How to block port by mining virus
Publish: 2021-04-22 17:00:14
1.
Log in to the system to view the task manager, and view the processes that occupy large memory and cannot be closed. Right click on the process to open the file location (first select Show hidden files and operating system files in the folder option). At this time, you may see a systmss.exe process and a svchost.exe process imitating the operating system. Here you can also see a 2.bat file. Right click to edit and open this file to see which mining organization the malicious process communicates with
by viewing the system operation log, we can analyze the source of the virus, start time and other information. The general reason may be that the hacker did not close port 3389 and used a weak password to remotely log in to the last virus
virus eradication: rename the virus executable file systmss.exe to systmss.exe1, so that the virus cannot be executed. At this time, you can stop the process from the task manager. Open registry editor to delete HKEY_ LOCAL_ The entire directory of machine, system, controlset001, services and systems
for Linux system, please refer to: webpage link
2. I do it according to the following steps! Do you have any problem? Thank you.
by default, many windows ports are open. When you surf the Internet, network viruses and hackers can connect to your computer through these ports. In order to make your system become an iron wall, these ports should be closed, mainly including TCP 135, 139, 445, 593, 1025 ports and UDP 135, 137, 138, 445 ports, some popular virus back door ports (such as TCP 2745, 3127, 6129 ports), and remote service access port 3389. The following describes how to close these network ports in WinXP / 2000 / 2003:
Step 1, click Start menu / settings / control panel / management tool, double-click to open "local security policy", select "IP security policy, on local computer", right-click in the blank space of the right window
to pop up the shortcut menu, Select "create IP security policy" (as shown in the figure on the right), and a wizard will pop up. Click the next button in the wizard to name the new security policy; Then press "next" to display the "secure communication request" screen, remove the hook on the left side of "activate default corresponding rules" on the screen, and click "finish" to create a new IP security policy
in the second step, right-click the IP security policy, remove the hook on the left of "use add Wizard" in the "properties" dialog box, and then click the "add" button to add a new rule, and then the "new rule properties" dialog box will pop up. Click the "add" button on the screen to pop up the IP filter list window; In the list, first remove the hook on the left of "use add Wizard", and then click the "add" button on the right to add a new filter
the third step is to enter the "filter properties" dialog box. The first thing you see is addressing. Select "any IP address" for the source address and "my IP address" for the destination address; Click the "Protocol" tab, select "TCP" in the "select protocol type" drop-down list, then enter "135" in the text box under "this port", and click "OK". This adds a filter to block TCP 135 (RPC) port, which can prevent the outside world from connecting to your computer through port 135. Click "OK" and return to the dialog box of filter list. You can see that a policy has been added. Repeat the above steps and continue to add TCP ports 137, 139, 445, 593 and UDP ports 135, 139, 445 to create corresponding filters for them. Repeat the above steps to add the shielding strategy of TCP ports 1025, 2745, 3127, 6129, 3389, establish the filter of the above ports, and finally click the "OK" button
Step 4: in the "new rule properties" dialog box, select "new IP filter list", then click the circle on the left and add a dot to indicate that it has been activated, and finally click the "filter action" tab. In the "filter action" tab, remove the hook on the left side of "use add Wizard", click "add" button to add "block" action. In the "security measures" tab of "new filter action properties", select "block", and then click "OK" button
Step 5: enter the "new rule properties" dialog box, and click "new filter action". A dot will be added to the circle on the left to indicate that it has been activated. Click the "close" button to close the - dialog box; Finally, return to the new IP security policy properties dialog box, check the left side of the new IP filter list, and press OK to close the dialog box. In the local security policy window, right-click the newly added IP security policy and select assign
after restarting, the above network ports in the computer are closed, and viruses and hackers can no longer connect to these ports, thus protecting your computer (it can be sealed, ha ha, I haven't tried)
Enter CMD in the command line, Then enter netstat / an to see the opening of the port.
I believe that users using Windows 2000 or XP are frustrated by the worm virus that exploits the RPC service vulnerability today. The main attack means of the virus is to scan the 135 port of the computer for attack. Now I'll teach you a method to manually close the 135 port, Although it can't completely solve the problem, it can also solve the immediate urgency. It is necessary to update the Microsoft patch
use a 16 for editing software (UltraEdit recommended) to open your system; winnt\ System32 or X: &? 92; windows\ Rpcss.dll file under system32
find 3100330035
replace it with 30003000300
find 3100330035 and replace it with 30003000300, which means to change port 135 to 000
so far, the task of modification has been completed. Next, we will face the problem of saving. Because the file is running, it cannot be overwritten in Windows environment. If you are FAT32 file system, then direct boot into DOS environment, will modify the file to cover the original file
if it is NTFS format, it is relatively troublesome. Go into safe mode. Then start the pulist list process, and use pskill to kill svchost.exe. And then at
restart after covering, and use the netstat - an command to see that there is no 135 port in Windows 2000. XP system also has TCP 135, but UDP has no 135 port
as the most popular instant chat tool in China, QQ has been supported and loved by many people, but it also has some unpopular places. For example, some companies or schools will prohibit the use of QQ ring working and studying hours. There are many ways to block QQ, the most commonly used method is to block the port. Because QQ uses UDP protocol, the default communication port is 4000, so as long as you make filtering rules on the gateway and filter out the UDP packets whose source port is 4000, you can block QQ
to deal with this kind of blockade, we can use some software to redirect the communication port of QQ and change the communication port of QQ, so as to break through the limitation of gateway. Because QQ uses port 4000 to send messages by default, if port 4000 is occupied, it will automatically use port 4001. If port 4001 is occupied, it will use port 4002, and so on. So, even if the gateway filters out all the packets of port 4000, we can take up all the ports starting from 4000 before starting QQ. Then when QQ starts, it will be logical to use the ports behind it, so that we can break through the gateway restrictions and use QQ! Can't all ports be blocked on the gateway? Ha ha
