Port introduction: This article introduces the concept, classification, and how to turn off / open a port
21 ports: 21 ports are mainly used for FTP (File Transfer Protocol, File Transfer Protocol) services.
23 Port: 23 port is mainly used for Telnet (remote login) service, which is a universal login and emulator.
25 ports: 25 ports are open for SMTP (Simple Mail Transfer Protocol, Simple Mail Transfer Protocol) server, mainly to send mail, now most mail servers use this protocol.
53 ports: 53 ports are open for DNS (Domain Name Server, Domain Name Server) Server, mainly for domain name resolution, the most widely used in the NT system.
67,68 ports: 67, 68 ports are ports open for Bootstrap Protocol Server (Boot Protocol Services) and Bootstrap Protocol Client, respectively.
69 Port: TFTP is a simple file transfer protocol developed by Cisco, similar to FTP.
79 Port: 79 port is open to the Finger service, mainly used to query the detailed information of the remote host online user, operating system type, and whether the buffer overflow is more detailed.
80 port: 80 port is open to HTTP (Hypertext Transport Protocol, Hypertext Transport Protocol, Hyper Text Transfer Protocol), which is the largest protocol for online surfing, mainly for transmitting information on WWW (World Wide Web, World Wide Web).
99 port: 99 port is used for a service called "Metagram Relay" (sub-countermeasure delay), which is less common, usually not used.
109, 110 ports: 109 port is open to POP2 (Post Office Protocol Version 2, Post Office Agreement 2) service, 110 port is open to POP3 (Mail Protocol 3) service, POP2, POP3 is mainly used to receive mail .
111 Port: 111 Port is the port of Sun's RPC (Remote Procedure Call, Remote Procedure Call) service, mainly used for internal process communication of different computers in distributed systems, RPC is important in various network services s component.
113 ports: 113 ports are mainly used for Windows "Authentication Service" (authentication service).
119 port: 119 port is open to "Network News Transfer Protocol" is open.
135 ports: 135 ports are mainly used to use RPC (Remote Procedure Call, Remote Procedure Call) protocol and provide DCOM (Distributed Component Object Model) service.
137 Port: 137 port is mainly used for "NetBIOS Name Service".
139 Port: 139 Port is provided for "NetBIOS Session Service", mainly used to provide Windows files and printer sharing and Samba services in UNIX. 143 Port: 143 Port is mainly used for Internet Message Access Protocol V2 (Internet Message Access Protocol, Abbreviation IMAP).
161 Port: 161 port is used for "Simple Network Management Protocol" (Simple Network Management Protocol, Abbmp).
443 Port: 43 port is web browsing port, mainly for HTTPS services, is another HTTP that provides encryption and through security port.
554 Port: 554 Port By default, "Real Time Streaming Protocol" is used for "real time streaming protocol".
1024 Port: 1024 Port General is generally not fixed assigned to a service, the interpretation in English is "reserved".
1080 port: 1080 port is the port used by the SOCKS agent service, and the WWW service used by everyone usually uses the HTTP protocol for proxy service.
1755 Port: 1755 Port By default, "Microsoft Media Server" is used for "Microsoft Media Server," MMS).
4000 ports: 4000 ports are used for QQ chat tools that are often used, and then, that is, the port open for QQ clients, the port used by the QQ server is 8000.
5554 Port: On April 30 this year, there was a new worm-oscillating wave (Worm.SASSER) for Microsoft LSASS services, which used TCP 5554 ports to open an FTP service, mainly for viruses. Spread.
5632 Port: 5632 Port is the port that is opened by the remote control software pcanywhere familiar to.
8080 port: 8080 port is 80 ports, it is used for WWW proxy services, you can implement web pages
Port concept
In network technology, ports (port) are roughly related: First, ports in physical sense, such as ADSL MODEM, hub, switches, routers for connecting other network devices, such as RJ-45 port, SC port and many more. Second, the port in the logical sense, generally refers to ports in the TCP / IP protocol, the range of port numbers from 0 to 65535, such as 80 ports used to browse web services, and 21 ports for FTP services, and the like. What we will introduce this is the port in the logical sense.
