Beware of attacks by hackers through port scanning

Apart from IP detection, the hacker also has a port scan. Through port scanning, you can know which services and ports of the computer to be scanned are opened but not used (it can be understood as a channel to the computer ).
I. Port Scanning

It is easy to find remote port scanning tools on the Internet, such as Superscan, IP routing, Fluxay, etc. (1 ), this is the result of a port scan on the test host 192.168.1.8 using "streamer. From this, we can clearly understand which frequently used ports of the host are opened, whether FTP and Web services are supported, and whether FTP services support "anonymous" and IIS versions, whether any IIS vulnerability can be successfully cracked is also displayed.

2. Blocked port scanning

There are two methods to prevent port scanning:

1. disable idle and potentially dangerous ports

This method is somewhat "rigid". Its essence is to close all ports other than the normal computer ports that users need. As far as hackers are concerned, all ports may become targets of attacks. In other words, "all computer ports for external communication are potentially dangerous", and some necessary communication ports of the system, such as HTTP (port 80) required for webpage access; QQ (port 4000) and so on.

It is convenient to disable some idle ports in Windows NT core system (Windows 2000/XP/2003, you can use "()" or "open only allowed ports ". Some network services of a computer have default ports allocated by the system. Some idle services are closed, and the corresponding ports are also closed (2 ). Go to "Control Panel", "Administrative Tools", and "services", and disable some unused services (such as FTP services, DNS services, and IIS Admin services) on the computer ), their corresponding ports are also disabled. As for the "open only allowed port mode", you can use the "TCP/IP filtering" function of the system, only allow the ports required for basic network communication.

2. Check the ports and immediately block the ports if they have symptoms of port scanning.

This method of preventing port scanning is obviously impossible for the user to manually complete, or it is quite difficult to complete, and requires the help of software. These software are our commonly used network firewalls.

The working principle of the firewall is: first, check every packet that arrives at your computer. Before this packet is visible to any software running on your machine, the firewall has a full veto power, your computer is prohibited from receiving anything on the Internet. When the first request for a connection is sent to your computer, a "TCP/IP Port" is opened. When a port is scanned, the other computer continuously establishes a connection with the local computer, gradually open the "TCP/IP Port" and idle port corresponding to each service, and the firewall will be able to know whether the other party is performing port scanning after judging by its built-in interception rules, and intercept all the packets required for scanning sent by the other party.

Currently, almost all network firewalls on the market can defend against port scanning. After the default installation, check whether the port scanning rules intercepted by some firewalls are selected. Otherwise, the firewall will allow port scanning, but leave information in the log.