"nukenabber" is such a software that can meet our needs. Nukenabber is a port monitor. This software can customize 50 ports. That is to say, if we fill 4000-4049 in nukenabber, we can use all these ports! Then running QQ will automatically use 4050 port, so as to break through the limitation of gateway
after downloading, the installation is very simple, just click "next" all the way. Run nukenabber, click the "options" option under the "file" menu, click the "advanced" tab in the window, fill in 4000 in the "port to monitor:" column, and then click "add / modify port" to add it to nukenabber, and the port will be occupied. Use the same method to occupy the other ports blocked by the gateway to achieve the purpose of free use of QQ
by default, many windows ports are open. When you surf the Internet, network viruses and hackers can connect to your computer through these ports. In order to make your system become an iron wall, these ports should be closed, mainly including TCP 135, 139, 445, 593, 1025 ports and UDP 135, 137, 138, 445 ports, some popular virus back door ports (such as TCP 2745, 3127, 6129 ports), and remote service access port 3389. The following describes how to close these network ports in WinXP / 2000 / 2003:
Step 1, click Start menu / settings / control panel / management tool, double-click to open "local security policy", select "IP security policy, on local computer", right-click in the blank space of the right window
to pop up the shortcut menu, Select "create IP security policy" (as shown in the figure on the right), and a wizard will pop up. Click the next button in the wizard to name the new security policy; Then press "next" to display the "secure communication request" screen, remove the hook on the left side of "activate default corresponding rules" on the screen, and click "finish" to create a new IP security policy
in the second step, right-click the IP security policy, remove the hook on the left of "use add Wizard" in the "properties" dialog box, and then click the "add" button to add a new rule, and then the "new rule properties" dialog box will pop up. Click the "add" button on the screen to pop up the IP filter list window; In the list, first remove the hook on the left of "use add Wizard", and then click the "add" button on the right to add a new filter
the third step is to enter the "filter properties" dialog box. The first thing you see is addressing. Select "any IP address" for the source address and "my IP address" for the destination address; Click the "Protocol" tab, select "TCP" in the "select protocol type" drop-down list, then enter "135" in the text box under "this port", and click "OK". This adds a filter to block TCP 135 (RPC) port, which can prevent the outside world from connecting to your computer through port 135. Click "OK" and return to the dialog box of filter list. You can see that a policy has been added. Repeat the above steps and continue to add TCP ports 137, 139, 445, 593 and UDP ports 135, 139, 445 to create corresponding filters for them. Repeat the above steps to add the shielding strategy of TCP ports 1025, 2745, 3127, 6129, 3389, establish the filter of the above ports, and finally click the "OK" button
Step 4: in the "new rule properties" dialog box, select "new IP filter list", then click the circle on the left and add a dot to indicate that it has been activated, and finally click the "filter action" tab. In the "filter action" tab, remove the hook on the left side of "use add Wizard", click "add" button to add "block" action. In the "security measures" tab of "new filter action properties", select "block", and then click "OK" button
Step 5: enter the "new rule properties" dialog box, and click "new filter action". A dot will be added to the circle on the left to indicate that it has been activated. Click the "close" button to close the - dialog box; Finally, return to the new IP security policy properties dialog box, check the left side of the new IP filter list, and press OK to close the dialog box. In the local security policy window, right-click the newly added IP security policy and select assign
after restarting, the above network ports in the computer are closed, and viruses and hackers can no longer connect to these ports, thus protecting your computer (it can be sealed, ha ha, I haven't tried)
Enter CMD in the command line, Then enter netstat / an to see the opening of the port.
I believe that users using Windows 2000 or XP are frustrated by the worm virus that exploits the RPC service vulnerability today. The main attack means of the virus is to scan the 135 port of the computer for attack. Now I'll teach you a method to manually close the 135 port, Although it can't completely solve the problem, it can also solve the immediate urgency. It is necessary to update the Microsoft patch
use a 16 for editing software (UltraEdit recommended) to open your system; winnt\ System32 or X: &? 92; windows\ Rpcss.dll file under system32
find 3100330035
replace it with 30003000300
find 3100330035 and replace it with 30003000300, which means to change port 135 to 000
so far, the task of modification has been completed. Next, we will face the problem of saving. Because the file is running, it cannot be overwritten in Windows environment. If you are FAT32 file system, then direct boot into DOS environment, will modify the file to cover the original file
if it is NTFS format, it is relatively troublesome. Go into safe mode. Then start the pulist list process, and use pskill to kill svchost.exe. And then at
restart after covering, and use the netstat - an command to see that there is no 135 port in Windows 2000. XP system also has TCP 135, but UDP has no 135 port
as the most popular instant chat tool in China, QQ has been supported and loved by many people, but it also has some unpopular places. For example, some companies or schools will prohibit the use of QQ ring working and studying hours. There are many ways to block QQ, the most commonly used method is to block the port. Because QQ uses UDP protocol, the default communication port is 4000, so as long as you make filtering rules on the gateway and filter out the UDP packets whose source port is 4000, you can block QQ
to deal with this kind of blockade, we can use some software to redirect the communication port of QQ and change the communication port of QQ, so as to break through the limitation of gateway. Because QQ uses port 4000 to send messages by default, if port 4000 is occupied, it will automatically use port 4001. If port 4001 is occupied, it will use port 4002, and so on. So, even if the gateway filters out all the packets of port 4000, we can take up all the ports starting from 4000 before starting QQ. Then when QQ starts, it will be logical to use the ports behind it, so that we can break through the gateway restrictions and use QQ! Can't all ports be blocked on the gateway? Ha ha
"nukenabber" is such a software that can meet our needs. Nukenabber is a port monitor. This software can customize 50 ports. That is to say, if we fill 4000-4049 in nukenabber, we can use all these ports! Then running QQ will automatically use 4050 port, so as to break through the limitation of gateway
after downloading, the installation is very simple, just click "next" all the way. Run nukenabber, click the "options" option under the "file" menu, click the "advanced" tab in the window, fill in 4000 in the "port to monitor:" column, and then click "add / modify port" to add it to nukenabber, and the port will be occupied. Use the same method to occupy the other ports blocked by the gateway to achieve the purpose of free use of QQ
3.
