端口的关闭(献给同样是菜鸟的你)(The port is closed (for the same rookie you are))
端口的关闭(献给同样是菜鸟的你)(The port is closed (for the
same rookie you are))
23 port closed (easy to fully control the computer): 1, my computer, right, 2 find service, 3 in the right side of the service to find telnet. 4 ban.
25 ports can do this: first, open the control panel, double-click the administrative tools, and then double-click the service". Then in the service window to find and double-click the Simple Mail Transfer Protocol (SMTP) service, click the "stop" button to stop the service, and then in the "startup type" select "disabled", then click "OK" button. In this case, shutting down the SMTP service is equivalent to shutting down the corresponding port.
137-138.445 port closing method: right click - network neighbor - property / local connection - attributes, in the Microsoft network client before the hook removed, which will turn off the 445. Then also the Microsoft network files and printers share the hook also removed, then shut down 137-138.
139 port right point network neighbor - Property - local connection - properties click Internet / (TCP/IP), then point below properties - point advanced. At the top of the column appears the IP settings / DNS/WINS/ option, then click WINS, and below, there is the NETBIOS setting, change the default to the TCP/IP on the disabled NETBIOS, and make sure
Close the 445 port open the registry, find the HKEY LOCAL machine
\\machine\\system\\currentcontrolset\\srvices\\netbt\\parmeters\\ to create a name for the ambdebiceenabled DWORD value in the parameters sub item below, set to 0 on the line
Turn off the 3389 port: right-click My Computer and remove the hook that allows my computer.
Attach a function of each port: turn off when you don't use it
Port 0
Service Reserved
Instructions are usually used to analyze operating systems. This method works because in some systems, "0" is an invalid port, and when you try to connect to it with the usual closed port, different results are produced. A typical scan, using the IP address of 0.0.0.0, setting the ACK bit, and broadcasting on the Ethernet layer.
Port 1
Service tcpmux
This shows that someone is looking for the SGI Irix machine. Irix is the primary provider of tcpmux implementation, and by default, tcpmux is opened in this system. The Irix machine is issued with several default password free accounts, such as IP, GUEST, UUCP, NUUCP, DEMOS, TUTOR, DIAG, OUTOFBOX, and so on. Many administrators forget to delete these accounts after installation. So HACKER searches for tcpmux on INTERNET and
takes advantage of these accounts.
Port 7
Service Echo
Describes information that can be sent to X.X.X.0 and X.X.X.255 when you see many people searching for Fraggle amplifiers.
Port 19
Service Character Generator
This is a service that sends only characters. The UDP version will respond to packets containing spam characters after receiving the UDP package. The TCP connection sends a data stream containing garbage characters until the connection is closed. HACKER uses IP spoofing to launch DoS attacks. Forge UDP packages between two chargen servers.
Similarly, the Fraggle DoS attack broadcasts a packet of fake victim IP to this port of the target address, in which the victim is overloaded to respond to the data.
Port 21
Service FTP
Describes the ports open to the FTP server for uploading and downloading. The most common attackers are looking for ways to open anonymous's FTP server. These servers have a readable
directory. Trojans, Doly, Trojan, Fore, Invisible, FTP, WebEx, WinCrash, and Blade Runner are open ports.
Port 22
Service Ssh
The connection between the PcAnywhere and the port created by TCP might be to look for ssh. This service has many weaknesses, and if configured into a specific pattern, many versions of the RSAREF library will have quite a few holes.
Port 23
Service Telnet
Explains remote login and intruder's service in search of remote login UNIX. In most cases, the port is scanned to find the operating system that the machine is running. And using other techniques, intruders will find passwords. Trojan Tiny Telnet Server opens this port.
Port 25
Service SMTP
Describes the ports open to the SMTP server for sending messages. Intruders look for SMTP servers to pass on their SPAM. The intruder accounts are closed, and they need to connect to the high bandwidth E- MAIL server and pass simple messages to different addresses. Trojan horse, Antigen, Email, Password,
Sender, Haebu, Coceda, Shtrilitz, Stealth, WinPC and WinSpy are all open to this port.
Port 31
Service MSG Authentication
Explain the Trojan Master Paradise, Hackers Paradise open this port.
Port 42
Service WINS Replication
Explains WINS replication
Port 53
Service Domain, Name, Server (DNS)
Describes the ports open to the DNS server. The intruder may attempt to pass through TCP, cheat DNS (UDP), or hide other communications. As a result, firewalls often filter or record this port.
