Ports refer to some registers in the interface circuit. These registers are used to store data information, control information and status information respectively. The corresponding ports are called data ports, control ports and status ports respectively.
From the perspective of port allocation, ports are divided into two categories: fixed ports and dynamic ports:
Fixed ports (0-1023): use a centralized management mechanism, that is, obey An assignment to a port by a governing body that issues these assignments. Since these ports are tightly bound to some services, we will often scan these ports to determine whether the other party has opened these services, such as TCP 21 (ftp), 80 (bios), UDP 7 (echo), 69 (tftp), etc. Waiting for some well-known ports.
Dynamic ports (1024-49151): These ports are not fixedly tied to a certain service. The operating system dynamically allocates these ports to each process. The same process may be allocated to different ports twice. port. However, some applications are not willing to use the dynamic ports assigned by the operating system. They have their own "trademark" ports, such as port 4000 of the oicq client, port 7626 of Trojan Glacier, etc., which are all fixed and famous.
Function:
Someone once compared the server to a house and the ports to doors leading to different rooms (services). If you don't consider the details, this is a good idea. simile. If an intruder wants to occupy this house, he must break in (physical intrusion is another matter). So for the intruder, it is important to know how many doors are opened in the house, what kind of doors they are, and what is behind the door. It's important.
The intruder usually uses a scanner to scan the ports of the target host to determine which ports are open. From the open ports, the intruder can know roughly what services the target host provides, and then guess the possible There are existing vulnerabilities, so port scanning can help us better understand the target host. For administrators, scanning the open ports of the local machine is also the first step to take security precautions.
According to the different types of services provided, ports are divided into two types, one is TCP port and the other is UDP port. When computers communicate with each other, there are two ways:
One is to confirm whether the information has arrived after sending the information, that is, there is a response. This method mostly uses the TCP protocol; The first is to ignore it after sending it without confirming whether the information has arrived. This method mostly uses the UDP protocol. The ports provided by the services corresponding to these two protocols are divided into TCP ports and UDP ports.
Extended information:
To protect your own ports, you need to do:
1) Check: often use commands or software to check the local open ports to see if there are any Suspicious ports;
2) Judgment: If there are open ports that you are not familiar with, you should immediately look up the port encyclopedia or common Trojan ports and other information (there are many on the Internet) to see which suspicious port you are facing. Description of the function, or judge by checking the process of opening this port through software;
3) Close: If it is really a Trojan port or there is no description of this port in the data, then this port should be closed. You can use Firewall to block this port, you can also use Local Connection-TCP/IP-Advanced-Options-TCP/IP Filtering to enable the filtering mechanism to filter the port;
Note: Be careful when making judgments, because some dynamic allocations The ports are also likely to cause you to have unnecessary suspicions. Such ports are generally low and continuous. In addition, some cunning backdoor software will use some common ports such as 80 to communicate (penetrating the firewall), which is difficult to detect, so it is key not to easily run unfamiliar programs.
Reference material: Baidu Encyclopedia - Port