📄 close.html
字号:
<html>
<head>
<title>Closing Open Holes</title>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1250">
</head>
<body bgcolor="#000000" text="#CCCCCC" link="#99CCFF" vlink="#CC99FF" alink="#CCFF99" leftmargin="20" topmargin="0" marginwidth="20" marginheight="0">
<p align="center"><font size="5" color="#FFFFFF" face="Book Antiqua"><br>
Closing Open Holes</font></p>
<p><br>
<font face="Verdana, Arial, Helvetica" size=-2><b><br>
</b><font face="Verdana, Arial, Helvetica" size=-2><font size="2" face="Arial, Helvetica, sans-serif">
</font></font><font size="2" face="Arial, Helvetica, sans-serif"> </font><b><font size="2" face="Arial, Helvetica, sans-serif">
</font></b><font size="2" face="Arial, Helvetica, sans-serif"> September 27,
2000</font></font><font size="2" face="Arial, Helvetica, sans-serif"><br>
By <a href="mailto:ankit@bol.net.in">Ankit Fadia</a><br>
<br>
<span
style="mso-ascii-font-family: 'Times New Roman'; mso-hansi-font-family: 'Times New Roman'; mso-bidi-font-family: 'Times New Roman'">With
the spread of Hackers and Hacking incidents, the time has come, when not only
system administrators of servers of big companies, but also people who connect
to the Internet by dialing up into their ISP, have to worry about securing their
system. It really does not make much difference whether you have a static IP
or a dynamic one, if your system is connected to the Internet, then there is
every chance of it being attacked.</span></font><font size="2" face="Arial, Helvetica, sans-serif">
</font> </p>
<p class=MsoNormal><font face="Arial, Helvetica, sans-serif" size="2"><span
style="mso-ascii-font-family: 'Times New Roman'; mso-hansi-font-family: 'Times New Roman'; mso-bidi-font-family: 'Times New Roman'">This
manual is aimed at discussing methods of system security analysis and will shed
light on as to how to secure your standalone (also a system connected to a LAN)
system.</span></font><font size="2" face="Arial, Helvetica, sans-serif"> </font>
</p>
<p class=MsoNormal><font face="Arial, Helvetica, sans-serif" size="2"><span
style="mso-ascii-font-family: 'Times New Roman'; mso-hansi-font-family: 'Times New Roman'; mso-bidi-font-family: 'Times New Roman'"><b><font color="#FFFFFF">Open
Ports: A Threat to Security?</font></b><font color="#FFFFFF"><br>
</font> <br>
In the <a
href="http://hackingtruths.box.sk/netstat.htm">Netstat Tutorial</a>
we had discussed how the netstat -a command showed the list of open ports on
your system. Well, anyhow, before I move on, I would like to quickly recap the
important part. So here goes, straight from the netstat tutorial:<br>
<br>
Now, the ‘–a’ option is used to display all open connections
on the local machine. It also returns the remote system to which we are connected
to, the port numbers of the remote system we are connected to (and the local
machine) and also the type and state of connection we have with the remote system.</span></font><font size="2" face="Arial, Helvetica, sans-serif"><span style="mso-ascii-font-family: 'Times New Roman'; mso-hansi-font-family: 'Times New Roman'; mso-bidi-font-family: 'Times New Roman'"><o:p></o:p></span></font></p>
<p class=MsoNormal><font size="2" face="Arial, Helvetica, sans-serif"><span style="mso-ascii-font-family: 'Times New Roman'; mso-hansi-font-family: 'Times New Roman'; mso-bidi-font-family: 'Times New Roman'">For
