Ethereum bootstrap
Publish: 2021-04-27 04:55:43
1. The characteristics of the second generation computer: transistor, high-level language
CPU structure: arithmetic unit, control unit, storage unit
physical structure of hard disk, composed of track, sector, cylinder and head. Each track is divided into several sectors, each sector is usually 512 bytes. The number of tracks of a hard disk is generally between 300 and 3000, and the number of sectors per track is usually 63
three types of FAT16 are common in dos and win97, and FAT32 is used in later versions of Win9x. For example, Win98
NTFS only exists in WIN2000 and XP< The main components of the first computer are electronic tubes, CPU components: main frequency, memory, bus speed, working voltage, extended instruction set, integer and floating point, first level cache, second level cache, Manufacturing process
the most important selection standard of CPU is cost performance ratio
the memory that data will disappear after the host power is cut off is ram
ROM read-only memory EPROM when the data stored in ROM needs to be deleted or re written, It is not necessary to pay attention to the choice of memory in erasable programming ROM
the weight of memory itself
the abbreviation fat means file allocation table
the three steps necessary for the factory hard disk are low format, partition and advanced format
CD-RW can be recorded repeatedly in the CD
bus, connection object classification: internal bus, system bus, and so on, External bus
function classification, data bus, address bus, control bus
the meaning of interrupt: it is an important technology for CPU to deal with external emergencies. It can enable CPU to deal with the interrupt request of external events in time ring operation, and return to the breakpoint immediately after completion, and continue to deal with the original work of CPU
in asynchronous communication, if a character occupies 8 bits of data, and the start bit and the end bit occupy at least 1 bit each, then the actual efficiency of information transmission is at most 80%. Using a data format with a synchronous word as the start bit is a synchronous communication mode
the type of printer, needle printer, inkjet printer, laser printer
the refresh rate of graphics card should be greater than 75Hz
PCI is a common sound card interface
the characteristics of the program: purposeful, orderly, limited
operating system function: software used to control and manage computer hardware and software resources. Through processor management, memory management, file management, device management and job management, the computer can be controlled, The main structure of computer motherboard is ATX, which is abbreviated as BIOS. The 7-inch bracket is not included in the computer case. The interface of computer optical drive is the same as that of hard disk, IDE
the steps of hard disk partition do not include the deletion of tracks
the first generation computer network takes the host as the center
the second generation computer network takes the communication subnet as the center, and the communication subnet forms an organic whole, which is decentralized and unified, so that the performance of the whole system is greatly improved
the communication rules between the same layers in the network are the partners used by this layer, The communication rules between functional layers of the same computer are called interface
service elements: request, instruction, response, confirmation
OSI: physical layer, data link layer, network layer, transport layer, session layer, presentation layer, application layer
bit frame message TP spud PP AP
presentation layer involves data compression and decompression, data encryption and decryption, etc, Function provides data expression and coding format
TCP / IP network interface layer, Internet layer, transport layer, application layer
network interface layer is equivalent to physical layer, data link layer, Internet layer is equivalent to network layer, transport layer, application layer is equivalent to session layer, presentation layer, The concept of application layer
packet switching was proposed by Davis in 1966
the terminal oriented network takes the host as the center
improving the generality of the system is not the function of the computer network
the widespread application of the Internet is the data link layer of OSI seven layer model in the 1980s-1990s, which is related to error detection and media access
the transmission of UDP in the TCP / IP protocol model Layer
physical layer medium characteristics: throughput and bandwidth, cost, size and scalability, connector and noise resistance
10BASE5 definition: 10 represents 10m throughput, base represents baseband transmission, 5 represents the maximum length of cable segment is 500m, the maximum number of stations in each segment is 100, and the minimum distance between two stations is 2.5m, The maximum network length is 2500 m
10base2, the maximum length of each segment is 185 m, the maximum number of stations in each segment is 30, the minimum distance between two sites is 0.5 m, the maximum length is 925, the maximum length of five segments is 100 m, and each logical segment of twisted pair can only accommodate 1024 nodes
structured cabling system: entrance equipment, trunk cable, equipment room, telecommunication cabinet, Horizontal cable
the maximum distance allowed for horizontal cable is 100 meters, which includes 90 meters from the telecommunication cabinet to the wall jack and 10 meters from the wall jack to the workstation, The transmission mode of physical signal is digital
the function of repeater is to amplify signal
UTP twisted pair is the most widely used in today's LAN environment
according to the bus classification, network card includes ISA, EISA, PCI
hub belongs to the physical layer of OSI seven layer structure
Ethernet address is 6 bytes, 48 bits
Ethernet frame preamble contains 8 bytes, The destination address contains 6 bytes, the source address contains 6 bytes, the type field contains 2 bytes, and the data field contains 46-1500 bytes
Ethernet naming method: n-signal-physical medium
n: data rate signal in megabits: if the adopted signal is baseband, that is, the physical medium is dedicated to Ethernet and not shared with other communication systems, it is expressed as base, If the signal is broadband and the physical medium can support Ethernet and other non Ethernet services at the same time, it means that the necessary factors for realizing full plex in broad
are as follows: e to the use of structured cabling system, the underlying implementation turns to the dedicated medium; Due to the use of switches, it is possible to recommend differential segments and dedicated LANs.
the conditions of full plex operating environment are as follows: 1. There can only be two devices in a LAN. 2. The physical medium itself must be able to support non-interference concurrent sending and receiving quality types 3. The network interface must be able to use and be configured for full plex mode
the significance of full plex operation: it eliminates the limitation of CSMA / CD on the link length 2) increases the total capacity of the channel 3) increases the potential load of the switch
the method of Ethernet flow control: under half plex condition In 1983, IEEE Standard Committee approved the first 802.3 standard, and Ethernet defined an algorithm to ensure that only one device can send signals at a time, This algorithm is CSMA / CD algorithm
IEEE defines most Ethernet and token ring standards, while FDDI's standard is defined by ANSI. These specifications match with OSI's layer 2, and are usually divided into two parts, media access control (MAC) and MAC logical link control (MAC and LLC sublayer
for Ethernet, MAC and LLC sublayer can be divided into two parts, 1500 bytes is the maximum allowed MTU value
the Ethernet address is 6 bytes long
full plex means that an Ethernet card can send and receive data at the same time, and CSMA / CD is not used for full plex operation
the meaning of full plex operation eliminates the limitation of CSMA / CD on the link length and increases the total capacity of the channel, Increase the potential load of the switch
the motivation of automatic negotiation includes incompatible devices, using the same connector, human error factors
internal switch mode: store and forward, fast forward, segmented filtering
switch switching architecture: shared memory, shared bus, Cross point array
switch access methods: console port, Telnet, browser and SNMP based network management software, etc.
