In addition to reconnaissance IP, there is also one-port scan in the hacker's detection mode. "Port scans" allow you to know which services, ports are open and not used (which you can understand to find the channel to the computer) that is being scanned.
first, port scanning
Easy to find remote port scanning tools, such as Superscan, IP Scanner, Fluxay (streamer), etc. (Figure 1), which is the "streamer" of the test host 192.168.1.8 port scan results. From there, we can clearly see which of the host's very ports are open, whether it supports FTP, Web services, and whether the FTP service supports "Anonymous" and the IIS version, and whether there are IIS vulnerabilities that can be successfully compromised.
second, blocking port scanning
There are two ways to prevent port scanning:
1. Close idle and potentially dangerous ports
This method is somewhat "inflexible", and its essence is to shut down all other ports on the normal computer port that all users need to use. Because as far as hackers are concerned, all ports can be the target of an attack. In other words, "all outgoing ports of the computer are potentially dangerous", while some system-necessary communication ports, such as HTTP (80-port) required to access the Web page, and QQ (4000-port) cannot be shut down.
It is convenient to turn off some idle ports in the Windows NT core system (Windows 2000/xp/2003), which can be directed to turn off the port for the specified service and to open only the allowed ports. Some of the computer's network services will have system-assigned default ports, shut down some unused services, and their corresponding ports will be closed (Figure 2). Go to Control Panel, administrative tools, services, and shut down some unused services (such as the FTP service, DNS service, IIS Admin service, and so on) and their corresponding ports are deactivated. As for the "Only open allow port", you can use the system's "TCP/IP Filtering" feature, set up, "only allow" some of the system's basic network communication needs of the port (for "TCP/IP filtering," see the current issue of application).
2. Check ports for port scan symptoms, and immediately block the port
This method of preventing port scanning is clearly not possible for users to do their own hand, or it is quite difficult to complete, need software. These software is our common network firewall.
The firewall works by first checking every packet that arrives on your computer, and before any software that is running on your machine is seen, the firewall has a full veto, which can prevent your computer from receiving anything on the Internet. When the first request to establish a connection is answered by your computer, a "TCP/IP Port" is opened; when the port is scanned, the other computer is constantly connected to the local computer, and gradually opens the corresponding "TCP/IP Port" and idle port for each service, and the firewall is judged by its own interception rules, will be able to know whether the other side is scanning the port, and intercept the other sent over all the scanning required packets.
Now on the market almost all network firewalls can withstand port scanning, after the default installation, should check some firewall blocked port scan rule is selected, otherwise it will release port scan, but only in the log left information.
The hacker's preparation before the attack is complete. In future content, it will be turned into formal intrusion, theft, and attacks, and other specific introductions.
