佚名MYHACK58:62200613226Your port feel free to open, even on the go sharing your data-vulnerability warning-the black bar safety net
TCP port:the role,vulnerability,and operation in detail analysis
In the Internet, we often see the“port”of the word, also frequently used port numbers, such as in the FTP address behind the increase of“21”, and 21 indicates the port number. Then port what does that mean? How do I check port number? A port is a network of malicious attacks the gates?, the How should we face all kinds of Port? The following will introduce the aspect of content,for your reference.
21 port:21 port is mainly used for FTP(File Transfer Protocol, File Transfer Protocol)service.
Port description:21 port is mainly used for FTP(File Transfer Protocol, File Transfer Protocol)service, FTP service is mainly in order to between the two computers for file upload and download, a computer as a FTP client, another computer as theFTP server, you can use anonymous(anonymous)login and authorized user name and password to log in two ways to loginFTP server. Currently, through FTP
Windows can through the Internet Information Services(IIS)to provide FTP access and management, can also be installed separatelyFTP serversoftware to implement FTP functions, such as common FTP Serv-U.
Recommended action:because of the someFTP serverby anonymous login, so often hackers take advantage of. In addition, the 21 port will also be some Trojans use, such as Blade Runner, FTP Trojan, a Doly Trojan, WebEx, and so on. If no erectionFTP server recommends that the close the 21 port. 23 ports:23 port is mainly used for Telnet(remote login)service, is the Internet commonly used on the log on and simulation program.
Port:23 port is mainly used for Telnet(remote login)service, is the Internet commonly used on the log on and simulation program. Also need to set the client and server end, turn on the Telnet service of the client can log on to the remote Telnet server, use the authorization username and password to login. After login, allows the user to use the command prompt window perform the appropriate action. In Windows in Command Prompt window, type“Telnet”command to use Telnet to log in remotely.
Recommended action:use the Telnet service, hackers can search remote login Unix service, scanoperating systemtype. And in the Windows 2000 Telnet service there are multiple serious vulnerabilities such as elevation of Privilege, denial of service, etc., can make the remote server crash. The Telnet service of 23 the port also is TTS(Tiny Telnet Server)Trojan’s default port. Therefore, the proposed closed 23 port.
25 ports:25 port for the SMTP(Simple Mail Transfer Protocol, Simple Mail Transfer Protocol)server is the open, mainly used for send the mail, today the vast majority of mail servers use this Protocol.
Port description:port 25 for SMTP(Simple Mail Transfer Protocol, Simple Mail Transfer Protocol)server is the open, mainly used for send the mail, today the vast majority of mail servers use this Protocol. For example, we use e-mail client program, in create account when you will be asked to enter the SMTP server address, the server address used by default is 25 port.
Port vulnerability:
1. The use of port 25, a hacker can find the SMTP server for forwarded spam.
2. Port 25 is a lot of Trojan programs open, such as Ajan, an Antigen, Email Password Sender, ProMail, a trojan, a Tapiras, The Terminator, the WinPC, And WinSpy and so on. Get WinSpy to say, through the open port 25, you can monitor the computer running all the Windows and modules.
Recommended action:if not to set up the SMTP mail server, the port is closed.
53 ports:53 port for the DNS(Domain Name Server, domain name server)server the open, mainly for domain name resolution, DNS service in the NT system used the most widely used.
Port description:port 53 for DNS(Domain Name Server, domain name server)server the open, mainly for domain name resolution, DNS service in the NT system used the most widely used. Through a DNS server can achieve domain name and IP address conversion between, just remember the domain name you can quickly access the website.
Port vulnerability:if the open DNS service, the hacker can be through the analysis of DNS server and direct access tothe Web serverand the host’s IP address, then use port 53 break some instability of the firewall, so as to implement the attack. Recently, the American company has also announced the 10 most vulnerable to the hackers attack the vulnerability, wherein the first bit is the DNS server the BIND vulnerability.
Recommended action:if the current computer is not used to provide domain name resolution services, it is recommended to disable the port.
67 and 68 port:67, 68 of the ports are for the Bootp service Bootstrap Protocol Server(bootstrap Protocol server)and the Bootstrap Protocol Client(bootstrap Protocol client)and open ports.
Port description:67 and 68 ports are for the Bootp service Bootstrap Protocol Server(bootstrap Protocol server)and the Bootstrap Protocol Client(bootstrap Protocol client)and open ports. The Bootp service is one produced in the early Unix remote boot Protocol, we now often use the DHCP service from the Bootp service extension. Through a Bootp service can be for LAN computer dynamic assign IP addresses, without the need for each user to set a static IP address.