it should be noted that "use add Wizard" in the lower right corner should not be checked, and then in & quot; New rule Attribute & quot; In the window, click & quot; Add & quot; In the IP filter list window, click the Add button on the right. Please note that you should not click & quot; in the lower right corner; Using the add wizard & quot; In the address tab of the pop-up IP filter properties window, select "any IP address" for the original address and "my IP address" for the destination address, then select the protocol tab, select the protocol type as TCP, and set the IP protocol port as & quot; From any port & quot& quot; To this port & quot;: 445 and click OK. Then click OK in the IP filter list. Then in the new rule properties, click the filter actions tab, click add below, and do not check the use add wizard on the right. In the new filter action properties, select block and switch to the General tab to change the name to block. Click OK to return to the filter operation in the new rule properties window and check the "block" just established. After switching to the IP filter list, check the "445" just established. Then click apply, then click close, and then click OK
go back to the Group Policy Editor, right-click the "blocked port" created just now on the right, and select assign in the right-click menu, then port 445 is successfully closed. Other ports that may need to be closed include 135, 137, 138, 139, and the operation is the same as that of closing 445
4. Right click & quot; Network neighborhood: attributes
double click & quot; Local connection -- General -- properties & quot
in the pop-up local connection properties, in & quot; This connection uses the following items & quot; Select & quot; Internet Protocol (TCP / IP);, Click the following attribute - advanced,
in & quot; Advanced TCP / IP settings & quot; Inside, point & quot; Option -- Attribute & quot
Click & quot; Enable TCP / IP filtering;, Next, you may set the computer ports that you are allowed to open.
before setting, you need to know the purpose of each port of the computer. If you just want the computer not to be able to access the Internet, you are not allowed to have two ports, port 80 and port 25
double click & quot; Local connection -- General -- properties & quot
in the pop-up local connection properties, in & quot; This connection uses the following items & quot; Select & quot; Internet Protocol (TCP / IP);, Click the following attribute - advanced,
in & quot; Advanced TCP / IP settings & quot; Inside, point & quot; Option -- Attribute & quot
Click & quot; Enable TCP / IP filtering;, Next, you may set the computer ports that you are allowed to open.
before setting, you need to know the purpose of each port of the computer. If you just want the computer not to be able to access the Internet, you are not allowed to have two ports, port 80 and port 25
5. For indivial users, you can limit all ports, because you don't have to let your machine provide any external services at all; For the servers providing network services to the outside world, we need to open the ports that must be used (such as WWW port 80, FTP port 21, mail service port 25, 110, etc.) and close all other ports
here, users using Windows 2000 or Windows XP do not need to install any other software, but can use the "TCP / IP filtering" function to limit the port of the server. The specific settings are as follows:
1. Right click "network neighborhood", select "properties", and then double-click "local connection" (for dial-up users, select "my connection" icon), and the "local connection status" dialog box will pop up
2. Click the [properties] button to pop up "local connection properties", select "Internet Protocol (TCP / IP)" in "this connection uses the following items", and then click the [properties] button
3. In the pop-up "Internet Protocol (TCP / IP)" dialog box, click the [advanced] button. In the pop-up "advanced TCP / IP settings", select the "options" tab, select "TCP / IP filter", and then click the [properties] button
4. In the pop-up "TCP / IP filtering" dialog box, select the "enable TCP / IP filtering" check box, and then select "only allowed" on the left "TCP port"
in this way, you can add or delete your TCP or UDP or IP ports by yourself
after adding or deleting, restart the machine and your server will be protected
finally, remind indivial users that if you only surf the Internet, you can not add any ports. But if you want to use some network contact tools, such as OICQ, you need to open the "4000" port. Similarly, if you find that a common network tool can't work, please find out the port it opens on your host, and then open the port in "TCP / IP"
generally speaking, We use some powerful anti black software and firewall to ensure the security of our system
see port list
TCP port
TCP 1 = TCP port service multiplexer
TCP 2 = death
TCP 5 = remote job entry, yoyo
TCP 7 = echo
TCP 11 = skun
TCP 12 = timber
TCP 16 = skun
TCP 17 = skun
TCP 18 = message transport protocol, skun
TCP 19 = skun
TCP 20 = FTP data, Amanda
TCP 21 = file transfer, back construction, blade runner, doly Trojan, fore, FTP, Trojan, invisible FTP, larva, WebEx, wincrash
TCP 22 = Remote Login Protocol