restore the switch password: turn off, press and hold the switch mode key, turn on at the same time, release the mode key, and execute flash_ Init command, rename the config.text file in flash to config.old file, and execute the boot command to start the switch. Change the config.old file in flash back to the config.text file, the config.text into the running config of the system. Add the configuration mode, reset the password and save it, and then restore the password to Cisco. Fast forwarding in the forwarding mode of switch, the speed is the fastest
the design of internal switch structure of switch is very important to the performance of switch, and the performance of cross point array is the highest
the port density of 2950 switch is the highest
the 295-48 switch
Cisco 2950 switch, and the switching matrix is 8.8g, Base Ethernet MAC address represents the basic MAC address of the device
the command to restore the factory default configuration of Cisco 2950 switch is erase startup config / erase NVRAM
the command to view the MAC address table of the device is show MAC address table
display the statistical information about CDP packets of the switch, The command to view the number of announcements received and sent is show CDP traffic
IP address classification, a, B, C, D, e, a valid address 1-127, B address 128-191, C address 192-223, D address 224-239, e address 240-254
the function of subnet mask is to obtain the network address information of host IP address, which is used to distinguish different situations of host communication, How ARP works: check ARP cache, send ARP request, add ARP cache entry, send ARP response, add ARP cache entry, send IP packet
function of ARP: IP to MAC parsing
router hardware memory content: RAM contains IOS image and configuration file running config, routing table and data buffer, easy to lose, Power down causes ROM read-only memory, router stores bootstrap and post code, power off will not lose
flash, flash, storage IOS software image, enough capacity, can save multiple images, power off will not lose
NVRAM: nonvolatile random access memory, storage boot configuration file, startup config, configuration register, (configuration register, Power down does not lose
the startup process of Router: power on self-test, load and run self boot, find IOS software, load IOS software, find configuration. Configuration mode: through console port configuration, through aux port configuration, through virtual terminal configuration, through FTP server configuration. The use of text editing: ctrl-a moves the cursor to the beginning of the line, Ctrl-F moves the cursor forward a character, esc-f moves the cursor forward a word, ctrl-d removes a character, ctrl-x removes the content on the left side of the cursor, ctrl-u removes a line, back space removes a character on the left side of the cursor, CTRL-E moves the cursor to the end of the line, ctrl-b moves the cursor backward a character, and esc-b moves the cursor backward a word, Ctrl-k deletes the content on the right side of the cursor, ctrl-w deletes a word, and ctrl-r refreshes the command line and the previously entered content
configure timeout: the default timeout is 10 minutes, 0 0 in line console 0 represents the timeout interval, the first represents minutes, the second represents seconds, and 0 0 represents never timeout
router password recovery: if enable password recovery
CPU structure: arithmetic unit, control unit, storage unit
physical structure of hard disk, composed of track, sector, cylinder and head. Each track is divided into several sectors, each sector is usually 512 bytes. The number of tracks of a hard disk is generally between 300 and 3000, and the number of sectors per track is usually 63
three types of FAT16 are common in dos and win97, and FAT32 is used in later versions of Win9x. For example, Win98
NTFS only exists in WIN2000 and XP< The main components of the first computer are electronic tubes, CPU components: main frequency, memory, bus speed, working voltage, extended instruction set, integer and floating point, first level cache, second level cache, Manufacturing process
the most important selection standard of CPU is cost performance ratio
the memory that data will disappear after the host power is cut off is ram
ROM read-only memory EPROM when the data stored in ROM needs to be deleted or re written, It is not necessary to pay attention to the choice of memory in erasable programming ROM
the weight of memory itself
the abbreviation fat means file allocation table
the three steps necessary for the factory hard disk are low format, partition and advanced format
CD-RW can be recorded repeatedly in the CD
bus, connection object classification: internal bus, system bus, and so on, External bus
function classification, data bus, address bus, control bus
the meaning of interrupt: it is an important technology for CPU to deal with external emergencies. It can enable CPU to deal with the interrupt request of external events in time ring operation, and return to the breakpoint immediately after completion, and continue to deal with the original work of CPU
in asynchronous communication, if a character occupies 8 bits of data, and the start bit and the end bit occupy at least 1 bit each, then the actual efficiency of information transmission is at most 80%. Using a data format with a synchronous word as the start bit is a synchronous communication mode
the type of printer, needle printer, inkjet printer, laser printer
the refresh rate of graphics card should be greater than 75Hz
PCI is a common sound card interface
the characteristics of the program: purposeful, orderly, limited
operating system function: software used to control and manage computer hardware and software resources. Through processor management, memory management, file management, device management and job management, the computer can be controlled, The main structure of computer motherboard is ATX, which is abbreviated as BIOS. The 7-inch bracket is not included in the computer case. The interface of computer optical drive is the same as that of hard disk, IDE
the steps of hard disk partition do not include the deletion of tracks
the first generation computer network takes the host as the center
the second generation computer network takes the communication subnet as the center, and the communication subnet forms an organic whole, which is decentralized and unified, so that the performance of the whole system is greatly improved
the communication rules between the same layers in the network are the partners used by this layer, The communication rules between functional layers of the same computer are called interface
service elements: request, instruction, response, confirmation
OSI: physical layer, data link layer, network layer, transport layer, session layer, presentation layer, application layer
bit frame message TP spud PP AP
presentation layer involves data compression and decompression, data encryption and decryption, etc, Function provides data expression and coding format
TCP / IP network interface layer, Internet layer, transport layer, application layer
network interface layer is equivalent to physical layer, data link layer, Internet layer is equivalent to network layer, transport layer, application layer is equivalent to session layer, presentation layer, The concept of application layer
packet switching was proposed by Davis in 1966
the terminal oriented network takes the host as the center
improving the generality of the system is not the function of the computer network
the widespread application of the Internet is the data link layer of OSI seven layer model in the 1980s-1990s, which is related to error detection and media access
the transmission of UDP in the TCP / IP protocol model Layer
physical layer medium characteristics: throughput and bandwidth, cost, size and scalability, connector and noise resistance
10BASE5 definition: 10 represents 10m throughput, base represents baseband transmission, 5 represents the maximum length of cable segment is 500m, the maximum number of stations in each segment is 100, and the minimum distance between two stations is 2.5m, The maximum network length is 2500 m
10base2, the maximum length of each segment is 185 m, the maximum number of stations in each segment is 30, the minimum distance between two sites is 0.5 m, the maximum length is 925, the maximum length of five segments is 100 m, and each logical segment of twisted pair can only accommodate 1024 nodes
structured cabling system: entrance equipment, trunk cable, equipment room, telecommunication cabinet, Horizontal cable
the maximum distance allowed for horizontal cable is 100 meters, which includes 90 meters from the telecommunication cabinet to the wall jack and 10 meters from the wall jack to the workstation, The transmission mode of physical signal is digital
the function of repeater is to amplify signal
UTP twisted pair is the most widely used in today's LAN environment
according to the bus classification, network card includes ISA, EISA, PCI
hub belongs to the physical layer of OSI seven layer structure
Ethernet address is 6 bytes, 48 bits
Ethernet frame preamble contains 8 bytes, The destination address contains 6 bytes, the source address contains 6 bytes, the type field contains 2 bytes, and the data field contains 46-1500 bytes
Ethernet naming method: n-signal-physical medium
n: data rate signal in megabits: if the adopted signal is baseband, that is, the physical medium is dedicated to Ethernet and not shared with other communication systems, it is expressed as base, If the signal is broadband and the physical medium can support Ethernet and other non Ethernet services at the same time, it means that the necessary factors for realizing full plex in broad
are as follows: e to the use of structured cabling system, the underlying implementation turns to the dedicated medium; Due to the use of switches, it is possible to recommend differential segments and dedicated LANs.
