Port function:
1, close 7.9 and so on port: close Simpletcp/ipservice, support the following TCP/IP services: Charactergenerator,daytime,discard,echo, as well as quoteoftheday.
2, close 80: Turn off WWW service. Displays the name "Worldwidewebpublishingservice" in Services, which provides Web connectivity and administration through the snap-in of Internet Information Services.
3. Turn off the 25 port: Turn off the Simplemailtransportprotocol (SMTP) service, which provides the ability to send e-mail across the network.
4, turn off 21 ports: Close Ftppublishingservice, it provides services through the Internet Information Services snap-in provides FTP connection and management.
5. Turn off the 23 port: Turn off the Telnet service, which allows remote users to log on to the system and run the console program using the command line.
6. It is also important to shut down the server service, which provides RPC support, file, print, and named pipe sharing. Turn it off. Win2K default sharing, such as ipc$, C $, admin$, and so on, this service shutdown does not affect your total operation.
7, another is 139 port, 139 port is the Netbiossession port, used for file and print sharing, note that the UNIX machine running Samba is also open 139 ports, the same function. Streamer 2000 used to determine the other host type is not very accurate, it is estimated that the 139-port open both considered NT machine, now good.
Turn off the 139-port listening method is to select the Internet Protocol (TCP/IP) attribute in local Area Connection in network and dial-up connections, and enter the Advanced TCP/IP settings wins setting, which has a "Disable TCP/IP NetBIOS" and closes 139 ports on a tick.
For individual users, it can be set to "disabled" in each service property setting to prevent the next restart of the service from restarting and the port opening.
We generally use a number of powerful anti-black software and firewalls to ensure that our system security, but some users do not have the above conditions. What do we do? Here's an easy way to help prevent illegal intrusions by restricting the ports.
The way of illegal intrusion
In short, the way of illegal intrusion can be roughly divided into 4 kinds:
Intrusion mode 1, scan port, through the known system bugs into the host.
Intrusion Mode 2, planting Trojans, using Trojans to open the back door into the mainframe.
Intrusion Mode 3, the use of data overflow means, forcing the host to provide backdoor access to the mainframe.
Intrusion Mode 4, the use of some software design vulnerabilities, direct or indirect control of the host.
The main ways of trespassing are the first two, especially the use of some popular hacking tools, the first way to attack the host is the most and most common, and the latter two ways, only a number of sophisticated hackers to use, the spread is not widespread, and as long as the two problems appear, software services providers will soon provide patches and repair the system in time.
Therefore, if the first two types of illegal intrusion can be limited, it can effectively prevent the use of hacker tools of illegal intrusion. And the first two kinds of illegal intrusion methods have one thing in common, is through the port into the host.
A port is like a few doors in a house (server), and different doors lead to different rooms (servers provide different services). Our common FTP default port is 21, while the General WWW Web page default port is 80. But some sloppy network administrators often open some easily intrusive port services, such as 139, and a number of Trojan programs, such as glaciers, BO, wide and so on are automatically open up a you do not detect the port. So, as long as we have not used the port all blocked up, not to eliminate these two illegal invasion?
Ways to Restrict ports
For individual users, you can limit all ports because you do not have to provide any service to your machine at all, and for servers that provide network services externally, we need to open the ports that must be used (such as WWW port 80, FTP port 21, mail Service port 25, 110, and so on). The other ports are all closed.
Here, for users with Windows2000 or Windows XP, there is no need to install any other software, you can use the TCP/IP filtering feature to restrict the server's ports. The specific settings are as follows:
Step 1, right click on "Network Places", select "Properties", and then double-click "Local Area Connection" (if you are a dial-up user, select the "My Connection" icon), pop-up the "Local Connection Status" dialog box.
Step 2, click the Properties button, pop up local connection properties, select Internet Protocol (TCP/IP) in this connection using the following items, and then tap the Properties button.
Step 3, click the Advanced button in the Internet Protocol (TCP/IP) dialog box that pops up. In the Advanced TCP/IP settings that pops up, select the Options tab, select TCP/IP filtering, and then tap the Properties button.
Step 4, select the "Enable TCP/IP Filtering" checkbox in the pop-up TCP/IP Filtering dialog box, and then select "Allow only" on the left "TCP port" (see the attached figure).
This allows you to add or remove your TCP or UDP or IP ports on your own.
Step 5, add or delete complete, after restarting the machine, your server is protected.
If you are only browsing the Internet, you may not add any ports. But to use some network contact tools, such as OICQ, you have to open the "4000" port, the same way, if you find that a common network tool does not work, please know it in your host port, and then add the port in "TCP/IP Filtering."