常见的入侵端口详解(国外英语资料).doc

常见的入侵端口详解(国外英语资料) Common intrusion ports: Port: 0 Service: Reserved Explanation: used to analyze the operating system. This approach can work because in some systems 0 is invalid ports, when you are trying to use is usually closed port connection it will produce different results. A typical scan that USES an IP address of , sets ACK bits and broadcasts on the Ethernet layer. Port: 1. Service: tcpmux Note: this shows that someone is looking for the SGI Irix machine. Irix is the primary provider for implementing tcpmux, which is opened by default for tcpmux. The Irix machine is published with several default unencrypted accounts, such as IP, GUEST UUCP, NUUCP, DEMOS, TUTOR, DIAG, OUTOFBOX, etc. Many administrators forget to delete these accounts after installation. So HACKER searches the INTERNET for tcpmux and USES these accounts. Port: 7 Service: Echo Note: you can see a lot of people searching for the Fraggle amplifier, sending it to x.x.x.x.x.x.x.255. Port: 19 Service: the Character of the Generator Note: this is a service that only sends characters. The UDP version will respond to a package containing junk characters after receiving the UDP package. The TCP connection sends a data stream containing the junk character until the connection is closed. HACKER USES IP spoofing to launch DoS attacks. Forge a UDP package between two chargen servers. Also Fraggle DoS attacks a packet with a fake victim IP on this port of the target address, and the victim is overloaded to respond to the data. Port: 21 Service: FTP Note: the port that the FTP server is open for uploading and downloading. The most common attackers are used to find ways to open anonymouss FTP server. These servers have a read-write directory. Trojan, Fore, Invisible FTP, WebEx, WinCrash and Blade Runner. Port: 22 Service: Ssh Note: the TCP and this port that PcAnywhere established may be for SSH. There are a number of weaknesses in this service, and if configured into a specific schema, many of the versions