When surfing the internet, we often see the word "Port" and often use the port number. For example, if "21" is added after the FTP address, "21" indicates the port number. So what does port mean? How can I view the port number? Does a port become the door to malicious cyberattacks ?, How should we face all kinds of ports? The following content will be introduced for your reference.
Port Introduction: This article introduces the concept and classification of ports and how to disable/enable a port.
Port Concept
In network technology, a port has two meanings: one is a physical port, for example, ADSL modem, Hub, switch, router is used to connect other network equipment interface, such as RJ-45 port, SC port and so on. The second is the logical port, which generally refers to the port in the TCP/IP protocol. The port number ranges from 0 to 65535, for example, port 80 used to browse Web Services, port 21 for the FTP service. Here we will introduce the logical port.
Port category
Logically speaking, ports have multiple classification standards. The following describes two common classifications:
1. Distribution by port number
(1) well-known ports)
A well-known port is a well-known port number ranging from 0 to 1023. These ports are usually allocated to some services. For example, port 21 is allocated to the FTP service, port 25 is allocated to the SMTP (Simple Mail Transfer Protocol) service, port 80 is allocated to the HTTP service, and port 135 is allocated to the RPC (Remote process call) service) services.
(2) dynamic ports)
The range of dynamic ports is from 1024 to 65535. These ports are generally not allocated to a service, that is, many services can use these ports. As long as the program runs to the system to request access to the network, the system can assign a port number for the program to use. For example, port 1024 is allocated to the first application to the system. After the program process is closed, the occupied port number is released.
However, dynamic ports are often used by viruses and Trojans. For example, the default connection ports of glaciers are 7626, way 2.4 is 8011, NetSpy 3.0 is 7306, and Yai is 1024.
2. Divided by protocol type
Divided by protocol type, can be divided into TCP, UDP, IP, ICMP (Internet Control Message Protocol) and other ports. The following describes TCP and UDP ports:
(1) TCP port
TCP port, that is, the transmission control protocol port, must be connected between the client and the server to provide reliable data transmission. Common include port 21 of the FTP service, port 23 of the Telnet service, port 25 of the SMTP service, and port 80 of the HTTP service.
(2) UDP port
UDP port, that is, the user data packet protocol port, does not need to establish a connection between the client and the server, security is not guaranteed. Common services include DNS Service port 53, SNMP (Simple Network Management Protocol) Service port 161, and QQ port 8000 and port 4000.
View port
To view the port in Windows 2000/XP/Server 2003, run the netstat command:
Click Start> Run, type cmd, and press enter to open the Command Prompt window. Type "netstat-a-n" in the command prompt. Press the Enter key to view the TCP and UDP connection port numbers and statuses (displayed in numbers (.
TIPS: netstat command usage
Command Format: netstat-a-e-n-o-s
-A indicates that all active TCP connections and TCP and UDP ports listened by the computer are displayed.
-E indicates the number of bytes sent and received over the Ethernet, and the number of packets.
-N indicates that only the active TCP connection addresses and port numbers are displayed in numbers.
-O indicates that active TCP connections are displayed and the process ID (PID) of each connection is included ).
-S indicates that statistics of various connections are displayed by protocol, including the port number.
Close/enable port
Before introducing the functions of various ports, we will first introduce how to disable/enable ports in windows, because the default situation is, many insecure or useless ports are enabled, for example, port 23 of the Telnet service, port 21 of the FTP service, port 25 of the SMTP service, and port 135 of the RPC service. To ensure system security, we can disable/enable the port through the following methods.
Close the port
For example, to disable port 25 of the SMTP service in Windows 2000/XP, you can do this: first open "Control Panel", double-click "Administrative Tools", and then double-click "service ". In the displayed service window, find and double-click the "Simple Mail Transfer Protocol (SMTP)" service and click "stop" to stop the service, select "disabled" in "Start type" and click "OK. In this way, closing the SMTP service is equivalent to closing the corresponding port.
Enable Port
If you want to enable this port, you only need to select "Auto" in "Start type", click "OK", and then open the service, in "service status", click "start" to enable the port. Finally, click "OK.
Tip: the "service" option is not available in Windows 98. You can use the firewall rule setting function to disable/enable the port.
Port 21: port 21 is mainly used for FTP (file transfer protocol) services.
Port Description: port 21 is mainly used for the FTP (file transfer protocol) service. The FTP service is mainly used to upload and download files between two computers, one computer acts as the FTP client, and the other computer acts as the FTP server. you can log on to the FTP server using anonymous logon and authorized username and password logon. Currently, file transmission through the FTP service is the most important method for uploading and downloading files on the Internet. In addition, Port 20 is the default port number for FTP data transmission.