Port vulnerability:if the open Bootp services, often used by hackers allocation of an IP address as a local router through the“middleman”(man-in-middle)way to attack.
Recommended action:it is recommended to close the port.
69 port:TFTP is a Cisco developed a simple File Transfer Protocol similar to FTP.
Port:69 port for TFTP(Trival File Tranfer Protocol, a secondary File Transfer Protocol)service open, TFTP is a Cisco developed a simple File Transfer Protocol similar to FTP. But with FTP compared, TFTP has no complex interactive access interface and authentication control, the service applies to does not require complex Exchange environment between the client and server for data transmission.
Port vulnerability:many servers and Bootp services to provide the TFTP service, the main is used from the system to download boot code. However, because the TFTP service in the system can be written in the file, but hackers can also use the TFTP error configuration from the system to obtain any of the files.
Recommended action:it is recommended to close the port.
79 ports:79 port is for the Finger service is open, mainly used to query the remote host online users, theoperating systemtype and on whether buffer overflows and other user details.
Port description:79 port is for the Finger service is open, mainly used to query the remote host online users, theoperating systemtype and on whether buffer overflows and other user details. For example, to display the remote computer www. abc. com on the user01 user information, you can in the command line, type“finger [email protected]”.
Port vulnerability:General hackers to attack other computers, are through the corresponding port scanning tools to obtain relevant information, such as using the“streamer”you can use the 79 port scan a remote computeroperating systemversion, get user information, but also be able to detect a known buffer overflow error. Thus, it is vulnerable to hackers. Moreover, 79 port is also Firehotcker Trojans as the default port.
Recommended action:it is recommended to close the port.
Port 80:port 80 is for HTTP(HyperText Transport Protocol, Hypertext Transfer Protocol)open, which is to surf the Internet the most used Protocol, mainly used in the WWW(World Wide Web, World Wide Web)services to transmit information of the Protocol.
Port description:80 port for HTTP(HyperText Transport Protocol, Hypertext Transfer Protocol)open, which is to surf the Internet the most used Protocol, mainly used in the WWW(World Wide Web, World Wide Web)services to transmit information of the Protocol. We could HTTP address plus“:80”(i.e., often said of the“site”)to access the site, such as http://www. cce. com. cn:80, because the browse the Web service the default port number is 80, so just enter the URL, do not enter“:80 for”.
Port vulnerability:some Trojans may use port 80 to attack a computer, such as Executor, the RingZero.
Operating recommendation:in order to be able to normally surf the Internet, we must open port 80.
99 ports:99 port isFor the one named“Metagram Relay”(sub-response delay)service, which is relatively rare, generally less than.
Port description:99 port is used for a named“Metagram Relay”(sub-response delay)service, which is relatively rare, generally less than.
Port vulnerability:although the“Metagram Relay”service is not common, but Hidden Port, NCx99 other Trojan programs use this port, such as in Windows 2000, NCx99 can put the cmd. exe program is bound to 99 ports, so that with Telnet you can connect to the server, feel free to add users, change permissions.
Recommended action:it is recommended to close the port.
109 and 110 port:109 port for POP2(Post Office Protocol Version 2 Post Office Protocol 2)Service open 110 port for POP3(mail Protocol 3)Service open, POP2, POP3 is mainly used to receive mail.
Port description:109 port is for the POP2(Post Office Protocol Version 2 Post Office Protocol 2)Service open 110 port for POP3(mail Protocol 3)Service open, POP2, POP3 is mainly used for receiving mail, the current POP3 use more, many servers support both POP2 and POP3. Clients can use the POP3 Protocol to access the service side of the Mail Service, and now the ISP’s vast majority of mail servers are using the protocols. In the use of e-mail client program, will be asked to enter the POP3 server address, by default used is the 110 port.
Port vulnerability:POP2, POP3, providing mail receiving services at the same time, also appeared a lot of loopholes. Only POP3 service user name and password exchange buffer overflow vulnerability is less than 20, such as WebEasyMail POP3 Server legitimate user name information disclosure vulnerability through the vulnerability a remote attacker can verify that the user account exists. In addition, the 110 port is also ProMail trojan or other Trojan program utilized by Port 110 can steal the POP account user name and password.
Operation recommendation:if you are performing a mail server, you can open the port.
111 port:111 port is SUN’s RPC(Remote Procedure Call, remote procedure call)services are open ports, mainly for the distributed system to a different computer’s internal process communication, RPC in a variety of network services are very important components.
Port:111 port is SUN’s RPC(Remote Procedure Call, remote procedure call)services are open ports, mainly for the distributed system to a different computer’s internal process communication, RPC in a variety of network services are very important components. Common RPC services rpc. mountd, NFS, rpc. statd, rpc. csmd, rpc. ttybd, amd, and so on. In Microsoft Windows, also has the RPC service.
