常见的入侵端口详解（Common intrusion port detail）.docVIP

常见的入侵端口详解（Common intrusion port detail） Common intrusion ports: Port: 0 Services: Reserved Explanation: usually used to analyze operating systems. This method works because in some systems, 0 is an invalid port, and when you try to connect to it with the usual closed port, different results are produced. A typical scan, using the IP address of , setting the ACK bit, and broadcasting on the Ethernet layer. Port: 1 Services: tcpmux Explanation: This shows that someone is looking for the SGI Irix machine. Irix is the primary provider of tcpmux implementation, and by default, tcpmux is opened in this system. The Irix machine is issued with several default password free accounts, such as IP, GUEST, UUCP, NUUCP, DEMOS, TUTOR, DIAG, OUTOFBOX, and so on. Many administrators forget to delete these accounts after installation. So HACKER searches for tcpmux on INTERNET and takes advantage of these accounts. Port: 7 Services: Echo Explanation: when you see many people searching for Fraggle amplifiers, send messages to X.X.X.0 and X.X.X.255. Port: 19 Services: Character Generator Explanation: This is a service that sends only characters. The UDP version will respond to packets containing spam characters after receiving the UDP package. The TCP connection sends a data stream containing garbage characters until the connection is closed. HACKER uses IP spoofing to launch DoS attacks. Forge UDP packages between two chargen servers. Similarly, the Fraggle DoS attack broadcasts a packet of fake victim IP to this port of the target address, in which the victim is overloaded to respond to the data. Port: 21 Services: FTP Description: FTP server open ports for uploading and downloading. The most common attackers are looking for ways to open anonymouss FTP server. These servers have a readable directory. Trojans, Doly, Trojan, Fore, Invisible, FTP, WebEx, WinCrash, and Blade Runner are open ports. Port: 22 Services: Ssh Explanation: PcAnywheres TCP connection to this port might be to find