First, you should declare that the port of the "hidden" server program is not using rootkit to use NetStat.exe, Fport.exe, Mport.exe, Activeport, etc. to view the port. The program cannot detect the port opened, and "hidden" here refers to the scan or connection of the remote user. Now I will first take some basic TCP network knowledge: Generally, the TCP connection that everyone knows is involved in three handshakes. First, the customer first sends a SYN package to the server, and then send back to a SYN-ACK packet to the customer. (If the port coming over is a service in handling the connection), the client sends an ACK packet to the server side, then the TCP connection is established. After the connection is established, the client and the server can be exchanged. Data into the other party. Then go to the traditional server code: 1. Bind a port 2. Wait a new connection, and use different ways to process these new connection requests (synchronous, asynchronous, blocking, non-blocking) code: CODZ:
int main () {WSADATA wsaData; SOCKET ListenSocket, AcceptSocket; struct sockaddr_in Client; int ClientSize = sizeof (Client); USHORT port = 1234; struct sockaddr_in service; WSAStartup (MAKEWORD (2,2), & wsaData); ListenSocket = socket ( AF_INET, SOCK_STREAM, IPPROTO_TCP); service.sin_family = AF_INET; service.sin_port = htons (port); service.sin_addr.s_addr = htonl (INADDR_ANY); bind (ListenSocket, (SOCKADDR *) & service, sizeof (SOCKADDR)); listen (ListenSocket, 8); while (TRUE) {AcceptSocket = WSAAccept (ListenSocket, & Client, & ClientSize, NULL, 0); // Trap The Error & Handle The New Client Request} closesocket (ListenSocket); WSACleanup (); return 0; }
The above code is basically more than 95% of the server programs to use this way, or even if the code is different, it is also the same work. This method is nothing wrong, but the biggest shortcoming is whether the new connection is the server. Allow or refuse, the client can know that the server port is open (the above example is TCP port 1234), because this way is completed three handshakes, so remote users use traditional TCP connection scanning, or SYN scanning It can be known that TCP port 1234 is open.
Question: Is there a way to do not allow the server program to reject the remote address to know that the port of the server is open and serviced?
The answer is yes. Microsoft itself has an API to do, and the code we have is also useful to this API, that is, WSAAccept (). What we need to do is to change the fourth parameter of this API, and more Add some code to implement the "hidden" server port mentioned by the topic.
Complete Test Source Code:
CODZ:
#include
Some people will say that the use of firewalls can also be realized, that is of course, but if the server program itself can be implemented, why bother to load the firewall to achieve such a function? The above information is tested by writing code, it should be no problem. The method is to find out in the case where the server program itself is written when the code is written. If there is any mistake, please point out