Port 67
Service Bootstrap Protocol Server
Explains that firewalls through DSL and Cable modem often see large amounts of data sent to the broadcast address
255.255.255.255. These machines are requesting an address from the DHCP server. HACKER often enters them and allocates an address to launch a large number of man-in-middle attacks as a local router. The client broadcasts the request configuration to the 68 port, and the server broadcasts the response request to the 67 port. This response is broadcast because the client does not yet know the IP address that can be sent.
Port 69
Service Trival File Transfer
This shows that many servers provide this service along with BOOTP, which makes it easy to download boot code from the system. However, they often make it possible for an intruder to steal any files from the system due to a configuration error. They can also be used to write files to the system.
Port 79
Service Finger Server
Explains that the intruder is used to obtain user information, query operating systems, detect known buffer overflow errors, and respond to Finger scans from their machines to other machines.
Port 80
Service HTTP
Instructions for web browsing.
Trojan Executor opens this port.
Port 99
Service Metagram Relay
Show that the backdoor program ncx99 opens this port.
Port 102
Service Message, transfer, agent (MTA), -X.400, over, TCP/IP
Explains the message transfer agent.
Port 109
Service Post, Office, Protocol, -Version3
Explains that the POP3 server opens the port for receiving mail, and the client accesses the server's mail service. POP3 services have many recognized weaknesses. There are at least 20 vulnerabilities related to the user name and password exchange buffer overflow, which means that intruders can enter the system before they actually log in. There are other buffer overflow errors after successful login.
Port 110
Service all ports of RPC services of SUN company
Note that common RPC services include rpc.mountd, NFS, rpc.statd, rpc.csmd, rpc.ttybd, AMD, and so on
Port 113
Service Authentication Service
Note that this is a protocol running on many computers to identify users of TCP connections. Using this standard service, you can get information about many computers. However, it can serve as a logger for many services, especially FTP, POP, IMAP, SMTP, and IRC services. Typically, if many clients access these services through the firewall, they will see many of the connection requests for this port. Remember, if you block this port, the client will feel a slow connection to the E-MAIL server on the other side of the firewall. Many firewalls support the TCP connection during the blocking process and send back RST. This will stop the slow connection.
Port 119
Service Network, News, Transfer, Protocol
Describes the NEWS newsgroup transport protocol that hosts USENET communications. The connection to this port is usually for people looking for USENET servers. Most ISP restrictions only their customers can access their newsgroup servers. Opening the Newsgroup server will allow you to send / read anyone's posts, access restricted newsgroups servers, anonymously post or send SPAM.
Port 135
Service Location Service
Note that Microsoft runs DCE RPC end-point mapper on this port for its DCOM service. This is similar to the functionality of the UNIX 111 port. Using DCOM and RPC services, register their locations using the end-point mapper on your computer. When remote clients connect to the computer, they look for end-point mapper to find the location of the service. Is this port for the HACKER scan computer to find the Exchange Server running on this computer? What version? There are also DOS attacks directed directly at this port.
Ports 137, 138, 139
Service NETBIOS Name Service
Note that 137 and 138 are UDP ports, which are used when transferring files through an online neighbor. 139
The port through which this port enters the connection attempts to obtain the NetBIOS/SMB service. This protocol is used for windows file and printer sharing and SAMBA. And WINS Regisrtation uses it too.
Port 143
Service Interim, Mail, Access, Protocol, V2
As with the security problems of POP3, many IMAP servers have a buffer overflow vulnerability.
Remember: a LINUX worm (admv0rm) will propagate through this port, so many of the ports are scanned from unsuspecting, infected users. These vulnerabilities become popular when REDHAT defaults to IMAP in their LINUX release. This port is also used in IMAP2, but it is not popular.
Port 161
Service SNMP
Explains that SNMP allows remote administration of devices. All configuration and operation information is stored in the database, and this information can be obtained through SNMP. Many administrators' error configurations will be exposed to Internet. Cackers will attempt to access the system using the default password public and private. They may try all possible combinations. The SNMP packet may be incorrectly pointing to the user's network.
Port 177
Service X, Display, Manager, Control, Protocol
Explains how many intruders access the X-windows console through it, and it also needs to turn on the 6000 port.
Port 389
Service LDAP, ILS
Explains the light directory access protocol and the NetMeeting Internet Locator Server share this port.
Port 443
Service Https
Describes web browsing ports that provide encryption and another type of HTTP that can be transmitted over secure ports.
Port 456
Service [NULL]
Explain the Trojan HACKERS PARADISE open this port.
