端口的关闭(献给同样是菜鸟的你)（The port is closed (for the same rookie you are)）

端口的关闭(献给同样是菜鸟的你)（The port is closed (for the same rookie you are)） 端口的关闭(献给同样是菜鸟的你)(The port is closed (for the same rookie you are)) 23 port closed (easy to fully control the computer): 1, my computer, right, 2 find service, 3 in the right side of the service to find telnet. 4 ban. 25 ports can do this: first, open the control panel, double-click the administrative tools, and then double-click the service". Then in the service window to find and double-click the Simple Mail Transfer Protocol (SMTP) service, click the "stop" button to stop the service, and then in the "startup type" select "disabled", then click "OK" button. In this case, shutting down the SMTP service is equivalent to shutting down the corresponding port. 137-138.445 port closing method: right click - network neighbor - property / local connection - attributes, in the Microsoft network client before the hook removed, which will turn off the 445. Then also the Microsoft network files and printers share the hook also removed, then shut down 137-138. 139 port right point network neighbor - Property - local connection - properties click Internet / (TCP/IP), then point below properties - point advanced. At the top of the column appears the IP settings / DNS/WINS/ option, then click WINS, and below, there is the NETBIOS setting, change the default to the TCP/IP on the disabled NETBIOS, and make sure Close the 445 port open the registry, find the HKEY LOCAL machine \\machine\\system\\currentcontrolset\\srvices\\netbt\\parmeters\\ to create a name for the ambdebiceenabled DWORD value in the parameters sub item below, set to 0 on the line Turn off the 3389 port: right-click My Computer and remove the hook that allows my computer. Attach a function of each port: turn off when you don't use it Port 0 Service Reserved Instructions are usually used to analyze operating systems. This method works because in some systems, "0" is an invalid port, and when you try to connect to it with the usual closed port, different results are produced. A typical scan, using the IP address of 0.0.0.0, setting the ACK bit, and broadcasting on the Ethernet layer. Port 1 Service tcpmux This shows that someone is looking for the SGI Irix machine. Irix is the primary provider of tcpmux implementation, and by default, tcpmux is opened in this system. The Irix machine is issued with several default password free accounts, such as IP, GUEST, UUCP, NUUCP, DEMOS, TUTOR, DIAG, OUTOFBOX, and so on. Many administrators forget to delete these accounts after installation. So HACKER searches for tcpmux on INTERNET and takes advantage of these accounts. Port 7 Service Echo Describes information that can be sent to X.X.X.0 and X.X.X.255 when you see many people searching for Fraggle amplifiers. Port 19 Service Character Generator This is a service that sends only characters. The UDP version will respond to packets containing spam characters after receiving the UDP package. The TCP connection sends a data stream containing garbage characters until the connection is closed. HACKER uses IP spoofing to launch DoS attacks. Forge UDP packages between two chargen servers. Similarly, the Fraggle DoS attack broadcasts a packet of fake victim IP to this port of the target address, in which the victim is overloaded to respond to the data. Port 21 Service FTP Describes the ports open to the FTP server for uploading and downloading. The most common attackers are looking for ways to open anonymous's FTP server. These servers have a readable directory. Trojans, Doly, Trojan, Fore, Invisible, FTP, WebEx, WinCrash, and Blade Runner are open ports. Port 22 Service Ssh The connection between the PcAnywhere and the port created by TCP might be to look for ssh. This service has many weaknesses, and if configured into a specific pattern, many versions of the RSAREF library will have quite a few holes. Port 23 Service Telnet Explains remote login and intruder's service in search of remote login UNIX. In most cases, the port is scanned to find the operating system that the machine is running. And using other techniques, intruders will find passwords. Trojan Tiny Telnet Server opens this port. Port 25 Service SMTP Describes the ports open