Restrictions on Linux external ports

Brief Introduction to restrictions on external Linux ports: When we enable a daemon, the host Port may be Listen, at this moment, daemon is already providing services on the network. Www.2cto.com what is port: network connection is [two-way]. To achieve a server/client connection, a set of Socket pair is required to establish the connection. Host listening (Listen): the port enabled by the host is actually started by some network services (program. For the convenience of connection, the ports opened by many services are fixed. Www <-> 80 mail <-> 25 client port: is randomly generated, mainly to enable> 1024 or above port, this port is also generated by some software. The so-called [listener] means that a service program will remain resident in the memory, so the port started by the program will always exist. As for the port judgment in the transmission process, it is recorded by the header data of the TCP/UDP communication protocol. Www.2cto.com: A total of 65536 ports are divided into two parts, separated by 1024. Ports smaller than or equal to 1023 must be started as root. These ports are mainly used for some common communication services. It is recorded in/etc/services. What really harms security is [some insecure services] rather than [What ports are enabled] observing port: netstat and nmap netstat: monitor your port nmap with your own program on the local machine: it can detect non-local network hosts through network detection software, but there is a risk of violation. A tool used by the system administrator to manage system security check! Network services listed in the listener: netstat-tunl list online network statuses: netstat-tun Delete established or online: netstat-tunp
Nmap [scan type] [scan parameters] [hosts address and range] Use preset parameters to scan port: nmap localhost enabled on the local machine and analyze TCP/UDP communication protocols at the same time: nmap-sTU localhost learn how many hosts are in your network: nmap-sP 192.168.10.0/24 based on the above to detect the Start port of each host: enable and disable stand alone and super daemon stand alone for nmap 192.168.10.0/24 Port: directly executes the Service's execution file so that the execution file can be directly loaded into the memory, this method enables the Service to respond quickly. Usually placed in super daemon under/etc/init. d/: Use a super service as the manager to manage some network services. /Etc/xinetd. d. The response speed is slow. You can use super daemon to provide additional control measures, such as when to start and when to start online. To disable port 25 on www.2cto.com, follow these steps: 1. netstat-tnlp 2. locate master | grep '/master $' 3. rpm-qf/usr/libexec/postfix/master 4. rpm-qc postfix | grep init process: find out the service suite ---> rpm query function to learn the role of the Service ---> disable Telnet to start the system 1. [rpm-qa | grep telnet-server] Use rpm query to check whether telnet is installed -server 2, not installed, yum install telnet-server 3. edit/etc/xinetd because it is under super daemon control. d/telnet this file, set [disable = no] to restart super daemon. /Etc/init. d/xinetd restart 4. Use netstat-tulp to check whether port 23 is enabled. Set the service to be started upon startup. 1. Check whether portmap is enabled and run the following command: chkconfig -- list | grep portmap and runlevel check whether your environment and portmap start www.2cto.com 2. If it is started, how to change it to start when it is started? A: If it is started, you can use [chkconfig -- level 35 portmap off] To set whether to start the service at startup. 3. How to immediately disable the portmap service? A: You can use [/etc/init. d/portmap stop: To immediately turn off the Common System Service acpid that must exist: the new power management module, which is usually recommended to be enabled. Atd: to manage a single scheduled command execution service, it should be started. Crond: to manage important services in the Job Schedule, be sure to start iptables: firewall software built in Linux. This can also be started. keytables: If your keyboard is in an informal format, the startup of this service can help you.
Network: sshd is required for the network: this system will be started by default, so that you can log on to the terminal in the form of text. Oh syslog: system login file records, very important, be sure to start xinetd: the super daemon! So start it too! Xfs: a service used to manage x window data. If you need x window, this service must be started. Www.2cto.com: Check the number of ports on the host that have been opened. netstat-tunlp: Check whether the listening port and the corresponding netstat-tunp online nmap IP address are created on the Linux host [ps-aux] or [top, in addition, [pstree-p] can understand the dependencies of all programs, while [lsof] can view the files opened by all programs! The relationship between LISTEN port and daemon: the ports in LISTEN are all started by some daemon, so you have to enable a service to start the port, to know which daemon is started for a port, use netstat-tulp. Stand alone & super daemon: Linux services can be started independently (stand alone) and super daemon. Services hanging under super daemon can be controlled by super daemon to enhance some security functions. However, as super daemon management is required, therefore, the connection speed of the service is a little slower than that of stand alone. The scripts started and closed by www.2cto.com daemon and the directory where the files are stored/etc/init. d/scripts/etc/rc for startup and shutdown of various daemons. d/init. d Red Hat system/etc/xinetd. d super daemon Control Parameter blocking service: using the three-way grip program vulnerability, multiple clients continuously send the online requirements of tcp packets, however, we ignore the SYN/ACK packets on the server. As a result, the server will continue to start many ports waiting for the response from the client. We know that there are 65536 ports in general. In case it is used up, then the system network is paralyzed! Therefore, DDoS can cause system network paralysis. In addition, the network bandwidth is also used up because multiple clients have requirements at the same time.