Port 513
Service Login, remote login
A broadcast from a UNIX computer that uses cable, modem, or DSL to log into a subnet. These people provided information for intruders entering their systems.
Port 544
Service [NULL]
Explains Kerberos kshell
Port 548
Service Macintosh, File, Services (AFP/IP)
Explains Macintosh, file services.
Port 553
Service CORBA IIOP (UDP)
Explains that the port will be broadcast using cable, modem, DSL, or VLAN. CORBA is an object-oriented RPC system. Intruders can use this information to get into the system.
Port 555
Service DSF
Explain the Trojan, PhAse1.0, Stealth, Spy, IniKiller open this port.
Port 568
Service Membership DPA
Describes membership DPA.
Port 569
Service Membership MSN
Describes membership MSN.
Port 635
Service mountd
Explains Linux's mountd Bug. This is a popular BUG scan. Most scans of this port are based on UDP, but TCP based mountd has increased (mountd runs on two ports at once). Remember that mountd can run on any port (which port is required to do portmap queries on port 111), but the Linux default port is 635, just as NFS usually runs on port 2049.
Port 636
Service LDAP
Note SSL (Secure, Sockets, layer)
Port 666
Service Doom Id Software
Explain the Trojan Attack FTP, Satanz Backdoor open this port
Port 993
Service IMAP
Note SSL (Secure, Sockets, layer)
Ports 1001 and 1011
Service [NULL]
Explain Trojan Silencer, WebEx open 1001 port. Trojan Doly Trojan open 1011 port.
Port 1024
Service Reserved
Shows that it is the beginning of a dynamic port, and many programs do not care which ports to connect to the network. They ask the system to assign the next idle port to them. Based on this, the allocation starts at port 1024. That is to say, the first request to the system is assigned to port 1024. You can restart the machine, open Telnet, and then open a window to run natstat -a. You'll see that Telnet is assigned 1024 ports. Also, SQL session uses this port and port 5000.
Ports 1025 and 1033
Service 1025:network blackjack 1033:[NULL]
Explain Trojan Netspy open these 2 ports.
Port 1080
Service SOCKS
This means that the protocol goes through the firewall in a channel, allowing the people behind the firewall to access INTERNET via an IP address. In theory, it should only allow internal communications to reach INTERNET outward. However, due to the wrong configuration, it will allow attacks outside the firewall to go through the firewall. This is often the case with WinGate, which is often seen when you join IRC chat rooms.
Port 1170
Service [NULL]
Description Trojan, Streaming, Audio, Trojan, Psyber, Stream, Server, Voice, open this port.
Ports 1234, 1243, 6711, 6776
Service [NULL]
Explain Trojan SubSeven2.0, Ultors Trojan open 1234, 6776 port. Trojan SubSeven1.0/1.9 open 1243, 6711, 6776 ports.
Port 1245
Service [NULL]
Show Trojan Vodoo open this port.
Port 1433
Service SQL
Explains the open port of the SQL service for Microsoft.
Port 1492
Service stone-design-1
Show Trojan FTP99CMP open this port.
Port 1500
Service RPC, client, fixed, port, session, queries
Explains the RPC client fixed port session query
Port 1503
Service NetMeeting T.120
Explains NetMeeting T.120
Port 1524
Service ingress
Explains that many attack scripts will install a backdoor SHELL on this port, especially for Sendmail and RPC service vulnerabilities in SUN systems. If you have just installed a firewall, you will see a connection attempt on this port, which is probably the reason. You can try Telnet to this port on the user's computer and see if it will give you an SHELL. Connecting
to the 600/pcserver also has this problem.
Port 1600
Service ISSD
Show Trojan Shivka-Burka open this port.
Port 1720
Service NetMeeting
Explains NetMeeting H.233 call Setup.
Port 1731
Service NetMeeting, Audio, Call, Control
Explains NetMeeting audio call control.
Port 1807
Service [NULL]
Show Trojan SpySender open this port.
Port 1981
Service [NULL]
Show Trojan ShockRave open this port.
Port 1999
Service Cisco identification port
Show Trojan BackDoor open this port.
Port 2000
Service [NULL]
Description Trojan GirlFriend 1.3, Millenium 1 open this port.
Port 2001
Service [NULL]
Description Trojan Millenium 1, Trojan Cow open this port.
