When surfing the Internet, we often see the word "port" and often use the port number. For example, the "21" added after the FTP address, 21 represents the port number. So what does the port mean? How to check the port number? Is a port the gate to malicious network attacks? , How should we face all kinds of ports? The following will introduce this content for your reference.
Port 21: Port 21 is mainly used for FTP (File Transfer Protocol) service.
Port Description: Port 21 is mainly used for FTP (File Transfer Protocol) service. The FTP service is mainly used to upload and download files between two computers. One computer serves as the FTP client and the other computer serves as the FTP server. You can use anonymous login and authorized username and password to log in to the FTP server. At present, realizing file transmission through FTP services is the most important way to upload and download files on the Internet. In addition, there is also a port 20 that is the default port number for FTP data transmission.
In Windows, FTP connection and management can be provided through Internet Information Services (IIS), or FTP server software can be installed separately to implement FTP functions, such as the common FTP Serv-U.
Operation suggestions: Because some FTP servers can be logged in anonymously, they are often exploited by hackers. In addition, port 21 will be used by some *s, such as Blade Runner, FTP *, Doly *, WebEx, etc. If you do not set up an FTP server, it is recommended to close port 21.
Port 23: Port 23 is mainly used for Telnet (remote login) services and is a login and simulation program commonly used on the Internet.
Port Description: Port 23 is mainly used for Telnet (remote login) services and is a login and simulation program commonly used on the Internet. You also need to set up a client and a server. The client that enables the Telnet service can log in to the remote Telnet server and log in with an authorized username and password. After logging in, the user is allowed to use the command prompt window to perform corresponding operations. In Windows, you can type the "Telnet" command in the command prompt window to log in remotely using Telnet.
Operation suggestions: Using Telnet service, hackers can search for remote login to Unix services and scan for operating system types. Moreover, in Windows 2000, there are several serious vulnerabilities in Telnet service, such as escalating permissions, denial of service, etc., which can cause the remote server to crash. The 23 port of the Telnet service is also the default port of the TTS (Tiny Telnet Server) *. Therefore, it is recommended to close port 23.
Port 25: Port 25 is open to SMTP (Simple Mail Transfer Protocol) servers and is mainly used to send mails. Nowadays, most mail servers use this protocol.
Port Description: Port 25 is open to SMTP (Simple Mail Transfer Protocol) servers and is mainly used for sending mails. Nowadays, most mail servers use this protocol. For example, when we use the email client program, we will ask to enter the SMTP server address when creating an account. By default, this server address uses port 25.
Port vulnerability:
1. Using port 25, hackers can find SMTP servers to forward spam.
2. Port 25 is open to many * programs, such as Ajan, Antigen, Email Password Sender, ProMail, *, Tapiras, Terminator, WinPC, WinSpy, etc. Take WinSpy as an example. By opening the 25 port, you can monitor all windows and modules that your computer is running.
Operation suggestions: If you do not set up an SMTP mail server, you can turn off the port.
Port 53: Port 53 is open to DNS (Domain Name Server) server, mainly used for domain name resolution, DNS services are most widely used in NT systems.
Port Description: Port 53 is open to DNS (Domain Name Server) server and is mainly used for domain name resolution. DNS services are most widely used in NT systems. Through the DNS server, you can convert the domain name and IP address. Just remember the domain name and you can quickly access the website.
Port vulnerability: If DNS services are opened, hackers can directly obtain the IP addresses of hosts such as web servers by analyzing the DNS server, and then use port 53 to break through some unstable firewalls to carry out attacks. Recently, a US company also announced 10 most vulnerable to hackers, the first of which is the BIND vulnerability of the DNS server.
Operation suggestions: If the current computer is not used to provide domain name resolution services, it is recommended to close the port.
Ports 67, 68: Ports 67 and 68 are ports open to Bootstrap Protocol Server (bootstrap protocol server) and Bootstrap Protocol Client (bootstrap protocol client) that are served by Bootp.
Port Description: Ports 67 and 68 are ports open to Bootstrap Protocol Server (bootstrap protocol server) and Bootstrap Protocol Client (bootstrap protocol client) that are served by Bootp. The Bootp service is a remote boot protocol originated from the early Unix. The DHCP service we often use now extends from the Bootp service. Through the Bootp service, the computers in the LAN can be assigned dynamic IP addresses without setting a static IP address for each user.
Port vulnerability: If the Bootp service is opened, hackers will often use an assigned IP address as a local router to attack through a "man-in-middle" method.
Operation suggestions: It is recommended to close this port.
Port 69: TFTP is a simple file transfer protocol developed by Cisco, similar to FTP.
Port Description: Port 69 is open to TFTP (Trival File Transfer Protocol) service. TFTP is a simple file transfer protocol developed by Cisco, similar to FTP. However, compared with FTP, TFTP does not have complex interactive access interfaces and authentication controls. This service is suitable for data transmission between clients and servers that do not require complex switching environments.
Port vulnerability: Many servers and Bootp services provide TFTP services together, which are mainly used to download startup codes from the system. However, because the TFTP service can write files in the system, the hacker can also use the misconfiguration of TFTP to obtain any files from the system.
Operation suggestions: It is recommended to close this port.
Port 79: Port 79 is open to Finger service and is mainly used to query the user details such as online users of the remote host, operating system type, and whether the buffer overflows.
Port Description: Port 79 is open to Finger service and is mainly used to query the detailed information of users such as online users of the remote host, operating system type, and whether the buffer overflows. For example, to display the information of user01 on the remote computer, you can type "finger user01@" in the command line.
Port vulnerability: Generally, hackers want to attack the other party's computer and obtain relevant information through the corresponding port scanning tool. For example, using "streaming light" can use port 79 to scan the remote computer operating system version to obtain user information, and detect known buffer overflow errors. In this way, you are prone to hackers. Moreover, port 79 is also used as the default port by Firehotcker *.
Operation suggestions: It is recommended to close this port.
Port 80: Port 80 is open for HTTP (HyperText Transport Protocol), which is the most used protocol for surfing the Internet. It is mainly used for transmitting information on WWW (World Wide Web) services.
Port Description: Port 80 is open for HTTP (HyperText Transport Protocol), which is the most used protocol for surfing the Internet. It is mainly used for transmitting information on WWW (World Wide Web) services. We can access the website by adding ":80" (which is commonly referred to as "website"), such as:80. Because the default port number of the browsing web service is 80, so just enter the URL without entering ":80".
Port vulnerability: Some *s can use port 80 to attack computers, such as Executor, RingZero, etc.
Operation suggestions: In order to be able to surf the Internet normally, we must open port 80.
Port 99: Port 99 is used for a service called "Metagram Relay" (sub-countermeasure delay). This service is relatively rare and is generally not available.
Port Description: Port 99 is used for a service called "Metagram Relay" (sub-countermeasure delay). This service is relatively rare and is generally not available.
Port vulnerability: Although the "Metagram Relay" service is not commonly used, *s such as Hidden Port and NCx99 will use this port. For example, in Windows 2000, NCx99 can use cmd. The exe program is bound to port 99, so that you can connect to the server with Telnet, adding users and changing permissions at will.
Operation suggestions: It is recommended to close this port.
Port 109, 110: Port 109 is open for POP2 (Post Office Protocol Version 2, Post Office Protocol 2) service, Port 110 is open for POP3 (Mail Protocol 3) service, POP2 and POP3 are mainly used to receive mail.
Port Description: Port 109 is open for POP2 (Post Office Protocol Version 2, Post Office Protocol 2) service, Port 110 is open for POP3 (Mail Protocol 3) service, POP2 and POP3 are mainly used for receiving mail. Currently, POP3 is used more frequently, and many servers support POP2 and POP3 at the same time. Clients can use the POP3 protocol to access the server's mail service, and most of the ISP's mail servers use this protocol today. When using the email client program, you will be required to enter the POP3 server address, and by default, port 110 is used.
Port vulnerabilities: While POP2 and POP3 provide email reception services, there are also many vulnerabilities. There are no less than 20 vulnerabilities in the username and password exchange buffer overflow of POP3 services alone, such as the WebEasyMail POP3 Server legal username information leakage vulnerability, through which the remote attacker can verify the existence of the user account. In addition, port 110 is also used by * programs such as ProMail *. The POP account username and password can be stolen through port 110.
Operation suggestions: If you are executing a mail server, you can open this port.
Port 111: Port 111 is the port open to SUN's RPC (Remote Procedure Call) service. It is mainly used for internal process communication between different computers in distributed systems. RPC is an important component in a variety of network services.
Port Description: Port 111 is the port open to SUN's RPC (Remote Procedure Call) service. It is mainly used for internal process communication of different computers in distributed systems. RPC is an important component in various network services. Common RPC services include rpc. mountd, NFS, rpc. statd, rpc. csmd, rpc. ttybd, amd, etc. In Microsoft Windows, there is also RPC service.