TCP 23 = Telnet, tiny telnet server (= TTS)
TCP 25 = e-mail (SMTP), AJAX, antigen, email password sender, happy 99, Kuang2, Promail, Trojan, shtrilitz, steady, Tapiras,Terminator,WinPC,WinSpy,Haebu Coceda
TCP 27=Assasin
TCP 28=Amanda
TCP 29=MSG ICP
TCP 30=Agent 40421
TCP 31=Agent 31,Hackers Paradise,Masters Paradise,Agent 40421
TCP 37=Time,ADM worm
TCP 39=SubSARI
TCP 41=DeepThroat, Foreplay
TCP 42 = host name server
TCP 43 = whois
TCP 44 = Arctic
TCP 48 = drat
TCP 49 = host login protocol
TCP 50 = drat
TCP 51 = imp logical address maintenance, fuck Lamers backdoor
TCP 52 = muska52, skun
TCP 53 = DNS, Bonk (DOS Exploit)
TCP 54=MuSka52
TCP 58=DMSetup
TCP 59=DMSetup
TCP 63=whois++
TCP 64=Communications Integrator
TCP 65=TACACS-Database Service
TCP 66=Oracle SQL*NET,AL-Bareki
TCP 67=Bootstrap Protocol Server
TCP 68=Bootstrap Protocol Client
TCP 69=W32.Evala.Worm, Backgate kit, Nimda, pasana, storm, storm worm, theof, worm. Cycle. A
TCP 70 = gopher service, ADM worm
TCP 79 = finger, firehotcker, ADM worm
TCP 80 = http, executor, ringzero
TCP 81 = chubo, Worm. BBeagle. Q
TCP 82 = netsky-z
TCP 88 = Kerberos krb5 service
TCP 99 = hidden port
TCP 102 = message transfer agent
TCP 108 = SNA gateway access server
TCP 109 = Pop2
TCP 110 = email (POP3), Promail
TCP 113 = kazimas, author idnet
TCP 115 = simple file transfer protocol
TCP 118 = SQL services, Infection 1.4.2
TCP 119 = newsgroup (NNTP)), happy 99
TCP 121 = jammerkiller, Bo jammerkillah
TCP 123 = Network Time Protocol (NTP),
TCP, Net controller
TCP 129 = Password Generator Protocol
TCP 133 = infector 1. X
TCP 135 = Microsoft DCE RPC end-point mapper service
TCP 137 = Microsoft NetBIOS name service (for file and printing) TCP 138 = Microsoft NetBIOS name service (for file and printing)
TCP 142 = nettaxi
TCP 143 = IMAP
TCP 146 = FC infector, Influencer
TCP 150 = NetBIOS session service
TCP 156 = SQL Server
TCP 161 = SNMP
TCP 162 = SNMP trap
TCP 170 = a-trojan
TCP 177 = x display management control protocol
TCP 179 = border gateway protocol (BGP)
TCP 190 = gateway access control protocol (GaCp)
TCP 194 = IRC
TCP 197 = directory location service (DLS)
< br TCP 256 = Nirvana
TCP 315 = the invasor
TCP 371 = ClearCase version management software
TCP 389 = Lightweight Directory Access Protocol (LDAP)
TCP 396 = Novell Netware over IP
TCP 420 = break
TCP 421 = TCP wrappers
TCP 443 = security services
TCP 444 = simple network paging protocol (SNPP)
TCP 445 = microsoft-d S
TCP 455 = fatal connections
TCP 456 = hackers parallel, fusespark
TCP 458 = Apple QuickTime
TCP 513 = grlog
TCP 514 = RPC backdoor
TCP 520 = rip
TCP 531 = rasmin, Net666
TCP 544 = Kerberos ksell
TCP 546 = DHCP client
TCP 547 = DHCP server
TCP 548 = Macintosh file service
TCP 555 = ini killer, phase zero, health spy
TCP 569 = MSN
TCP 605 = secret service
TCP 606 = noknok8
TCP 660 = deepthroat
TCP 661 = noknok8
TCP 666 = attack FTP, Satanz Backdoor,Back Construction,Dark Connection Inside 1.2
TCP 667=Noknok7.2
TCP 668=Noknok6
TCP 669=DP trojan
TCP 692=GayOL
TCP 707=Welchia,nachi
TCP 777=AIM Spy
TCP 808=RemoteControl, WinHole
TCP 815=Everyone Darling
TCP 901=Backdoor.Devil
TCP 911=Dark Shadow
TCP 993=IMAP
TCP 999=DeepThroat
TCP 1000=Der Spaeher
TCP 1001=Silencer,WebEx, Der Spaeher
TCP 1003=BackDoor
TCP 1010=Doly
TCP 1011=Doly
TCP 1012=Doly
TCP 1015=Doly
TCP 1016=Doly
TCP 1020=Vampire
TCP 1023=Worm.Sasser.e
TCP 1024=NetSpy.698(YAI)
TCP 1059=nimreg
//TCP 1025=NetSpy.698, Unused Windows Services Block
//TCP 1026=Unused Windows Services Block
//TCP 1027=Unused Windows Services Block
//TCP 1028=Unused Windows Services Block
//TCP 1029=Unused Windows Services Block
//TCP 1030=Unused Windows Services Block
//TCP 1033=Netspy
//TCP 1035=Multidropper
//TCP 10 42=Bla
//TCP 1045=Rasmin
//TCP 1047=GateCrasher
//TCP 1050=MiniCommand
TCP 1069=Backdoor.TheefServer.202
TCP 1070=Voice,Psyber Stream Server,Streaming Audio Trojan
TCP 1080=Wingate,Worm.BugBear.B,Worm.Novarg.B
//TCP 1090=Xtreme, VDOLive
//TCP 1092=LoveGate
//TCP 1095=Rat
//TCP 1097=Rat
//TCP 1098=Rat
//TCP 1099=Rat
TCP 1110=nfsd-keepalive
TCP 1111=Backdoor.AIMVision
TCP 1155=Network File Access
//TCP 1170=Psyber Stream Server,Streaming Audio trojan, Voice
//TCP 1200=NoBackO
//TCP 1201=NoBackO
//TCP 1207=Softwar
//TCP 1212=Nirvana,Visul Killer
//TCP 1234=Ultors
//TCP 1243=BackDoor-G, SubSeven, Subseven Apocalypse
/ / TCP 1245 = voodoo doll
/ / TCP 1269 = Mavericks matrix
/ / TCP 1313 = Nirvana
/ / TCP 1349 = bionet
/ / TCP 1433 = Microsoft SQL service
/ / TCP 1441 = Remote storm
/ / TCP 1492 = ftp99cmp (backoriffice. FTP)
TCP 1503 = NetMeeting T.120
/ / TCP 1509 = psyber streaming server
/ / TCP 16 00 = shivka Burka
/ / TCP 1703 = exloiter 1.1
TCP 1720 = NetMeeting h.233 call setup
TCP 1731 = NetMeeting audio call control
/ / TCP 1807 = spysender
/ / TCP 1966 = fake FTP 2000
/ / TCP 1976 = custom port
/ / TCP 1981 = shocklave
TCP 1990 = stun-p1 Cisco stun priority 1 Port
TCP 1990 = stun-p1 Cisco stun Priority 1 port
TCP 1991=stun-p2 cisco STUN Priority 2 port
TCP 1992=stun-p3 cisco STUN Priority 3 port, ipsendmsg IPsendmsg
TCP 1993=snmp-tcp-port cisco SNMP TCP port
TCP 1994=stun-port cisco serial tunnel port
TCP 1995=perf-port cisco perf port
TCP 1996=tr-rsrb-port cisco Remote SRB port
TCP 1997=gdp-port cisco Gateway Discovery Protocol