端口2023
服务xinuexpansion 4
通过开放此端口说明木马开膛手。
端口2049
服务NFS
说明NFS程序常运行于这个端口通常需要访问查询这个服务运行于
哪个端口端口映射。
端口2115
服务[空]
说明木马虫子开放此端口。
端口2140、3150
服务[空]
说明木马深喉1 / 3开放此端口。
端口2500
服务应用固定端口会话复制
说明应用固定端口会话复制的RPC客户
端口2583
服务[空]
说明木马wincrash 2开放此端口。
端口2801
服务[空]
说明木马菲尼亚斯phucker开放此端口。
端口3024、4092
服务[空]
说明木马wincrash开放此端口。
端口3128
服务鱿鱼
说明这是鱿鱼HTTP代理服务器的默认端口。攻击者扫描这个端口是为了搜寻一个代理服务器而匿名访问互联网。也会看到搜索其他代理服务器的端口8000、8001、8080、8888。扫描这个端口的另一个原因是用户正在进入聊天室。其他用户也会检验这个端口以确定用户的机器是否支持代理。
端口3129
服务[空]
说明木马大师天堂开放此端口。
端口3150
服务[空]
说明木马的攻击手开放此端口。
端口3210、4321
服务[空]
说明木马校车开放此端口
端口3333
服务DEC的
笔记
哲学笔记pdf明清笔记pdf政法笔记下载课堂笔记下载生物化学笔记PDF
说明木马prosiak开放此端口
端口3389
服务超级终端
说明Windows 2000终端开放此端口。
端口3700
服务[空]
说明木马死亡之门开放此端口
端口3996、4060
服务[空]
说明木马remoteanything开放此端口
端口4000
服务QQ客户端
说明腾讯QQ客户端开放此端口。
端口4092
服务[空]
说明木马wincrash开放此端口。
端口4590
服务[空]
说明木马icqtrojan开放此端口。
端口、、、50505 5321 5001 5000
服务[空]
说明木马blazer5开放5000端口。木马插座de作用开放5000 5001
5321 50505端口、、、。
端口、、5400 5401 5402
服务[空]
说明木马叶片用开放此端口。
端口5550
服务[空]
说明木马xtcp开放此端口。
端口5569
服务[空]
说明木马机器人破解开放此端口。
端口5632
服务pcanywere
说明有时会看到很多这个端口的扫描,这依赖于用户所在的位置。当用户打开pcanywere时,它会自动扫描局域网C类网以寻找可能的代理(这里的代理是指剂而不是代理)。入侵者也会寻找开放这种服务的计算机,所以应该查看这种扫描的源地址。一些搜寻pcanywere的扫描包常含端口22的UDP数据包。
端口5742
Service [NULL]
Show Trojan WinCrash1.03 open this port.
Port 6267
Service [NULL]
That this trojan girls open this port.
Port 6400
Service [NULL]
Explain the Trojan The tHing open this port.
Ports 6670 and 6671
Service [NULL]
Description Trojan Deep Throat open 6670 port. The Deep Throat 3 is open 6671 ports.
Port 6883
Service [NULL]
Show Trojan DeltaSource open this port.
Port 6969
Service [NULL]
Explain Trojan Gatecrasher, Priority open this port.
Port 6970
Service RealAudio
Note that the RealAudio client receives the audio data stream from the 6970-7170 port of the server's UDP. This is set by the outward control connection of the TCP-7070 port.
Port 7000
Service [NULL]
Explain the Trojan Remote Grab open this port.
Ports 7300, 7301, 7306, 7307, 7308
Service [NULL]
Show Trojan NetMonitor open this port. In addition, NetSpy1.0
is also open 7306 ports.
Port 7323
Service [NULL]
Explains the Sygate server side.
Port 7626
Service [NULL]
Show Trojan Giscier open this port.
Port 7789
Service [NULL]
Show Trojan ICKiller open this port.
Port 8000
Service OICQ
That Tencent server open this port.
Port 8010
Service Wingate
Explains that the Wingate proxy opens this port.
Port 8080
Service proxy port
Explains that the WWW proxy opens this port.
Ports 9400, 9401, 9402
Service [NULL]
Description Trojan Incommand 1 opens this port.
Ports 9872, 9873, 9874, 9875, 10067, 10167
Service [NULL]
Explain the Trojan Portal of Doom open this port
Port 9989
Service [NULL]
Show Trojan iNi-Killer open this port.
Port 11000
Service [NULL]
Show Trojan SennaSpy open this port.
Port 11223
Service [NULL]
Explain the Trojan Progenic Trojan open this port.
