How to find the opened port and how to close the port
The computer "Port" is an English port translation, which can be considered as an exit for communication between the computer and the outside world. The ports in the hardware field are also called interfaces, such as USB ports and serial ports. The port in the software field is an abstract software structure, including some data structures and I/O (Basic Input and Output) buffers.
By port number can be divided into three categories:
(1) well known ports: from 0 to 1023, they are closely bound to some services. Usually the communication between these ports clearly indicates a service protocol. For example, port 80 is always HTTP Communication.
(2) Registration port (registered ports): from 1024 to 49151. They are loosely bound to some services. That is to say, many services are bound to these ports, which are also used for many other purposes. For example, many systems process dynamic ports starting from around 1024.
(3) dynamic and/or private ports: From 49152 to 65535. Theoretically, these ports should not be allocated to the service. In fact, machines usually allocate dynamic ports from 1024. But there are also exceptions: Sun's rpc port starts from 32768.
Some ports are often exploited by hackers and used by some Trojans to attack computer systems. The following describes the computer ports and provides a brief method to prevent cyberattacks.
Port 8080
Port Description: port 8080 is the same as port 80. It is used for WWW Proxy Service and can be browsed on webpages. when accessing a website or using a proxy server, ": 8080 "port number, such as http://www.cce.com.cn: 8080.
Port Vulnerability: port 8080 can be infected with various virusesProgram For example, the Brown Orifice (BRO) Trojan Horse virus can be used to remotely control the infected computer using port 8080. In addition, remoconchubo and Ringzero Trojans can also use this port for attacks.
Operation suggestion: We generally use port 80 for Web browsing. To avoid virus attacks, we can close this port.
Port: 21
Service: ftp
Description: The port opened by the FTP server for uploading and downloading. The most common attacker is used to find the method to open the FTP server of anonymous. These servers have read/write directories. Ports opened by Doly Trojan, fore, invisible FTP, WebEx, WinCrash, and Blade Runner.
Port: 22
Service: SSH
Note: The TCP Connection established by pcAnywhere to this port may be used to search for SSH. This service has many vulnerabilities. If configured in a specific mode, many versions using the rsaref library may have many vulnerabilities.
Port: 23
Service: Telnet
Description: Remote logon. Intruders are searching for remote logon to UNIX services. In most cases, this port is scanned to find the operating system on which the machine runs. There are other technologies that allow intruders to find their passwords. The Tiny Telnet server of the Trojan opens this port.
Port: 25
Service: SMTP
Description: The port opened by the SMTP server for sending emails. Intruders look for SMTP servers to pass their spam. The intruder's account is closed and they need to connect to a high-bandwidth E-MAIL server, passing simple information to different addresses. This port is available for trojans such as antigen, email password sender, haebu coceda, shtrilitz stealth, winpc, and winspy.
Port: 80
Service: HTTP
Description: used for Web browsing. The trojan executor opens this port.
Port 102
Service: Message Transfer Agent (MTA)-x.400 over TCP/IP
Description: message transmission proxy.
Port 109
Service: Post Office Protocol-version3
Note: The POP3 Server opens this port to receive mails and the client accesses the mail service on the server. POP3 services have many common vulnerabilities. There are at least 20 vulnerabilities in username and password exchange buffer overflow, which means that intruders can log on to the system. There are other buffer overflow errors after successful login.
Port 110
Service: all ports of Sun's RPC service
Note: Common RPC services include rpc. mountd, NFS, rpc. statd, rpc. csmd, rpc. ttybd, and AMD.
Port 119
Service: Network News Transfer Protocol
Note: The message group transmission protocol supports Usenet communication. The connection to this port is usually found on Usenet servers. Most ISP restrictions allow only their customers to access their newsgroup servers. Opening the newsgroup server will allow you to send/read any post, access the restricted newsgroup server, and post anonymously or send spam messages.