Port vulnerability:SUN RPC has a relatively large loopholes, that is, in the plurality of the RPC service when the xdr_array function in the presence of a remote buffer overflow vulnerability by the vulnerability allows an attacker to transfer Super
113 port:113 port is mainly used for Windows,“Authentication Service”(Authentication Service).
Port:113 port is mainly used for Windows,“Authentication Service”(Authentication Service), generally with the network connection of the computer running the service, mainly used to verify the TCP connection of the user, by the service can get connected computers information. In Windows 2000/2003 Server, the IAS Assembly, through which the components can be easily remote access authentication and Policy Management.
Port vulnerability:113 port although you can facilitate identity verification, but also are often used as FTP, POP, SMTP, IMAP, and IRC network services such as the recorder, this will be the appropriate Trojan program utilized, such as based on IRC chat rooms to control the Trojan. In addition, the 113 port is still Invisible Identd Deamon, a Kazimas other Trojan default open port.
Recommended action:it is recommended to close the port.
119 port:119 port is for“Network News Transfer Protocol”(network newsgroup Transport Protocol, referred to as NNTP)open.
Port:119 port is for“Network News Transfer Protocol”(network newsgroup Transport Protocol, referred to as NNTP)open, mainly for the newsgroup of the transmission, when looking for USENET server will use the port.
Port vulnerability:the famous Happy99 worm virus default open is 119 port, if the virus will continue to send e-mail to spread, and cause the network blockage.
Recommended action:if it is frequently used USENET newsgroups, it is necessary to note that the unscheduled shutdown of the port. 135 port:135 port is mainly used to use RPC(Remote Procedure Call, Remote Procedure Call)Protocol and provides DCOM(distributed Component Object Model)service.
Port description:135 port is mainly used to use RPC(Remote Procedure Call, Remote Procedure Call)Protocol and provides DCOM(distributed Component Object Model)service, RPC can be guaranteed on a computer running the program can be successfully executed on the remote computer code;use DCOM through the network to communicate directly, to be able to cross-include the HTTP Protocol, including a variety of network transmission.
Port vulnerability:to believe that last year, many Windows 2000 and Windows XP users in the“Blaster”Virus, the virus is to use RPC vulnerability to attack computers. The RPC itself in the process through TCP/IP the message exchange part of a vulnerability, the vulnerability is due to incorrect handling of malformed messages caused. The vulnerability affects the RPC and DCOM between the A interface, the interface of the listener port is 135 in.
Operation recommendation:to avoid the“Blaster”virus attack, it is recommended to disable the port.
137 port:137 port is mainly used for“NetBIOS Name Service”(NetBIOS name service).
Port:137 port is mainly used for“NetBIOS Name Service”(NetBIOS name service), belonging to UDP port, the user only needs to the local area network or the Internet on a computer 137 Port to send a request, you can get the computer name, registered user name, and whether to install a primary domain controller, IIS is running and other information.
Port vulnerability:because it is UDP port, for an attacker, by sending request for easy access to the target computer the relevant information, some information is directly can be used, and the analysis of vulnerabilities, such as IIS services. In addition, by capturing a being the use of 137 ports to communicate information packets may also get the target computer startup and shutdown time, so that you can use specialized tools to attack.
Recommended action:it is recommended to close the port.
139 port:139 port is for the“NetBIOS Session Service”provided mainly used to provide Windows file and Printer Sharing, and Unix in the Samba service.
Port description:139 port is for the“NetBIOS Session Service”provided mainly used to provide Windows file and Printer Sharing, and Unix in the Samba service. In Windows to in the LAN for file sharing, you must use the service. For example, in Windows 98, you can open“Control Panel”, double-click the“network”icon in the“Configuration”tab, click“File and print sharing”button select the appropriate settings can be installed to enable the service;in Windows 2000/XP, you can open the“Control Panel”, double-click“Network Connections”icon, open the Local Area Connection Properties;then, in the Properties window of the“General”tab, select“Internet Protocol(TCP/IP)”, click“Properties”button;then in the window that opens, click the“Advanced”button;in the“advanced TCP/IP settings”window, select“WINS”tab, in the“NetBIOS setting”area to enable TCP/IP on the NetBIOS on.
Port vulnerability:open 139 port although you can provide shared services, but often is the attacker using to attack, such as the use streamer, SuperScan other port scanning tools, can scan the target computer 139 port, if found to have vulnerabilities, may attempt to obtain a user name and password, which is very dangerous.
Recommended action:if you do not need to provide file and printer sharing, it is recommended to disable the port.
