Service on internet is accessed from sure port. At any IP address there is port from 0 – 65535 which can be activated. This port has a logic function (not physic function as physic port or parallel port on our computer), but just as physic port it use to access some services on internet.
Common used port:
- Port 21 FTP (file transfer protocol)
- Port 22 SSH (Secure Shell)
- Port 23 Telnet
- Port 25 SMTP (Simple Mail Transfer Protocol)
- Port 80 HTTP (Hypertext Transfer Protocol)
- Port 110 POP3 (Post Office Protocol, version 3)
- Port 119 NNTP (Network News Transfer Protocol)
- Port 139 NetBIOS session service
- Port 143 IMAP (Internet Message Access Protocol)
- Port 194 IRC (Internet Relay Chat Protocol)
If we access some port then ports above will be used, depending on the service. If we browsing, so we access port 80. If we read an email, so the used port is 110. Sending email using port 25. Web email using port 143. Read newsgroup from ISP using 119, and chatting using port 194, etc.
And for our computer which opened the service, it should be not much port opened, commonly just 25, 110, and 139 (Assume on Windows 9x/ME machine open port 139). Especially we need to keep our eye to port 139, because it can be a hole for hacker to attack our Windows 9x/ME machine.
If there is any ports opened, so just take a look for it. Such if port 21 opened, have we ever install FTP server program and Is the program running now? Also if port 23 opened, are we using telnet service? It causes this port is uncommonly opened on computer which just using for access internet (not giving service to another computer) only.
To detect what port are opened now we can using port scanner such SuperScan or UltraScan and scan our local IP address (127.0.0.1).
Like we see above, there is 4 port are opened. Port 25 and Port 110 are common used, but what about port 1005 and 1025, what kind of port are they? By searching the information from internet suing search engine (such Google, www.google.com) so we have information that port 1005 is a Theef Trojan and port 1025 is a Network Blackjack. What kind of port are they, where are they come from? Port 1005 probably unintentionally open port when download some program, running it and Trojan Theef is activated silently then open the port and make our computer being server for attacker who has the remote! And also port 1025 it seem opened while browsing some gamble site on internet.
To learning more about port (which one is dangerous or not), you can find here http://www.glocksoft.com/trojan_port.htm
Below are some popular Trojan horse port:
And for our computer which opened the service, it should be not much port opened, commonly just 25, 110, and 139 (Assume on Windows 9x/ME machine open port 139). Especially we need to keep our eye to port 139, because it can be a hole for hacker to attack our Windows 9x/ME machine.
If there is any ports opened, so just take a look for it. Such if port 21 opened, have we ever install FTP server program and Is the program running now? Also if port 23 opened, are we using telnet service? It causes this port is uncommonly opened on computer which just using for access internet (not giving service to another computer) only.
To detect what port are opened now we can using port scanner such SuperScan or UltraScan and scan our local IP address (127.0.0.1).
Like we see above, there is 4 port are opened. Port 25 and Port 110 are common used, but what about port 1005 and 1025, what kind of port are they? By searching the information from internet suing search engine (such Google, www.google.com) so we have information that port 1005 is a Theef Trojan and port 1025 is a Network Blackjack. What kind of port are they, where are they come from? Port 1005 probably unintentionally open port when download some program, running it and Trojan Theef is activated silently then open the port and make our computer being server for attacker who has the remote! And also port 1025 it seem opened while browsing some gamble site on internet.
To learning more about port (which one is dangerous or not), you can find here http://www.glocksoft.com/trojan_port.htm
Below are some popular Trojan horse port:
- Back Orifice/Back Orifice 2000 54320, 54321
- NetBus 1.60, 1.70 12345
- NetBusPro 2.01 20003
- SubSeven 27374
0 comments:
Post a Comment