TCP 1998=x25-svc-port cisco X.25 service (XOT)
//TCP 199 9=BackDoor, TransScout
//TCP 2000=Der Spaeher, INsane Network
TCP 2002=W32.Beagle.AX @mm
//TCP 2001=Transmisson scout
//TCP 2002=Transmisson scout
//TCP 2003=Transmisson scout
//TCP 2004=Transmisson scout
//TCP 2005=TTransmisson scout
TCP 2011=cypress
TCP 2015=raid-cs
//TCP 2023=Ripper,Pass Ripper, Hack City Ripper Pro
TCP 2049=NFS
//TCP 2115=Bugs
//TCP 2121=Nirvana
//TCP 2140=Deep Throat, The Invasor
//TCP 2155=Nirvana
//TCP 2208=RuX
//TCP 2255=Illusion Mailer
//TCP 2283=HVL Rat5
//TCP 2300=PC Explorer
//TCP 2311=Studio54
TCP 2556=Worm.Bbeagle.q
//TCP 2565=Striker
//TCP 2583=WinCrash
//TCP 2600=Digital RootBeer
//TCP 2716=Prayer Trojan
TCP 2745=Worm.BBeagle.k
//TCP 2773=Backdoor,SubSeven
//TCP 2774=SubSeven2.1&2.2
//TCP 2801=Phineas Phucker
//TCP 2989=Rat
//TCP 3024=WinCrash trojan
TCP 3127=Worm.Novarg
TCP 3128=RingZero,Worm.Novarg.B
//TCP 3129=Masters Paradise
//TCP 3150=Deep Throat, The Invasor
TCP 3198=Worm.Novarg
//TCP 3210=SchoolBus
TCP 3332=Worm
here, users using Windows 2000 or Windows XP do not need to install any other software, but can use the "TCP / IP filtering" function to limit the port of the server. The specific settings are as follows:
1. Right click "network neighborhood", select "properties", and then double-click "local connection" (for dial-up users, select "my connection" icon), and the "local connection status" dialog box will pop up
2. Click the [properties] button to pop up "local connection properties", select "Internet Protocol (TCP / IP)" in "this connection uses the following items", and then click the [properties] button
3. In the pop-up "Internet Protocol (TCP / IP)" dialog box, click the [advanced] button. In the pop-up "advanced TCP / IP settings", select the "options" tab, select "TCP / IP filter", and then click the [properties] button
4. In the pop-up "TCP / IP filtering" dialog box, select the "enable TCP / IP filtering" check box, and then select "only allowed" on the left "TCP port"
in this way, you can add or delete your TCP or UDP or IP ports by yourself
after adding or deleting, restart the machine and your server will be protected
finally, remind indivial users that if you only surf the Internet, you can not add any ports. But if you want to use some network contact tools, such as OICQ, you need to open the "4000" port. Similarly, if you find that a common network tool can't work, please find out the port it opens on your host, and then open the port in "TCP / IP"
generally speaking, We use some powerful anti black software and firewall to ensure the security of our system
see port list
TCP port
TCP 1 = TCP port service multiplexer
TCP 2 = death
TCP 5 = remote job entry, yoyo
TCP 7 = echo
TCP 11 = skun
TCP 12 = timber
TCP 16 = skun
TCP 17 = skun
TCP 18 = message transport protocol, skun
TCP 19 = skun
TCP 20 = FTP data, Amanda
TCP 21 = file transfer, back construction, blade runner, doly Trojan, fore, FTP, Trojan, invisible FTP, larva, WebEx, wincrash
TCP 22 = Remote Login Protocol
TCP 23 = Telnet, tiny telnet server (= TTS)
TCP 25 = e-mail (SMTP), AJAX, antigen, email password sender, happy 99, Kuang2, Promail, Trojan, shtrilitz, steady, Tapiras,Terminator,WinPC,WinSpy,Haebu Coceda
TCP 27=Assasin
TCP 28=Amanda
TCP 29=MSG ICP
TCP 30=Agent 40421
TCP 31=Agent 31,Hackers Paradise,Masters Paradise,Agent 40421
TCP 37=Time,ADM worm
TCP 39=SubSARI
TCP 41=DeepThroat, Foreplay
TCP 42 = host name server
TCP 43 = whois
TCP 44 = Arctic
TCP 48 = drat
TCP 49 = host login protocol
TCP 50 = drat
TCP 51 = imp logical address maintenance, fuck Lamers backdoor
TCP 52 = muska52, skun
TCP 53 = DNS, Bonk (DOS Exploit)
TCP 54=MuSka52
TCP 58=DMSetup
TCP 59=DMSetup
TCP 63=whois++
TCP 64=Communications Integrator
TCP 65=TACACS-Database Service
TCP 66=Oracle SQL*NET,AL-Bareki
TCP 67=Bootstrap Protocol Server
TCP 68=Bootstrap Protocol Client
TCP 69=W32.Evala.Worm, Backgate kit, Nimda, pasana, storm, storm worm, theof, worm. Cycle. A
TCP 70 = gopher service, ADM worm
TCP 79 = finger, firehotcker, ADM worm
TCP 80 = http, executor, ringzero
TCP 81 = chubo, Worm. BBeagle. Q
TCP 82 = netsky-z
TCP 88 = Kerberos krb5 service
TCP 99 = hidden port
TCP 102 = message transfer agent
TCP 108 = SNA gateway access server
TCP 109 = Pop2
TCP 110 = email (POP3), Promail
TCP 113 = kazimas, author idnet
TCP 115 = simple file transfer protocol
TCP 118 = SQL services, Infection 1.4.2
TCP 119 = newsgroup (NNTP)), happy 99
TCP 121 = jammerkiller, Bo jammerkillah
TCP 123 = Network Time Protocol (NTP),
TCP, Net controller
TCP 129 = Password Generator Protocol
TCP 133 = infector 1. X
TCP 135 = Microsoft DCE RPC end-point mapper service
TCP 137 = Microsoft NetBIOS name service (for file and printing) TCP 138 = Microsoft NetBIOS name service (for file and printing)
TCP 142 = nettaxi
TCP 143 = IMAP
TCP 146 = FC infector, Influencer
TCP 150 = NetBIOS session service
TCP 156 = SQL Server
TCP 161 = SNMP
TCP 162 = SNMP trap
TCP 170 = a-trojan
TCP 177 = x display management control protocol
TCP 179 = border gateway protocol (BGP)
TCP 190 = gateway access control protocol (GaCp)
TCP 194 = IRC
TCP 197 = directory location service (DLS)
< br TCP 256 = Nirvana
TCP 315 = the invasor
TCP 371 = ClearCase version management software
