close.html

黑客培训教程

  if an open port is a threat to my system's security of not? Well, the answer 
  to all these question would be clear, once you read the below paragraph:</span></font></p>
<p class=MsoNormal><font face="Arial, Helvetica, sans-serif" size="2"><span 
            style="mso-ascii-font-family: 'Times New Roman'; mso-hansi-font-family: 'Times New Roman'; mso-bidi-font-family: 'Times New Roman'">Now, 
  the thing to understand here is that, Port numbers are divided into three ranges: 
  <br>
  <br>
  The Well Known Ports are those from 0 through 1023. This range or ports is bound 
  to the services running on them. By this what I mean is that each port usually 
  has a specific service running on it. You see there is an internationally accepted 
  Port Numbers to Services rule, (refer RFC 1700 <a 
            href="http://hackingtruths.box.sk/hackingtruths.box.sk/rfc.htm">Here</a>) 
  which specifies as to on what port number a particular service runs. For Example, 
  By Default or normally FTP runs on Port 21. So if you find that Port 21 is open 
  on a particular system, then it usually means that that particular system uses 
  the FTP Protocol to transfer files. However, please note that some smart system 
  administrators delibrately i.e. to fool lamers run fake services on popular 
  ports. For Example, a system might be running a fake FTP daemon on Port 21. 
  Although you get the same interface like the FTP daemon banner, response numbers 
  etc, however, it actually might be a software logging your prescence and sometimes 
  even tracing you!!!<br>
  <br>
  The Registered Ports are those from 1024 through 49151. This range of port numbers 
  is not bound to any specific service. Actually, Networking utlites like your 
  Browser, Email Client, FTP software opens a random port within this range and 
  starts a communication with the remote server. A port number within this range 
  is the reason why you are able to surf the net or check your email etc. <br>
  <br>
  If you find that when you give the netstat -a command, then a number of ports 
  within this range are open, then you should probably not worry. These ports 
  are simply opened so that you can get your software applications to do what 
  you want them to do. These ports are opened temporarily by various applications 
  to perform tasks. They act as a buffer transfering packets (data) received to 
  the application and vis-a-versa. Once you close the application, then you find 
  that these ports are closed automatically. For Example, when you type www.hotmail.com 
  in your browser, then your browser randomly chooses a Registered Port and uses 
  it as a buffer to communicate with the various remote servers involved. <br>
  <br>
  The Dynamic and/or Private Ports are those from 49152 through 65535. This range 
  is rarely used, and is mostly used by trojans, however some application do tend 
  to use such high range port numbers. For Example,Sun starts their RPC ports 
  at 32768. </span></font></p>
<font size="2" face="Arial, Helvetica, sans-serif"> </font><font face="Arial, Helvetica, sans-serif" size="2"><span 
            style="mso-ascii-font-family: 'Times New Roman'; mso-hansi-font-family: 'Times New Roman'; mso-bidi-font-family: 'Times New Roman'">So 
this basically brings us to what to do if you find that Netstat gives you a couple 
of open ports on your system:<br>
<br>
1. Check the <a href="http://hackingtruths.box.sk/trojans.txt">Trojan Port List</a> 
and check if the open port matches with any of the popular ones. If it does then 
get a trojan Removal and remove the trojan.<br>
<br>
2. If it doesn't or if the Trojan Remover says: No trojan found, then see if the 
open port lies in the registered Ports range. If yes, then you have nothing to 
worry, so forget about it.<br>
<br>
</span></font><font size="2" face="Arial, Helvetica, sans-serif"><span style="mso-ascii-font-family: 'Times New Roman'; mso-hansi-font-family: 'Times New Roman'; mso-bidi-font-family: 'Times New Roman'"> 
<font face="Verdana, Arial, Helvetica, sans-serif">***********************<br>
</font> <b><font color="#FFFFFF">HACKING TRUTH:</font></b> A common technique 
employed by a number of system administrators, is remapping ports. For example, 
normally the default port for HTTP is 80. However, the system administrator could 
also remap it to Port 8080. Now, if that is the case, then the homepage hosted 
at that server would be at:<br>
<br>
http://domain.com:8080 instead of<br>
http://domain.com:80<br>
<br>
The idea behind Port Remapping is that instead of running a service on a well 
known port, where it can easily be exploited, it would be better to run it on 
a not so well known port, as the hacker, would find it more difficult to find 
that service. He would have to port scan high range of numbers to discover port 
remapping.<br>
<br>
The ports used for remapping are usually pretty easy to remember. They are choosen 
keeping in mind the default port number at which the service being remapped should 
be running. For Example, POP by default runs on Port 110. However, if you were 
to remap it, you would choose any of the following: 1010, 11000, 1111 etc etc<br>
<br>
Some sysadmins also like to choose Port numbers in the following manner: 1234,2345,3456,4567 
and so on... Yet another reason as to why Port Remapping is done, is that on a 
Unix System to be able to listen to a port under 1024, you must have root previledges. 