Port classification
There are a variety of classification standards in the logical sense, and there will be two common categories:
1. Divide the port number distribution
(1) Well-KNown Ports
The well-known port is a well-known port number, range from 0 to 1023, which are generally fixed to some services. For example, the 21-port is assigned to the FTP service, and the 25-port is assigned to the SMTP (Simple Mail Transfer Protocol) service, and the 80-port is assigned to the HTTP service, and the 135 port is assigned to the RPC (remote procedure call) service.
(2) Dynamic ports
The range of dynamic ports range from 1024 to 65535, which are generally not fixed to a service, that is, many services can use these ports. As long as the running program proposes an application to the system, then the system can allocate one for the program from these port numbers. For example, 1024 port is assigned to the first program that issues an application to the system. After closing the program process, the occupied port number will be released. However, dynamic ports are often used by viral Trojans, such as the ice default connection port is 7626, Way 2.4 is 8011, NetSPY 3.0 is 7306, YAI virus is 1024, etc.
2. Divide the protocol type
According to the type of protocol, it can be divided into ports such as TCP, UDP, IP, and ICMP (Internet Control Message Protocol). The following main introductions TCP and UDP ports:
(1) TCP port
The TCP port, that is, the transmission control protocol port, needs to be connected between the client and the server, which can provide reliable data transmission. Commonly located 21 ports, Telnet services, Telnet services, 25 ports of the SMTP service, and 80 ports of the HTTP service.
(2) UDP port
UDP port, ie the user packet protocol port, no need to establish a connection between the client and the server, security is not guaranteed. The commonly used 53-port, SNMP (Simple Network Management Protocol) service 161 port, 8000 and 4000 ports used by QQ, and more.
View port
To view the port in Windows 2000 / XP / Server 2003, you can use the netstat command:
Click "Start → Run", type "cmd" and enter the host, open the command prompt window. Type "NetStat -a -n" in the command prompt state, and then press the back to the key to see the port number and status of the TCP and UDP connections (as shown) in digital form.
Small knowledge: NetStat command usage
Command format: netstat -a -e-n -o-S
-A represents the TCP connection to all active TCP connections and the TCP and UDP ports listening.
-E indicates that the number of bytes, the number of packets, and the like of the data packet are displayed.
-N represents the address and port number of all active TCP connections only in digital form.
-O represents the TCP connection to the active TCP and includes process ID (PID) of each connection.
-S indicates that the statistics of various connections are displayed by protocol, including port numbers.
Close / open port
Before introducing the roles of various ports, let's introduce how to turn off / open port in Windows, because by default, there are many unsecured or nothing ports that are open, such as the 23 port of Telnet service, The 21-port of the FTP service, the 25-port of the SMTP service, the 135 port of the RPC service, and the like. In order to ensure the security of the system, we can close / open the port by the following method.
Shut down port
For example, close the 25-port of the SMTP service in Windows 2000 / XP, you can do this: First open "Control Panel", double-click Administrative Tools, and double-click Services. Then find and double-click the "Simple Mail Protocol" service in the open service window, click the Stop button to stop the service, and then select "Disabled" and final click "OK in" Startup Type ". "Button. Thus, the SMTP service is closed is equivalent to closing the corresponding port.
Open port
If you want to turn on the port, just first select Auto, click the "OK" button, then open the service, click the "Start" button in Service Status to enable this port, and finally, single Click the "OK" button. Tip: There is no "service" option in Windows 98, you can use the firewall rule setting function to close / turn the port. 79 port
Port Description: The 79-port is open to the Finger service, mainly for querying the remote host online user, operating system type, and other users of the buffer overflow. For example, you want to display information on the user01 user on the remote computer www.abc.com, you can type "Finger User01@www.abc.com" in the command line.
Port Vulnerability: General hacker to attack the other party's computer, all through the corresponding port scanning tools, such as using "stream" to use the 79 port to scan the remote computer operating system version, obtain user information, can also detect Know the buffer overflow error. In this way, it is easy to encounter a hacker attack. Moreover, the 79-port is also used by Firehotcker Trojans as the default port.