Example,</span></font><font size="2" face="Arial, Helvetica, sans-serif"><span style="mso-ascii-font-family: 'Times New Roman'; mso-hansi-font-family: 'Times New Roman'; mso-bidi-font-family: 'Times New Roman'"><o:p></o:p></span></font></p>
<p class=MsoNormal><font size="2" face="Arial, Helvetica, sans-serif"><span style="mso-ascii-font-family: 'Times New Roman'; mso-hansi-font-family: 'Times New Roman'; mso-bidi-font-family: 'Times New Roman'">C:\windows>netstat
-a</span></font><font size="2" face="Arial, Helvetica, sans-serif"><span style="mso-ascii-font-family: 'Times New Roman'; mso-hansi-font-family: 'Times New Roman'; mso-bidi-font-family: 'Times New Roman'"><o:p>
</o:p></span></font></p>
<p class=MsoNormal><font size="2" face="Arial, Helvetica, sans-serif"><span style="mso-ascii-font-family: 'Times New Roman'; mso-hansi-font-family: 'Times New Roman'; mso-bidi-font-family: 'Times New Roman'">
Active Connections</span></font><font size="2" face="Arial, Helvetica, sans-serif"><span style="mso-ascii-font-family: 'Times New Roman'; mso-hansi-font-family: 'Times New Roman'; mso-bidi-font-family: 'Times New Roman'"><o:p><br>
</o:p></span></font><font size="2" face="Arial, Helvetica, sans-serif"><span style="mso-ascii-font-family: 'Times New Roman'; mso-hansi-font-family: 'Times New Roman'; mso-bidi-font-family: 'Times New Roman'">
Proto Local Address
Foreign Address
State<br>
</span></font><font size="2" face="Arial, Helvetica, sans-serif"><span style="mso-ascii-font-family: 'Times New Roman'; mso-hansi-font-family: 'Times New Roman'; mso-bidi-font-family: 'Times New Roman'">
TCP ankit:1031
dwarf.box.sk:ftp
ESTABLISHED<br>
</span></font><font size="2" face="Arial, Helvetica, sans-serif"><span style="mso-ascii-font-family: 'Times New Roman'; mso-hansi-font-family: 'Times New Roman'; mso-bidi-font-family: 'Times New Roman'">
TCP ankit:1036
dwarf.box.sk:ftp-data
TIME_WAIT<br>
</span></font><font size="2" face="Arial, Helvetica, sans-serif"><span style="mso-ascii-font-family: 'Times New Roman'; mso-hansi-font-family: 'Times New Roman'; mso-bidi-font-family: 'Times New Roman'">
TCP ankit:1043
banners.egroups.com:80 FIN_WAIT_2<br>
</span></font><font size="2" face="Arial, Helvetica, sans-serif"><span style="mso-ascii-font-family: 'Times New Roman'; mso-hansi-font-family: 'Times New Roman'; mso-bidi-font-family: 'Times New Roman'">
TCP ankit:1045
mail2.mtnl.net.in:pop3 TIME_WAIT<br>
</span></font><font size="2" face="Arial, Helvetica, sans-serif"><span style="mso-ascii-font-family: 'Times New Roman'; mso-hansi-font-family: 'Times New Roman'; mso-bidi-font-family: 'Times New Roman'">
TCP ankit:1052
zztop.boxnetwork.net:80 ESTABLISHED<br>
</span></font><font size="2" face="Arial, Helvetica, sans-serif"><span style="mso-ascii-font-family: 'Times New Roman'; mso-hansi-font-family: 'Times New Roman'; mso-bidi-font-family: 'Times New Roman'">
TCP ankit:1053
mail2.mtnl.net.in:pop3 TIME_WAIT<br>
</span></font><font size="2" face="Arial, Helvetica, sans-serif"><span style="mso-ascii-font-family: 'Times New Roman'; mso-hansi-font-family: 'Times New Roman'; mso-bidi-font-family: 'Times New Roman'">
UDP ankit:1025
*:*<br>
</span></font><font size="2" face="Arial, Helvetica, sans-serif"><span style="mso-ascii-font-family: 'Times New Roman'; mso-hansi-font-family: 'Times New Roman'; mso-bidi-font-family: 'Times New Roman'">
UDP ankit:nbdatagram *:*<br>
</span></font><font size="2" face="Arial, Helvetica, sans-serif"><span style="mso-ascii-font-family: 'Times New Roman'; mso-hansi-font-family: 'Times New Roman'; mso-bidi-font-family: 'Times New Roman'"><![if !supportEmptyParas]><![endif]> <o:p></o:p></span></font></p>
