I. Common ports and their classification
Computers need to use the TCP/IP protocol to communicate with each other over the Internet. According to the TCP/IP protocol, the computer has 256x256 (65536) ports, these ports can be divided into TCP port and UDP port. By port number, they can be divided into the following two categories:
1. system reserved ports (from 0 to 1023)
These ports are not allowed to be used. They all have a definite definition and correspond to some common services on the Internet. Each opened port represents a system service, for example, port 80 represents a Web service. 21 corresponds to FTP, 25 corresponds to SMTP, 110 corresponds to POP3, etc. (1 ).
When you need to communicate with others, Windows will allocate a dynamic port from 1024 to the local machine. If Port 1024 is not closed, when you need a port, port 1025 will be allocated for your use, and so on.
However, some system services are bound to ports 1024 to 49151, such as port 3389 (Remote Terminal Service ). Ports from 49152 to 65535 are usually not bundled with system services, allowing Windows to dynamically allocate them to you.
Ii. How to check which ports are enabled on the local machine
By default, Windows opens many "service ports". You can use either of the following methods to check which ports are opened on the local machine and which computers are connected to the local machine.
1. Use the netstat command
Windows provides the netstat command to display the current TCP/IP network connection. Note: The netstat command can be used only when the TCP/IP protocol is installed.
Operation Method: Click Start → program → attachment → command prompt to enter the DOS window, enter the command netstat-na and press enter, so the local connection status and opened port 2 are displayed. The Local Address indicates the IP Address and port number of the Local Machine (port 135 is opened on the Local machine in the figure). Foreign Address indicates the IP Address and port number of the remote computer, and the State indicates the current TCP connection status, in the figure, LISTENING is the LISTENING status, indicating that port 135 is being enabled on the local machine, waiting for the connection from the remote computer.
If you enter the netstat-nab command in the DOS window, it also displays the programs that create each connection. And ADVAPI32.dll. If you find that the machine has opened a Suspicious Port, you can use this command to check which components it has called, and then check the creation time and modification time of each component. if an exception is found, it may be a Trojan.
2. Use port monitoring software
Similar to the netstat command, Port monitoring software can also view which ports are opened on the local machine. There are many such software, including the well-known Tcpview, Port Reporter, green e PC universal genie, and network Port viewer, we recommend that you enable Tcpview when accessing the internet to closely monitor the connection status of the local port, so as to prevent illegal connections and ensure your network security.
3. disable ports not used by the Local Machine
By default, many Windows ports are open. Once you access the Internet, hackers can connect to your computer through these ports, so you should close these ports. Mainly include: ports TCP139, 445, 593, 1025, and UDP123, 137, 138, 445, 1900, and 2513, and some popular Backdoor Ports (such as TCP 2745, 3127, 6129, and ), and remote service access port 3389. The closing method is as follows:
Ports 137, 138, 139, and 445: they are all open for sharing. You should prohibit others from sharing your machine, so close all these ports: click Start> Control Panel> system> hardware> Device Manager, Click Show Hidden devices under view, and double-click plug-and-play driver ", find and double-click NetBios over Tcpip. In the "NetBios over Tcpip properties" window, click "do not use this device (disable)" under the "General" tab. 3, click OK and restart.
③ Close the UDP1900 port: on the control panel, double-click "Administrative Tools> Services" to stop the SSDP Discovery Service. Disable this port to prevent DDoS attacks.
④ Other ports: You can use network firewall to disable them, or double-click "Administrative Tools> Local Security Policy" in "Control Panel" and select "IP Security Policy, on the local computer, create an IP Security Policy to disable it.
4. Redirect the local default port to Protect System Security
If the default port on the local machine cannot be closed, you should "Redirect" it ". Redirect the port to another address to hide the accepted default port, reduce the probability of damage, and protect the system security.
For example, if the Terminal Server port (3389 by default) is opened on your computer, you can redirect it to another port (1234 for example):
1. Modify on the local machine (server side)
Locate the following two registry items and change all portnumbers to custom ports (such as 1234:
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Terminal Server \ Wds \ rdpwd \ Tds \ tcp]
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Terminal Server \ WinStations \ RDP-Tcp]
2. Modify on the client
Click Start> program> attachment> communication> Remote Desktop Connection. The Remote Desktop Connection window is displayed. Click options to expand the window. after entering the relevant parameters, click "Save as" under "General" to export the connection parameter. rdp file. Open the file in notepad and add a line at the end of the file: server port: I: 1234 (enter the custom port of your server here ). Then, double-click the. rdp file to connect to the custom port on the server.
One-click disabling dangerous ports (135 137 138 139 445 593 1025 3389) bat file
Copy codeThe Code is as follows: @ echo off
Color 1f
Title: Disable common dangerous ports
Echo.
Echo.
Echo this batch is used to start the firewall of the XP system and disable common dangerous ports.
Echo.
Echo, please make sure that you are using the XP system and have not installed other firewalls
Echo.
Echo to avoid conflicts with the firewall of the XP System
Echo.
Echo.
Echo.
Pause
Cls
Echo is starting the firewall. Please wait...
SC config SharedAccess start = auto> nul
Net start SharedAccess> nul
Echo firewall has been started successfully
Echo.
Echo is disabling common dangerous ports. Please wait...
Echo.
Echo closing port 135... please wait...
Netsh firewall set portopening protocol = ALL port = 135 name = 135 mode = DISABLE scope = ALL profile = ALL
Echo closing port 137... please wait...
Netsh firewall set portopening protocol = ALL port = 137 name = 137 mode = DISABLE scope = ALL profile = ALL
Echo closing port 138... please wait...
Netsh firewall set portopening protocol = ALL port = 138 name = 138 mode = DISABLE scope = ALL profile = ALL
Echo closing port 139... please wait...
Netsh firewall set portopening protocol = ALL port = 139 name = 139 mode = DISABLE scope = ALL profile = ALL
Echo closing port 445... please wait...
Netsh firewall set portopening protocol = ALL port = 445 name = 445 mode = DISABLE scope = ALL profile = ALL
Echo closing port 593... please wait...
Netsh firewall set portopening protocol = TCP port = 593 name = 593 mode = DISABLE scope = ALL profile = ALL
Echo closing port 1025... please wait...
Netsh firewall set portopening protocol = TCP port = 1025 name = 1024 mode = DISABLE scope = ALL profile = ALL
Echo closing port 3389... please wait...
Netsh firewall set portopening protocol = ALL port = 3389 name = 3389 mode = DISABLE scope = ALL profile = ALL
Cls
Echo.
Echo.
Echo.
Echo common dangerous ports have been disabled
Echo.
Echo.
Echo.
Echo.
Echo
Echo.
Echo.
Echo.
Echo press any key to exit
Pause> nul
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
