Common windows ports

1. Port 21:
Port Description: port 21 is mainly used for FTP (File Transfer Protocol) services.
 
Suggestion: Some FTP servers can be used by hackers to log on anonymously. In addition, port 21 will be used by some Trojans, such as Blade Runner, FTP Trojan, Doly Trojan, and WebEx. If you do not set up an FTP server, we recommend that you disable port 21.
 
Port 2 and port 23
Port Description: port 23 is mainly used for Telnet (Remote logon) services.
 
Suggestion: using the Telnet service, hackers can search for Unix services remotely and scan the operating system type. In addition, the Telnet service in Windows 2000 has multiple serious vulnerabilities, such as permission escalation and denial of service, which can cause remote server crash. Port 23 of the Telnet service is also the default port of the TTS (Tiny TelnetServer) Trojan. Therefore, we recommend that you disable port 23.
 
Ports 3 and 25
Port Description: port 25 is open to the SMTP (** Mail Transfer Protocol, Simple Mail Transfer Protocol) server, mainly used to send Mail
 
Port vulnerabilities:
 
1. Using port 25, hackers can find SMTP servers to forward spam.
 
Port 2. 25 is opened by many Trojans, such as Ajan, Antigen, Email Password Sender, ProMail, trojan, Tapiras, Terminator, WinPC, and WinSpy. For WinSpy, open port 25 to monitor all windows and modules running on the computer.
 
Operation suggestion: if you do not want to set up an SMTP mail server, you can disable this port.
 

4. port 53
 
Port Description: port 53 is open to DNS (Domain Name Server) servers and is mainly used for Domain Name resolution.
 
Port Vulnerability: If the DNS service is enabled, hackers can analyze the DNS server to directly obtain the IP addresses of hosts such as Web servers, and use port 53 to break through some unstable firewalls to launch attacks. Recently, a U.S. company also announced 10 most vulnerable vulnerabilities, the first of which is the BIND vulnerability of DNS servers.
 
Operation suggestion: if the current computer is not used to provide the domain name resolution service, we recommend that you disable this port.
 
5. Ports 67 and 68
 
Port Description: port 67 and port 68 are opened for the BootstrapProtocol Server and BootstrapProtocol Client of The Bootp service respectively. Bootp is a remote startup protocol generated in early Unix versions. The DHCP service we often use is extended from the Bootp service. Through the Bootp service, you can dynamically allocate IP addresses to computers in the LAN without having to set static IP addresses for each user.
 
Port Vulnerability: If the Bootp service is enabled, Hackers often use a assigned IP address as a local router to launch attacks in man-in-middle mode.
 
Operation suggestion: We recommend that you disable this port.
 

Ports 6 and 69
 
Port Description: port 69 is open for the TFTP (Trival File Tranfer Protocol) service.
 
Port Vulnerability: many servers and The Bootp service provide the TFTP service, which is mainly used to download startup code from the system. However, because the TFTP service can write files to the system, and hackers can also use the incorrect configuration of TFTP to obtain any files from the system.
 
Operation suggestion: We recommend that you disable this port.
 

Ports 8 and 79
 
Port Description: port 79 is open for the Finger service. It is mainly used to query details of users such as online users of remote hosts, operating system types, and whether a buffer overflow occurs. For example, to display the user01 user information on the remote computer www.abc.com, you can type "finger user01@www.abc.com" in the command line.
 
Port vulnerabilities: Generally, hackers must use port scanning tools to obtain relevant information to attack the other's computers, for example, you can use port 79 to scan remote computer operating system versions, obtain user information, and detect known buffer overflow errors. In this way, hackers are prone to attacks. Port 79 is also used as the default port by the Firehotcker Trojan.
 
Operation suggestion: We recommend that you disable this port.
 

9. Port 80
 
Port Description: Port 80 is open for HTTP (Hyper Text Transport Protocol.
 
Port vulnerabilities: some Trojans can use port 80 to attack computers, such as Executor and RingZero.
 
Operation suggestion: In order to surf the Internet normally, we must enable port 80.
 

Ports 10 and 99
 
Port Description: port 99 is used for a service named "metemedirelay" (sub-countermeasure delay). This service is rare and generally unavailable.
 
Port Vulnerability: although the MetagramRelay service is not commonly used, trojan programs such as HiddenPort and NCx99 use this port. For example, in Windows, ncx99can bind the cmd.exe program to port 99, in this way, you can use Telnet to connect to the server, add users at will, and change permissions.
 
Operation suggestion: We recommend that you disable this port.
 

