No-nonsense version: What are the common high-risk ports? Why should you close them?

Common high-risk ports

(1) TCP port 21: The default port of FTP (File Transfer Protocol), used for file transfer. Hackers can exploit vulnerabilities in this port, such as weak passwords and unauthorized access, to upload malicious files or download sensitive data. They can also bypass firewall restrictions through FTP rebound attacks and further invade the internal network.

(2) TCP port 23: Telnet protocol port, used for remote login management. It transmits information such as user names and passwords in plain text, which can be easily intercepted by hackers. Once such information is obtained, hackers can easily log in to the target device and perform various malicious operations, such as tampering with system configurations and stealing data.

(3) TCP port 25: SMTP (Simple Mail Transfer Protocol) port, mainly used to send emails. Attackers may use this port to forge emails, send spam, or even spread viruses and malware through emails, bringing security risks and resource consumption to users and networks.

(4) UDP port 53: DNS (Domain Name System) protocol port, used for domain name resolution. Hackers may launch DNS spoofing attacks to direct users to malicious websites and obtain sensitive information entered by users, such as account numbers and passwords, or interfere with normal domain name resolution, resulting in network service interruption.

(5) TCP port 135: In Windows systems, this is the port used for DCOM (Distributed Component Object Model) communications. Hackers can exploit vulnerabilities in this port. For example, the famous "Shockwave" virus exploited a vulnerability in the DCOM interface and spread through port 135, causing the system to be attacked and resulting in serious consequences such as system crashes and data loss.

(6) TCP port 445: mainly used for file sharing and printing services in Windows systems. The "EternalBlue" vulnerability exploits port 445, which allows hackers to execute arbitrary code on unpatched Windows systems, thereby controlling the target computer, stealing data, and installing backdoors.

(7) TCP port 3389: Windows Remote Desktop Protocol (RDP) port, which allows users to remotely control Windows systems. However, if the configuration is improper or there is a weak password, hackers can log in to the system remotely by brute force password cracking, completely control the target computer, and perform various malicious operations.

Reasons for closing high-risk ports

(1) Preventing network attacks: Closing high-risk ports can effectively reduce the attack surface of hackers and reduce the risk of system intrusion. Many network attacks are carried out through specific ports. Closing these ports can make it difficult for hackers to find the entrance to invade the system, thereby protecting the security of the system and data.

(2) Protecting data security: Data is an important asset for enterprises and individuals. High-risk ports may become channels for data leakage. Closing these ports can prevent hackers from stealing sensitive information such as user accounts, passwords, financial data, and business secrets through the ports, ensuring the confidentiality and integrity of data.

(3) Maintaining stable system operation: Attacks on high-risk ports may cause system vulnerabilities, crashes, or service interruptions, affecting normal business operations and user experience. Closing high-risk ports helps reduce the occurrence of such security incidents, ensure the stability and reliability of the system, and ensure that all businesses can continue to operate normally.

How to confirm that the system ports are open?

Both Windows and Linux operating systems can use the command netstat -an to check which services are listening on these ports:

(1) WIN system echo

(2) Linux system echo