Port vulnerability: SUN RPC has a relatively large vulnerability, which is that there is a remote buffer overflow vulnerability in the xdr_array function when multiple RPC services. This vulnerability allows the attacker to pass the super
Port 113: Port 113 is mainly used for Windows' "Authentication Service".
Port Description: Port 113 is mainly used for Windows' "Authentication Service". Generally, computers connected to the network run this service. It is mainly used to verify users connected to TCP. Through this service, you can obtain information about connecting to the computer. In Windows 2000/2003 Server, there is also a dedicated IAS component, through which it is easy to authenticate and policy management in remote access.
Port vulnerability: Although port 113 can facilitate authentication, it is often used as a recorder for network services such as FTP, POP, SMTP, IMAP and IRC. This will be used by corresponding * programs, such as *s controlled by IRC chat room. In addition, port 113 is also a port that *s such as Invisible Identd Deamon and Kazimas are open by default.
Operation suggestions: It is recommended to close this port.
Port 119: Port 119 is open for "Network News Transfer Protocol" (NNTP).
Port Description: Port 119 is open to "Network News Transfer Protocol" (NNTP) and is mainly used for news group transmission. This port will be used when looking for USENET servers.
Port vulnerability: The famous Happy99 worm virus opens port 119 by default. If it is infected, it will continue to send emails to spread and cause network congestion.
Operation suggestions: If you are using USENET newsgroup frequently, be careful to close the port from time to time.
Port 135: Port 135 is mainly used to use RPC (Remote Procedure Call) protocol and provide DCOM (Distributed Component Object Model) services.
Port Description: Port 135 is mainly used to use the RPC (Remote Procedure Call) protocol and provide DCOM (Distributed Component Object Model) services. RPC can ensure that programs running on a computer can smoothly execute code on a remote computer; using DCOM can communicate directly over the network and can be transmitted across multiple networks including the HTTP protocol.
Port vulnerability: I believe that many Windows 2000 and Windows XP users were infected with the "shockwave" virus last year, which used RPC vulnerability to attack computers. The RPC itself has a vulnerability in the processing of message exchanges through TCP/IP, which is caused by incorrectly handling of incorrectly formatted messages. This vulnerability affects an interface between RPC and DCOM, and the port that the interface listens for is 135.
Operation suggestions: In order to avoid attacks from "shockwave" virus, it is recommended to close this port.
Port 137: Port 137 is mainly used for "NetBIOS Name Service" (NetBIOS Name Service).
Port Description: Port 137 is mainly used for "NetBIOS Name Service" (NetBIOS Name Service), which belongs to the UDP port. Users only need to send a request to Port 137 of a computer on the LAN or the Internet to obtain the name of the computer, registered user name, as well as whether the main domain controller is installed, and whether IIS is running.
Port vulnerability: Because it is a UDP port, for an attacker, it is easy to obtain relevant information of the target computer by sending a request. Some information can be directly exploited and analyzed for vulnerabilities, such as IIS services. In addition, by capturing the information packets that are communicating using port 137, it is possible to obtain the startup and shutdown time of the target computer, so that special tools can be used to attack.
Operation suggestions: It is recommended to close this port.
Port 139: Port 139 is provided for "NetBIOS Session Service", mainly used to provide Windows file and printer sharing and Samba services in Unix.
Port Description: Port 139 is provided for "NetBIOS Session Service", mainly used to provide Windows file and printer sharing and Samba services in Unix. In Windows, you must use this service to share files on a LAN. For example, in Windows 98, you can open the "Control Panel", double-click the "Network" icon, and click the "File and Print Sharing" button in the "Configuration" tab to select the corresponding settings to install and enable the service; in Windows 2000/XP, you can open the "Control Panel", double-click the "Network Connection" icon, and open the local connection properties; then, select "Internet Protocol (TCP/IP)" in the "General" tab of the properties window and click the "Property" button; then in the open window, click the "Advanced" button; in the "Advanced TCP/IP Settings" window, select the "WINS" tab, and enable NetBIOS on TCP/IP in the "NetBIOS Settings" area.
Port vulnerability: Although opening port 139 can provide shared services, it is often used by attackers for attacks. For example, using port scanning tools such as streaming and SuperScan, it can scan the target computer's port 139. If there is a vulnerability, you can try to obtain the username and password, which is very dangerous.