<p class=MsoNormal><font size="2" face="Arial, Helvetica, sans-serif"><span style="mso-ascii-font-family: 'Times New Roman'; mso-hansi-font-family: 'Times New Roman'; mso-bidi-font-family: 'Times New Roman'">Now,
let us take a single line from the above output and see what it stands for:</span></font></p>
<p
class=MsoNormal><font size="2" face="Arial, Helvetica, sans-serif"><span style="mso-ascii-font-family: 'Times New Roman'; mso-hansi-font-family: 'Times New Roman'; mso-bidi-font-family: 'Times New Roman'"><o:p></o:p></span></font><font size="2" face="Arial, Helvetica, sans-serif"><span style="mso-ascii-font-family: 'Times New Roman'; mso-hansi-font-family: 'Times New Roman'; mso-bidi-font-family: 'Times New Roman'">Proto
Local Address Foreign
Address
State<br>
</span></font><font size="2" face="Arial, Helvetica, sans-serif"><span style="mso-ascii-font-family: 'Times New Roman'; mso-hansi-font-family: 'Times New Roman'; mso-bidi-font-family: 'Times New Roman'">
TCP ankit:1031
dwarf.box.sk:ftp
ESTABLISHED</span></font></p>
<p
class=MsoNormal><font size="2" face="Arial, Helvetica, sans-serif"><span style="mso-ascii-font-family: 'Times New Roman'; mso-hansi-font-family: 'Times New Roman'; mso-bidi-font-family: 'Times New Roman'"><o:p></o:p></span></font><font size="2" face="Arial, Helvetica, sans-serif"><span style="mso-ascii-font-family: 'Times New Roman'; mso-hansi-font-family: 'Times New Roman'; mso-bidi-font-family: 'Times New Roman'">Now,
the above can be arranged as below:</span></font></p>
<p
class=MsoNormal><font size="2" face="Arial, Helvetica, sans-serif"><span style="mso-ascii-font-family: 'Times New Roman'; mso-hansi-font-family: 'Times New Roman'; mso-bidi-font-family: 'Times New Roman'"><b><font color="#FFFFFF">Protocol:</font></b>
TCP (This can be Transmission Control Protocol or TCP, User Datagram Protocol
or UDP or sometimes even, IP or Internet Protocol.)</span></font></p>
<p
class=MsoNormal><font size="2" face="Arial, Helvetica, sans-serif"><span style="mso-ascii-font-family: 'Times New Roman'; mso-hansi-font-family: 'Times New Roman'; mso-bidi-font-family: 'Times New Roman'"><b><font color="#FFFFFF">Local
System Name:</font></b> ankit (This is the name of the local system that you
set during the Windows setup.)</span></font></p>
<p class=MsoNormal><font size="2" face="Arial, Helvetica, sans-serif"><span style="mso-ascii-font-family: 'Times New Roman'; mso-hansi-font-family: 'Times New Roman'; mso-bidi-font-family: 'Times New Roman'">Local
Port opened and being used by this connection: 1031 </span></font><font size="2" face="Arial, Helvetica, sans-serif"><span style="mso-ascii-font-family: 'Times New Roman'; mso-hansi-font-family: 'Times New Roman'; mso-bidi-font-family: 'Times New Roman'"><![if !supportEmptyParas]><![endif]> <o:p></o:p></span></font></p>
<p class=MsoNormal><font size="2" face="Arial, Helvetica, sans-serif"><span style="mso-ascii-font-family: 'Times New Roman'; mso-hansi-font-family: 'Times New Roman'; mso-bidi-font-family: 'Times New Roman'"><b><font color="#FFFFFF">Remote
System:</font></b> dwarf.box.sk (This is the non-numerical form of the system
to which we are connected.)</span></font></p>
<p
class=MsoNormal><font size="2" face="Arial, Helvetica, sans-serif"><span style="mso-ascii-font-family: 'Times New Roman'; mso-hansi-font-family: 'Times New Roman'; mso-bidi-font-family: 'Times New Roman'"><b><font color="#FFFFFF">Remote
