Port opening is dangerous. Common port resolution

Source: Internet
Author: User
Tags ftp connection ftp client

When surfing the internet, we often see the word "Port" and often use the port number. For example, if "21" is added after the FTP address, "21" indicates the port number. So what does port mean? How can I view the port number? Does a port become the door to malicious cyberattacks ?, How should we face all kinds of ports? The following content will be introduced for your reference.
Port 21: port 21 is mainly used for FTP (File Transfer Protocol) services.

Port Description: port 21 is mainly used for the FTP (File Transfer Protocol) service. The FTP service is mainly used to upload and download files between two computers, one computer acts as the FTP client, and the other computer acts as the FTP server. you can log on to the FTP server using anonymous logon and authorized username and password logon. Currently

In Windows, you can use Internet Information Service (IIS) to provide FTP connection and management, or install FTP server software to implement FTP functions, such as common FTP Serv-U.

Suggestion: Some FTP servers can be used by hackers to log on anonymously. In addition, port 21 will be used by some Trojans. If you do not set up an FTP server, we recommend that you disable port 21. Port 23: port 23 is mainly used for Telnet (Remote logon) services and is a common logon and simulation program on the Internet.

Port Description: port 23 is mainly used for the Telnet (Remote logon) service and is a common logon and simulation program on the Internet. You also need to set the client and server. The client that enables the Telnet service can log on to the remote Telnet server and use the authorized user name and password to log on. After logging on, you can use the Command Prompt window to perform corresponding operations. In Windows, you can type the "Telnet" command in the Command Prompt window to remotely log on using Telnet.

Suggestion: using the Telnet service, hackers can search for Unix services remotely and scan the operating system type. In addition, the Telnet service in Windows 2000 has multiple serious vulnerabilities, such as permission escalation and denial of service, which can cause remote server crash. Port 23 of the Telnet service is also the default port of the TTS (Tiny Telnet Server) Trojan. Therefore, we recommend that you disable port 23.

Port 25: port 25 is open to SMTP (Simple Mail Transfer Protocol) servers and is mainly used to send emails. Most Mail servers use this Protocol today.

Port Description: port 25 is open to the SMTP (Simple Mail Transfer Protocol) server, which is mainly used to send emails. Currently, most Mail servers use this Protocol. For example, when using the e-mail client program, we need to enter the SMTP server address when creating an account. By default, this server address uses port 25.

Port vulnerabilities:

1. Using port 25, hackers can find SMTP servers to forward spam.

Port 2. 25 is open by many Trojans. For WinSpy, open port 25 to monitor all windows and modules running on the computer.

Operation suggestion: if you do not want to set up an SMTP mail server, you can disable this port.

Port 53: port 53 is open to DNS (Domain Name Server) servers and is mainly used for Domain Name resolution. DNS is the most widely used in the NT System.

Port Description: port 53 is open to DNS (Domain Name Server) servers and is mainly used for Domain Name resolution. DNS is the most widely used in the NT System. You can use the DNS server to convert the domain name to the IP address. You only need to remember the domain name to quickly access the website.

Port Vulnerability: If the DNS service is enabled, hackers can analyze the DNS server to directly obtain the IP addresses of hosts such as Web servers, and use port 53 to break through some unstable firewalls to launch attacks. Recently, a U.S. company also announced 10 most vulnerable vulnerabilities, the first of which is the BIND vulnerability of DNS servers.

Operation suggestion: if the current computer is not used to provide the domain name resolution service, we recommend that you disable this port.

Port 67, port 68: port 67, and port 68 are opened for the Bootstrap Protocol Server and Bootstrap Protocol Client of The Bootp service respectively.

Port Description: port 67 and port 68 are opened for the Bootstrap Protocol Server and Bootstrap Protocol Client of The Bootp service respectively. Bootp is a remote startup protocol generated in early Unix versions. The DHCP service we often use is extended from the Bootp service. Through the Bootp service, you can dynamically allocate IP addresses to computers in the LAN without having to set static IP addresses for each user.

Port Vulnerability: If the Bootp service is enabled, Hackers often use a assigned IP address as a local router to launch attacks in man-in-middle mode.

Operation suggestion: We recommend that you disable this port.

Port 69: TFTP is a simple file transfer protocol developed by Cisco, similar to FTP.

Port Description: port 69 is open for the TFTP (Trival File Tranfer Protocol) service. TFTP is a simple File transfer Protocol developed by Cisco, similar to FTP. However, compared with FTP, TFTP does not have complex interactive access interfaces and authentication control. This service is suitable for data transmission between clients and servers that do not need complex exchange environments.