the conditions of full plex operating environment are as follows: 1. There can only be two devices in a LAN. 2. The physical medium itself must be able to support non-interference concurrent sending and receiving quality types 3. The network interface must be able to use and be configured for full plex mode
the significance of full plex operation: it eliminates the limitation of CSMA / CD on the link length 2) increases the total capacity of the channel 3) increases the potential load of the switch
the method of Ethernet flow control: under half plex condition In 1983, IEEE Standard Committee approved the first 802.3 standard, and Ethernet defined an algorithm to ensure that only one device can send signals at a time, This algorithm is CSMA / CD algorithm
IEEE defines most Ethernet and token ring standards, while FDDI's standard is defined by ANSI. These specifications match with OSI's layer 2, and are usually divided into two parts, media access control (MAC) and MAC logical link control (MAC and LLC sublayer
for Ethernet, MAC and LLC sublayer can be divided into two parts, 1500 bytes is the maximum allowed MTU value
the Ethernet address is 6 bytes long
full plex means that an Ethernet card can send and receive data at the same time, and CSMA / CD is not used for full plex operation
the meaning of full plex operation eliminates the limitation of CSMA / CD on the link length and increases the total capacity of the channel, Increase the potential load of the switch
the motivation of automatic negotiation includes incompatible devices, using the same connector, human error factors
internal switch mode: store and forward, fast forward, segmented filtering
switch switching architecture: shared memory, shared bus, Cross point array
switch access methods: console port, Telnet, browser and SNMP based network management software, etc.
restore the switch password: turn off, press and hold the switch mode key, turn on at the same time, release the mode key, and execute flash_ Init command, rename the config.text file in flash to config.old file, and execute the boot command to start the switch. Change the config.old file in flash back to the config.text file, the config.text into the running config of the system. Add the configuration mode, reset the password and save it, and then restore the password to Cisco. Fast forwarding in the forwarding mode of switch, the speed is the fastest
the design of internal switch structure of switch is very important to the performance of switch, and the performance of cross point array is the highest
the port density of 2950 switch is the highest
the 295-48 switch
Cisco 2950 switch, and the switching matrix is 8.8g, Base Ethernet MAC address represents the basic MAC address of the device
the command to restore the factory default configuration of Cisco 2950 switch is erase startup config / erase NVRAM
the command to view the MAC address table of the device is show MAC address table
display the statistical information about CDP packets of the switch, The command to view the number of announcements received and sent is show CDP traffic
IP address classification, a, B, C, D, e, a valid address 1-127, B address 128-191, C address 192-223, D address 224-239, e address 240-254
the function of subnet mask is to obtain the network address information of host IP address, which is used to distinguish different situations of host communication, How ARP works: check ARP cache, send ARP request, add ARP cache entry, send ARP response, add ARP cache entry, send IP packet
function of ARP: IP to MAC parsing
router hardware memory content: RAM contains IOS image and configuration file running config, routing table and data buffer, easy to lose, Power down causes ROM read-only memory, router stores bootstrap and post code, power off will not lose
flash, flash, storage IOS software image, enough capacity, can save multiple images, power off will not lose
NVRAM: nonvolatile random access memory, storage boot configuration file, startup config, configuration register, (configuration register, Power down does not lose
the startup process of Router: power on self-test, load and run self boot, find IOS software, load IOS software, find configuration. Configuration mode: through console port configuration, through aux port configuration, through virtual terminal configuration, through FTP server configuration. The use of text editing: ctrl-a moves the cursor to the beginning of the line, Ctrl-F moves the cursor forward a character, esc-f moves the cursor forward a word, ctrl-d removes a character, ctrl-x removes the content on the left side of the cursor, ctrl-u removes a line, back space removes a character on the left side of the cursor, CTRL-E moves the cursor to the end of the line, ctrl-b moves the cursor backward a character, and esc-b moves the cursor backward a word, Ctrl-k deletes the content on the right side of the cursor, ctrl-w deletes a word, and ctrl-r refreshes the command line and the previously entered content
configure timeout: the default timeout is 10 minutes, 0 0 in line console 0 represents the timeout interval, the first represents minutes, the second represents seconds, and 0 0 represents never timeout
router password recovery: if enable password recovery
2.
Client self assigned address refers to the current IP address of the client
client address refers to the IP address to be assigned by the server to the client
3. It doesn't matter. It's normal. Don't worry.
4. Protocol frame:
eth: Ethernet
IP: IP is the abbreviation of internet protocol, which means "protocol for interconnection between networks", that is, the protocol designed for communication between computer networks<
UDP: UDP protocol is a datagram protocol (different from TCP protocol in transmission mode and effect). It is a transmission protocol.
BOOTP: this protocol is based on TCP / IP protocol. It allows diskless stations to obtain IP address from a central server and assign dynamic IP address to diskless workstations in LAN, There is no need for each user to set a static IP address. BOOTP protocol generally includes bootstrap protocol server (bootstrap protocol server) and bootstrap protocol client (bootstrap protocol client).
eth: Ethernet
IP: IP is the abbreviation of internet protocol, which means "protocol for interconnection between networks", that is, the protocol designed for communication between computer networks<
UDP: UDP protocol is a datagram protocol (different from TCP protocol in transmission mode and effect). It is a transmission protocol.
BOOTP: this protocol is based on TCP / IP protocol. It allows diskless stations to obtain IP address from a central server and assign dynamic IP address to diskless workstations in LAN, There is no need for each user to set a static IP address. BOOTP protocol generally includes bootstrap protocol server (bootstrap protocol server) and bootstrap protocol client (bootstrap protocol client).
