The CPU transfers data to and from peripherals through interface registers or specific circuits called ports.
The ports in the hardware domain are also called interfaces, such as parallel ports, serial ports, and so on.
In networking technology, port (Port) has several meanings. Ports on hubs, switches, and routers refer to interfaces that connect to other network devices, such as RJ-45 ports, Serial ports, and so on. The ports we refer to here do not mean ports in the physical sense, but specifically refer to ports in the TCP/IP protocol, which are ports in the logical sense.
Buffers.
A host with an IP address can provide many services, such as Web services, FTP services, SMTP services, and so on, which can be fully realized by 1 IP address. So, how does the host distinguish between different network services? Obviously can not rely only on the IP address, because the relationship between the IP address and network services is a one-to-many relationship. In fact, it is through the "IP address + port number" to distinguish between different services.
It is important to note that ports are not one-to-one. For example, if your computer is a client accessing a WWW server, the WWW server uses port "80" to communicate with your computer, but your computer may use port "3457" to communicate.
Someone once compared a server to a house, and ports to doors to different rooms (services), which is a good analogy if you don't want to get into details. An intruder who wants to take over the house will inevitably have to break in (physical intrusion is another story), so it is critical for the intruder to understand how many doors are open in the house, what kind of doors they are, and what is behind them.
Intruders usually use a scanner to scan the target host's ports to determine which ports are open, and from the open ports, intruders can know the target host roughly what services are provided, and then guess what vulnerabilities may exist, so the scanning of ports can help us to better understand the target host, and for administrators, scanning the open ports of the machine is also the first step in the security precautions.
The first step is to scan the open ports of the machine.
According to the size of the port number classification, can be divided into the following categories:
(1) recognized ports (WellKnownPorts): from 0 to 1023, they are tightly bound to some services. Usually the communication on these ports clearly indicates the protocol of some service. For example, port 80 is virtually always HTTP traffic.
(2) RegisteredPorts: from 1024 to 49151, they are loosely bound to some service. That is, there are many services bound to these ports, which are also used for many other purposes. For example, many systems handle dynamic ports starting around 1024.
(3) Dynamicand/orPrivatePorts: from 49152 to 65535. theoretically, these ports should not be assigned to services. In practice, machines usually assign dynamic ports from 1024. There are exceptions: SUN's RPC ports start at 32768.
A common technique is to redirect a port to another address. For example, the default HTTP port is 80, and a number of people redirect it to another port such as 8080. if it is changed in this way. Redirection is implemented to hide the recognized default port and reduce the rate of compromise. This way if someone wants to attack a recognized default port they must first perform a port scan. Most port redirections have similarities to the original ports, for example, most HTTP ports are changed from 80: 81, 88, 8000, 8080, 8888. Similarly, POP ports, which were originally at 110, are often redirected to 1100, and in a number of cases, statistically significant numbers are chosen, such as 1234, 23456, 34567, and so on. Many people have other reasons for choosing strange numbers, such as 42, 69, 666, 31337. More and more remote control Trojans use the same default port. For example, the default port for NetBus is 12345.BlakeR.Swopes points out that there is another reason to use redirected ports, on UNIX systems you need root privileges if you want to listen to ports below 1024. If you don't have root access and want to run a web service, you'll need to install it on a higher port. Also, some ISP firewalls will block communication on lower ports, in which case even if you own the whole machine you will still have to redirect ports.