Hacker talk about server port filtering and anti-Black Method

With the development of network technology and the increasing number of network services, network security issues have become increasingly prominent. Server Security is even more important. If a server is infiltrated, the confidential information on the server may be stolen, and the services provided by the server may be maliciously tampered. Therefore, protecting the security of network servers is very important for the entire network.

However, as the administrator of a network server, how can we ensure that the server you manage is not infiltrated by normal hackers? First of all, we need to understand the following steps that are commonly used by hackers to intrude into the world. Only by knowing ourselves and ourselves can we win a hundred battles! A real hacker always scans the target server on the network before intrusion. The port scan process is mainly used to collect the information required by the host, this step is very important to the entire intrusion process. From the scan results, hackers can determine what operating systems the server uses, what services are provided, what software is installed, and even some information about the target objects. Using this information, hackers can determine the password mechanism of the system, find out whether the system has any vulnerabilities that can be exploited, whether the services provided by the server can further provide useful information, whether vulnerabilities can be exploited, and whether the software exists. vulnerabilities available, and so on. If it is a server with incomplete security, you can find a way to intrude into the host through this step.

How can I obtain more information through port scanning. As the Administrator of the network server, how can we avoid intruders getting this information through the port? The answer is that we need to filter ports. To prevent thieves, shut down unnecessary doors and windows. In fact, many firewall software also uses this principle: filter data packets, intercept all data packets, analyze ports, determine whether data communication is permitted, and then perform corresponding processing.

In fact, I wonder if you know that in windows2000, You can implement port filtering without any third-party software. The specific method is as follows:

1. Right-click "Network Neighbor" and select "attribute ";
2. In the pop-up "network and dialing", right-click the valid network adapter connection point and select "attribute ";
3. Double-click "Internet Protocol (TCP/IP)" and click "advanced" in the pop-up "Internet Protocol (TCP/IP) attributes;
4. select the option card in the pop-up "Advanced TCP/IP Settings" window, and double-click "TCP/IP filtering ";
5. in the pop-up "TCP/IP filtering" box, you can filter TCP ports, UDP ports, and IP protocols. Here, you can open any port or protocol you want to open and close any meaningless port.

Which ports should be opened to a network administrator and which ports should be disabled? This depends on the services provided by your server and the management methods you manage this server. For example, if your server is purely used as a web server and you manage it locally, you only need to allow data on port 80 to pass through. Each server has different purposes. The specific ports that should be opened are also different. Common ports and corresponding services are as follows:

20 = Ftp Data
21 = FTP Open Server
23 = Telnet
25 = Smtp
31 = Master Paradise.80
53 = DNS, Bonk (DoS Exploit)
79 = Finger
80 = Http
110 = Pop3
113 = Auther Idnet
119 = Nntp
121 = BO jammerkillah
137 = NetBios-NS
138 = NetBios-DGN
139 = NetBios-SSN
143 = IMAP
161 = Snmp
162 = Snmp-Trap
194 = Irc
443 = http://dt.ap-southeast-1.maxcompute.aliyun-inc.com
456 = Hackers Paradise
555 = Stealth Spy (Phase)
666 = Attack FTP
1001 = silencert
1001 = WebEx
1010 = Doly trojan v1.35
1011 = Doly Trojan
1015 = Doly trojan v1.5
1024 = NetSpy.698 (YAI)
1025 = NetSpy.698
1033 = Netspy
1042 = Bla1.1
1047 = javascrasher. B
1047 = javascrasher. c
1080 = Wingate
1243 = SubSeven
1245 = Vodoo
1269 = Mavericks Matrix
1492 = FTP99CMP (BackOriffice. FTP)
1807 = SpySender
1981 = ShockRave
1999 = Backdoor (YAI)
1999 = BackDoor.200
1999 = BackDoor.201
1999 = BackDoor.202
1999 = BackDoor.203
1509 = Streaming Server
1600 = Shiv
2001 = TrojanCow
2023 = Pass Ripper
2140 = DeepThroat.10
2140 = Invasor
2140 = The Invasor
2283 = Rat
2565 = Striker
2583 = Wincrash2
2801 = Phineas
3129 = MastersParadise.92
3150 = Deep Throat 1.0
3210 = SchoolBus
4000 = OICQ Client
4567 = FileNail
4950 = IcqTrojan
5000 = Blazer 5
5190 = ICQ Query
5321 = Firehotcker
5400 = BackConstruction1.2
5400 = BladeRunner
5550 = Xtcp
5569 = RoboHack
5714 = Wincrash3
5742 = Wincrash
6400 = The Thing
6669 = Vampire
6670 = Deep Throat
6711 = SubSeven
6713 = SubSeven
6767 = NT Remote Control
6771 = Deep Throat 3
6776 = SubSeven
6883 = DeltaSource
6939 = Indoctrination
6969 = javascrasher.
7306 = NetMonitor (NetSpy)
7307 = ProcSpy
7308 = X Spy
7626 = muma glacier
7789 = ICQKiller
8000 = OICQ Server
9400 = InCommand
9401 = InCommand
9402 = InCommand
9872 = Portal of Doom
9875 = Portal of Doom
9989 = InIkiller
10167 = Portal Of Doom
10607 = Coma
11000 = Senna Spy Trojans
11223 = ProgenicTrojan
12076 = Gjamer
12076 = MSH.104b
12223 = Hack? 9 KeyLogger
12345 = NetBus 1.x
12346 = NetBus 1.x
12631 = WhackJob. NB1.7
16969 = Priotrity
17300 = Kuang2
20000 = Millenium II (GrilFriend)
20001 = Millenium II (GrilFriend)
20034 = NetBus Pro
20331 = Bla
21554 = GirlFriend
21554 = Schwindler 1.82
22222 = Prosiak
23456 = edevil FTP
23456 = UglyFtp
23456 = WhackJob
27374 = SubSeven
29891 = The Unexplained
30029 = AOLTrojan
30100 = NetSphere
30303 = Socket23
30999 = Kuang
31337 = BackOriffice
31337 = BackOrifficeLM. LEENTech
31339 = NetSpy
31666 = BO Whackmole
31787 = Hackatack
33333 = Prosiak
33911 = Trojan Spirit 2001
34324 = TN
34324 = Tiny Telnet Server
40412 = TheSpy
40421 = MastersParadise.96
40423 = Master Paradise.97
47878 = BirdSpy2
50766 = Fore
50766 = Schwindler
53001 = Remote Shutdown
54320 = Back Orifice 2000
54321 = SchoolBus 1.6
61466 = Telecommando
65000 = dedevil

Finally, it should be noted that the real security of a server is not enough to filter TCP/IP. Although port filtering improves the security of our servers, but a good hacker, even if you only open a few ports or even one port, they can all perform intrusion through vulnerabilities that you run on the port software or other valid channels to bypass the security mechanism. There is no absolute security in this world, but we can find a way to make it safer.