Port 11, port 109, and port 110
 
Port Description: Port 109 is open for the POP2 (Post Office Protocol Version 2, Post Office Protocol 2) service, and port 110 is open for the POP3 (mail Protocol 3) service, POP2 and POP3 are mainly used to receive mails. Currently, many POP3 servers support both POP2 and POP3.
 
Port vulnerabilities: POP2 and POP3 have many vulnerabilities while providing the mail receiving service. The POP3 Service has no less than 20 vulnerabilities in the user name and password exchange Buffer Overflow. For example, the WebEasyMailPOP3 Server legal user name information leakage vulnerability allows remote attackers to verify the existence of user accounts. In addition, port 110 is also used by trojan programs such as ProMailtrojan. port 110 can steal the user name and password of the POP account.
 
Suggestion: Open this port if the email server is running.
 

Port 12 and 111
 
Port Description: port 111 is the port opened by SUN's RPC (RemoteProcedure Call, remote process Call) service. It is mainly used for internal process communication between different computers in a distributed system, RPC is an important component in a variety of network services. Common RPC services include rpc. mountd, NFS, rpc. statd, rpc. csmd, rpc. ttybd, and amd. The RPC service is also available in Microsoft Windows.
 
Port vulnerability: a major vulnerability in sun rpc is the remote buffer overflow vulnerability in xdr_array functions in multiple RPC services. This vulnerability allows attackers to obtain root privileges remotely or locally.
 

Port 113
 
Port Description: port 113 is mainly used for "Authentication Service" (Authentication Service) of Windows. Generally, this Service is run on computers connected to the network, and is mainly used to verify users connected to TCP, you can use this service to obtain information about the connected computer. In Windows 2003/Server, there is also a dedicated IAS component, through which you can easily perform authentication and policy management during remote access.
 
Port Vulnerability: although port 113 can facilitate authentication, it is often used as a recorder for FTP, POP, SMTP, IMAP, IRC, and other network services, this will be exploited by the corresponding trojan program, such as the trojan controlled based on the IRC chat room. In addition, port 113 is also the default port opened by trojans such as Invisible Identd Deamon and Kazimas.
 
Operation suggestion: We recommend that you disable this port.
 

Port 13 and 119
 
Port Description: port 119 is open for "Network News Transfer Protocol" (NNTP) and is mainly used for the transmission of newsgroups, this port is used when you search for the USENET server.
 
Port Vulnerability: the famous Happy99 worm opens port 119 by default. If the virus is in progress, it will continuously send emails for transmission and cause network congestion.
 
Suggestion: If USENET newsgroup is frequently used, you must disable this port from time to time.
 

Port 14 and port 135
 
Port Description: port 135 is mainly used to use the RPC (Remote Procedure Call, Remote process Call) Protocol and provide the DCOM (Distributed Component Object Model) service, by using RPC, programs running on a computer can smoothly execute code on a remote computer. By using DCOM, you can directly communicate through the network, it can transmit data across multiple networks, including HTTP.
 
Port Vulnerability: it is believed that many Windows and Windows XP users suffered the "Shock Wave" virus last year. The virus used the RPC vulnerability to attack computers. RPC itself has a vulnerability in the message exchange through TCP/IP. This vulnerability is caused by incorrectly processing incorrectly formatted messages. This vulnerability affects an interface between RPC and DCOM. The port that the interface listens on is 135.
 
Operation suggestion: to avoid the "Shock Wave" virus attack, we recommend that you disable this port.
 

Ports 15 and 137
 
Port Description: port 137 is mainly used for "NetBIOS Name Service" (NetBIOS Name Service) and belongs to the UDP port, you only need to send a request to a LAN or port 137 of a computer on the Internet to obtain the name and User Name of the computer, and whether the master domain controller is installed, and whether IIS is running.
 
Port Vulnerability: because it is a UDP port, attackers can easily obtain information about the target computer by sending requests. Some information can be exploited directly and analyzed, for example, the IIS service. In addition, by capturing information packets that are using port 137 for communication, you may also get the start time and close time of the target computer, so that you can use a dedicated tool to attack.
 
Operation suggestion: We recommend that you disable this port.
 

Ports 16 and 139
 
Port Description: port 139 is provided for "NetBIOS Session Service" and is mainly used to provide Windows file and printer sharing and Samba Service in Unix. To share files in a LAN in Windows, you must use this service. For example, in Windows 98, you can open the "control panel" and double-click the "network" icon, on the "configuration" tab, click the "file and print share" button and select the corresponding settings to install and enable the Service. in Windows 2000/XP, you can open the "control panel ", double-click the "Network Connection" icon to open the local connection properties. In the "General" tab of the Properties window, select "Internet Protocol (TCP/IP)" and click "properties; in the displayed window, click the "advanced" button. In the "Advanced TCP/IP Settings" window, select the "WINS" tab, enable NetBIOS on TCP/IP in the "NetBIOS Settings" area.
 