Port Vulnerability: many servers and The Bootp service provide the TFTP service, which is mainly used to download startup code from the system. However, because the TFTP service can write files to the system, and hackers can also use the incorrect configuration of TFTP to obtain any files from the system.

Operation suggestion: We recommend that you disable this port.

Port 79: port 79 is open for the Finger service. It is mainly used to query details of users such as online users of remote hosts, operating system types, and whether a buffer overflow occurs.

Port Description: port 79 is open for the Finger service. It is mainly used to query details of users such as online users of remote hosts, operating system types, and whether a buffer overflow occurs. For example, to display the user01 user information on the remote computer www.abc.com, you can type "finger user01@www.abc.com" in the command line.

Port vulnerabilities: Generally, hackers must use port scanning tools to obtain relevant information to attack the other's computers, for example, you can use port 79 to scan remote computer operating system versions, obtain user information, and detect known buffer overflow errors. In this way, hackers are prone to attacks. Port 79 is also used as the default port by the Firehotcker Trojan.

Operation suggestion: We recommend that you disable this port.

Port 80: Port 80 is open for HTTP (HyperText Transport Protocol, HyperText Transfer Protocol), which is the most widely used Protocol for surfing the Internet. It is mainly used in WWW (World Wide Web, World Wide Web) the Protocol for transmitting information on the service.

Port Description: Port 80 is open for HTTP (HyperText Transport Protocol, HyperText Transfer Protocol), which is the most widely used Protocol for surfing the Internet. It is mainly used in WWW (World Wide Web, World Wide Web) the Protocol for transmitting information on the service. We can access the website through the HTTP address plus ": 80" (that is often referred to as "web site"), such as http://www.cce.com.cn: 80, because the default port number of browser Web Service is 80, therefore, you only need to enter the URL without entering ": 80 ".

Port vulnerabilities: some Trojans can use port 80 to attack computers, such as Executor and RingZero.

Operation suggestion: In order to surf the Internet normally, we must enable port 80.

Port 99: port 99 is used for a service named "metemedirelay" (sub-countermeasure delay). This service is rare and generally unavailable.

Port Description: port 99 is used for a service named "metemedirelay" (sub-countermeasure delay). This service is rare and generally unavailable.

Port Vulnerability: although the metemedirelay service is not commonly used, trojan programs such as Hidden Port and NCx99 use this Port. For example, in Windows, ncx99can bind the cmd.exe program to Port 99, in this way, you can use Telnet to connect to the server, add users at will, and change permissions.

Operation suggestion: We recommend that you disable this port.

Port 109 and port 110: Port 109 is open for the POP2 (Post Office Protocol Version 2, Post Office Protocol 2) service, and port 110 is open for the POP3 (mail Protocol 3) service, POP2 and POP3 are mainly used to receive emails.

Port Description: Port 109 is open for the POP2 (Post Office Protocol Version 2, Post Office Protocol 2) service, and port 110 is open for the POP3 (mail Protocol 3) service, POP2 and POP3 are mainly used to receive mails. Currently, many POP3 servers support both POP2 and POP3. The client can use the POP3 protocol to access the mail service on the server. Currently, most mail servers on the ISP use this protocol. When using the email client, you must enter the POP3 server address. By default, port 110 is used.

Port vulnerabilities: POP2 and POP3 have many vulnerabilities while providing the mail receiving service. The POP3 Service has no less than 20 vulnerabilities in the user name and password exchange Buffer Overflow. For example, the WebEasyMail POP3 Server legal user name information leakage vulnerability allows remote attackers to verify the existence of user accounts. In addition, port 110 is also used by trojan programs such as ProMail trojan. port 110 can steal the user name and password of the POP account.

Suggestion: Open this port if the email server is running.

Port 111: port 111 is the port opened by SUN's Remote Procedure Call service. It is mainly used for internal process communication between different computers in a distributed system, RPC is an important component in a variety of network services.

Port Description: port 111 is the port opened by SUN's Remote Procedure Call service. It is mainly used for internal process communication between different computers in a distributed system, RPC is an important component in a variety of network services. Common RPC services include rpc. mountd, NFS, rpc. statd, rpc. csmd, rpc. ttybd, and amd. The RPC service is also available in Microsoft Windows.

Port vulnerability: a major vulnerability in sun rpc is the remote buffer overflow vulnerability in xdr_array functions in multiple RPC services. This vulnerability allows attackers to transmit excessive

  • 1
  • 2
  • 3
  • Next Page
[Content navigation]
Page 1st: port opening is dangerous. Common port Parsing Page 2nd: port opening is dangerous. Common port Parsing
Page 3rd: port opening is dangerous. Common port Parsing

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.