Port:</font></b> ftp (This is the port number of the remote system dwarf.box.sk
to which we are connected.)</span></font></p>
<p
class=MsoNormal><font size="2" face="Arial, Helvetica, sans-serif"><span style="mso-ascii-font-family: 'Times New Roman'; mso-hansi-font-family: 'Times New Roman'; mso-bidi-font-family: 'Times New Roman'"><b><font color="#FFFFFF">State
of Connection:</font></b> ESTABLISHED</span></font><font size="2" face="Arial, Helvetica, sans-serif"><span style="mso-ascii-font-family: 'Times New Roman'; mso-hansi-font-family: 'Times New Roman'; mso-bidi-font-family: 'Times New Roman'"><o:p></o:p></span></font></p>
<p class=MsoNormal><font size="2" face="Arial, Helvetica, sans-serif"><span style="mso-ascii-font-family: 'Times New Roman'; mso-hansi-font-family: 'Times New Roman'; mso-bidi-font-family: 'Times New Roman'">‘Netstat’
with the ‘–a’ argument is normally used, to get a list of
open ports on your own system i.e. on the local system. This can be particularly
useful to check and see whether your system has a Trojan installed or not. Yes,
most good Antiviral software are able to detect the presence of Trojans, but,
we are hackers, and need to software to tell us, whether we are infected or
not. Besides, it is more fun to do something manually than to simply click on
the ‘Scan’ button and let some software do it.</span></font></p>
<p
class=MsoNormal><font size="2" face="Arial, Helvetica, sans-serif"><span style="mso-ascii-font-family: 'Times New Roman'; mso-hansi-font-family: 'Times New Roman'; mso-bidi-font-family: 'Times New Roman'">The
following is a list of Trojans and the port numbers which they use, if you Netstat
yourself and find any of the following open, then you can be pretty sure, that
you are infected.<br>
<br>
</span></font><font size="2" face="Arial, Helvetica, sans-serif"><span style="mso-ascii-font-family: 'Times New Roman'; mso-hansi-font-family: 'Times New Roman'; mso-bidi-font-family: 'Times New Roman'"><o:p></o:p></span></font><font size="2" face="Arial, Helvetica, sans-serif"><span style="mso-ascii-font-family: 'Times New Roman'; mso-hansi-font-family: 'Times New Roman'; mso-bidi-font-family: 'Times New Roman'">Port
12345(TCP)
Netbus<br>
</span></font><font size="2" face="Arial, Helvetica, sans-serif"><span style="mso-ascii-font-family: 'Times New Roman'; mso-hansi-font-family: 'Times New Roman'; mso-bidi-font-family: 'Times New Roman'">Port
31337(UDP)
Back Orifice</span></font></p>
<p class=MsoNormal style="mso-layout-grid-align: none"><font size="2" face="Arial, Helvetica, sans-serif"><span style="mso-ascii-font-family: 'Times New Roman'; mso-hansi-font-family: 'Times New Roman'; mso-bidi-font-family: 'Times New Roman'">For
complete list, refer to the Tutorial on Trojans at: hackingtruths.box.sk/trojans.txt</span></font></p>
<font size="2" face="Arial, Helvetica, sans-serif">---- </font>
<p></p>
<p class=MsoNormal><font face="Arial, Helvetica, sans-serif" size="2"><span
style="mso-ascii-font-family: 'Times New Roman'; mso-hansi-font-family: 'Times New Roman'; mso-bidi-font-family: 'Times New Roman'">Now,
the above tutorial resulted in a number of people raising questions like: If
the 'netstat -a' command shows open ports on my system, does this mean that
anyone can connect to them? Or, How can I close these open ports? How do I know
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -