Port Introduction
With the development of computer network technology, the original physical interface (such as keyboard, mouse, network card, display card, etc. input/output interface) can not meet the requirements of network communication, TCP/IP protocol as a standard protocol for network communication solves this communication problem. The TCP/IP protocol is integrated into the operating system's kernel, which is equivalent to introducing a new input/output interface technology into the operating system, because a socket (socket) application interface is introduced into the TCP/IP protocol. With such an interface technology, a computer can communicate with any computer that has a socket interface in the form of software. The port in computer programming is "socket interface".
With these ports, how do these ports work? For example, why can a server be a Web server, an FTP server, a mail server, and so on. One important reason is that various services use different ports to provide different services, such as: Usually the TCP/IP protocol requires the web to use the 80th port, FTP 21st port, etc., and the mail server is using port 25th. In this way, through different ports, the computer can communicate with the outside world Non-interference.
According to experts analysis, the maximum number of server ports can have 65,535, but in fact, the commonly used end eloquence dozens of, which can be seen in the undefined port quite a lot. This is why so many hacker programs can be used in some way to define a particular port to achieve the purpose of the intrusion. To define this port, you need to rely on a program to automatically load into memory before the computer starts, forcing the computer to open that particular port. This program is "backdoor" procedures, these backdoor procedures are often said Trojan program. To put it simply, these Trojans before the invasion is to first by some means in a personal computer implanted a program, open a (some) specific port, commonly known as "backdoor" (backdoor), so that this computer into a very open (users have very high privileges) of the FTP server, Then from the back door you can achieve the purpose of the invasion.
The port can be divided into 3 main categories:
1) Accepted ports (well known Ports): from 0 to 1023, they are tightly bound to some services. Usually the communication of these ports clearly indicates the protocol of some kind of service. For example: Port 80 is actually always HTTP traffic.
2 registration port (registered Ports): from 1024 to 49151. They are loosely bound to some services. This means that there are many services that are bound to these ports and are used for many other purposes. For example, many systems handle dynamic ports starting at around 1024.
3 dynamic and/or private ports (dynamically and/or private Ports): from 49152 to 65535. In theory, these ports should not be assigned to services. In fact, machines typically allocate dynamic ports from 1024. But there are exceptions: Sun's RPC port starts at 32768.
The computer "Port" is a semantic translation of the English port, which can be regarded as the export of communication between computer and the outside world. The hardware area of the port is also called interface, such as: USB port, serial port and so on. The port of the software domain generally refers to the communication protocol port for connection service and connectionless service in the network, it is an abstract software structure, including some data structure and I/O (basic Input output) buffer.
By the port number can be divided into 3 major categories:
(1) Recognized ports (well known Ports): from 0 to 1023, they are tightly bound (binding) to some services. Usually the communication of these ports clearly indicates the protocol of some kind of service. For example: Port 80 is actually always HTTP traffic.
(2) Registration port (registered Ports): from 1024 to 49151. They are loosely bound to some services. This means that there are many services that are bound to these ports and are used for many other purposes. For example, many systems handle dynamic ports starting at around 1024.
(3) dynamic and/or private ports (dynamically and/or private Ports): from 49152 to 65535. In theory, these ports should not be assigned to services. In fact, machines typically allocate dynamic ports from 1024. But there are exceptions: Sun's RPC port starts at 32768.
Some ports are often used by hackers, and will be used by some Trojans to attack computer systems, the following is the introduction of the computer port and a simple way to prevent hackers attack.
8080 Port
Port Description: 8080 port with 80 port, is used for WWW Proxy service, can achieve web browsing, often visit a website or use proxy server, will add ": 8080" port number, such as http://www.cce.com.cn:8080.
Port vulnerability: port 8080 can be exploited by a variety of virus programs, such as the brown orifice Trojan Horse virus (BrO) can use 8080 ports to completely remotely control infected computers. In addition, the Remoconchubo,ringzero Trojan can also use this port for attack.
Operational recommendations: Generally we use 80 ports for web browsing, in order to avoid the virus attack, we can close the port.
Port: 21
Services: FTP
Description: FTP server open port, for upload, download. The most common use of attackers is to find ways to open anonymous FTP servers. These servers have a read-write directory. Trojans doly ports open to Trojan, Fore, invisible FTP, WebEx, Wincrash, and Blade Runner.
Port: 22
Services: Ssh
Description: Pcanywhere established TCP and this end port connection may be to find SSH. There are many weaknesses in this service, and if configured in a specific pattern, many of the versions using the RSAREF library will have a number of vulnerabilities.