Operating advice: It is recommended to turn off the port. 80 port
Port Description: 80 port is open to HTTP (Hypertext Transport Protocol, Hypertext Transport Protocol, Hyper Text Transfer Protocol), which is the largest protocol for online surfing, mainly for transmitting information on WWW (World Wide Web, World Wide Web). We can access the website through the HTTP address (ie, "URL"), such as http://www.cce.com.cn:80, because the browsing web service The default port number is 80, So just enter the URL, no need to enter ": 80".
Port Vulnerabilities: Some Trojans can use 80 ports to attack computers, such as Executor, Ringzero, etc.
Operational Suggestions: In order to be surfed normally, we must turn on the 80 port. 109 and 110 port
Port Description: 109 port is open to POP2 (Post Office Protocol version 2, post office protocol 2), 110 port is open to POP3 (Mail Protocol 3) service, POP2, POP3 is mainly used to receive mail, current POP3 is more use, and many servers support POP2 and POP3 at the same time. The client can use the POP3 protocol to access the server's mail service, and most of the most mail servers in ISP use this protocol. When using an email client program, you will be required to enter a POP3 server address. By default, it is 110 port (as shown).
Port Vulnerability: POP2, POP3 also has a lot of vulnerabilities while providing email reception services. A single POP3 service overflows in the username and password swap buffer, such as the WebEasyMail POP3 Server legal username information leak vulnerability, through which remote attacker can verify the existence of the user account. In addition, the 110 port is also utilized by the Trojan and other Trojan, and the POP account username and password can be steal through the 110 port.
Operating advice: If you are performing a mail server, you can open the port. 135 port
Port Description: 135 Port is mainly used to use the RPC (Remote Procedure Call, Remote Procedure Call) protocol and provide DCOM (Distributed Component Object Model) service, can ensure remote computer smoothly by RPC The code can be communicated directly from the network using DCOM, which can transfers across multiple networks including HTTP protocols. Port Vulnerability: I believe that many of the Windows 2000 and Windows XP users have been "shock wave" viruses, which uses RPC vulnerabilities to attack computers. The RPC itself has a vulnerability in handling the message exchange portion through TCP / IP, which is caused by a message incorrect in the format. The vulnerability affects an interface between RPC and DCOM, which is 135.
Operational Suggestions: In order to avoid the attack of the "shock wave" virus, it is recommended to close the port 137 port.
Port Description: 137 The port is mainly used for the "NetBIOS Name Service", which belongs to the UDP port. Users only need to send a request to the 137 port of a computer on the LAN or the Internet, you can get the name of the computer. , Registered user name, and whether the primary domain controller is installed, whether IIS is running.
Port Vulnerability: Because it is a UDP port, for an attacker, it is easy to obtain the relevant information of the target computer by sending a request, and some information can be used directly, and the vulnerability, such as IIS services. In addition, by capturing a packet that is communicating with the 137 port, it is also possible to obtain the startup and closing of the target computer, so that the special tool can be used to attack.
Operating advice: It is recommended to turn off the port. 139 port
Port Description: 139 Port is provided for "NetBIOS Session Service", mainly to provide Windows files and printer sharing and Samba services in UNIX. The service must be used in Windows to share files in the LAN. For example, in Windows 98, you can open the Control Panel. Double-click the Network icon. In the Configuration tab, click the "File and Print Shared" button to select the corresponding settings to install the service; in Windows 2000 / In XP, you can open the Control Panel, double-click the Network Connection icon, open your local connection properties; then, select Internet Protocol (TCP / IP) in the "General" tab of the Properties window, click Properties. Button; then in the open window, click the Advanced button; select the WINS tab in the Advanced TCP / IP Settings window, enable NetBIOS on the TCP / IP in the NetBIOS Settings area.
Port Vulnerability: Open 139 port Although you can provide sharing services, it is often used by attackers, such as port scan tools such as streaming, superscan, can scan the target computer's 139 port. If you find a vulnerability, you can try to get the username and Password, this is very dangerous
