端口如何屏蔽135 139 445 3389端口 网络端口安全防护技巧（How to shield 1351394453389 port network port security protection skills）

如何屏蔽135 139 445 3389端口+网络端口安全防护技巧How toshield 1351394453389 port + network port security protectionskills

Windows has many ports that are open. When you're on theInternet, network viruses and hackers can connect to yourcomputer through these ports. In order to make your system intothese ports should be closed, iron bastions, mainly include:TCP 135, 139, 445, 593, 1025, 137, 135 and UDP port 138, port445, some of the popular virus backdoor port (such as TCP 2745,3127, 6129, port) and remote service access port 3389.Following introduction

How do I close these network ports under WinXP/2000/2003?:The first step, click the"start menu/settings/control panel/management tools, double-click to open local security policy,select the" IP security policy, on the local computer, clickin the empty space right the right pane, pop-up shortcut menu,select "create IP security policy" (right) , so apop-upwizard.In the wizard, click "next" button, named the new securitypolicy; and then click "next", shows the "safety communicationrequest"picture, "activate the default rules" on the left sideof the hook removed on the screen, click "finish" button tocreate a new IP security strategy.

The second step, right-click the IP security policy, in theproperties dialog box, use the wizard to add "left hook toremove, and then click the Add button to add new rules, thenpop up" the new rules Properties dialog box, click the Addbutton on the screen, playing a IP filter list window; in the

list, the first to use the add wizard left hook removed, andthen click the "add" button to add a new filter.

The third step, enter the filter properties dialog box, seefirst is addressing the source address select any IP address,destination address "my IP address"; click"agreement" tab, inthe "select the protocol type" drop-down list, select the "TCP",then "to the port" the text box enter "135", click "OK" button(left) , then add a shield TCP 135 port (RPC) filter, which canprevent the outside through the 135 port on your computer.Click "OK" to filter list dialog box, you can see has added astrategy, repeat the above steps to add TCP 137, 139, 445, 593,139, 135 UDP port and 445 port, the establishment of thecorresponding filters for them.

Repeat these steps to add TCP, 1025, 2745, 3127, 6129, and 3389port shielding strategies, establish a filter for the aboveport, and click the OK button at last.

The fourth step, in the "new rules properties" dialog box,select the "newIPfilterlist", thenclickthe left circle witha point that has been activated, and finally click the filteraction tab. In the filter tab, use the wizard to add "left hookremoved, click the Add button, add a" stop"operation (right) :"filter actionattribute "" security"tab, select" stop"button,then click" OK ".

The fifth step, into the "new rules of the properties dialogbox, click the"newfilter operation", to the left of the circlewith a point that has been activated, click" close "button to

close the dialog box; finally returned to the new IP securitypolicy properties dialog box, tick the" new IP filter list "onthe left, clickOKto close thedialogbox. Inthe local securitypolicy window, with the right mouse wants to hold more green?IP security strategy, and then select "assigned".

Thus, after restarting, the network port in the computer isclosed, and the virus and the hacker can not connect to theseports anymore, thus protecting your computer.

Router settings:

1, close 7.9 and so on port: close SimpleTCP/IPService, supportthe following TCP/IP services: CharacterGenerator, Daytime,Discard, Echo, and QuoteoftheDay.

2, turn off 80: turn off the WWW service. In service, displaythe name "WorldWideWebPublishingService" and provide the Webconnection and management through the management unit of theInternet information service.

3, turn off the 25 port: turn off the

SimpleMailTransportProtocol (SMTP) service, it provides thefunction is to send e-mail across the network.

4, turn off the 21 port: turn off FTPPublishingService, whichprovides services through the Internet information servicemanagement unit to provide FTP connection and management.5, turn off the 23 port: turn off the Telnet service, whichallows remote users to log on to the systemand run the console

program using the command line.

6, there is also avery important thing is to turn off the serverservice,

This service provides RPC support, documentation, printing,and named pipe sharing. Turn off it and turn off the defaultshare of Win2K, such as ipc$, c$, admin$, and so on. This serviceis closed and does not affect your common operation.

7, and there is a 139 port, 139 port is NetBIOSSession port,used to file and print sharing, note that the samba machinerunning UNIX also opened 139 ports, the same function. Beforestreamer 2000 used to determine the other host type is notaccurate, it is estimated that 139 ports open, both consideredNT, and now good.

Listen to the closed 139 method is in the network and dial upconnections "in the" local connection "selected" Internetprotocol (TCP/IP) into the "TCP/IP" attribute, advancedsettings ""WINS settings "is a" disable TCP/IP NETBIOS ", tickoff Port 139.

For individual users, you can set it as "disable" in eachservice property setting so that the next restart service willbe restarted and the port will be open.

We generally use some powerful anti - Black software andfirewalls to ensure our system security, but some users do nothave the above conditions. What shall I do?Here' s a simple wayto help prevent illegal intrusions by restricting ports.

