Network basics Port comparison
Port: 0
Service: Reserved
Description: Usually used for analysis operating system. This method works because in some systems "0" is an invalid port and will produce different results when you try to connect to it using the usual closed port. A typical scan that uses an IP address of 0.0.0.0, sets the ACK bit and broadcasts it at the Ethernet layer.
Port: 1
Service: tcpmux
Description: This shows that someone is looking for a SGI Irix machine. Irix is the main provider of tcpmux, and tcpmux is turned on by default in this system. The Irix machine is released with several default password-free accounts, such as IP, GUEST UUCP, NUCCP, DEMOS, TUTOR, DIAG, OUTOFBOX, etc. Many administrators forget to delete these accounts after installation. So HACKER searches tcpmux on the INTERNET and uses these accounts.
Port: 7
Service: Echo
Description: Can see the information sent to X.X.X.0 and X.X.X.255 when many people search for Fraggle amplifiers.
Port: 19
Service: Character Generator
Description: This is a service that only sends characters. The UDP version will respond to packets containing junk characters after receiving the UDP packet. When a TCP connection is made, a stream containing garbage characters is sent until the connection is closed. HACKER can use IP spoofing to launch DOS attacks. Forged UDP packets between two chargen servers. Similarly, the Fraggle DOS attack broadcasts a packet with the fake victim IP to this port on the destination address, and the victim is overloaded in response to the data.
Port: 21
Service: FTP
Description: The port opened by the FTP server for uploading and downloading. The most common attackers are used to find ways to open an anonymous FTP server. These servers have a readable and writable directory. Ports opened by Trojan Doly Trojan, Fore, Invisible FTP, WebEx, WinCrash, and Blade Runner.
Port: 22
Service: Ssh
Description: PcAnywhere established TCP and this port connection may be to find ssh. This service has a number of vulnerabilities. If configured into a specific mode, many versions of the RSAREF library will have many vulnerabilities.
Port: 23
Service: Telnet
Description: Remote login, the intruder is searching for remote login UNIX services. In most cases this port is scanned to find the operating system on which the machine is running. There are other techniques that intruders can also find passwords. The Trojan Tiny Telnet Server opens this port.
Port: 25
Service: SMTP
Description: The port opened by the SMTP server for sending mail. Intruders look for SMTP servers to pass their SPAM. The intruder's account is closed and they need to connect to a high-bandwidth E-mail server to pass simple messages to different addresses. Trojan Antigen, Email PassWord Sender, Haebu Coceda, Shtrilitz Stealth, WinPC, WinSpy all open this port.
Port: 31
Service: MSG Authentication
Description: Trojan Master Paradise, Hackers Paradise open this port.
Port: 42
Service: WINS Replication
Description: WINS Replication
Port: 53
Service: Domain Name Server (DNS)
Description: DNS Server The open port, the intruder may be trying to make a zone transfer (TCP), spoofing DNS (UDP) or hiding other communications. Therefore, firewalls often filter or log this port.
Port: 67
Service: Bootstrap Protocol Server
Description: A large number of data sent to the broadcast address 255.255.255.255 is often seen by firewalls of DSL and cable modems. These machines are requesting an address from the DHCP server. HACKER often enters them, assigning an address to launch a large number of man-in-middle attacks as a local router. The client broadcasts the request configuration to port 68, and the server broadcasts a response request to port 67. This response uses broadcast because the client does not yet know the IP address that can be sent.
Port: 69
Service: Trival File Transfer
Description: Many servers provide this service with bootp to download the boot code from the system. But they often cause intruders to steal any files from the system due to misconfiguration. They can also be used to write files to the system.
Port: 79
Service: Finger Server
Description: Intruder is used to obtain user information, query the operating system, detect known buffer overflow errors, and respond from your own machine to other machines. scanning.
Port: 80
Service: HTTP
Description: Used for web browsing. The Trojan Executor opens this port.
Port: 99
Service: Metagram Relay
Description: The backdoor ncx99 opens this port.
Port: 102
Service: Message transfer agent (MTA)-X.400 over TCP/IP
Description: Message Transfer Agent.