5. Imp is the old name of ARPANET packet switching. According to the port number, it can be divided into three categories: (1) well known ports: from 0 to 1023, they are closely bound to some services. Usually, the communication between these ports clearly indicates the protocol of a certain service. For example, port 80 is actually always HTTP communication 2) Registered ports: from 1024 to 49151. They are loosely bound to some services. That is to say, there are many services bound to these ports, which are also used for many other purposes. For example, many systems deal with dynamic ports from around 1024 3) Dynamic and / or private ports: from 49152 to 65535. In theory, these ports should not be assigned to services. In fact, machines usually allocate dynamic ports from 1024. But there are exceptions: sun's RPC port starts at 32768. 0 is usually used to analyze the operating system. This method works because "0" is an invalid port in some systems, and when you try to connect it with a normal closed port, it will proce different results. A typical scan: use IP address of 0.0.0.0, set ack bit and broadcast on Ethernet layer. 1 tcpmux TCP port service multiplexer transport control protocol port service multiplexer 2 compressnet management utility compressnet management utility 3 compressnet compression process compression process 5 RJE remote job entry remote job login 7 echo echo echo 9 discard discard discard 11 SYSTAT active users online users 13 daylight daylight Time 17 QTd quote of the day 18 MSP message send protocol 19 character character generator 20 FTP data file transfer [default data] file transfer protocol (default data port) 21 FTP file transfer [control] file transfer protocol (control) 22 SSH Remote Login Protocol SSH Remote Login Protocol 23 telnet teln Et terminal simulation protocol 24 any private mail system reserved for personal mail system 25 SMTP Simple Mail Transfer Protocol 27 NSW Fe NSW user system Fe NSW user system field engineer 29 MSG ICP MSG ICP 31 MSG auth MSG authentication MSG verification 33 DSP display support protocol 35 any private printer serve R reserved for personal printer service 37 time 38 rap route access protocol 39 RLP resource location protocol 41 graphics graphics 42 nameserver wins host name server wins host name service 43 nicname who is & quot; Nickname & quot; Who is service 44 MPM flags MPM flags protocol MPM (message processing mole) flag protocol 45 MPM message processing mole [recv] message processing mole 46 MPM snd MPM [default send] message processing mole (default sender) 47 Ni FTP Ni FTP 48 audited digital audit daemon digital audio background service 49 TACACS Login Host Protocol (TACACS) TACACS Login Host Protocol Discussion on 50 re mail CK Remote Mail Checking Protocol 51 La maint imp logical address maintenance imp 52 XNS time XNS time protocol 53 domain name server 54 XNS ch XNS clearing house 55 ISI GL ISI graphics language 56 XNS auth XNS authentication Xerox Network service system verification 57? Any private terminal access reservation personal terminal access 58 XNS mail XNS mail Xerox Network service system mail 59 any private file service reservation personal file service 60 unassigned 61 Ni mail Ni mail? 62 ACAS ACAS services asynchronous communication adapter service 63 whois + whois + whois + 64 covia communications integrator (CI) communication interface 65 TACACS DS TACACS database service 66 SQL * NET Oracle SQL * NET 67 bootps bootstrap protocol server bootstrap protocol server 68 bootpc bootstrap protocol client bootstrap protocol Discussion on client 69 TFTP trivial file transfer protocol 70 gopher gopher information retrieval protocol 71 netrjs-1 remote job service 72 netrjs-2 remote job service 73 netrjs-3 remote job service 74 netrjs-4 remote job service 75 any private dial out service Personal dial out service 76 deos distributed external object store 77 any private RJE service reserved for personal remote job input service 78 vettcp vettcp modify TCP? 79 finger finger query remote host online user information 80 HTTP World Wide Web HTTP global information network hypertext transfer protocol 81 hosts2 ns hosts2 name server host2 name service 82 xfer xfer utility transfer utility 83 MIT ml dev MIT ml device molar intelligent terminal ml device 84 CTF common trace facility 85 MIT ml dev MIT ml devic E-molar intelligent terminal ml device 86 mfcobol micro focus COBOL micro focus COBOL programming language 87 any private terminal link reserved for personal terminal connection 88 Kerberos Kerberos security authentication system 89 Su MIT TG Su / MIT telnet gateway Su / MIT terminal simulation gateway 90 dnsix dnsix security attribute token map dnsix security attribute token map 91 MIT Dov MIT do Ver spooler MIT Dover spooler 92 NPP network printing protocol 93 DCP device control protocol 94 objcall Tivoli object dispatcher Tivoli object scheler 95 sup supp 96 Dixie protocol specification Dixie protocol specification 97 swift RVF (switch remote virtual file protocol) fast remote virtual file protocol 9 8 tacnews TAC news
6. In network technology, port has two meanings: one is a physical port, such as ADSL modem, hub, switch, router used to connect other network equipment interface, such as RJ-45 port, SC port and so on. The second is the logical port, which generally refers to the port in the TCP / IP protocol. The port number ranges from 0 to 65535, such as port 80 for browsing web services, port 21 for FTP services, and so on. What we are going to introce here is the logical port<
view ports
to view ports in Windows 2000 / XP / Server 2003, you can use the netstat command:
click "start → run" in turn, type "CMD" and enter to open the command prompt window. Type "netstat - A - n" at the command prompt and press enter to see the port number and status of TCP and UDP connections in digital form
close / open ports
before introcing the functions of various ports, this paper first introces how to close / open ports in windows, because by default, many unsafe or useless ports are opened, such as port 23 of Telnet service, port 21 of FTP service, port 25 of SMTP service, port 135 of RPC service, etc. In order to ensure the security of the system, we can close / open the port through the following methods
Close port
for example, close port 25 of SMTP service in Windows 2000 / XP. You can do this: first open control panel, double-click management tools, and then double-click services. Then find and double-click the "Simple Mail Transfer Protocol (SMTP)" service in the open service window, click the "stop" button to stop the service, then select "disabled" in the "start type", and finally click the "OK" button. In this way, shutting down the SMTP service is equivalent to shutting down the corresponding port
open port
if you want to open the port, just select Auto in start type, click OK, then open the service, click start in service status to enable the port, and finally click OK
tip: there is no "service" option in Windows 98. You can use the firewall's rule setting function to close / open the port
port classification
there are many kinds of logical port classification standards. The following will introce two common classifications:
1. According to the port number distribution
(1) well-known ports
well-known ports are well-known port numbers, ranging from 0 to 1023. These port numbers are generally assigned to some services. For example, port 21 is assigned to FTP service, port 25 to SMTP service, port 80 to HTTP service, and port 135 to RPC service
(2) dynamic ports
the range of dynamic ports is from 1024 to 65535. These port numbers are generally not assigned to a service, that is to say, many services can use these ports. As long as the running program requests the system to access the network, the system can assign one of these port numbers for the program to use. For example, port 1024 is assigned to the first program to send an application to the system. After closing the program process, the occupied port number will be released
however, dynamic ports are often used by virus trojan programs, such as ice river's default connection port is 7626, way 2.4 is 8011, Netspy 3.0 is 7306, Yai virus is 1024, etc< According to protocol type, it can be divided into TCP, UDP, IP and ICMP ports. The following mainly introces TCP and UDP ports:
(1) TCP port
TCP port, which is the transmission control protocol port, needs to establish a connection between the client and the server, so as to provide reliable data transmission. Common ones include port 21 of FTP service, port 23 of Telnet service, port 25 of SMTP service, port 80 of HTTP service and so on
(2) UDP port
UDP port, that is, the user packet protocol port, does not need to establish a connection between the client and the server, so the security is not guaranteed. The common ones are port 53 of DNS service, port 161 of SNMP service, port 8000 and 4000 of QQ service, etc
common network ports
basic knowledge of network! Port comparison
port: 0
Service: reserved
note: it is usually used to analyze the operating system. This method works because "0" is an invalid port in some systems, and when you try to connect it with the usual closed port, it will proce different results. A typical scan, using IP address of 0.0.0.0, setting ack bit and broadcasting in Ethernet layer