TCP 389 = Lightweight Directory Access Protocol (LDAP)
TCP 396 = Novell Netware over IP
TCP 420 = break
TCP 421 = TCP wrappers
TCP 443 = security services
TCP 444 = simple network paging protocol (SNPP)
TCP 445 = microsoft-d S
TCP 455 = fatal connections
TCP 456 = hackers parallel, fusespark
TCP 458 = Apple QuickTime
TCP 513 = grlog
TCP 514 = RPC backdoor
TCP 520 = rip
TCP 531 = rasmin, Net666
TCP 544 = Kerberos ksell
TCP 546 = DHCP client
TCP 547 = DHCP server
TCP 548 = Macintosh file service
TCP 555 = ini killer, phase zero, health spy
TCP 569 = MSN
TCP 605 = secret service
TCP 606 = noknok8
TCP 660 = deepthroat
TCP 661 = noknok8
TCP 666 = attack FTP, Satanz Backdoor,Back Construction,Dark Connection Inside 1.2
TCP 667=Noknok7.2
TCP 668=Noknok6
TCP 669=DP trojan
TCP 692=GayOL
TCP 707=Welchia,nachi
TCP 777=AIM Spy
TCP 808=RemoteControl, WinHole
TCP 815=Everyone Darling
TCP 901=Backdoor.Devil
TCP 911=Dark Shadow
TCP 993=IMAP
TCP 999=DeepThroat
TCP 1000=Der Spaeher
TCP 1001=Silencer,WebEx, Der Spaeher
TCP 1003=BackDoor
TCP 1010=Doly
TCP 1011=Doly
TCP 1012=Doly
TCP 1015=Doly
TCP 1016=Doly
TCP 1020=Vampire
TCP 1023=Worm.Sasser.e
TCP 1024=NetSpy.698(YAI)
TCP 1059=nimreg
//TCP 1025=NetSpy.698, Unused Windows Services Block
//TCP 1026=Unused Windows Services Block
//TCP 1027=Unused Windows Services Block
//TCP 1028=Unused Windows Services Block
//TCP 1029=Unused Windows Services Block
//TCP 1030=Unused Windows Services Block
//TCP 1033=Netspy
//TCP 1035=Multidropper
//TCP 10 42=Bla
//TCP 1045=Rasmin
//TCP 1047=GateCrasher
//TCP 1050=MiniCommand
TCP 1069=Backdoor.TheefServer.202
TCP 1070=Voice,Psyber Stream Server,Streaming Audio Trojan
TCP 1080=Wingate,Worm.BugBear.B,Worm.Novarg.B
//TCP 1090=Xtreme, VDOLive
//TCP 1092=LoveGate
//TCP 1095=Rat
//TCP 1097=Rat
//TCP 1098=Rat
//TCP 1099=Rat
TCP 1110=nfsd-keepalive
TCP 1111=Backdoor.AIMVision
TCP 1155=Network File Access
//TCP 1170=Psyber Stream Server,Streaming Audio trojan, Voice
//TCP 1200=NoBackO
//TCP 1201=NoBackO
//TCP 1207=Softwar
//TCP 1212=Nirvana,Visul Killer
//TCP 1234=Ultors
//TCP 1243=BackDoor-G, SubSeven, Subseven Apocalypse
/ / TCP 1245 = voodoo doll
/ / TCP 1269 = Mavericks matrix
/ / TCP 1313 = Nirvana
/ / TCP 1349 = bionet
/ / TCP 1433 = Microsoft SQL service
/ / TCP 1441 = Remote storm
/ / TCP 1492 = ftp99cmp (backoriffice. FTP)
TCP 1503 = NetMeeting T.120
/ / TCP 1509 = psyber streaming server
/ / TCP 16 00 = shivka Burka
/ / TCP 1703 = exloiter 1.1
TCP 1720 = NetMeeting h.233 call setup
TCP 1731 = NetMeeting audio call control
/ / TCP 1807 = spysender
/ / TCP 1966 = fake FTP 2000
/ / TCP 1976 = custom port
/ / TCP 1981 = shocklave
TCP 1990 = stun-p1 Cisco stun priority 1 Port
TCP 1990 = stun-p1 Cisco stun Priority 1 port
TCP 1991=stun-p2 cisco STUN Priority 2 port
TCP 1992=stun-p3 cisco STUN Priority 3 port, ipsendmsg IPsendmsg
TCP 1993=snmp-tcp-port cisco SNMP TCP port
TCP 1994=stun-port cisco serial tunnel port
TCP 1995=perf-port cisco perf port
TCP 1996=tr-rsrb-port cisco Remote SRB port
TCP 1997=gdp-port cisco Gateway Discovery Protocol
TCP 1998=x25-svc-port cisco X.25 service (XOT)
//TCP 199 9=BackDoor, TransScout
//TCP 2000=Der Spaeher, INsane Network
TCP 2002=W32.Beagle.AX @mm
//TCP 2001=Transmisson scout
//TCP 2002=Transmisson scout
//TCP 2003=Transmisson scout
//TCP 2004=Transmisson scout
//TCP 2005=TTransmisson scout
TCP 2011=cypress
TCP 2015=raid-cs
//TCP 2023=Ripper,Pass Ripper, Hack City Ripper Pro
TCP 2049=NFS
//TCP 2115=Bugs
//TCP 2121=Nirvana
//TCP 2140=Deep Throat, The Invasor
//TCP 2155=Nirvana
//TCP 2208=RuX
//TCP 2255=Illusion Mailer
//TCP 2283=HVL Rat5
//TCP 2300=PC Explorer
//TCP 2311=Studio54
TCP 2556=Worm.Bbeagle.q
//TCP 2565=Striker
//TCP 2583=WinCrash
//TCP 2600=Digital RootBeer
//TCP 2716=Prayer Trojan
TCP 2745=Worm.BBeagle.k
//TCP 2773=Backdoor,SubSeven
//TCP 2774=SubSeven2.1&2.2
//TCP 2801=Phineas Phucker
//TCP 2989=Rat
//TCP 3024=WinCrash trojan
TCP 3127=Worm.Novarg
TCP 3128=RingZero,Worm.Novarg.B
//TCP 3129=Masters Paradise
//TCP 3150=Deep Throat, The Invasor
TCP 3198=Worm.Novarg
//TCP 3210=SchoolBus
TCP 3332=Worm
6. First, click Start menu / settings / control panel / management tool, double-click to open "local security policy", select "IP security policy, on local computer", right-click in the blank position in the right pane to pop up the shortcut menu, select "create IP security policy", and a wizard will pop up. Click the next button in the wizard to name the new security policy; Then press "next" to display the "secure communication request" screen, remove the hook on the left side of "activate default corresponding rules" on the screen, and click "finish" to create a new IP security policy
in the second step, right-click the IP security policy, remove the hook on the left side of "use add Wizard" in the "properties" dialog box, and then click the "add" button to add a new rule, then the "new rule properties" dialog box will pop up, and click the "add" button on the screen to pop up the IP filter list window; In the list, first remove the hook on the left of "use add Wizard", and then click the "add" button on the right to add a new filter