Operation advice: If you do not need to provide file and printer sharing, it is recommended to close this port.
Port 143: Port 143 is mainly used for "Internet Message Access Protocol" v2 (Internet Message Access Protocol, referred to as IMAP).
Port Description: Port 143 is mainly used for "Internet Message Access Protocol" v2 (Internet Message Access Protocol, referred to as IMAP). Like POP3, it is a protocol for receiving emails. Through the IMAP protocol, we can know the content of the letter without receiving mail, which is convenient for managing emails in the server. However, compared with the POP3 protocol, it is more responsible. Today, most mainstream email client software supports this protocol.
Port vulnerability: Like the 110 port of the POP3 protocol, the 143 port used by IMAP also has a buffer overflow vulnerability, through which the user name and password can be obtained. In addition, there is a Linux worm called "admv0rm" that uses this port to reproduce.
Operation suggestions: If you are not using an IMAP server operation, you should close the port.
Port 161: Port 161 is used for "Simple Network Management Protocol" (Simple Network Management Protocol, referred to as SNMP).
Port Description: Port 161 is used for "Simple Network Management Protocol" (Simple Network Management Protocol, referred to as SNMP). This protocol is mainly used to manage network protocols in TCP/IP networks. In Windows, SNMP services can provide status information about hosts and various network devices on the TCP/IP network through SNMP services. At present, almost all network equipment manufacturers have achieved support for SNMP.
To install the SNMP service in Windows 2000/XP, we can first open the "Windows Component Wizard", select "Management and Monitoring Tools" in "Components", click the "Details" button to see "Simple Network Management Protocol (SNMP)" and select the component; then, click "Next" to install.
Port vulnerability: Because the status information of various devices in the network can be obtained through SNMP and can also be used to control network devices, hackers can fully control the network through SNMP vulnerability.
Operation suggestions: It is recommended to close this port.
Port 443: Port 443 is a web browsing port, mainly used for HTTPS services, and is another HTTP that provides encryption and transmission through secure ports.
Port Description: Port 443 is a web browsing port, mainly used for HTTPS services, and is another HTTP that provides encryption and transmission through secure ports. Some websites with high security requirements, such as banks, securities, shopping, etc., use HTTPS services, so that no one else can see the exchange information on these websites, ensuring the security of transactions. The address of the web page starts with https:// instead of the common http://.
Port vulnerability: HTTPS services generally ensure security through SSL (secured socket layer), but SSL vulnerabilities may be attacked by hackers, such as hacking the online banking system and stealing credit card accounts.
Operation suggestions: It is recommended to enable this port for secure web page access. In addition, in order to prevent hackers from attacking, the latest security patch released by Microsoft for SSL vulnerabilities should be installed in time.
Port 554: Port 554 is used by default for "Real Time Streaming Protocol" (real time streaming protocol, referred to as RTSP).
Port Description: Port 554 is used by default for "Real Time Streaming Protocol" (real Time Streaming Protocol, referred to as RTSP). This protocol was jointly proposed by RealNetworks and Netscape. Through the RTSP protocol, streaming media files can be transmitted to RealPlayer for playback through the Internet, and can effectively and maximize the use of limited network bandwidth. The transmitted streaming media files are generally published by Real servers, including .rm and .ram. Nowadays, many download software supports RTSP protocol, such as FlashGet, audio and video conveyor belt, etc.
Port vulnerability: At present, the vulnerability discovered by the RTSP protocol is mainly that the buffer overflow vulnerability of Helix Universal Server released by RealNetworks in the early days. Relatively speaking, the 554 port used is safe.
Operation suggestions: In order to enjoy and download streaming media files of the RTSP protocol, it is recommended to enable port 554.
Port 1024: The 1024 port is generally not fixedly assigned to a certain service, and the explanation in English is "Reserved".
Port Description: Port 1024 is generally not fixedly assigned to a certain service. The explanation in English is "Reserved". Previously, we mentioned that the range of dynamic ports is from 1024 to 65535, and 1024 is the beginning of dynamic ports. This port is generally allocated to the first service to issue an application to the system. When the service is closed, port 1024 will be released and other services will be called.
Port vulnerability: The famous YAI * virus uses port 1024 by default. Through this *, you can remotely control the target computer, obtain the computer's screen image, record keyboard events, obtain passwords, etc., and the consequences are relatively serious.
Operation suggestions: General antivirus software can easily detect YAI viruses, so it is recommended to open this port if there is no YAI virus.