Port Vulnerability: Although enabling port 139 can provide shared services, it is often exploited by attackers. For example, port scanning tools such as streamer and SuperScan can scan port 139 of the target computer, if a vulnerability is found, attackers can try to obtain the user name and password, which is very dangerous.
 
Operation suggestion: if you do not need to provide file and printer sharing, we recommend that you disable this port.
 

17. Ports 143
 
Port Description: port 143 is mainly used for "Internet Message AccessProtocol" v2 (Internet Message Access Protocol (IMAP). Like POP3, it is used for receiving emails. Through the IMAP protocol, we can know the content of the mail without receiving it, so as to facilitate the management of emails on the server. However, the POP3 protocol is more responsible than the POP3 protocol. Today, most mainstream email client software supports this protocol.
 
Port Vulnerability: Same as port 110 of POP3 protocol, port 143 used by IMAP also has a buffer overflow vulnerability. This vulnerability allows you to obtain the user name and password. In addition, a Linux worm named "admv0rm" uses this port to breed.
 
Suggestion: if you are not using the IMAP server, disable the port.
 

Port 18 and 161
 
Port Description: port 161 is used for "** Network ManagementProtocol" (Simple Network Management Protocol (SNMP). This protocol is mainly used to manage Network protocols in TCP/IP networks, in Windows, you can use the SNMP service to provide status information about hosts on TCP/IP networks and various network devices. Currently, almost all network device vendors support SNMP.
 
To install the SNMP service in Windows/XP, open the "Windows component wizard" and select "management and monitoring tools" in "components ", click "details" to view "Simple Network Management Protocol (SNMP)", select this component, and click "Next" to install it.
 
Port vulnerabilities: SNMP can be used to obtain the status information of various devices in the network and control network devices. Therefore, hackers can use SNMP to completely control the network.
 
Operation suggestion: We recommend that you disable this port.
 

Port 19 and 443
 
Port Description: port 443 is the Web browsing port, which is mainly used for HTTPS services. It is another type of HTTP that provides encryption and transmission through secure ports. Websites with high security requirements, such as banks, securities, and shopping, all Use HTTPS services, so that information exchange on these websites cannot be seen by others, this ensures transaction security. The webpage address starts with https: //, rather than common http ://.
 
Port vulnerabilities: HTTPS services generally use SSL (Secure Socket Layer) to ensure security. However, SSL vulnerabilities may be attacked by hackers, such as hacking the online banking system, steal credit card accounts.
 
Operation suggestion: We recommend that you enable this port for secure webpage access. In addition, to prevent hacker attacks, install the latest security patch released by Microsoft for SSL vulnerabilities in a timely manner.
 

Port 20 and 554
 
Port Description: port 554 is used by default for "Real Time StreamingProtocol" (RTSP). This protocol is jointly proposed by RealNetworks and Netscape, the RTSP protocol can be used to transmit streaming media files to RealPlayer for playback over the Internet, and effectively and to maximize the use of limited network bandwidth. The transmitted streaming media files are generally published by the Real Server, including. rm ,. ram. Nowadays, many download software support the RTSP protocol, such as FlashGet and audio and video conveyor belts.
 
Port Vulnerability: currently, the RTSP protocol has discovered a buffer overflow vulnerability in the Helix Universal Server released in RealNetworks. port 554 is relatively secure.
 
Operation suggestion: to enjoy and download the RTSP Streaming Media file, we recommend that you enable port 554.
 

Ports 21 and 1024
 
Port Description: Port 1024 is generally not allocated to a service. It is interpreted as "Reserved" in English ). Previously, we mentioned that the range of dynamic ports is from 1024 ~ 65535, and 1024 is the beginning of dynamic port. This port is usually allocated to the first service that sends an application to the system. When the service is closed, port 1024 will be released, waiting for calls from other services.
 
Port vulnerabilities: the famous YAI trojan uses port 1024 by default. This Trojan can be used to remotely control the target computer, obtain screen images of the computer, record Keyboard Events, and obtain passwords, the consequence is serious.
 
Operation suggestion: general anti-virus software can easily scan and kill the YAI virus. Therefore, we recommend that you enable this port when you confirm that there is no YAI virus.
 