the third step is to enter the "filter properties" dialog box. The first thing you see is addressing. Select "any IP address" for the source address and "my IP address" for the destination address; Click the "Protocol" tab, select "TCP" in the "select protocol type" drop-down list, then enter "135" in the text box under "this port", and click "OK" button. In this way, a filter is added to shield TCP 135 (RPC) port, which can prevent the outside world from connecting to your computer through port 135. Click "OK" and return to the dialog box of filter list. You can see that a policy has been added. Repeat the above steps and continue to add TCP ports 137, 139, 445, 593 and UDP ports 135, 139, 445 to create corresponding filters for them. Repeat the above steps to add the shielding strategy of TCP ports 1025, 2745, 3127, 6129, 3389, establish the filter of the above ports, and finally click the "OK" button
Step 4: in the "new rule properties" dialog box, select "new IP filter list", then click the circle on the left to add a dot to indicate that it has been activated, and finally click the "filter action" tab. In the "filter action" tab, remove the hook on the left side of "use add Wizard", click "add" button to add "block" action. In the "security measures" tab of "new filter action properties", select "block", and then click "OK" button
Step 5: enter the "new rule properties" dialog box, and click "new filter action". A dot will be added to the circle on the left to indicate that it has been activated. Click the "close" button to close the dialog box; Finally, return to the new IP security policy properties dialog box, check the left side of the new IP filter list, and press OK to close the dialog box. In the local security policy window, right-click the newly added IP security policy and select assign. So after restarting, the above network ports in the computer are closed, and viruses and hackers can no longer connect to these ports, thus protecting your computer. Note: the closed ports are , and TCP, [color = red] sample text [/ color] in win 2000, each service corresponds to the corresponding port. For example, the well-known WWW service port is 80, SMTP is 25, FTP is 21, and these services are enabled by default in win 2000 installation. It's really unnecessary for indivial users to turn off ports, that is, turn off useless services. Whether a service is useful or not depends on your own needs.
in the second step, right-click the IP security policy, remove the hook on the left side of "use add Wizard" in the "properties" dialog box, and then click the "add" button to add a new rule, then the "new rule properties" dialog box will pop up, and click the "add" button on the screen to pop up the IP filter list window; In the list, first remove the hook on the left of "use add Wizard", and then click the "add" button on the right to add a new filter
the third step is to enter the "filter properties" dialog box. The first thing you see is addressing. Select "any IP address" for the source address and "my IP address" for the destination address; Click the "Protocol" tab, select "TCP" in the "select protocol type" drop-down list, then enter "135" in the text box under "this port", and click "OK" button. In this way, a filter is added to shield TCP 135 (RPC) port, which can prevent the outside world from connecting to your computer through port 135. Click "OK" and return to the dialog box of filter list. You can see that a policy has been added. Repeat the above steps and continue to add TCP ports 137, 139, 445, 593 and UDP ports 135, 139, 445 to create corresponding filters for them. Repeat the above steps to add the shielding strategy of TCP ports 1025, 2745, 3127, 6129, 3389, establish the filter of the above ports, and finally click the "OK" button
Step 4: in the "new rule properties" dialog box, select "new IP filter list", then click the circle on the left to add a dot to indicate that it has been activated, and finally click the "filter action" tab. In the "filter action" tab, remove the hook on the left side of "use add Wizard", click "add" button to add "block" action. In the "security measures" tab of "new filter action properties", select "block", and then click "OK" button
Step 5: enter the "new rule properties" dialog box, and click "new filter action". A dot will be added to the circle on the left to indicate that it has been activated. Click the "close" button to close the dialog box; Finally, return to the new IP security policy properties dialog box, check the left side of the new IP filter list, and press OK to close the dialog box. In the local security policy window, right-click the newly added IP security policy and select assign. So after restarting, the above network ports in the computer are closed, and viruses and hackers can no longer connect to these ports, thus protecting your computer. Note: the closed ports are , and TCP, [color = red] sample text [/ color] in win 2000, each service corresponds to the corresponding port. For example, the well-known WWW service port is 80, SMTP is 25, FTP is 21, and these services are enabled by default in win 2000 installation. It's really unnecessary for indivial users to turn off ports, that is, turn off useless services. Whether a service is useful or not depends on your own needs.