Port 135
Service: location service
Note: Microsoft runs dce rpc end-point mapper on this port to serve its DCOM. This is similar to the function of UNIX port 111. Services using DCOM and RPC use end-point mapper on the computer to register their locations. When remote customers connect to a computer, they find the end-point Mapper to locate the service location. Hacker scans the computer's port to find the computer that runs the Exchange server? What version? Some DoS attacks directly target this port.
Ports: 137, 138, and 139
Service: NetBIOS Name Service
Note: ports 137 and 138 are UDP ports. This port is used when files are transmitted through network peers. Port 139: the connection through this port tries to obtain the NetBIOS/smb service. This protocol is used for Windows file and printer sharing and samba. Also, wins regisrtation also uses it.
Port 161
Service: SNMP
Note: SNMP allows remote device management. All configuration and operation information is stored in the database and can be obtained through SNMP. Many administrator error configurations will be exposed on the Internet. Cackers tries to use the default password public and private to access the system. They may test all possible combinations. The SNMP package may be incorrectly directed to the user's network.
--------------------------------------
To view the port in Windows 2000/XP/Server 2003, run the netstat command:
"Start"> "run"> "cmd" to open the Command Prompt window. Type "netstat-a-n" in the command prompt. Press the Enter key to view the TCP and UDP connection port numbers and statuses displayed in numbers.
Command Format: netstat-a-e-n-o-s
-A indicates that all active TCP connections and TCP and UDP ports listened by the computer are displayed.
-E indicates the number of bytes sent and received over the Ethernet, and the number of packets.
-N indicates that only the active TCP connection addresses and port numbers are displayed in numbers.
-O indicates that active TCP connections are displayed and the process ID (PID) of each connection is included ).
-S indicates that statistics of various connections are displayed by protocol, including the port number.
Close the port
For example, to disable port 25 of the SMTP service in Windows 2000/XP, you can do this: first open "Control Panel", double-click "Administrative Tools", and then double-click "service ". In the displayed service window, find and double-click the "Simple Mail Transfer Protocol (SMTP)" service and click "stop" to stop the service, select "disabled" in "Start type" and click "OK. In this way, closing the SMTP service is equivalent to closing the corresponding port.
Enable Port
If you want to enable this port, you only need to select "Auto" in "Start type", click "OK", and then open the service, in "service status", click "start" to enable the port. Finally, click "OK.
In addition, in the network connection properties, select the "TCP/IP protocol" attribute to enable Advanced TCP/IP Settings. On the option page, select TCP/IP filtering, in the settings window that appears, you can also set the port to open and close based on the actual situation. By default, TCP/IP filtering is disabled.
The computer "Port" is an English port translation, which can be considered as an exit for communication between the computer and the outside world. The ports in the hardware field are also called interfaces, such as USB ports and serial ports. A port in the software field generally refers to a network> port, which is an abstract software structure, including some data structures and I/O (Basic Input and Output) buffers.
By port number can be divided into three categories:
(1) well known ports: from 0 to 1023, they are closely bound to some services. Usually the communication between these ports clearly indicates a service protocol. For example, port 80 is always HTTP Communication.
(2) Registration port (registered ports): from 1024 to 49151. They are loosely bound to some services. That is to say, many services are bound to these ports, which are also used for many other purposes. For example, many systems process dynamic ports starting from around 1024.
(3) dynamic and/or private ports: From 49152 to 65535. Theoretically, these ports should not be allocated to the service. In fact, machines usually allocate dynamic ports from 1024. But there are also exceptions: Sun's rpc port starts from 32768.
Some ports are often exploited by hackers and used by some Trojans to attack computer systems. The following describes the computer ports and provides a brief method to prevent cyberattacks.
Port 8080
Port Description: port 8080 is the same as port 80. It is used for WWW Proxy Service and can be browsed on webpages. when accessing a website or using a proxy server, ": 8080 "port number, such as http://www.cce.com.cn: 8080.
Port vulnerabilities: port 8080 can be exploited by various virus programs. For example, the Brown Orifice (BRO) Trojan Horse virus can use port 8080 to remotely control the infected computer. In addition, remoconchubo and Ringzero Trojans can also use this port for attacks.