In Windows, you can use Internet Information Service (IIS) to provide FTP connection and management, or install FTP server software to implement FTP functions, such as common FTP Serv-U.
Suggestion: Some FTP servers can be used by hackers to log on anonymously. In addition, port 21 will be used by some Trojans, such as Blade Runner, FTP Trojan, Doly Trojan, and WebEx. If you do not set up an FTP server, we recommend that you disable port 21.
Port 23: port 23 is mainly used for telnet (Remote logon) services and is a common logon and simulation program on the Internet.
Port Description: port 23 is mainly used for the telnet (Remote logon) service and is a common logon and simulation program on the Internet. You also need to set the client and server. The client that enables the telnet service can log on to the remote telnet server and use the authorized user name and password to log on. After logging on, you can use the Command Prompt window to perform corresponding operations. In Windows, you can type the "Telnet" command in the Command Prompt window to remotely log on using telnet.
Suggestion: using the telnet service, hackers can search for UNIX services remotely and scan the operating system type. In addition, the telnet service in Windows 2000 has multiple serious vulnerabilities, such as permission escalation and denial of service, which can cause remote server crash. Port 23 of the Telnet service is also the default port of the TTS (Tiny Telnet Server) Trojan. Therefore, we recommend that you disable port 23.
Port 25: port 25 is open to SMTP (Simple Mail Transfer Protocol) servers and is mainly used to send emails. Most mail servers use this Protocol today.
Port Description: port 25 is open to the SMTP (Simple Mail Transfer Protocol) server, which is mainly used to send emails. Currently, most mail servers use this protocol. For example, when using the e-mail client program, we need to enter the SMTP server address when creating an account. By default, this server address uses port 25 ().
Port vulnerabilities:
1. Using port 25, hackers can find SMTP servers to forward spam.
Port 2. 25 is opened by many Trojans, such as ajan, antigen, email password sender, promail, Trojan, tapiras, Terminator, winpc, and winspy. For winspy, open port 25 to monitor all windows and modules running on the computer.
Operation suggestion: if you do not want to set up an SMTP mail server, you can disable this port.
Port 53: port 53 is open to DNS (Domain Name Server) servers and is mainly used for domain name resolution. DNS is the most widely used in the NT System.
Port Description: port 53 is open to DNS (Domain Name Server) servers and is mainly used for domain name resolution. DNS is the most widely used in the NT System. You can use the DNS server to convert the domain name to the IP address. You only need to remember the domain name to quickly access the website.
Port Vulnerability: If the DNS service is enabled, hackers can analyze the DNS server to directly obtain the IP addresses of hosts such as web servers, and use port 53 to break through some unstable firewalls to launch attacks. Recently, a U.S. company also announced 10 most vulnerable vulnerabilities, the first of which is the BIND vulnerability of DNS servers.
Operation suggestion: if the current computer is not used to provide the domain name resolution service, we recommend that you disable this port.
------------------------------------------
Port 67, port 68: port 67, and port 68 are opened for the Bootstrap Protocol server and Bootstrap Protocol client of The BOOTP service respectively.
Port Description: port 67 and port 68 are opened for the Bootstrap Protocol server and Bootstrap Protocol client of The BOOTP service respectively. BOOTP is a remote startup protocol generated in early UNIX versions. The DHCP service we often use is extended from the BOOTP service. Through the BOOTP service, you can dynamically allocate IP addresses to computers in the LAN without having to set static IP addresses for each user.
Port Vulnerability: If the BOOTP service is enabled, Hackers often use a assigned IP address as a local router to launch attacks in man-in-middle mode.
Operation suggestion: We recommend that you disable this port.
-------------------------------------------
Port 69: TFTP is a simple file transfer protocol developed by Cisco, similar to FTP.
Port Description: port 69 is open for the TFTP (trival file tranfer protocol) service. TFTP is a simple file transfer protocol developed by Cisco, similar to FTP. However, compared with FTP, TFTP does not have complex interactive access interfaces and authentication control. This service is suitable for data transmission between clients and servers that do not need complex exchange environments.
Port Vulnerability: many servers and The BOOTP service provide the TFTP service, which is mainly used to download startup code from the system. However, because the TFTP service can write files to the system, and hackers can also use the incorrect configuration of TFTP to obtain any files from the system.
Operation suggestion: We recommend that you disable this port.