7. Teach you how to close the port
each service corresponds to its corresponding port. For example, as we all know, the port of WWW service is 80, the port of SMTP is 25, the port of FTP is 21, and the default in WIN2000 installation is all enabled by these services. It's really unnecessary for indivial users to turn off ports, that is, turn off useless services“ Control panel, administrative tools, services
1. Close 7.9 and other ports: close simple TCP / IP service, and support the following TCP / IP services: character generator, daytime, discard, echo, and quote of the day
2. Close port 80: turn off the WWW service. Display the name & quot; World Wide Web Publishing Service", Provide web connection and management through the management unit of Internet information service
3. Turn off port 25: turn off the simple mail transport protocol (SMTP) service, which provides the function of sending e-mail across the network
4. Turn off port 21: turn off FTP publishing service, which provides FTP connection and management through the management unit of Internet information service
5. Turn off port 23: turn off the telnet service, which allows remote users to log in to the system and run the console program from the command line
6. It is also very important to close the server service, which provides RPC support, file, print and named pipe sharing. Turning it off will turn off the default share of Win2K, such as IPC $, C $, admin $, etc. the closing of this service will not affect your other operations
7. Another is port 139. Port 139 is a NetBIOS session port, which is used for file and print sharing. Note that the UNIX machine running Samba also opens port 139, which has the same function. In the past, streamer 2000 was used to judge the host type of the other party. It is estimated that port 139 is open, which is considered to be NT. Now it is OK. The way to close port 139 is to select "Internet Protocol (TCP / IP)" attribute in "local connection" in "network and dial-up connection", enter "advanced TCP / IP settings" and "wins settings" where there is an item "disable NetBIOS of TCP / IP", and check to close port 139. For indivial users, you can set it to "disable" in the service attribute settings to avoid restarting the service and opening the port next time.
each service corresponds to its corresponding port. For example, as we all know, the port of WWW service is 80, the port of SMTP is 25, the port of FTP is 21, and the default in WIN2000 installation is all enabled by these services. It's really unnecessary for indivial users to turn off ports, that is, turn off useless services“ Control panel, administrative tools, services
1. Close 7.9 and other ports: close simple TCP / IP service, and support the following TCP / IP services: character generator, daytime, discard, echo, and quote of the day
2. Close port 80: turn off the WWW service. Display the name & quot; World Wide Web Publishing Service", Provide web connection and management through the management unit of Internet information service
3. Turn off port 25: turn off the simple mail transport protocol (SMTP) service, which provides the function of sending e-mail across the network
4. Turn off port 21: turn off FTP publishing service, which provides FTP connection and management through the management unit of Internet information service
5. Turn off port 23: turn off the telnet service, which allows remote users to log in to the system and run the console program from the command line
6. It is also very important to close the server service, which provides RPC support, file, print and named pipe sharing. Turning it off will turn off the default share of Win2K, such as IPC $, C $, admin $, etc. the closing of this service will not affect your other operations
7. Another is port 139. Port 139 is a NetBIOS session port, which is used for file and print sharing. Note that the UNIX machine running Samba also opens port 139, which has the same function. In the past, streamer 2000 was used to judge the host type of the other party. It is estimated that port 139 is open, which is considered to be NT. Now it is OK. The way to close port 139 is to select "Internet Protocol (TCP / IP)" attribute in "local connection" in "network and dial-up connection", enter "advanced TCP / IP settings" and "wins settings" where there is an item "disable NetBIOS of TCP / IP", and check to close port 139. For indivial users, you can set it to "disable" in the service attribute settings to avoid restarting the service and opening the port next time.
8. Network card properties - local properties - TCP / IP properties - Advanced - select (IP filtering)
open and set the port of IP address in this interface
open and set the port of IP address in this interface
9. Impossible ~ ports are sealed, many services are no way to carry out! The computer has a total of 65536 ports, of which the first 10000 are system service ports, while the later ports are dynamic allocation ports, which are opened from time to time according to the needs of the system!
10. Limiting the bandwidth BT will harm the LAN because it takes up a lot of network bandwidth. Therefore, limiting the network bandwidth of each user can obviously alleviate the harm of BT to the network
the most thorough way to solve the harm of BT to LAN is not to allow BT download, BT generally uses the port of TCP 6881 ~ 6889. Check what ports are used by BT at present, and then block all these ports in the protective wall of the route, and block all the ports of 4100-65535 (4000-4100 and 8000-8100, which are QQ)
ා block high-level ports 4100-8000
# block high-level ports 8100-65535
the most thorough way to solve the harm of BT to LAN is not to allow BT download, BT generally uses the port of TCP 6881 ~ 6889. Check what ports are used by BT at present, and then block all these ports in the protective wall of the route, and block all the ports of 4100-65535 (4000-4100 and 8000-8100, which are QQ)
ා block high-level ports 4100-8000
# block high-level ports 8100-65535
Hot content