Port is the logical interface between the computer and the external network. It is also the first barrier of the computer. Therefore, whether the port configuration is correct or not directly affects the security of our host. In general, it is safer to just open the ports you need to use, but turning off the ports means reducing functionality, so we need to balance some of the security and functionality. For those features that we don't need at all, there is no need to open the port to the hacker, so as an administrator, I close the protocols and ports that are not commonly used.
The following will help you understand which ports hackers often attack and how to prevent them. I hope that the majority of computer users can accumulate experience and prevent hackers from invading.
Because worms have the characteristics of automatic attack and rapid propagation, it accounts for about 90% of network attacks, usually system scans or sync attacks. Among them, the source of most cyber attacks is the United States. According to ActiveScout, these worms multiply rapidly, and scans and attacks are separated for a short period of time and therefore cannot be artificially controlled. The worm also has the characteristics of repeated attacks, they will find the same port and invade these ports on a large scale. If people do not take precautions against worms, the success rate of attack/scan will reach 30%, that is, in 10 scans, 3 times will get results and can be attacked.
96% of scans are concentrated on ports
Port scans account for approximately 96% of network scans, followed by UDP (User Datagram Protocol) services, which account for 3.7%. In addition to these two, the remaining 0.3% are username and password scans, NetBIOS domain login information, and SNMP management data. Tel Aviv University has begun efforts to prevent worm attacks and cyber attacks against NetBIOS vulnerabilities, as these attacks may infect all Windows systems. At the same time, the ISP is required to filter all NetBIOS traffic before sending traffic.
A survey has shown that in the past six months, the number of dangerous Internet traffic has increased by a factor of two; dark noise is mainly caused by network detection, and 45% to 55% of suspicious behaviors are hackers on computers. Scanning; most attacks are automatic, small program attacks usually come from previously poisoned computers; the main reason for hackers to attack these networks is to find computers they can use to spread spam, find special storage space for illegal files, or Take up the machine available for the next attack.
10 ports are the most vulnerable
An organization I-Trap has collected data from 24 firewalls for 12 hours of operation, these firewalls are located in the Internet of 24 corporate intranets and local ISPs in Ohio, USA. Between the backbone networks. In the meantime, there were 12,000 hacker attacks on the port. The following table details the attack.
Port number service attack events description
135 and 445 windows rpc are 42 times and 457 times respectively, indicating that the latest windows virus or worm may be infected
57 email 56 hackers using fx tools on this port Scanning, looking for weaknesses in Microsoft web server
1080, 3128, 6588, 8080 Proxy services are 64, 21, 21, 163 times respectively, indicating that the hacker is scanning
25 smtp service 56 times is hacking to detect smtp server and Signals for sending spam
10000+ Unregistered services 376 attacks These ports usually return traffic, possibly due to improper computer or firewall configuration