port: 1
Service: tcpmux
note: This shows that someone is looking for the SGI IRIX machine. IRIX is the main provider to implement tcpmux. By default, tcpmux is turned on in this system. IRIX machine contains several default password free accounts when it is released, such as IP, guest uucp, nuucp, demos, tutor, diag, outobox, etc. Many administrators forget to remove these accounts after installation. So hacker searches tcpmux on the Internet and uses these accounts
port: 7
Service: echo
note: you can see the information sent to x.x.x.0 and x.x.x.255 when many people search Fraggle amplifier
port: 19
Service: character generator
note: This is a service that only sends characters. The UDP version will respond to packets containing junk characters after receiving UDP packets. When a TCP connection is made, a data stream containing garbage characters is sent until the connection is closed. Hacker can launch DoS attack by using IP spoofing. Forge UDP packets between two chargen servers. Similarly, Fraggle DoS attacks broadcast a packet with forged victim IP to the port of the target address, and the victim is overloaded in response to the data
port: 21
Service: FTP
note: the open port of FTP server is used for uploading and downloading. The most common way for attackers to find ways to open anonymous's FTP server. These servers have read-write directories. Trojans doly Trojan, fore, invisible FTP, WebEx, wincrash and blade runner
port: 22
Service: SH
note: the connection between TCP and this port established by PcAnyWhere may be to find SSH. This service has many weaknesses. If it is configured in a specific mode, many versions using rsaref library will have many vulnerabilities
port: 23
Service: telnet
Description: remote login, the intruder is searching for the service of remote login UNIX. Most of the time, this port is scanned to find the operating system on which the machine is running. And with other technologies, the intruder will also find the password. This port is opened by tiny telnet server
port: 25
Service: SMTP
note: the port opened by the SMTP server is used to send mail. Intruders look for the SMTP server to deliver their spam. The intruder's account is closed, and they need to connect to the high bandwidth e-mail server to deliver simple information to different addresses. This port is open to Trojans such as anti gen, email password sender, haebu coceda, shtrilitz stealth, winpc and winspy
port: 31
Service: MSG authentication
note: the Trojan horse master paradise and hackers paradise open this port
port: 42
Service: wins replication
Description: wins replication
port: 53
Service: domain name server (DNS)
Description: for the port opened by DNS server, the intruder may attempt to carry out zone transfer (TCP), cheat DNS (UDP) or hide other communication. Therefore, firewalls often filter or log this port
port: 67
Service: bootstrap protocol server
note: through the firewall of DSL and cable modem, you often see a large amount of data sent to the broadcast address 255.255.255.255. These machines are requesting an address from the DHCP server. Hackers often enter them, assign an address and use themselves as local routers to launch a large number of man in middle attacks. The client broadcasts the configuration request to port 68, and the server broadcasts the response request to port 67. This response uses broadcast because the client does not yet know the IP address that can be sent
port: 69
Service: trial file transfer
note: many servers provide this service together with BOOTP to download boot code from the system. But they are often misconfigured so that intruders can steal any files from the system. They can also be used to write files to the system
port: 79
Service: finger server
Description: intruders are used to obtain user information, query the operating system, detect known buffer overflow errors, and respond to finger scanning from their own machine to other machines
port: 80
Service: http
Description: for web browsing. The Trojan executor opens this port
port: 99
Service: metagram relay
note: backdoor ncx99 opens this port
port: 102
Service: message transfer agent (MTA) - x.400 over TCP / IP
note: message transfer agent
port: 109
Service: Post Office Protocol - version 3
note: POP3 server opens this port to receive e-mail and clients access the server-side e-mail service. POP3 services have many recognized weaknesses. There are at least 20 vulnerabilities to user name and password exchange buffer overflow, which means that intruders can enter the system before they actually log in. There are other buffer overflow errors after successful login
port: 110
Service: all ports of RPC service of Sun company
note: common RPC services include rpc.mountd, NFS, rpc.statd, rpc.csmd, rpc.ttybd, AMD, etc.
port: 113
Service: authentication service
note: This is a protocol running on many computers, which is used to identify users of TCP connection. A lot of computer information can be obtained by using the standard service. But it can be used as a recorder for many services, especially FTP, pop, IMAP, SMTP and IRC. Usually, if many customers access these services through the firewall, they will see many connection requests from this port. Remember, if you block this port, the client will feel a slow connection to the e-mail server on the other side of the firewall. Many firewalls support sending back RST ring TCP connection blocking. This will stop the slow connection
port: 119
Service: Network News Transfer Protocol
note: News newsgroup transport protocol, carrying Usenet communication. The connection to this port is usually when people are looking for a Usenet server. Most ISPs restrict access to their newsgroup servers to only their customers. Opening the Newsgroup server will allow you to post / read anyone's posts, and access will be restricted
view ports
to view ports in Windows 2000 / XP / Server 2003, you can use the netstat command:
click "start → run" in turn, type "CMD" and enter to open the command prompt window. Type "netstat - A - n" at the command prompt and press enter to see the port number and status of TCP and UDP connections in digital form
close / open ports
before introcing the functions of various ports, this paper first introces how to close / open ports in windows, because by default, many unsafe or useless ports are opened, such as port 23 of Telnet service, port 21 of FTP service, port 25 of SMTP service, port 135 of RPC service, etc. In order to ensure the security of the system, we can close / open the port through the following methods
Close port
for example, close port 25 of SMTP service in Windows 2000 / XP. You can do this: first open control panel, double-click management tools, and then double-click services. Then find and double-click the "Simple Mail Transfer Protocol (SMTP)" service in the open service window, click the "stop" button to stop the service, then select "disabled" in the "start type", and finally click the "OK" button. In this way, shutting down the SMTP service is equivalent to shutting down the corresponding port
open port
if you want to open the port, just select Auto in start type, click OK, then open the service, click start in service status to enable the port, and finally click OK
tip: there is no "service" option in Windows 98. You can use the firewall's rule setting function to close / open the port
port classification
there are many kinds of logical port classification standards. The following will introce two common classifications:
1. According to the port number distribution
(1) well-known ports
well-known ports are well-known port numbers, ranging from 0 to 1023. These port numbers are generally assigned to some services. For example, port 21 is assigned to FTP service, port 25 to SMTP service, port 80 to HTTP service, and port 135 to RPC service
(2) dynamic ports
the range of dynamic ports is from 1024 to 65535. These port numbers are generally not assigned to a service, that is to say, many services can use these ports. As long as the running program requests the system to access the network, the system can assign one of these port numbers for the program to use. For example, port 1024 is assigned to the first program to send an application to the system. After closing the program process, the occupied port number will be released
however, dynamic ports are often used by virus trojan programs, such as ice river's default connection port is 7626, way 2.4 is 8011, Netspy 3.0 is 7306, Yai virus is 1024, etc< According to protocol type, it can be divided into TCP, UDP, IP and ICMP ports. The following mainly introces TCP and UDP ports:
(1) TCP port
TCP port, which is the transmission control protocol port, needs to establish a connection between the client and the server, so as to provide reliable data transmission. Common ones include port 21 of FTP service, port 23 of Telnet service, port 25 of SMTP service, port 80 of HTTP service and so on
(2) UDP port
UDP port, that is, the user packet protocol port, does not need to establish a connection between the client and the server, so the security is not guaranteed. The common ones are port 53 of DNS service, port 161 of SNMP service, port 8000 and 4000 of QQ service, etc
common network ports
basic knowledge of network! Port comparison
port: 0