The mode of illegal invasion

In brief, the way of illegal invasion can be roughly dividedinto 4 kinds:

1, scan port, through the known system Bug into the host.2, grow Trojan, use Trojan to open the back door, enter host.3, the use of data overflow means, forcing the host to provideback door access to the host.

4, use some software design vulnerabilities, directly orindirectly control the host.

The main way of illegal intrusion is two, especially the useof some popular hacking tools, the host through the first wayto attack the most, is the most common; and the last two ways,only some superb means of hacking to use, does not spreadwidely,and as long as these two kinds of problems software, serviceproviders will soon provide patches, timely repair system.Therefore, if we can restrict the first two kinds of illegalintrusions, we can effectively prevent the illegal invasion ofhacker tools. Moreover, the first two illegal intrusions haveone thing in common, that is, access to the host through theport.

Ports are like a few doors of a house (server) , and differentdoors lead to different rooms (different services provided by

the server) . Our common FTP default port is 21, while the WWWweb page generally defaults to port 80. But some sloppy networkadministrators often opened some easy invasion of port services,such as 139; there are some Trojans, such as ice, BO, etc. , arenot aware of you open a port automatically. So, as long as wedo not use their own ports all blocked up, does not put an endto these two illegal invasion?

Method for restricting ports

For individual users, you can limit all ports, because you don'thave to make your machine to provide any service to the outside;and to provide network services to foreign servers, we need tohave to use ports (such as the WWW port 80, FTP port 21, mailservice ports 25, 110) , other the port is closed.

Here, for users using Windows2000 or WindowsXP, there is no needto install any other software, and you can use the TCP/IP filterfeature to restrict the server' s ports. Specific settings areas follows:

1, right-click on the "network neighborhood", select

"properties", and then double-click"local connection" (if thedial-up Internet users, select my connection icon) , pop-up the"local connection status" dialog box.

2, click the [properties] button, pop-up the local connectionproperties, select this connection, use the following items inthe Internet protocol (TCP/IP) , and then click the [properties]button.

3, click the [advanced] button in the pop-up Internet protocol(TCP/IP) dialog box. In the pop-up"advanced TCP/IP settings",select the Options tab, select TCP/IP filter, and then clickthe properties button.

4, in the pop-up TCP/IP Filter dialog box, select the TCP/IPenabled filter check box, and then leave the "TCP port" on the"only allowed" election (see figure) .

In this way, you can come to add or delete your TCP or UDP orIP ports.

After you add or delete, restart your machine, your server isprotected.

If you only browse the Internet, you can not add any port. Buttouse somenetworkcontact tools, such as OICQ, it is necessaryto open the port "4000",

Similarly, BitComet ports: TCP:8927, UDP:8927

If you find a common network tool that doesn't work, make sureit' s on the port where your host is running, and then add portsin the TCP/IP filter.





Detailed settings see Figure: inaccordancewith the red circlein turn opened, until the fourth chart, in accordance with thered circle position is set, and finally determine the way.

Reboot the system.

It' s also easy to change it. Change the last picture to thedefault setting and restart the OK

Network port security protection skills (append one)

Communications between computers through ports, for examplewhen you visit awebsite, Windows will open aport on the machine(for example, port 1025) a port to connect to the web serverand the distance, so when you visit someone else. By default,Windows will open many service ports on your computer, andhackers often use these ports to implement intrusions.Therefore, mastering port knowledge is an essential skill forsecure Internet access.

Common ports and their classification

The computer needs to use TCP/IP protocol to communicate witheach other on the Internet. According to the TCP/IP protocol,the computer has 256 * 256 (65536) ports. These ports can bedivided into two kinds: TCP port and UDP port. If the port numberis divided, they can be divided into the following twocategories:

1. system reserved port (from 0 to 1023)

The port does not allow you to use, they all have the exactdefinition, corresponding to some common services on theInternet, each open the port, represents a system service, suchas port 80 on behalf of the Web service. 21 corresponds to FTP,

25 corresponds to SMTP, 110 corresponds to POP3, and so forth(Figure 1) .

2. dynamic ports (from 1024 to 65535)

When you need to communicate with others, Windows will assigna dynamic port from the 1024, and if the 1024port is not closed,1025 ports will beallocated for youtouse whenyouneed aport,and so on.

However, there are individual system services that bind toports 1024 to 49151, such as 3389 ports (remote terminalservices) . From49152 to 65535, this port is usually not bundledwith system services, allowing Windows to be dynamicallyallocated to you.

Two, how to see which ports are open?

In default, Windows opens many "service ports". If you want tosee which ports are open and which computers are connecting tothe machine, you can use the following two methods.

1. using the netstat command

Windows provides the netstat command to display the currentTCP/IP network connection. Note that only the TCP/IP protocolis installed before you can use the netstat command.

How to do it: click "start, program, annex, command prompt",enter the DOS window, enter the command netstat, -na enter, soit will show the connection and the open port, as shown in figure