Ports 22 and 1080
 
Port Description: port 1080 is the port used by the Socks proxy service. The WWW Service is usually used by the Internet. The Socks proxy service is different from the HTTP proxy service. it traverses the firewall through a channel and allows users behind the firewall to access the Internet through an IP address. Socks proxy service is often used in Lan. For example, if QQ is restricted, you can open the QQ parameter settings window, select "Network Settings", and set Socks proxy service. In addition, you can install Socks proxy software to use QQ, such as Socks2HTTP and SocksCap32.
 
Port Vulnerability: the default port of WinGate, the well-known proxy server software, is 1080. This Port enables computers in the LAN to share the Internet. However, such as Worm. bugbear. B (monster II), Worm. novarg. B (SCO bomb Variant B) and other worms will also listen to port 1080 in the Local System, which is detrimental to computer security.
 
Operation suggestion: In addition to frequently using WinGate to share the Internet, it is recommended that you disable this port.
 

Ports 23 and 1755
 
Port Description: port 1755 is used by default for "Microsoft Media Server" (Microsoft Media Server (MMS). This protocol is a Streaming Media Protocol published by Microsoft, the MMS protocol can be used to transfer and play streaming Media files on Windows Media Servers over the Internet. These files include. asf and. wmv files. You can use Media playing software such as Windows Media Player for real-time playback. Specifically, port 1755 can be divided into TCP and udp mms protocols, namely, MMST and MMSU. Generally, the MMS protocol of TCP is used, that is, MMST. Currently, most streaming media and common download software support the MMS protocol.
 
Port vulnerabilities: at present, there are no obvious vulnerabilities in the transmission and playback of streaming media files using the MMS protocol by Microsoft official and users, one of the main problems is the compatibility between the MMS protocol and the firewall and NAT (network address translation.
 
Operation suggestion: To Play and download the stream media file to the MMS protocol in real time, we recommend that you enable this port.
 

24. Ports 4000
 
Port Description: port 4000 is a commonly used QQ token tool, which is a port opened for the QQ client. The port used by the QQ server is 8000. Through port 4000, the QQ client program can send information to the QQ server for identity authentication and message forwarding. messages sent between QQ users are transmitted through this port by default. Ports 4000 and 8000 do not belong to the TCP protocol, but to the UDP protocol.
 
Port Vulnerability: port 4000 is a UDP port. Although messages can be directly transmitted, there are also various vulnerabilities. For example, the Worm_Witty.A (vidi) worm uses port 4000 to send viruses to random IP addresses, and disguised as an ICQ data packet, the consequence is to write random data to the hard disk. In addition, Trojan. SkyDance Trojan Horse uses this port.
 
Operation suggestion: In order to use QQ chat, the 4000 portal is also open.
 

Ports 25 and 5554
 
Port Description: In April 30 this year, it was reported that there was a new Worm against the Microsoft lsass Service-wave (Worm. (Sasser), the virus can use TCP port 5554 to enable an FTP service, which is mainly used for virus propagation.
 
Port Vulnerability: After being infected with the "Shock Wave" virus, it will send the worm to other infected computers through port 5554, and attempt to connect to port TCP 445 and send attacks, poisoned computers may experience repeated system restart, slow operation, and failure to access the Internet. hackers may even exploit this vulnerability to gain control of the system.
 
Operation suggestion: to prevent virus infection, we recommend that you disable port 5554.
 

Port 26 and 5632
 
Port Description: Port 5632 is the port opened by the remote control software pcAnywhere, which can be divided into TCP and UDP. Through this port, you can control the remote computer on the local computer, view the remote computer screen and transfer files to Achieve Synchronous file transfer. After the pcAnwhere controlled computer is installed, the pcAnywhere host automatically scans the port.
 
Port vulnerabilities: through port 5632, the master computer can control remote computers and perform various operations, which may be exploited by criminals to steal accounts, Steal important data, and perform various damages.
 
Operation suggestion: To avoid scanning through port 5632 and remotely control the computer, we recommend that you disable this port.
 

Port 27 and 8080
 
Port Description: port 8080 is the same as port 80. It is used for WWW Proxy Service and can be browsed on webpages. when accessing a website or using a proxy server, ": 8080 "port number, such as http://www.cce.com.cn: 8080.
 
Port vulnerabilities: port 8080 can be exploited by various virus programs. For example, the Brown Orifice (BrO) Trojan Horse virus can use port 8080 to remotely control the infected computer. In addition, RemoConChubo and RingZero Trojans can also use this port for attacks.
 
Operation suggestion: We generally use port 80 for Web browsing. To avoid virus attacks, we can close this port.