<br>
<font face="Verdana, Arial, Helvetica, sans-serif">************************ </font></span></font><font size="2" face="Arial, Helvetica, sans-serif"><br>
</font> 
<p class=MsoNormal><font size="2" face="Arial, Helvetica, sans-serif"><span style="mso-ascii-font-family: 'Times New Roman'; mso-hansi-font-family: 'Times New Roman'; mso-bidi-font-family: 'Times New Roman'"><b><font color="#FFFFFF">Firewalls</font></b><font color="#FFFFFF"><br>
  </font> <br>
  Use of Firewalls is no longer confined to servers or websites or commerical 
  companies. Even if you simply dial up into your ISP or use PPP (Point to Point 
  Protocol) to surf the net, you simply cannot do without a firewall. So what 
  exactly is a firewall?<br>
  <br>
  Well, in non-geek language, a firewall is basically a shield which protects 
  your system from the untrusted non-reliable systems connected to the Internet. 
  It is a software which listens to all ports on your system for any attempts 
  to open a connection and when it detects such an attempt, then it reacts according 
  to the predefined set of rules. So basically, a firewall is something that protects 
  the network(or systen) from the Internet. It is derived from the concept of 
  firewalls used in vehicles which is a barrier made of fire resistant material 
  protecting the vehicle in case of fire. <br>
  <br>
  Now, for a better 'according to the bible' defination of a firewall: A firewall 
  is best described as a software or hardware or both Hardware and Software packet 
  filter that allows only selected packets to pass through from the Internet to 
  your private internal network. A firewall is a system or a group of systems 
  which guard a trusted network( The Internal Private Network from the untrusted 
  network (The Internet.)<br>
  <br>
  <b><font color="#FFFFFF">NOTE: </font></b>This was a very brief desciption of 
  what a firewall is, I would not be going into the details of their working in 
  this manual.<br>
  <br>
  Anyway,the term 'Firewalls', (which were generally used by companies for commerical 
  purposes) has evolved into a new term called 'Personal Firewalls'. Now this 
  term is basically used to refer to firewalls installed on a standalone system 
  which may or may not be networked i.e. It usually connects to an ISP. Or in 
  other words a personal firewall is a firewall used for personal use.<br>
  <br>
  Now that you have a basic desciption as to what a firewall is, let us move on 
  to why exactly you need to install a Firewall? Or, how can not installing a 
  firewall pose a threat to the security of your system?<br>
  <br>
  You see, when you are connected to the Internet, then you have millions of other 
  untrusted systems connected to it as well. If somehow someone found out your 
  IP address, then they could do probably anything to your system. They could 
  exploit any vulnerability existing in your system, damage your data, and even 
  use your system to hack into other computers. <br>
  <br>
  Finding out someone'e IP Address is not very difficult. Anybody can find out 
  your IP, through various Chat Services, Instant Messengers (ICQ, MSN, AOL etc), 
  through a common ISP and numerous other ways. Infact finding out the IP Address 
  of a specific person is not always the priority of some hackers.<br>
  <br>
  What I mean to say by that is that there are a number of Scripts and utilities 
  available which scan all IP addresses between a certain range for predefined 
  common vulnerabilities. For Example, Systems with File Sharing Enabled or a 
  system running an OS which is vulnerable to the Ping of Death attack etc etc 
  As soon as a vulnerable system is found, then they use the IP to carry out the 
  attacks.<br>
  <br>
  The most common scanners look for systems with RAT's or Remote Administration 
  Tools installed. They send a packet to common Trojan ports and display whether 
  the victim's system has that Trojan installed or not. The 'Scan Range of IP 
  Addresses' that these programs accept are quite wide and one can easily find 
  a vulnerable system in the matter of minutes or even seconds.<br>
  <br>
  Trojan Horses like Back Orifice provide remote access to your system and can 
  set up a password sniffer. The combination of a back door and a sniffer is a