Operation suggestion: We generally use port 80 for Web browsing. To avoid virus attacks, we can close this port.
Port: 21
Service: ftp
Description: The port opened by the FTP server for uploading and downloading. The most common attacker is used to find the method to open the FTP server of anonymous. These servers have read/write directories. Ports opened by Doly Trojan, fore, invisible FTP, WebEx, WinCrash, and Blade Runner.
Port: 22
Service: SSH
Note: The TCP Connection established by pcAnywhere to this port may be used to search for SSH. This service has many vulnerabilities. If configured in a specific mode, many versions using the rsaref library may have many vulnerabilities.
Port: 23
Service: Telnet
Description: Remote logon. Intruders are searching for remote logon to UNIX services. In most cases, this port is scanned to find the operating system on which the machine runs. There are other technologies that allow intruders to find their passwords. The Tiny Telnet server of the Trojan opens this port.
Port: 25
Service: SMTP
Description: The port opened by the SMTP server for sending emails. Intruders look for SMTP servers to pass their spam. The intruder's account is closed and they need to connect to a high-bandwidth E-MAIL server, passing simple information to different addresses. This port is available for trojans such as antigen, email password sender, haebu coceda, shtrilitz stealth, winpc, and winspy.
Port: 80
Service: HTTP
Description: used for Web browsing. The trojan executor opens this port.
Port 102
Service: Message Transfer Agent (MTA)-x.400 over TCP/IP
Description: message transmission proxy.
Port 109
Service: Post Office Protocol-version3
Note: The POP3 Server opens this port to receive mails and the client accesses the mail service on the server. POP3 services have many common vulnerabilities. There are at least 20 vulnerabilities in username and password exchange buffer overflow, which means that intruders can log on to the system. There are other buffer overflow errors after successful login.
Port 110
Service: all ports of Sun's RPC service
Note: Common RPC services include rpc. mountd, NFS, rpc. statd, rpc. csmd, rpc. ttybd, and AMD.
Port 119
Service: Network News Transfer Protocol
Note: The message group transmission protocol supports Usenet communication. The connection to this port is usually found on Usenet servers. Most ISP restrictions allow only their customers to access their newsgroup servers. Opening the newsgroup server will allow you to send/read any post, access the restricted newsgroup server, and post anonymously or send spam messages.
Port 135
Service: location service
Note: Microsoft runs dce rpc end-point mapper on this port to serve its DCOM. This is similar to the function of UNIX port 111. Services using DCOM and RPC use end-point mapper on the computer to register their locations. When remote customers connect to a computer, they find the end-point Mapper to locate the service location. Hacker scans the computer's port to find the computer that runs the Exchange server? What version? Some DoS attacks directly target this port.
Ports: 137, 138, and 139
Service: NetBIOS Name Service
Note: ports 137 and 138 are UDP ports. This port is used when files are transmitted through network peers. Port 139: the connection through this port tries to obtain the NetBIOS/smb service. This protocol is used for Windows file and printer sharing and samba. Also, wins regisrtation also uses it.
Port 161
Service: SNMP
Note: SNMP allows remote device management. All configuration and operation information is stored in the database and can be obtained through SNMP. Many administrator error configurations will be exposed on the Internet. Cackers tries to use the default password public and private to access the system. They may test all possible combinations. The SNMP package may be incorrectly directed to the user's network.
--------------------------------------
To view the port in Windows 2000/XP/Server 2003, run the netstat command:
"Start"> "run"> "cmd" to open the Command Prompt window. Type "netstat-a-n" in the command prompt. Press the Enter key to view the TCP and UDP connection port numbers and statuses displayed in numbers.
Command Format: netstat-a-e-n-o-s
-A indicates that all active TCP connections and TCP and UDP ports listened by the computer are displayed.
-E indicates the number of bytes sent and received over the Ethernet, and the number of packets.
