By default, Windows opens many service ports on your computer that hackers often use to implement intrusions, so mastering port knowledge is a necessary skill for safe Internet access.
I. Common ports and their classification
Computers on the Internet to communicate with each other requires the use of TCP/IP protocol, according to the TCP/IP protocol, the computer has 256x256 (65536) ports, these ports can be divided into TCP port and UDP port two kinds. If you divide by port number, they can be grouped into the following two broad categories:
1. System retention ports (from 0 to 1023)
These ports do not allow you to use them, they all have the exact definition, corresponding to some common services on the Internet, each open such port represents a system service, such as 80 ports on behalf of Web services. 21 corresponds to the ftp,25 corresponding to the SMTP, 110 corresponds to POP3, etc. (Figure 1).
2. Dynamic ports (from 1024 to 65535)
When you need to communicate with others, Windows will assign a dynamic port on this computer from 1024, if the 1024 port is not closed, then the port will be allocated 1025 ports for you to use, and so on.
However, there are individual system services that are bound to 1024 to 49151 ports, such as 3389 ports (remote Terminal Services). From 49152 to 65535 this section of the port, there is usually no bundled system service that allows Windows to dynamically assign to you to use.
Ii. how to see which ports are open on this machine
By default, Windows opens a number of service ports, and if you want to see which ports are open on this computer and which computers are connected to the local machine, you can use the following two methods.
1. Using the netstat command
Windows provides the netstat command to display the current TCP/IP network connection, and note that the netstat command is available only if the TCP/IP protocol is installed.
How to: Click the "start → program → attachment → command Prompt", enter the DOS window, enter the command Netstat-na carriage return, so will show the local connection and open port, as shown in Figure 2. Where local addresses represent the native IP address and open port number (135 ports are turned on in the figure), Foreign address is the remote computer IP addresses and port number, state indicates the current TCP connection status, and the listening is in the monitor state. Indicates that the machine is opening 135 port listening and waiting for the remote computer to connect.
If you enter the Netstat-nab command in a DOS window, you will also see which programs were created for each connection. In Figure 2, the native is listening on port 135, which was created by the Svchost.exe program, which calls 5 components (Ws2_32.dll, RPCRT4.dll, Rpcss.dll, Svchost.exe, ADVAPI32.dll) to complete the creation process. If you find that the computer opened a suspicious port, you can use the command to see what it called the components, and then check the components of the creation time and modification time, if the exception, it may be a trojan.
2. Use port monitoring class software
Similar to the netstat command, the Port monitoring class software can also see which ports are open on this machine, this kind of software is very many, the famous has TCPView, Port Reporter, Green Eagle PC Universal Wizard, Network Port Viewer, etc., recommend you to start the Internet when the TCPView, Monitor the local port connection closely so that you can prevent illegal connections and secure your network.
third, shut down the local use of the port
Windows has many ports that are open by default, and once you are online, hackers can connect to your computer via these ports, so you should close these ports. There are: TCP139, 445, 593, 1025 ports and UDP123, 137, 138, 445, 1900 ports, some popular virus backdoor ports (such as TCP 2513, 2745, 3127, 6129 ports), and remote service access port 3389. The Shutdown method is:
①137, 138, 139, 445 ports: They are all open for sharing, you should forbid others to share your machine, so you should turn off all these ports by clicking "Start → control Panel → system → hardware → Device Manager", click "Show hidden Devices" under the "View" menu, and double-click " Non-Plug and Play driver, locate and double-click the NetBIOS over Tcpip, and in the open NetBIOS over Tcpip Properties window, click "Do not use this device (deactivate)" Under the General tab, as shown in Figure 3, after you click the OK button to reboot.
② Close the UDP123 port: Click start → settings → control Panel, and then double-click Administrative tools → services to stop the Windows Time service. Turn off the UDP 123 port to protect against certain worm viruses.
③ Close the UDP1900 port: In the Control Panel, double-click management tools → services to stop SSDP Discovery service. Turn off this port to protect against DDoS attacks.
④ Other ports: You can use the network firewall to shut down, or in the Control Panel, double-click Administrative tools → local Security policy, select IP Security Policy, on the local computer, create an IP security policy to shut down.
Four, redirect the local default port, protect system security
If the default port on this computer cannot be closed, you should "redirect" it. Redirect the port to another address, which hides the recognized default port, reduces the chance of damage, and protects the system from security.
For example, your computer is open to a remote Terminal Services (Terminal Server) port (the default is 3389), you can redirect it to another port (for example, 1234) by:
1. On the machine (server side) modify
Navigate to the following two registry keys, and change all of the portnumber to a custom port (for example, 1234):
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server\wds\rdpwd\tds\tcp]
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server\winstations\rdp-tcp]
2. Modifying on the client
Click start → program → attachment → newsletter → Remote Desktop Connection. Open the Remote Desktop Connection window, click the Options button to expand the window, after you complete the relevant parameters, and then click the Save As button under General to export the connection parameter as an. rdp file. Open the file in Notepad and add a line to the end of the file: Server port:i:1234 (fill in your server custom port here). Later, just double-click the. rdp file to connect to this custom port on the server.
One-click Close Hazard port (135 137 138 139 445 593 1025) bat file
Copy Code code as follows:
@echo off
Color 1f
Title close a common dangerous port
Echo.
Echo.
echo This batch is used to start the firewall of the XP system and to close common dangerous ports
Echo.
echo Please verify that you are using an XP system and that no other firewalls are installed
Echo.
Echo to avoid conflict with the firewall of the XP system
Echo.
Echo.
Echo.
Pause
Cls
Echo is starting the firewall please wait ...
sc config sharedaccess start= auto > nul
net start sharedaccess > nul
Echo Firewall has started successfully
Echo.
Echo is shutting down common dangerous ports please wait ...
Echo.
Echo is shutting down port 135 please wait ...
netsh firewall set portopening protocol = ALL Port = 135 Name = 135 Mode = DISABLE Scope = ALL Profiles = All
Echo is shutting down Port 137 please wait ...
netsh firewall set portopening protocol = ALL Port = 137 Name = 137 Mode = DISABLE Scope = ALL Profiles = All
Echo is shutting down Port 138 please wait ...
netsh firewall set portopening protocol = ALL Port = 138 Name = 138 Mode = DISABLE scope = ALL Profiles = All
Echo is shutting down port 139 please wait ...
netsh firewall set portopening protocol = ALL Port = 139 Name = 139 Mode = DISABLE Scope = ALL Profiles = All
Echo is shutting down port 445 please wait ...
netsh firewall set portopening protocol = ALL Port = 445 name = 445 Mode = DISABLE Scope = ALL Profiles = All
Echo is shutting down port 593 please wait ...
netsh firewall set portopening protocol = TCP Port = 593 Name = 593 Mode = DISABLE Scope = ALL Profiles = All
Echo is shutting down port 1025 please wait ...
netsh firewall set portopening protocol = TCP Port = 1025 Name = 1024 Mode = DISABLE Scope = ALL Profiles = All
Echo is shutting down port 3389 please wait ...
netsh firewall set portopening protocol = ALL Port = 3389 Name = 3389 Mode = DISABLE Scope = ALL Profiles = All
Cls
Echo.
Echo.
Echo.
Echo's common danger port is closed.
Echo.
Echo.
Echo.
Echo.
Echo
Echo.
Echo.
Echo.
echo presses any key to exit
Pause>nul