I am the master of my port

A computer is like a castle, but it is not unbreakable. It hides many vulnerabilities under its hard appearance. These vulnerabilities are common ports and are the only way for hackers to intrude into the system. Therefore, as long as you closely monitor various ports, You can effectively prevent hacker attacks. Although the principle is simple, it is not easy to operate. How many ports does the computer contain? What are their purposes? How to manage them? Only by carefully reading this article can you find the exact answer to such questions.

With the development of network technology, hacking technology is also "advancing with the times ". Port attacks are still the most common intrusion methods for hackers. Therefore, understanding the port and understanding the port are the basic priorities for preventing "black" and "Black. With the basic knowledge, we can further develop the port application. Now let's start learning the course step by step!

　　Lesson 1: Understanding port classification

The total number of computer ports is 65535, but there are only dozens of common ports in the system. Other ports are undefined. Users who lack relevant knowledge do not pay attention to undefined ports. Therefore, Hackers often use them for attacks. It can be seen that to learn port knowledge, you must first learn port classification. If it is divided by nature, all ports are classified into the following three categories:

(1) Well Known Ports, also Known as common Ports ". The port number ranges from 0 to 1024, and is closely bound to some specific services. For example, HTTP uses port 80, and Telnet uses port 23. Hackers generally do not use these ports for attacks.

(2) Registration port (Registered Ports): the port number ranges from 1025 to 49151. It is loosely bound to some services and most of them do not clearly define service objects. Applications of such ports can be customized according to user needs. Therefore, such ports are easily exploited by hackers.

(3) Dynamic and/or Private Ports: port numbers range from 49152 to 65535. These ports are neither public nor registered, making applications more free. In theory, common services are not allocated to these ports, but in practice, the system usually allocates dynamic ports from 1024. Because these ports are relatively hidden and do not attract user attention. Therefore, some Trojans often prefer these ports.

　　Lesson 2: Find the service or application corresponding to the port

First, we need to raise two questions. Which of the open ports are valid applications that correspond to system services or applications? What are system vulnerabilities that are open to hackers? The answer is: Windows XP comes with the function of searching application ports. In start → run, Enter CMD To Go To The MS-DOS command line mode. Enter the "Netstat-ano" command and press Enter. The Local Address column in the returned result contains the port number, while the PID column displays the process number. By using the process as an intermediary, you can view the application or process corresponding to the process number in the task manager to find the service or application corresponding to each port number.

Some ports cannot find the corresponding service or application using the "Netstat" command. At this time, you can log on to some security sites for free detection. For example, Dr. Skynet (http://pfw.sky.net.cn/news/info/list.php? Sessid = & sortid = 17), Millennium online (http://www.china-yk.com/tsfw/), or online (http://www.bluedon.com/onlinescan/portscan.asp. At the same time, security risks caused by programs such as Word, IE, and Outlook can also be detected through the network. In addition, the X-Scan vulnerability scanning tool can detect system vulnerabilities.

　　Lesson 3: Disable suspicious ports

In the last lesson, I learned how to identify whether a port is valid or vulnerable. When suspicious ports are found, take decisive measures to immediately close them. What should I do? There are many methods to close the port, which can be used flexibly according to different situations.

(1) visit the relevant security websites frequently to download patches. Installing patches to block system vulnerabilities is critical to preventing viruses and hackers. Be diligent and make up for nothing.

(2) Some services are not very useful but often help, such as the well-known telnet service. Enabling it often makes it easy for hackers. Therefore, you should go to "Control Panel> Management Tools> service" to stop unnecessary services, and the corresponding port of the Service will be closed accordingly. For example, if you stop the Radmin service, port 4899 is disabled. If you stop the telnet service, port 23 is disabled.

(3) When the service or application corresponding to the port cannot be found, the port cannot be closed by stopping the service. In this case, you can install a firewall to shield these ports.

(4) use software to close the port. Start Active Ports and select the port to close, such as 139. Click the close button ().

(5) There are two ways to filter by TCP/IP. First, filter by TCP/IP in the local connection attribute ". The second is through the IP Security Policy in the Local Security Policy.

Through 3 lessons, we have mastered the basic knowledge of port and some management skills. As long as you step by step and strictly guard against the attacks, the goal of "getting the port for me to use and getting hackers away from me" will be achieved!