to the SMTP server for sending messages. Intruders look for SMTP servers to pass on their SPAM. The intruder accounts are closed, and they need to connect to the high bandwidth E- MAIL server and pass simple messages to different addresses. Trojan horse, Antigen, Email, Password, Sender, Haebu, Coceda, Shtrilitz, Stealth, WinPC and WinSpy are all open to this port. Port 31 Service MSG Authentication Explain the Trojan Master Paradise, Hackers Paradise open this port. Port 42 Service WINS Replication Explains WINS replication Port 53 Service Domain, Name, Server (DNS) Describes the ports open to the DNS server. The intruder may attempt to pass through TCP, cheat DNS (UDP), or hide other communications. As a result, firewalls often filter or record this port. Port 67 Service Bootstrap Protocol Server Explains that firewalls through DSL and Cable modem often see large amounts of data sent to the broadcast address 255.255.255.255. These machines are requesting an address from the DHCP server. HACKER often enters them and allocates an address to launch a large number of man-in-middle attacks as a local router. The client broadcasts the request configuration to the 68 port, and the server broadcasts the response request to the 67 port. This response is broadcast because the client does not yet know the IP address that can be sent. Port 69 Service Trival File Transfer This shows that many servers provide this service along with BOOTP, which makes it easy to download boot code from the system. However, they often make it possible for an intruder to steal any files from the system due to a configuration error. They can also be used to write files to the system. Port 79 Service Finger Server Explains that the intruder is used to obtain user information, query operating systems, detect known buffer overflow errors, and respond to Finger scans from their machines to other machines. Port 80 Service HTTP Instructions for web browsing. Trojan Executor opens this port. Port 99 Service Metagram Relay Show that the backdoor program ncx99 opens this port. Port 102 Service Message, transfer, agent (MTA), -X.400, over, TCP/IP Explains the message transfer agent. Port 109 Service Post, Office, Protocol, -Version3 Explains that the POP3 server opens the port for receiving mail, and the client accesses the server's mail service. POP3 services have many recognized weaknesses. There are at least 20 vulnerabilities related to the user name and password exchange buffer overflow, which means that intruders can enter the system before they actually log in. There are other buffer overflow errors after successful login. Port 110 Service all ports of RPC services of SUN company Note that common RPC services include rpc.mountd, NFS, rpc.statd, rpc.csmd, rpc.ttybd, AMD, and so on Port 113 Service Authentication Service Note that this is a protocol running on many computers to identify users of TCP connections. Using this standard service, you can get information about many computers. However, it can serve as a logger for many services, especially FTP, POP, IMAP, SMTP, and IRC services. Typically, if many clients access these services through the firewall, they will see many of the connection requests for this port. Remember, if you block this port, the client will feel a slow connection to the E-MAIL server on the other side of the firewall. Many firewalls support the TCP connection during the blocking process and send back RST. This will stop the slow connection. Port 119 Service Network, News, Transfer, Protocol Describes the NEWS newsgroup transport protocol that hosts USENET communications. The connection to this port is usually for people looking for USENET servers. Most ISP restrictions only their customers can access their newsgroup servers. Opening the Newsgroup server will allow you to send / read anyone's posts, access restricted newsgroups servers, anonymously post or send SPAM. Port 135 Service Location Service Note that Microsoft runs DCE RPC end-point mapper on this port for its DCOM service. This is similar to the functionality of the UNIX 111 port. Using DCOM and RPC services, register their locations using the end-point mapper on your computer. When remote clients connect to the computer, they look for end-point mapper to find the location of the service. Is this port for the HACKER scan computer to find the Exchange Server running on this computer? What version? There are also DOS attacks directed directly at this port. Ports 137, 138, 139 Service NETBIOS Name Service Note that 137 and 138 are UDP ports, which are used when transferring files through an online neighbor. 