Port: 109
Service: Post Office Protocol -Version3
Description: The POP3 server opens this port for receiving mail, and the client accesses the server-side mail service. There are many recognized weaknesses in POP3 services. There are at least 20 weaknesses in the username and password exchange buffer overflow, which means that the intruder can enter the system before actually logging in. There are other buffer overflow errors after successful login.
Port: 110
Service: All ports of SUN's RPC service
Description: Common RPC services include rpc.mountd, NFS, rpc.statd, rpc.csmd, rpc.ttybd, amd, etc.
Port: 113
Service: Authentication Service
Description: This is a protocol running on many computers that authenticates users of TCP connections. A lot of computer information can be obtained using this standard service. But it can serve as a logger for many services, especially FTP, POP, IMAP, SMTP, and IRC. Usually if there are many customers accessing these services through the firewall, you will see many connection requests for this port. Remember, if you block this port client, you will feel a slow connection to the E-mail server on the other side of the firewall. Many firewalls support the return of RST during the blocking of TCP connections. This will stop the slow connection.
Port: 119
Service: Network News Transfer Protocol
Description: NEWS newsgroup transport protocol, carrying USENET communications. The connection to this port is usually where people are looking for a USENET server. Most ISPs restrict their access to their newsgroup servers only to their customers. Opening a newsgroup server will allow you to send/read anyone's posts, access restricted newsgroup servers, post anonymously or send SPAM.
Port: 135
Service: Location Service
Description: Microsoft runs the DCE RPC end-point mapper on this port for its DCOM service. This is very similar to the functionality of the UNIX 111 port. Services using DCOM and RPC use the end-point mapper on the computer to register their location. When remote clients connect to the computer, they look up the location where the end-point mapper finds the service. HACKER scans this port of the computer in order to find this computer running Exchange Server? What version? There are also some DOS attacks directed at this port.
Port: 137, 138, 139
Service: NETBiOS Name Service
Description: 137, 138 are UDP ports, use this port when transferring files through Network Neighborhood. And port 139: The connection through this port attempts to get the NetBiOS/SMB service. This protocol is used for Windows File and Printer Sharing and SAMBA. And WINS Regisrtation also uses it.
Port: 143
Service: Interim Mail Access Protocol v2
Description: Like the POP3 security issue, many IMAP servers have a buffer overflow vulnerability. Remember: A LINUX worm (admv0rm) will propagate through this port, so many of this port's scans come from uninformed users who are already infected. These vulnerabilities became popular when REDHAT allowed IMAP by default in their Linux distributions. This port is also used for IMAP2, but it is not popular.
Port: 161
Service: SNMP
Description: SNMP allows remote management of devices. All configuration and operational information is stored in the database and is available via SNMP. Many administrators' misconfigurations will be exposed to the Internet. Cackers will attempt to access the system using the default passwords public and private. They may experiment with all possible combinations. SNMP packets may be incorrectly pointed to the user's network.
Port: 177
Service: X Display Manager Control Protocol
Description: Many intruders use it to access the X-Windows console, which also needs to open the 6000 port.
We know that the system has been used for a long time, it will often shut down the organization very
Third, make the commonly used programs more convenient The various applications installed i
It is very troublesome to turn off the computer one more, and many friends ask if there is a
Setting up the animation demonstration tutorial: Windows XP system wired network card automatically
Windows XP SP2 cleverly implements time synchronization
Windows XP system login password lost after two solutions
XP network and file security tips tips
Windows XP self-extracting file production process comprehensive analysis
Xp permission settings and network printers denied access resolution
Complete the Windows system finishing five steps
Internet four common problems in XP
6 Windows XP "automation" features
Tip: Fully master the compression function of Windows XP
XP system saves memory method introduction
XP little-known registry secrets big release
Solution not found for the file or folder pointed to by the shortcut
Vista search function may cause data leakage
Kernel upgrade Firefox 30.0 Beta 3 Chinese version released
Uninstalling unnecessary core applications with one command Freeing up space occupied by Windows 10
What to open swf file, how to open swf file
What should I do if the standby in the system is lost?
Win10 weather application home page shows how the weather changes the city