Service: reserved
note: it is usually used to analyze the operating system. This method works because "0" is an invalid port in some systems, and when you try to connect it with the usual closed port, it will proce different results. A typical scan, using IP address of 0.0.0.0, setting ack bit and broadcasting in Ethernet layer
port: 1
Service: tcpmux
note: This shows that someone is looking for the SGI IRIX machine. IRIX is the main provider to implement tcpmux. By default, tcpmux is turned on in this system. IRIX machine contains several default password free accounts when it is released, such as IP, guest uucp, nuucp, demos, tutor, diag, outobox, etc. Many administrators forget to remove these accounts after installation. So hacker searches tcpmux on the Internet and uses these accounts
port: 7
Service: echo
note: you can see the information sent to x.x.x.0 and x.x.x.255 when many people search Fraggle amplifier
port: 19
Service: character generator
note: This is a service that only sends characters. The UDP version will respond to packets containing junk characters after receiving UDP packets. When a TCP connection is made, a data stream containing garbage characters is sent until the connection is closed. Hacker can launch DoS attack by using IP spoofing. Forge UDP packets between two chargen servers. Similarly, Fraggle DoS attacks broadcast a packet with forged victim IP to the port of the target address, and the victim is overloaded in response to the data
port: 21
Service: FTP
note: the open port of FTP server is used for uploading and downloading. The most common way for attackers to find ways to open anonymous's FTP server. These servers have read-write directories. Trojans doly Trojan, fore, invisible FTP, WebEx, wincrash and blade runner
port: 22
Service: SH
note: the connection between TCP and this port established by PcAnyWhere may be to find SSH. This service has many weaknesses. If it is configured in a specific mode, many versions using rsaref library will have many vulnerabilities
port: 23
Service: telnet
Description: remote login, the intruder is searching for the service of remote login UNIX. Most of the time, this port is scanned to find the operating system on which the machine is running. And with other technologies, the intruder will also find the password. This port is opened by tiny telnet server
port: 25
Service: SMTP
note: the port opened by the SMTP server is used to send mail. Intruders look for the SMTP server to deliver their spam. The intruder's account is closed, and they need to connect to the high bandwidth e-mail server to deliver simple information to different addresses. This port is open to Trojans such as anti gen, email password sender, haebu coceda, shtrilitz stealth, winpc and winspy
port: 31
Service: MSG authentication
note: the Trojan horse master paradise and hackers paradise open this port
port: 42
Service: wins replication
Description: wins replication
port: 53
Service: domain name server (DNS)
Description: for the port opened by DNS server, the intruder may attempt to carry out zone transfer (TCP), cheat DNS (UDP) or hide other communication. Therefore, firewalls often filter or log this port
port: 67
Service: bootstrap protocol server
note: through the firewall of DSL and cable modem, you often see a large amount of data sent to the broadcast address 255.255.255.255. These machines are requesting an address from the DHCP server. Hackers often enter them, assign an address and use themselves as local routers to launch a large number of man in middle attacks. The client broadcasts the configuration request to port 68, and the server broadcasts the response request to port 67. This response uses broadcast because the client does not yet know the IP address that can be sent
port: 69
Service: trial file transfer
note: many servers provide this service together with BOOTP to download boot code from the system. But they are often misconfigured so that intruders can steal any files from the system. They can also be used to write files to the system
port: 79
Service: finger server
Description: intruders are used to obtain user information, query the operating system, detect known buffer overflow errors, and respond to finger scanning from their own machine to other machines
port: 80
Service: http
Description: for web browsing. The Trojan executor opens this port
port: 99
Service: metagram relay
note: backdoor ncx99 opens this port
port: 102
Service: message transfer agent (MTA) - x.400 over TCP / IP
note: message transfer agent
port: 109
Service: Post Office Protocol - version 3
note: POP3 server opens this port to receive e-mail and clients access the server-side e-mail service. POP3 services have many recognized weaknesses. There are at least 20 vulnerabilities to user name and password exchange buffer overflow, which means that intruders can enter the system before they actually log in. There are other buffer overflow errors after successful login
port: 110
Service: all ports of RPC service of Sun company
note: common RPC services include rpc.mountd, NFS, rpc.statd, rpc.csmd, rpc.ttybd, AMD, etc.
port: 113
Service: authentication service
note: This is a protocol running on many computers, which is used to identify users of TCP connection. A lot of computer information can be obtained by using the standard service. But it can be used as a recorder for many services, especially FTP, pop, IMAP, SMTP and IRC. Usually, if many customers access these services through the firewall, they will see many connection requests from this port. Remember, if you block this port, the client will feel a slow connection to the e-mail server on the other side of the firewall. Many firewalls support sending back RST ring TCP connection blocking. This will stop the slow connection
port: 119
Service: Network News Transfer Protocol
note: News newsgroup transport protocol, carrying Usenet communication. The connection to this port is usually when people are looking for a Usenet server. Most ISPs restrict access to their newsgroup servers to only their customers. Opening the Newsgroup server will allow you to post / read anyone's posts, and access will be restricted
7. Unknown_Error
8. 1. Would you like to ask the next input 192.168.1.1 when there is a box to talk about the user name and password Suspected to have entered the modem setting interface)
2. To set the router, just find the setting wizard and set the dial-up account and password in PPPoE to access the Internet Is there a PPPoE
3. Suddenly prompt IP conflict to see if the two computers automatically acquire IP & # 92; What about DNS
4. It's your setting problem that there is no problem with the routing. What we need to do now is to restore the routing to the factory value (see the manual operation) and find the words such as quick setting or setting wizard for wizard operation
460571485 network hi
2. To set the router, just find the setting wizard and set the dial-up account and password in PPPoE to access the Internet Is there a PPPoE
3. Suddenly prompt IP conflict to see if the two computers automatically acquire IP & # 92; What about DNS
4. It's your setting problem that there is no problem with the routing. What we need to do now is to restore the routing to the factory value (see the manual operation) and find the words such as quick setting or setting wizard for wizard operation
460571485 network hi
9. http://onl2004.blogchina.com/2446270.html Please refer to<
summary 1
What are ports
classification of three ports
the role of four ports in intrusion
introction of five common ports
related tools of six ports
protect your own ports
conclusion 8
summary 1
I wanted to write a tutorial on ports for a long time, and finally put it into practice today. In fact, there are a lot of online tutorials about ports, but I haven't seen any one that really tells you what ports are (maybe I didn't see them). If you read many tutorials about ports, then you can tell me what ports are? Hehe, maybe you can't answer for a while. It's OK. Follow me<
Second, what is a port
on the Internet, each host sends and receives datagrams through TCP / TP protocol, and each datagram carries out routing in the Internet according to the IP address of the destination host. It can be seen that there is no problem in the smooth transmission of datagram to the destination host. What's the problem? We know that most operating systems support multiple programs (processes) running at the same time, so which of many processes should the destination host send the received datagram to? Obviously, this problem needs to be solved, so the port mechanism is introced
the local operating system will assign protocol ports to those processes that need them. Each protocol port is identified by a positive integer, such as 80139445, etc. When the destination host receives the datagram, it will send the data to the corresponding port according to the destination port number in the header of the datagram, and the process corresponding to this port will get the data and wait for the next group of data. At this point, it seems that the concept of port is still abstract, so follow me and don't go away