139 The port through which this port enters the connection attempts to obtain the NetBIOS/SMB service. This protocol is used for windows file and printer sharing and SAMBA. And WINS Regisrtation uses it too. Port 143 Service Interim, Mail, Access, Protocol, V2 As with the security problems of POP3, many IMAP servers have a buffer overflow vulnerability. Remember: a LINUX worm (admv0rm) will propagate through this port, so many of the ports are scanned from unsuspecting, infected users. These vulnerabilities become popular when REDHAT defaults to IMAP in their LINUX release. This port is also used in IMAP2, but it is not popular. Port 161 Service SNMP Explains that SNMP allows remote administration of devices. All configuration and operation information is stored in the database, and this information can be obtained through SNMP. Many administrators' error configurations will be exposed to Internet. Cackers will attempt to access the system using the default password public and private. They may try all possible combinations. The SNMP packet may be incorrectly pointing to the user's network. Port 177 Service X, Display, Manager, Control, Protocol Explains how many intruders access the X-windows console through it, and it also needs to turn on the 6000 port. Port 389 Service LDAP, ILS Explains the light directory access protocol and the NetMeeting Internet Locator Server share this port. Port 443 Service Https Describes web browsing ports that provide encryption and another type of HTTP that can be transmitted over secure ports. Port 456 Service [NULL] Explain the Trojan HACKERS PARADISE open this port. Port 513 Service Login, remote login A broadcast from a UNIX computer that uses cable, modem, or DSL to log into a subnet. These people provided information for intruders entering their systems. Port 544 Service [NULL] Explains Kerberos kshell Port 548 Service Macintosh, File, Services (AFP/IP) Explains Macintosh, file services. Port 553 Service CORBA IIOP (UDP) Explains that the port will be broadcast using cable, modem, DSL, or VLAN. CORBA is an object-oriented RPC system. Intruders can use this information to get into the system. Port 555 Service DSF Explain the Trojan, PhAse1.0, Stealth, Spy, IniKiller open this port. Port 568 Service Membership DPA Describes membership DPA. Port 569 Service Membership MSN Describes membership MSN. Port 635 Service mountd Explains Linux's mountd Bug. This is a popular BUG scan. Most scans of this port are based on UDP, but TCP based mountd has increased (mountd runs on two ports at once). Remember that mountd can run on any port (which port is required to do portmap queries on port 111), but the Linux default port is 635, just as NFS usually runs on port 2049. Port 636 Service LDAP Note SSL (Secure, Sockets, layer) Port 666 Service Doom Id Software Explain the Trojan Attack FTP, Satanz Backdoor open this port Port 993 Service IMAP Note SSL (Secure, Sockets, layer) Ports 1001 and 1011 Service [NULL] Explain Trojan Silencer, WebEx open 1001 port. Trojan Doly Trojan open 1011 port. Port 1024 Service Reserved Shows that it is the beginning of a dynamic port, and many programs do not care which ports to connect to the network. They ask the system to assign the next idle port to them. Based on this, the allocation starts at port 1024. That is to say, the first request to the system is assigned to port 1024. You can restart the machine, open Telnet, and then open a window to run natstat -a. You'll see that Telnet is assigned 1024 ports. Also, SQL session uses this port and port 5000. Ports 1025 and 1033 Service 1025:network blackjack 1033:[NULL] Explain Trojan Netspy open these 2 ports. Port 1080 Service SOCKS This means that the protocol goes through the firewall in a channel, allowing the people behind the firewall to access INTERNET via an IP address. In theory, it should only allow internal communications to reach