-N indicates that only the active TCP connection addresses and port numbers are displayed in numbers.
-O indicates that active TCP connections are displayed and the process ID (PID) of each connection is included ).
-S indicates that statistics of various connections are displayed by protocol, including the port number.
Close the port
For example, to disable port 25 of the SMTP service in Windows 2000/XP, you can do this: first open "Control Panel", double-click "Administrative Tools", and then double-click "service ". In the displayed service window, find and double-click the "Simple Mail Transfer Protocol (SMTP)" service and click "stop" to stop the service, select "disabled" in "Start type" and click "OK. In this way, closing the SMTP service is equivalent to closing the corresponding port.
Enable Port
If you want to enable this port, you only need to select "Auto" in "Start type", click "OK", and then open the service, in "service status", click "start" to enable the port. Finally, click "OK.
In addition, in the network connection properties, select the "TCP/IP protocol" attribute to enable Advanced TCP/IP Settings. On the option page, select TCP/IP filtering, in the settings window that appears, you can also set the port to open and close based on the actual situation. By default, TCP/IP filtering is disabled.
By default, many windows ports are open. When you access the Internet, network viruses and hackers can connect to your computer through these ports. To change your system to a copper wall, you should close these ports, mainly including TCP 135, 139, 445, 593, 1025, and UDP 135, 137, 138, and 445, some popular Backdoor Ports (such as TCP 2745, 3127, and 6129) and remote service access port 3389. The following describes how to disable these Network Ports in WINXP/2000/2003:
Step 1: click "start" menu/settings/control panel/management tools, double-click to open "Local Security Policy", select "IP Security Policy, on the local computer ", right-click the blank position in the right pane, and select "create IP Security policy" (as shown in the figure on the right) in the shortcut menu. A wizard is displayed. Click "Next" in the Wizard to name the new security policy. Then, press "Next" to display the "Secure Communication Request" screen, remove the hooks on the left of "Activate default rules" on the screen. Click "finish" to create a new IP Security Policy.
Step 2: Right-click the IP Security Policy. In the "properties" dialog box, remove the hook on the left of "use add wizard" and click "add" to add a new rule, then, the "new rule attributes" dialog box appears. Click the "add" button on the screen to bring up the IP Filter list window. In the list, remove the check on the left of "use add wizard, then, click "add" on the right side to add a new filter.
Step 3: Go to the "Filter Properties" dialog box. First, you will see addressing. Select "any IP Address" as the source address, select "my IP Address" as the target address, and click the "protocol" tab, in the "select protocol type" drop-down list, select "TCP" and enter "135" in the text box under "to this port ", click the "OK" button (such as the picture on the left) to add a filter to shield the TCP 135 (RPC) port, which can prevent the outside world from connecting to your computer through port 135.
Click "OK" and return to the filter List dialog box. A policy has been added, repeat the preceding steps to add TCP 137, 139, 445, 593, UDP 135, 139, and 445 ports and create corresponding filters for them.
Repeat the preceding steps to add a blocking policy for TCP ports 1025, 2745, 3127, 6129, and 3389, create a filter for the preceding port, and click OK.
Step 4: In the "new rule attributes" dialog box, select "new IP Filter list" and click a dot in the circle on the left to indicate that the IP address has been activated, click the filter action tab. On the "Filter Operations" tab, remove the hooks on the left of "use add wizard" and click "add" to add the "Block" Operation (right ): on the "Security Measures" tab of "New Filter operation properties", select "Block" and click "OK.
Step 5. Enter the "new rule attributes" dialog box and click "New Filter operation". A dot is added to the circle on the left to indicate that the operation has been activated. Click "close" to close the dialog box; return to the "new IP Security Policy attributes" dialog box, tick the left side of the "new IP Filter list", and click "OK" to close the dialog box. In the "Local Security Policy" window, right-click the newly added IP Security Policy and select "Assign ".
After the restart, the above network ports on the computer are closed, and viruses and hackers can no longer connect to these ports, thus protecting your computer.