How much do you know about Windows high-risk ports

Someone once compared a server to a house and compared the port to a door to a different room (service). This is a good metaphor if you don't consider the details. Intruders typically scan the port of the target host with a scanner to guess possible vulnerabilities and invade those vulnerable ports, especially high-risk ports. Today, Xiaobian will introduce you to the high-risk port that is easy to cause damage to computer security. Let's take a look at it.

135 c-serv 135 port is mainly used to use RPC (Remote Procedure Call) Protocol and provide DCOM (Distributed Component Object Model) service, through RPC can guarantee that the program running on one computer can successfully execute the code on the remote computer;

137 138 is the UDP port when passing the network neighbor This port is used when transferring files. Because it is a UDP port, it is easy for an attacker to obtain information about the target computer by sending a request. Some information can be directly used and analyzed for vulnerabilities, such as IIS services. In addition, by capturing packets that are communicating using port 137, it is also possible to get the time to start and shut down the target computer so that special tools can be used to attack. Just turn off the file and printer sharing on the Microsoft network, and the hook in front of the Microsoft network client;

139 is provided for "NetBIOS Session Service", mainly for Windows file and printer sharing. And the Samba service in Unix. To share files on a LAN in Windows, you must use this service. Open port 139, although it can provide shared services, but is often used by attackers to attack, use a special scanning tool to scan the target computer's port 139, if you find a loophole, you can try to obtain the username and password, close the method network neighborhood properties - local Connection Properties - Internet Protocol Properties - Advanced, select “ Disable NetBIOS on TCP/IP; File and Print Sharing The connection entered through this port attempts to get the NetBIOS/SMB service. Ipc$ is to rely on this port.

445 is about the file and print sharing, the information circulation data port, the general hacker is through this port to control your computer or Trojan, windows2000 and later versions This port will be opened automatically. General epidemic viruses, such as shockwaves, shocks, and disasters, start attacking computers from this port!

1900 UDP ports are derived from the SSDP Discovery Service. Close this port to prevent DDoS attacks. Recommendation: Disable

123 UDP port Windows Time service. Close UDP port 123 to protect against certain worms. Suggestion: Disabled;

Note: These port systems are open by default. Pay special attention when doing security..

High-risk port shutdown method---IP security policy method (also modified Methods such as registry and shutdown services)

Create an IP security policy to block ports:

Closed ports are, 135, 137, 138, 139, 445, 1025, 2475, 3127, 6129 , 3389,593,

The specific operations are as follows:

By default, there are mainly: TCP 135, 139, 445, 593, 1025 ports and UDP ports 135, 137, 138, 445, Backdoor ports for some popular viruses (such as TCP 2745, 3127, and 6129 ports) and remote service access port 3389.

In the first step, click on “Start”Menu/Settings/Control Panel/Administrative Tools, double-click to open “Local Security Policy>, select “IP Security Policy, on local computer”, in Right-click the blank position in the right pane to bring up the shortcut menu and select “Create IP Security Policy” to bring up a wizard. Click the “Next” button in the wizard to name the new security policy; press “Next”, then display the "secure communication request" screen, and activate the default rule on the screen “ The hook on the left is removed, and clicking the “Complete" button creates a new IP security policy. Previous12Next page Total 2 pages