Port: 23
Services: Telnet
Description: Telnet, an intruder searches for UNIX services remotely. In most cases, this port is scanned to find the operating system on which the machine is running. And with other techniques, intruders will also find passwords. Trojan Tiny Telnet Server to open this port.
Port: 25
Services: SMTP
Description: The port that the SMTP server is open for sending messages. Intruders are looking for SMTP servers to pass on their spam. The intruders ' accounts are closed and they need to be connected to a high-bandwidth e-mail server to deliver simple information to different addresses. Trojan antigen, Email Password Sender, Haebu Coceda, Shtrilitz Stealth, WINPC, winspy all open this port.
PORT: 80
Services: HTTP
Description: For Web browsing. Trojan Executor open this port.
Port: 102
Service: Message transfer agent (MTA)-x.400 over TCP/IP
Description: Message transfer agent.
Port: 109
Services: Post Office Protocol-version3
Description: The POP3 server opens this port for receiving mail and client access to server-side mail services. The POP3 service has many recognized weaknesses. There are at least 20 weaknesses in the user name and password Exchange buffer overflow, which means the intruder can enter the system before a real login. There were other buffer overflow errors after the successful landing.
Port: 110
Services: All ports of sun company RPC Service
Note: Common RPC services are RPC.MOUNTD, NFS, RPC.STATD, RPC.CSMD, RPC.TTYBD, AMD, etc.
Port: 119
Service: Network News Transfer Protocol
Description: News newsgroup transmission protocol, bearer Usenet communication. This port is usually connected by people looking for Usenet servers. Most ISP restrictions, only their clients can access their newsgroup servers. Opening a newsgroup server will allow you to send/read anyone's posts, visit a Restricted newsgroup server, post anonymously, or send spam.
Port: 135
Services: Location Service
Description: Microsoft runs DCE RPC end-point Mapper for its DCOM service on this port. This is similar to the capabilities of UNIX 111 ports. Services that use DCOM and RPC use the end-point mapper on the computer to register their location. When remote clients connect to the computer, they look for the location where the end-point mapper find the service. Hacker scan the computer for this port to find running Exchange Server on this computer. What version. Some Dos attacks are also directed at this port.
Ports: 137, 138, 139
Service: NETBIOS Name Service
Description: 137, 138 are UDP ports, which are used when transferring files through the Network Neighborhood. and port 139: Access through this port attempts to obtain the NETBIOS/SMB service. This protocol is used for Windows file and printer sharing and samba. And WINS regisrtation also use it.
Port: 161
Services: SNMP
Description: SNMP allows remote management of devices. All configuration and running information is stored in the database and can be obtained through SNMP. Many administrator errors are configured to be exposed to the Internet. Cackers will attempt to use the default password public, private access system. They may experiment with all possible combinations. SNMP packets may be incorrectly pointing to the user's network
--------------------------------------
To view ports in Windows 2000/xp/server 2003, you can use the netstat command:
"Start" > "Run" > "cmd" to open a command prompt window. Type "Netstat-a-n" at the command prompt and press ENTER to see the port number and status of the TCP and UDP connections displayed in digital form.
Command format: netstat-a-e-n-o-s
-A indicates that all active TCP connections and the TCP and UDP ports that the computer listens to are displayed.
-E Indicates the number of bytes sent and received by the Ethernet, the number of packets, and so on.
-N indicates that only the address and port number of all active TCP connections is displayed numerically.
-O indicates that the active TCP connection is displayed and includes the process ID (PID) for each connection.
-S indicates statistics for various connections, including port numbers, by protocol.
Close port
For example, to turn off the 25 port of the SMTP service in Windows 2000/XP, you can do this by opening Control Panel first, double-clicking Administrative Tools, and then double-clicking Services. Then locate and double-click the simple Mail Transfer Protocol (SMTP) service in the Open Services window, click the Stop button to stop the service, and then select Disabled in Startup Type, and then click OK. In this way, shutting down the SMTP service is equivalent to shutting down the corresponding port.
Open port
If you want to open the port, you can enable the port by clicking the "Start Type" option, clicking the "OK" button, and then opening the service, in the service status, click the Start button, and then click OK.
In the network connection properties, select the TCP/IP protocol attribute, open the Advanced TCP/IP settings, open TCP/IP filtering on the page of the option, and in the Settings window that appears, you can set the port to turn on and off according to the implementation, by default, TCP/IP filtering is not enabled.