Ports 12076 and 61466
Service [NULL]
Show Trojan Telecommando open this port.
Port 12223
Service [NULL]
Explain the Trojan Hack99 KeyLogger open this port.
Ports 12345 and 12346
Service [NULL]
Explain Trojan NetBus1.60/1.70, GabanBus open this port.
Port 12361
Service [NULL]
Show Trojan Whack-a-mole open this port.
Port 13223
Service PowWow
Description PowWow is Tribal Voice chat program. It allows users to open private chat connections at this port. This program is very aggressive in building connections. It will be stationed in this TCP port and so on. Cause a connection request similar to the heartbeat interval. If a dial-up user inherits the IP address from another chat, it seems that many different people are testing the port. This protocol uses OPNG as the first 4 bytes of its connection request.
Port 16969
Service [NULL]
Show Trojan Priority open this port.
Port 17027
Service Conducent
Shows that this is an outgoing connection.
This is because someone inside the company installed shareware
with Conducent "adbot". Conducent "adbot" displays advertising
services for shareware applications. One of the popular software for using this service is Pkware.
Port 19191
Service [NULL]
Show the Trojan blue flame open this port.
Ports 20000 and 20001
Service [NULL]
Show Trojan Millennium open this port.
Port 20034
Service [NULL]
Explain the Trojan NetBus Pro open this port.
Port 21554
Service [NULL]
Show Trojan GirlFriend open this port. Port 22222
Service [NULL]
Show Trojan Prosiak open this port.
Port 23456
Service [NULL]
Explain the Trojan Evil FTP, Ugly FTP open this port.
Ports 26274 and 47262
Service [NULL]
Show Trojan Delta open this port.
Port 27374
Service [NULL]
Description Trojan Subseven 2.1 opens this port.
Port 30100
Service [NULL]
Show Trojan NetSphere open this port.
Port 30303
Service [NULL]
Show Trojan Socket23 open this port.
Port 30999
Service [NULL]
Show Trojan Kuang open this port.
Ports 31337 and 31338
Service [NULL]
Explain the Trojan BO (Back Orifice) open this port. In addition,
Trojan DeepBO is also open 31338 ports.
Port 31339
Service [NULL]
Explain the Trojan NetSpy DK open this port.
Port 31666
Service [NULL]
Show Trojan BOWhack open this port.
Port 33333
Service [NULL]
Show Trojan Prosiak open this port.
Port 34324
Service [NULL]
Explain Trojan, Tiny, Telnet, Server, BigGluck, TN, open this port.
Port 40412
Service [NULL]
Explain the Trojan The Spy open this port.
Ports 40421, 40422, 40423, 40426,
Service [NULL]
Explain the Trojan Masters Paradise open this port.
Ports 43210 and 54321
Service [NULL]
Explain the Trojan SchoolBus 1.0/2.0 open this port.
Port 44445
Service [NULL]
Show Trojan Happypig open this port.
Port 50766
Service [NULL]
Show Trojan Fore open this port.
Port 53001
Service [NULL]
Explain the Trojan Remote Windows Shutdown open this port.
Port 65000
Service [NULL]
Description Trojan Devil 1.03 opens this port.
Port 88
Explains Kerberos krb5. In addition, the 88 port of TCP is also
used for this purpose.
Port 137
SQL Named Pipes encryption over other protocols name lookup (other protocols name lookup SQL Named Pipes encryption technology) and SQL RPC encryption over other protocols name lookup (other protocols name on the SQL RPC Wins NetBT name encryption technology) and service (WINS NetBT Wins Proxy name service) and use this port.
Port 161
Explains Simple Network Management Protocol (SMTP) (Simple Network Management Protocol)
Port 162
Explains SNMP Trap (SNMP trap)
Port 445
说明通用互联网文件系统(CIFS)(公共互联网文件系统)
端口464
说明Kerberos kpasswd(V5)。另外TCP的464端口也是这个用途。
端口500
说明Internet密钥交换(IKE)(互联网***交换)
端口1645、1812
说明远程认证拨号用户服务(RADIUS)认证(路由和远程访问)(远
程认证拨号用户服务)
端口1646、1813
说明RADIUS记帐(路由和远程访问)(半径记帐(路由和远程访问))
端口1701
说明二层隧道协议(L2TP)(第2层隧道协议)
端口1801、3527
说明微软消息队列服务器(微软消息队列服务器)。还有TCP的135、1801 2101 2103 2105也是同样的用途、、、。
端口2504
说明网络负载平衡(网络平衡负荷)