INTERNET outward. However, due to the wrong configuration, it will allow attacks outside the firewall to go through the firewall. This is often the case with WinGate, which is often seen when you join IRC chat rooms. Port 1170 Service [NULL] Description Trojan, Streaming, Audio, Trojan, Psyber, Stream, Server, Voice, open this port. Ports 1234, 1243, 6711, 6776 Service [NULL] Explain Trojan SubSeven2.0, Ultors Trojan open 1234, 6776 port. Trojan SubSeven1.0/1.9 open 1243, 6711, 6776 ports. Port 1245 Service [NULL] Show Trojan Vodoo open this port. Port 1433 Service SQL Explains the open port of the SQL service for Microsoft. Port 1492 Service stone-design-1 Show Trojan FTP99CMP open this port. Port 1500 Service RPC, client, fixed, port, session, queries Explains the RPC client fixed port session query Port 1503 Service NetMeeting T.120 Explains NetMeeting T.120 Port 1524 Service ingress Explains that many attack scripts will install a backdoor SHELL on this port, especially for Sendmail and RPC service vulnerabilities in SUN systems. If you have just installed a firewall, you will see a connection attempt on this port, which is probably the reason. You can try Telnet to this port on the user's computer and see if it will give you an SHELL. Connecting to the 600/pcserver also has this problem. Port 1600 Service ISSD Show Trojan Shivka-Burka open this port. Port 1720 Service NetMeeting Explains NetMeeting H.233 call Setup. Port 1731 Service NetMeeting, Audio, Call, Control Explains NetMeeting audio call control. Port 1807 Service [NULL] Show Trojan SpySender open this port. Port 1981 Service [NULL] Show Trojan ShockRave open this port. Port 1999 Service Cisco identification port Show Trojan BackDoor open this port. Port 2000 Service [NULL] Description Trojan GirlFriend 1.3, Millenium 1 open this port. Port 2001 Service [NULL] Description Trojan Millenium 1, Trojan Cow open this port. 端口2023 服务xinuexpansion 4 通过开放此端口说明木马开膛手。 端口2049 服务NFS 说明NFS程序常运行于这个端口通常需要访问查询这个服务运行于 哪个端口端口映射。 端口2115 服务[空] 说明木马虫子开放此端口。 端口2140、3150 服务[空] 说明木马深喉1 / 3开放此端口。 端口2500 服务应用固定端口会话复制 说明应用固定端口会话复制的RPC客户 端口2583 服务[空] 说明木马wincrash 2开放此端口。 端口2801 服务[空] 说明木马菲尼亚斯phucker开放此端口。 端口3024、4092 服务[空] 说明木马wincrash开放此端口。 端口3128 服务鱿鱼 说明这是鱿鱼HTTP代理服务器的默认端口。攻击者扫描这个端口是为了搜寻一个代理服务器而匿名访问互联网。也会看到搜索其他代理服务器的端口8000、8001、8080、8888。扫描这个端口的另一个原因是用户正在进入聊天室。其他用户也会检验这个端口以确定用户的机器是否支持代理。 端口3129 服务[空] 说明木马大师天堂开放此端口。 端口3150 服务[空] 说明木马的攻击手开放此端口。 端口3210、4321 服务[空] 说明木马校车开放此端口 端口3333 服务DEC的 笔记 哲学笔记pdf明清笔记pdf政法笔记下载课堂笔记下载生物化学笔记PDF 说明木马prosiak开放此端口 端口3389 服务超级终端 说明Windows 2000终端开放此端口。 端口3700 服务[空] 说明木马死亡之门开放此端口 端口3996、4060 服务[空] 说明木马remoteanything开放此端口 端口4000 服务QQ客户端 说明腾讯QQ客户端开放此端口。 端口4092 服务[空] 说明木马wincrash开放此端口。 端口4590 服务[空] 说明木马icqtrojan开放此端口。 端口、、、50505 5321 5001 5000 服务[空] 说明木马blazer5开放5000端口。木马插座de作用开放5000 5001 5321 50505端口、、、。 端口、、5400 5401 5402 服务[空] 说明木马叶片用开放此端口。 端口5550 服务[空] 说明木马xtcp开放此端口。 端口5569 服务[空] 说明木马机器人破解开放此端口。 端口5632 服务pcanywere 说明有时会看到很多这个端口的扫描，这依赖于用户所在的位置。当用户打开pcanywere时，它会自动扫描局域网C类网以寻找可能的代理(这里的代理是指剂而不是代理)。入侵者也会寻找开放这种服务的计算机，所以应该查看这种扫描的源地址。一些搜寻pcanywere的扫描包常含端口22的UDP数据包。 端口5742 Service [NULL] Show Trojan WinCrash1.03 open this port. Port 6267 Service [NULL] That this trojan girls open this port. Port 6400 Service [NULL] Explain the Trojan The tHing open this port. Ports 6670 and 6671 Service [NULL] Description Trojan Deep Throat open 6670 port. The Deep Throat 3 is open 6671 ports. Port 6883 Service [NULL] Show Trojan DeltaSource open this port. Port 6969 Service [NULL] Explain Trojan Gatecrasher, Priority open this port. Port 6970 Service RealAudio Note that the RealAudio client receives the audio data stream from the 6970-7170 port of the server's UDP. This is set by the outward control connection of the TCP-7070 port. Port 7000 Service [NULL] Explain the Trojan Remote Grab open this port. Ports 7300, 7301, 7306, 7307, 7308 Service [NULL] Show Trojan NetMonitor open this port. In addition, NetSpy1.0 is also open 7306 ports. Port 7323 Service [NULL] Explains the Sygate server side. Port 7626 Service [NULL] Show Trojan Giscier open this port. Port 7789 Service [NULL] Show Trojan ICKiller open this port. Port 8000 Service OICQ That Tencent server open this port. Port 8010 Service Wingate Explains that the Wingate proxy opens this port. Port 8080 Service