Defense against hacker intrusion: Shut down the system Port

Does our firewall often attack your XXX port? Would it be nice to turn off the useless port? In general, we adopt some powerful anti-Black software and firewall to ensure the security of our system, this article uses a simple method-limiting ports to prevent illegal intrusion-how to disable some ports in the system, in addition, how to disable the default shared C $, D $, Admin $, and IPC $ in WINDOWS.

Illegal intrusion

In short, illegal intrusion can be roughly divided into four types:

Scan the port to attack the host using known System bugs.

Implant Trojans and use backdoors opened by Trojans to access the host.

Data overflow is used to force the host to provide backdoors to access the host.

Attackers can exploit software design vulnerabilities to directly or indirectly control hosts.

The main illegal intrusion methods are the first two. In particular, some popular hacker tools are used to attack the host in the first mode, which is the most common and common; in the latter two ways, only hackers with superb means can exploit the vulnerability, and the software service provider will soon provide patches as long as these two problems arise, repair the system in time.

Therefore, if you can restrict the first two illegal intrusion methods, it can effectively prevent illegal intrusion by using hacker tools. In addition, the first two illegal intrusion methods share one thing: Entering the host through a port.

A port is like a house (server) with several doors. Different doors lead to different rooms (servers provide different services ). The default FTP port we commonly use is 21, while the default WWW webpage port is 80. However, some careless network administrators often open port services that are vulnerable to intrusion, such as port 139, and some Trojans, for example, glaciers, BO, and Guang Wai all automatically open a port that you do not notice. So, as long as we block all ports we cannot use, will these two illegal intrusions be eliminated?

For example, the ports closed here include 135,137,138,139,445,102, 3389,593, and TCP. I will not point out any other ports here.

The procedure is as follows:

By default, many Windows ports are open. When you access the Internet, network viruses and hackers can connect to your computer through these ports. To change your system to a copper wall, you should close these ports, mainly including TCP 135, 139, 445, 593, 1025, and UDP 135, 137, 138, and 445, some popular Backdoor Ports (such as TCP 2745, 3127, and 6129) and remote service access port 3389. The following describes how to disable these Network Ports in WinXP/2000/2003.

Step 1: click "start" menu/settings/control panel/management tools, double-click to open "Local Security Policy", select "IP Security Policy, on the local computer ", right-click the blank position in the right pane, and select "create IP Security Policy" in the shortcut menu. A wizard is displayed. Click "Next" in the Wizard to name the new security policy. Then, press "Next" to display the "Secure Communication Request" screen, remove the hooks on the left of "Activate default rules" on the screen. Click "finish" to create a new IP Security Policy.
Step 2: click "OK" and return to the filter List dialog box. A policy has been added, repeat the preceding steps to add TCP 137, 139, 445, 593, UDP 135, 139, and 445 ports and create corresponding filters for them.

Step 3: Repeat the preceding steps to add port blocking policies for TCP 1025, 2745, 3127, 6129, and 3389, create the filter for the above port, and click "OK.

Step 4: In the "new rule attributes" dialog box, select "new IP Filter list" and click a dot in the circle on the left to indicate that the IP address has been activated, click the filter action tab. On the "Filter Operations" tab, remove the hooks on the left of "use add wizard" and click "add" to add a "Block" Operation: on the "Security Measures" tab of "New Filter operation properties", select "Block" and click "OK.

Step 5: Enter the "new rule attributes" dialog box and click "New Filter operation". A dot is added to the circle on the left to indicate that the operation has been activated. Click "close" to close the dialog box; return to the "new IP Security Policy attributes" dialog box, tick the left side of the "new IP Filter list", and click "OK" to close the dialog box. In the "Local Security Policy" window, right-click the newly added IP Security Policy and select "Assign ".

At this time, you can restart the computer. After the computer is restarted, the above network ports on the computer are closed. At this time, viruses and hackers should no longer be connected to these ports, this protects your computer.

The following describes how to disable the default shared C $, D $, Admin $, and IPC $ in WINDOWS.

You should know that WINDOWS 2000 and windows xp will share data by default. Viruses and hackers can also access your computer through this channel, to destroy your files or even remotely control your computer, you should delete these default shares.

Step 1: Right-click the IP Security Policy. In the "properties" dialog box, remove the hook on the left of "use add wizard" and click "add" to add a new rule, then, the "new rule attributes" dialog box appears. Click the "add" button on the screen to bring up the IP Filter list window. In the list, remove the check on the left of "use add wizard, then, click "add" on the right side to add a new filter.

Step 2: Go to the "Filter Properties" dialog box. First, you will see the address. Select "any IP Address" as the source address, select "my IP Address" as the target address, and click the "protocol" tab, in the "select protocol type" drop-down list, select "TCP", enter "135" in the "to this port" text box, and click "OK, in this way, a filter is added to shield the TCP 135 (RPC) port, which can prevent the outside world from connecting to your computer through port 135.

The windows xp operating system is easier to handle than 2000. If you only use a computer that is rarely used occasionally, you can select "run" in the "Start" menu ", enter "net share * $/del" (* indicates the name of the share you want to delete. However, this default share will still be available after the next boot. How can we completely disable these default shares after the boot?

Now let's talk about how to automatically disable all default share for WINDOWS after it is turned on. WINDOWS 2000 and windows xp are also similar here, and select "run" in the "Start" menu ", enter "regedit", open the [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run] branch of the Registry, and create a new "string value" under it. The name can be random, such as "delshareC $ ", right-click, and click "modify" in the shortcut menu ", in the "Edit string" window that appears, enter "net share C $/del" (excluding quotation marks) and press "OK" in the "value data" column. Similarly, add "string value", such as "delshareD $", "value data", "net share D $/del", and so on. Where can I add a few partitions, including "net share Admin $/del" and so on. Note: There are case-sensitive cases. After saving the registry and restarting the computer, you can enable automatic shutdown of these special shared resources.

However, have you found that the "net share IPC $/del" command does not play any role at all for "IPC $", but it still keeps sharing by default ??? (In fact, this step is enough. You don't need to close IPC $)

Permanently disable the IPC $ and default services that share dependencies: the lanmanserver is the server service and must be included in the management tools on the control panel, find "service", go to "server service" (right-click), go to "properties", click "General", and select "disabled" in "Startup type ", in this way, the default share of IPC $ is disabled. However, this will produce some negative effects. Once you disable the default share of IPC $, you cannot use many Server services, at the same time, you may not be able to access other computers in the LAN. Please use it with caution!

1. Top 10 tricks to free you from hacker attacks
2. Top 10 tips to free you from cyberattacks
3. Nine methods for network security experts to guard against hacker attacks