143 port:143 port is mainly used for“Internet Message Access Protocol”v2(Internet Message Access Protocol, referred IMAP).
Port:143 port is mainly used for“Internet Message Access Protocol”v2(Internet Message Access Protocol, referred IMAP), and POP3 is for receiving e-mail Protocol. Through the IMAP Protocol we can not receive mail case, to know the letter content, to facilitate the management server in the e-mail. However, with respect to the POP3 Protocol to be responsible for some. Today, most of the mainstream email client software supports this Protocol.
Port vulnerability:the same as the POP3 Protocol port 110 as IMAP use 143 Port also exists a buffer overflow vulnerability through the vulnerability can obtain a user name and password. In addition, there is one called“admv0rm”Linux worm virus will use the port for breeding.
Operation recommendation:if not using the IMAP server operation, should this port closed.
161 port:161 port is used for“Simple Network Management Protocol”(Simple Network Management Protocol, referred SNMP).
Port description:port 161 is used for“Simple Network Management Protocol”(Simple Network Management Protocol, referred SNMP), the Protocol is mainly used for managing TCP/IP network Protocol on Windows by SNMP service can provide information on the TCP/IP network on the host as well as a variety of network devices status information. Currently, almost all network equipment manufacturers are implementing SNMP support.
In Windows 2000/XP to install the SNMP service, first we can open the“Windows Components Wizard”in the“components”select“management and monitoring tools”, click“detailed information”button you can see“Simple Network Management Protocol(SNMP)”, select the component;then, click“Next”to install the.
Port vulnerability:because SNMP can be obtained in a network of various device state information, can also be used for network control, so the hack can be through SNMP vulnerabilities to completely control the network.
Recommended action:it is recommended to close the port 443 to port:443 port i.e. web browsing port, is mainly used for HTTPS service is to provide encryption and through a secure port of another HTTP.
Port description:port 443 IE web browse port, is mainly used for HTTPS service is to provide encryption and through a secure port of another HTTP. In some of the higher security requirements of the site, such as banking, securities, shopping, etc., are using the HTTPS service, so that on these sites the exchange of Information other people are unable to see, to ensure the security of transactions. The web address to https://to start, instead of common http://.
Port vulnerability:the HTTPS service is generally through SSL(Secure Sockets Layer)to ensure security, but the SSL vulnerability could be subject to hacker attacks, for example, can black out online banking system to steal credit card numbers, etc.
Recommended action:it is recommended to open the port, for the security of Web Access. In addition, in order to prevent hacker attacks, you should promptly install Microsoft for SSL vulnerabilities the latest security patches.
554 port:554 port by default for“Real Time Streaming Protocol”(real time streaming Protocol, referred to as RTSP).
Port:554 port by default for“Real Time Streaming Protocol”(real time streaming Protocol, referred to as RTSP), the Protocol is by RealNetworks and Netscape Co-presented by the RTSP Protocol by means of Internet streaming media file is transmitted to the RealPlayer in the player, and can effectively and maximize the use of limited network bandwidth, the transmission of streaming media files are generally Real Server Publishing, including the. rm,. ram. Today, many of the download software support RTSP Protocol, such as FlashGet, audio and video conveyor belt and so on.
Port vulnerability:currently, the RTSP Protocol of the discovered vulnerability is mainly RealNetworks early release of Helix Universal Server there is a buffer overflow vulnerability, relatively speaking, to use the 554 port is safe.
Operating recommendation:in order to be able to enjoy and download to RTSP Protocol streaming media files recommended to open the 554 port.
1024 port:1024 port is generally not permanently assigned to a service in English in the explanation is“Reserved”(reservations).
Port:1024 port is generally not permanently assigned to a service in English in the explanation is“Reserved”(reservations). Before, we mentioned the dynamic port range is from 1024 to 65535 and 1024 is exactly what dynamic port the start. The port is generally assigned to the first to system an application for service, the closing service of the time, it will release the 1024 port, waiting for other service calls.
Port vulnerability:the famous YAI Trojan virus is used by default is 1024 port, through which the Trojan can remotely control the target computer, get the computer screen image, recording keyboard events, access password, etc., the consequences are more serious.
Operation suggestions:the General antivirus software can easily be YAI virus killing, so in the confirmation no YAI Virus the case of the proposal to open the port.
Small posts disabilities: in windows2000 and above versions, in the command prompt mode with
netstat-an
The command can identify your computer to open what port, for high-end port be sure to pay attention to see is not in someone’s Trojan horse, Trojan horse software is generally own downloaded from the Internet or from someone else to file to run only after the kind, so we in the usual Internet life be sure to pay attention do not from reliable website, download the software, or receive someone else to give you the executable file, the Trojan can be removed manually, or use some external software to delete.