proxy port Explains that the WWW proxy opens this port. Ports 9400, 9401, 9402 Service [NULL] Description Trojan Incommand 1 opens this port. Ports 9872, 9873, 9874, 9875, 10067, 10167 Service [NULL] Explain the Trojan Portal of Doom open this port Port 9989 Service [NULL] Show Trojan iNi-Killer open this port. Port 11000 Service [NULL] Show Trojan SennaSpy open this port. Port 11223 Service [NULL] Explain the Trojan Progenic Trojan open this port. Ports 12076 and 61466 Service [NULL] Show Trojan Telecommando open this port. Port 12223 Service [NULL] Explain the Trojan Hack99 KeyLogger open this port. Ports 12345 and 12346 Service [NULL] Explain Trojan NetBus1.60/1.70, GabanBus open this port. Port 12361 Service [NULL] Show Trojan Whack-a-mole open this port. Port 13223 Service PowWow Description PowWow is Tribal Voice chat program. It allows users to open private chat connections at this port. This program is very aggressive in building connections. It will be stationed in this TCP port and so on. Cause a connection request similar to the heartbeat interval. If a dial-up user inherits the IP address from another chat, it seems that many different people are testing the port. This protocol uses OPNG as the first 4 bytes of its connection request. Port 16969 Service [NULL] Show Trojan Priority open this port. Port 17027 Service Conducent Shows that this is an outgoing connection. This is because someone inside the company installed shareware with Conducent "adbot". Conducent "adbot" displays advertising services for shareware applications. One of the popular software for using this service is Pkware. Port 19191 Service [NULL] Show the Trojan blue flame open this port. Ports 20000 and 20001 Service [NULL] Show Trojan Millennium open this port. Port 20034 Service [NULL] Explain the Trojan NetBus Pro open this port. Port 21554 Service [NULL] Show Trojan GirlFriend open this port. Port 22222 Service [NULL] Show Trojan Prosiak open this port. Port 23456 Service [NULL] Explain the Trojan Evil FTP, Ugly FTP open this port. Ports 26274 and 47262 Service [NULL] Show Trojan Delta open this port. Port 27374 Service [NULL] Description Trojan Subseven 2.1 opens this port. Port 30100 Service [NULL] Show Trojan NetSphere open this port. Port 30303 Service [NULL] Show Trojan Socket23 open this port. Port 30999 Service [NULL] Show Trojan Kuang open this port. Ports 31337 and 31338 Service [NULL] Explain the Trojan BO (Back Orifice) open this port. In addition, Trojan DeepBO is also open 31338 ports. Port 31339 Service [NULL] Explain the Trojan NetSpy DK open this port. Port 31666 Service [NULL] Show Trojan BOWhack open this port. Port 33333 Service [NULL] Show Trojan Prosiak open this port. Port 34324 Service [NULL] Explain Trojan, Tiny, Telnet, Server, BigGluck, TN, open this port. Port 40412 Service [NULL] Explain the Trojan The Spy open this port. Ports 40421, 40422, 40423, 40426, Service [NULL] Explain the Trojan Masters Paradise open this port. Ports 43210 and 54321 Service [NULL] Explain the Trojan SchoolBus 1.0/2.0 open this port. Port 44445 Service [NULL] Show Trojan Happypig open this port. Port 50766 Service [NULL] Show Trojan Fore open this port. Port 53001 Service [NULL] Explain the Trojan Remote Windows Shutdown open this port. Port 65000 Service [NULL] Description Trojan Devil 1.03 opens this port. Port 88 Explains Kerberos krb5. In addition, the 88 port of TCP is also used for this purpose. Port 137 SQL Named Pipes encryption over other protocols name lookup (other protocols name lookup SQL Named Pipes encryption technology) and SQL RPC encryption over other protocols name lookup (other protocols name on the SQL RPC Wins NetBT name encryption technology) and service (WINS NetBT Wins Proxy name service) and use this port. Port 161 Explains Simple Network Management Protocol (SMTP) (Simple Network Management Protocol) Port 162 Explains SNMP Trap (SNMP trap) Port 445 说明通用互联网文件系统(CIFS)(公共互联网文件系统) 端口464 说明Kerberos kpasswd(V5)。另外TCP的464端口也是这个用途。 端口500 说明Internet密钥交换(IKE)(互联网***交换) 端口1645、1812 说明远程认证拨号用户服务(RADIUS)认证(路由和远程访问)(远 程认证拨号用户服务) 端口1646、1813 说明RADIUS记帐(路由和远程访问)(半径记帐(路由和远程访问)) 端口1701 说明二层隧道协议(L2TP)(第2层隧道协议) 端口1801、3527 说明微软消息队列服务器(微软消息队列服务器)。还有TCP的135、1801 2101 2103 2105也是同样的用途、、、。 端口2504 说明网络负载平衡(网络平衡负荷)