the port is actually a team. The operating system assigns different teams to each process. Datagrams are pushed into the corresponding team according to the destination port, waiting to be accessed by the process. In very special cases, the team may overflow, but the operating system allows each process to specify and adjust the size of its own team
not only the process receiving datagram needs to open its own port, but also the process sending datagram needs to open the port. In this way, the active port will be identified in the datagram, so that the receiving process can smoothly return the datagram to this port<
classification of three ports
on the Internet, according to the protocol type, ports are divided into TCP ports and UDP ports. Although they are all identified by positive integers, this will not cause ambiguity, such as TCP port 80 and UDP port 80, because datagrams will indicate the port type as well as the port
from the perspective of port allocation, ports are divided into two categories: fixed ports and dynamic ports (some tutorials also divide the rarely used high ports into the third category: Private Ports):
fixed ports (0-1023):
centralized management mechanism is used, that is to say, ports are assigned by a management organization, which is responsible for publishing these assignments. Because these ports are tightly bound to some services, we often scan these ports to determine whether the other party has opened these services, such as TCP's 21 (FTP), 80 (HTTP), 139 (NetBIOS), UDP's 7 (echo), 69 (TFTP) and other well-known ports
dynamic ports (1024-49151):
these ports are not fixed bound to a service. The operating system dynamically allocates these ports to each process, and the same process may be allocated to different ports twice. However, some applications are not willing to use the dynamic ports allocated by the operating system. They have their own "trademark" ports, such as OICQ client's 4000 port, Trojan glacier's 7626 port, etc., which are fixed and famous
the role of four ports in intrusion
someone once compared the server to a house and the port to a door leading to different rooms (services). If you don't consider the details, this is a good metaphor. If an intruder wants to occupy the house, he is bound to break into the house (physical invasion). So it is very important for the intruder to know how many doors the house has opened, what kind of doors they are, and what is behind the door
an intruder usually scans the ports of the target host with a scanner to determine which ports are open. From the open ports, the intruder can know what services the target host provides, and then guess the possible vulnerabilities. Therefore, scanning the ports can help us better understand the target host, Scanning the open port of the machine is also the first step of security
Introction to the five common ports
e to my limited knowledge, I only introce some simple contents here
1) 21 FTP
this port is open, which means that the server provides FTP service. Intruders usually scan this port and judge whether anonymous login is allowed. If they can find a writable directory, they can also upload some hacker programs for further intrusion. To close this port, you need to close the FTP service
2) 23 telnet
this port is open, which means that the server provides remote login service. If you have the administrator's user name and password, you can completely control the host through this service (but you need to do NTLM authentication first), and get a shell under the command line. Many intruders like to open this service as a back door. To shut down this port, you need to shut down the telnet service
3) 25 SMTP
this port is open, which means that the server provides SMTP service. Some servers that do not support authentication allow intruders to send e-mail to any place. SMTP server (especially sendmail) is also one of the most common ways to enter the system. To shut down this port, you need to shut down the SMTP service<
4) 69 TFTP (UDP)
this port is open, which means that the server provides TFTP service. It allows files to be downloaded or written from the server. If the administrator configures incorrectly, the intruder can even download password files. Many intruders run this service on their own machine to transfer files to the target machine, so as to realize the file transmission. To shut down this port, you need to shut down the TFTP service
5) 79 finger
is used to obtain user information, query the operating system, detect known buffer overflow errors, and respond to finger scanning from one machine to another
6) 80 HTTP
this port is open, which means that the server provides HTTP service and allows visitors to browse its web pages. Most of the overflow attacks against IIS server are through this port, which can be said to be the most frequently attacked port by intruders. To close this port, you need to close the HTTP service
7) 110 POP3
is used for clients to access the server-side mail service. POP3 services have many recognized weaknesses. There are at least 20 weaknesses about buffer overflow of user name and password exchange, which means that the intruder can enter the system before real login, and there are other buffer overflow errors after successful login
(this series of tutorials are updated from time to time. For the latest version, please visit the official website: caicainiao community http://ccbirds.yeah.net
8) TCP's 139 and 445
many people are very concerned about these two ports, Let me introce it in detail:
first of all, let's understand some basic knowledge:
1 SMB: (server message block) windows protocol family, a service for file printing and sharing
2 NBT: (NetBIOS over TCP / IP) uses port 137 (UDP) 138 (UDP) 139 (TCP) to realize the network interconnection of NetBIOS based on TCP / IP protocol
3 in Windows NT, SMB is implemented based on NBT, that is, 139 (TCP) port is used; In Windows 2000, SMB can be implemented not only based on NBT, but also directly through port 445<
with these basic knowledge, we can further discuss the choice of ports for accessing network sharing:
for WIN2000 client (initiator):
1 if NBT is allowed to connect to the server, the client will try to access ports 139 and 445 at the same time. If port 445 responds, Then, send RST packet to port 139 to disconnect and use port 455 for session. When port 445 does not respond, port 139 is used. If both ports do not respond, the session fails
2 if NBT is forbidden to connect to the server, the client will only attempt to access port 445. If port 445 does not respond, the session fails<
for Win2000 Server:
1 if NBT is allowed, UDP ports 137, 138 and TCP ports 139, 445 will be open (listening)
2 if NBT is prohibited, only port 445 is open
the port selection of our IPC $session also follows the above principles. Obviously, if the remote server does not monitor port 139 or 445, the IPC $session cannot be established. So how to close these two ports on 2000<
port 139 can be masked by prohibiting NBT
local connection - TCP / it properties - Advanced - wins - select the option "disable NetBIOS on TCP / it"
port 445 can be masked by modifying the registry
add a key value
hive: HKEY_ LOCAL_ MACHINE
Key: System\ Controlset\ Services\ NetBT\ Parameters
Name: SMBDeviceEnabled
Type: REG_ DWORD
value: 0
restart the machine after modification
9) 3389 terminal services
this port is open, which means that the server provides terminal services. If you get the administrator's user name and password, you can completely control the host through this service in the graphical interface, which is really a desirable thing, But if you can't get a password and you can't find a loophole in the input method, you'll feel helpless. To shut down this port, you need to shut down terminal services
six port related tools
1 netstat - an
indeed, this is not a tool, but it is the most convenient way to view your own open ports. Just enter this command in CMD. The results are as follows:
C: && gt; netstat -an
Active Connections
Proto Local Address Foreign Address State
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1025 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1026 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1028 0.0.0.0:0 LISTENING
TCP 0.0.0.0:3372 0.0.0.0:0 LISTENING
UDP 0.0.0.0:135 *:*
UDP 0.0.0.0:445 *:*
UDP 0.0.0.0:1027 *:*
UDP 127.0.0.1:1029 *:*
UDP 127.0.0.1:1030 *: *
this is the port opened by the machine when I didn't surf the Internet. The two 135 and 445 are fixed ports, and the rest are all fixed ports
summary 1
What are ports
classification of three ports
the role of four ports in intrusion
introction of five common ports
related tools of six ports
protect your own ports
conclusion 8
summary 1
I wanted to write a tutorial on ports for a long time, and finally put it into practice today. In fact, there are a lot of online tutorials about ports, but I haven't seen any one that really tells you what ports are (maybe I didn't see them). If you read many tutorials about ports, then you can tell me what ports are? Hehe, maybe you can't answer for a while. It's OK. Follow me<
Second, what is a port
on the Internet, each host sends and receives datagrams through TCP / TP protocol, and each datagram carries out routing in the Internet according to the IP address of the destination host. It can be seen that there is no problem in the smooth transmission of datagram to the destination host. What's the problem? We know that most operating systems support multiple programs (processes) running at the same time, so which of many processes should the destination host send the received datagram to? Obviously, this problem needs to be solved, so the port mechanism is introced
