned that the range of dynamic ports is from 1024 ~ 65535, and 1024 is the beginning of dynamic port. This port is usually allocated to the first service that sends an application to the system. When the service is closed, port 1024 will be released, waiting for calls from other services.
Port vulnerabilities: the famous Yai trojan uses port 1024 by default. This Trojan can be used to remotely control the target computer, obtain screen images of the computer, record Keyboard Events, and obtain passwords, the consequence is serious.
Operation suggestion: general anti-virus software can easily scan and kill the Yai virus. Therefore, we recommend that you enable this port when you confirm that there is no Yai virus.
Port 1024: Port 1024 is generally not allocated to a service. It is interpreted as "Reserved" in English ).
Port Description: Port 1024 is generally not allocated to a service. It is interpreted as "Reserved" in English ). Previously, we mentioned that the range of dynamic ports is from 1024 ~ 65535, and 1024 is the beginning of dynamic port. This port is usually allocated to the first service that sends an application to the system. When the service is closed, port 1024 will be released, waiting for calls from other services.
Port vulnerabilities: the famous Yai trojan uses port 1024 by default. This Trojan can be used to remotely control the target computer, obtain screen images of the computer, record Keyboard Events, and obtain passwords, the consequence is serious.
Operation suggestion: general anti-virus software can easily scan and kill the Yai virus. Therefore, we recommend that you enable this port when you confirm that there is no Yai virus.
How to disable a port
Even if you are not familiar with the policy, you can disable the port as follows.
Take 139 as an Example
1. Start-> Control Panel (or management)-> management tools-> Local Security Policy
2. Right-click "IP Security Policy, on the local computer", and select "manage IP Filter table and filter operations ",
<You can start the manage IP Filter table and filter operation Dialog Box>
3. In "manage IP Filter table", Press "add" button <the IP Filter list is enabled>
4.
(1) Add "disable port 139" under NAME (n) <any name is required, as long as you know.> description (d) also says "disable port 139"
(2) Add a button <enter the IP address filtering wizard>
(3) Click Next <enter the filtering wizard>
(4) At the source address (s): the second item of the selected Larry "any IP Address" next step
Forward to the target address (d): Select "my IP Address" and click "Next ".
Protocol select protocol type (s): Change "any" to "TCP" next step
Slave sets the IP protocol fracture: <two groups of similar options can be seen> select to port (o) <Note not from port?> Add the port you want to disable "139" next step
Finished
5 <the filter List window is displayed. You can see that the filter (s) window has information>
Are you finished? Click OK. <The "manage IP Filter table and filter operation" window is displayed.>
6. Click "manage Filter Operations" in the same way as (2) in 4. <(3) the "Filter Operations" window is displayed.
7. Of course, I chose the second "Block" and "Next" --> "complete"
8 <go back to the "manage IP Filter tables and Filter Operations" WINDOW> click "close ".
9 <back to the local security settings window> right-click "IP Security Policy, on the local computer ", select "create IP Security policy" (2, 4) to enter "set the initial authentication method for this security rule. <use the default item" active directory default value (Kerberos V5 protocol)>
Next step
10. A warning window appears. "Kerberos is valid only when this rule is applied on a computer that is a domain member. This computer is not a domain member. Do you want to continue and retain the attributes of these rules? "Of course" yes"
11. Click "finish". <enter the edit Properties window>
12 "regular" and "rule" click "rule" click "add" button <enter security rule wizard ">
13. Click "Next" and the following warning appears: Yes.
14 from the IP Filter list (I), the first one in the basket: "disable port 139"
15. In the same way as 14, select next. In the same way as 7, click "finish ".
16 OK
17 close the attribute basket <back to the Local Security Policy>
18 right-click "disable port 139 connection" in the right window -- => assign
Appendix:
By default, many windows ports are open. When you access the Internet, network viruses and hackers can connect to your computer through these ports. To change your system to a copper wall, you should close these ports, mainly including TCP 135, 139, 445, 593, 1025, and UDP 135, 137, 138, and 445, some popular Backdoor Ports (such as TCP 2745, 3127, and 6129) and remote service access port 3389. The following describes how to disable these Network Ports in WINXP/2000/2003:
Step 1: click "start" menu/settings/control panel/management tools, double-click to open "Local Security Policy", select "IP Security Policy, on the local computer ", right-click the blank position in the right pane, and select "create IP Security policy" (as shown in the figure on the right) in the shortcut menu. A wizard is displayed. Click "Next" in the Wizard to name the new security policy. Then, press "Next" to display the "Secure Communication Request" screen, remove the hooks on the left of "Activate default rules" on the screen. Click "finish" to create a new IP Security Policy.
Step 2: Right-click the IP Security Policy. In the "properties" dialog box, remove the hook on the left of "use add wizard" and click "add" to add a new rule, then, the "new rule attributes" dialog box appears. Click the "add" button on the screen to bring up the IP Filter list window. In the list, remove the check on the left of "use add wizard, then, click "add" on the right side to add a new filter.
Step 3: Go to the "Filter Properties" dialog box. First, you will see addressing. Select "any IP Address" as the source address, select "my IP Address" as the target address, and click the "protocol" tab, in the "select protocol type" drop-down list, select "TCP" and enter "135" in the text box under "to this port ", click the "OK" button (such as the picture on the left) to add a filter to shield the TCP 135 (RPC) port, which can prevent the outside world from connecting to your computer through port 135.
Click "OK" and return to the filter List dialog box. A policy has been added, repeat the preceding steps to add TCP 137, 139, 445, 593, UDP 135, 139, and 445 ports and create corresponding filters for them.
Repeat the preceding steps to add a blocking policy for TCP ports 1025, 2745, 3127, 6129, and 3389, create a filter for the preceding port, and click OK.
Step 4: In the "new rule attributes" dialog box, select "new IP Filter list" and click a dot in the circle on the left to indicate that the IP address has been activated, click the filter action tab. On the "Filter Operations" tab, remove the hooks on the left of "use add wizard" and click "add" to add the "Block" Operation (right ): on the "Security Measures" tab of "New Filter operation properties", select "Block" and click "OK.
Step 5. Enter the "new rule attributes" dialog box and click "New Filter operation". A dot is added to the circle on the left to indicate that the operation has been activated. Click "close" to close the dialog box; return to the "new IP Security Policy attributes" dialog box, tick the left side of the "new IP Filter list", and click "OK" to close the dialog box. In the "Local Security Policy" window, right-click the newly added IP Security Policy and select "Assign ".
After the restart, the above network ports on the computer are closed, and viruses and hackers can no longer connect to these ports, thus protecting your computer.
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