the local operating system will assign protocol ports to those processes that need them. Each protocol port is identified by a positive integer, such as 80139445, etc. When the destination host receives the datagram, it will send the data to the corresponding port according to the destination port number in the header of the datagram, and the process corresponding to this port will get the data and wait for the next group of data. At this point, it seems that the concept of port is still abstract, so follow me and don't go away
the port is actually a team. The operating system assigns different teams to each process. Datagrams are pushed into the corresponding team according to the destination port, waiting to be accessed by the process. In very special cases, the team may overflow, but the operating system allows each process to specify and adjust the size of its own team
not only the process receiving datagram needs to open its own port, but also the process sending datagram needs to open the port. In this way, the active port will be identified in the datagram, so that the receiving process can smoothly return the datagram to this port<
classification of three ports
on the Internet, according to the protocol type, ports are divided into TCP ports and UDP ports. Although they are all identified by positive integers, this will not cause ambiguity, such as TCP port 80 and UDP port 80, because datagrams will indicate the port type as well as the port
from the perspective of port allocation, ports are divided into two categories: fixed ports and dynamic ports (some tutorials also divide the rarely used high ports into the third category: Private Ports):
fixed ports (0-1023):
centralized management mechanism is used, that is to say, ports are assigned by a management organization, which is responsible for publishing these assignments. Because these ports are tightly bound to some services, we often scan these ports to determine whether the other party has opened these services, such as TCP's 21 (FTP), 80 (HTTP), 139 (NetBIOS), UDP's 7 (echo), 69 (TFTP) and other well-known ports
dynamic ports (1024-49151):
these ports are not fixed bound to a service. The operating system dynamically allocates these ports to each process, and the same process may be allocated to different ports twice. However, some applications are not willing to use the dynamic ports allocated by the operating system. They have their own "trademark" ports, such as OICQ client's 4000 port, Trojan glacier's 7626 port, etc., which are fixed and famous
the role of four ports in intrusion
someone once compared the server to a house and the port to a door leading to different rooms (services). If you don't consider the details, this is a good metaphor. If an intruder wants to occupy the house, he is bound to break into the house (physical invasion). So it is very important for the intruder to know how many doors the house has opened, what kind of doors they are, and what is behind the door
an intruder usually scans the ports of the target host with a scanner to determine which ports are open. From the open ports, the intruder can know what services the target host provides, and then guess the possible vulnerabilities. Therefore, scanning the ports can help us better understand the target host, Scanning the open port of the machine is also the first step of security
Introction to the five common ports
e to my limited knowledge, I only introce some simple contents here
1) 21 FTP
this port is open, which means that the server provides FTP service. Intruders usually scan this port and judge whether anonymous login is allowed. If they can find a writable directory, they can also upload some hacker programs for further intrusion. To close this port, you need to close the FTP service
2) 23 telnet
this port is open, which means that the server provides remote login service. If you have the administrator's user name and password, you can completely control the host through this service (but you need to do NTLM authentication first), and get a shell under the command line. Many intruders like to open this service as a back door. To shut down this port, you need to shut down the telnet service
3) 25 SMTP
this port is open, which means that the server provides SMTP service. Some servers that do not support authentication allow intruders to send e-mail to any place. SMTP server (especially sendmail) is also one of the most common ways to enter the system. To shut down this port, you need to shut down the SMTP service<
4) 69 TFTP (UDP)
this port is open, which means that the server provides TFTP service. It allows files to be downloaded or written from the server. If the administrator configures incorrectly, the intruder can even download password files. Many intruders run this service on their own machine to transfer files to the target machine, so as to realize the file transmission. To shut down this port, you need to shut down the TFTP service
5) 79 finger
is used to obtain user information, query the operating system, detect known buffer overflow errors, and respond to finger scanning from one machine to another
6) 80 HTTP
this port is open, which means that the server provides HTTP service and allows visitors to browse its web pages. Most of the overflow attacks against IIS server are through this port, which can be said to be the most frequently attacked port by intruders. To close this port, you need to close the HTTP service
7) 110 POP3
is used for clients to access the server-side mail service. POP3 services have many recognized weaknesses. There are at least 20 weaknesses about buffer overflow of user name and password exchange, which means that the intruder can enter the system before real login, and there are other buffer overflow errors after successful login
(this series of tutorials are updated from time to time. For the latest version, please visit the official website: caicainiao community http://ccbirds.yeah.net
8) TCP's 139 and 445
many people are very concerned about these two ports, Let me introce it in detail:
first of all, let's understand some basic knowledge:
1 SMB: (server message block) windows protocol family, a service for file printing and sharing
2 NBT: (NetBIOS over TCP / IP) uses port 137 (UDP) 138 (UDP) 139 (TCP) to realize the network interconnection of NetBIOS based on TCP / IP protocol
3 in Windows NT, SMB is implemented based on NBT, that is, 139 (TCP) port is used; In Windows 2000, SMB can be implemented not only based on NBT, but also directly through port 445<
with these basic knowledge, we can further discuss the choice of ports for accessing network sharing:
for WIN2000 client (initiator):
1 if NBT is allowed to connect to the server, the client will try to access ports 139 and 445 at the same time. If port 445 responds, Then, send RST packet to port 139 to disconnect and use port 455 for session. When port 445 does not respond, port 139 is used. If both ports do not respond, the session fails
2 if NBT is forbidden to connect to the server, the client will only attempt to access port 445. If port 445 does not respond, the session fails<
for Win2000 Server:
1 if NBT is allowed, UDP ports 137, 138 and TCP ports 139, 445 will be open (listening)
2 if NBT is prohibited, only port 445 is open
the port selection of our IPC $session also follows the above principles. Obviously, if the remote server does not monitor port 139 or 445, the IPC $session cannot be established. So how to close these two ports on 2000<
port 139 can be masked by prohibiting NBT
local connection - TCP / it properties - Advanced - wins - select the option "disable NetBIOS on TCP / it"
port 445 can be masked by modifying the registry
add a key value
hive: HKEY_ LOCAL_ MACHINE
Key: System\ Controlset\ Services\ NetBT\ Parameters
Name: SMBDeviceEnabled
Type: REG_ DWORD
value: 0
restart the machine after modification
9) 3389 terminal services
this port is open, which means that the server provides terminal services. If you get the administrator's user name and password, you can completely control the host through this service in the graphical interface, which is really a desirable thing, But if you can't get a password and you can't find a loophole in the input method, you'll feel helpless. To shut down this port, you need to shut down terminal services
six port related tools
1 netstat - an
indeed, this is not a tool, but it is the most convenient way to view your own open ports. Just enter this command in CMD. The results are as follows:
C: && gt; netstat -an
Active Connections
Proto Local Address Foreign Address State
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1025 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1026 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1028 0.0.0.0:0 LISTENING
TCP 0.0.0.0:3372 0.0.0.0:0 LISTENING
UDP 0.0.0.0:135 *:*
UDP 0.0.0.0:445 *:*
UDP 0.0.0.0:1027 *:*
UDP 127.0.0.1:1029 *:*
UDP 127.0.0.1:1030 *: *
this is the port opened by the machine when I didn't surf the Internet. The two 135 and 445 are fixed ports, and the rest are all fixed ports
Hot content