windows系统常见端口关闭方法
<span style="font-size: 9pt">常见端口关闭<a target="_blank" href="#" class="UBBWordLink">方法</a></span><span style="font-size: 9pt">113</span><span style="font-size: 9pt">端口木马的清除(仅适用于</span><span style="font-size: 9pt">windows</span><span style="font-size: 9pt"><a target="_blank" href="#" class="UBBWordLink">系统</a>):</span>
<span style="font-size: 9pt">这是一个基于</span><span style="font-size: 9pt">irc</span><span style="font-size: 9pt">聊天室控制的木马程序。</span>
<span style="font-size: 9pt">1.</span><span style="font-size: 9pt">首先使用</span><span style="font-size: 9pt">netstat -an</span><span style="font-size: 9pt">命令确定自己的<a target="_blank" href="#" class="UBBWordLink">系统</a>上是否开放了</span><span style="font-size: 9pt">113</span><span style="font-size: 9pt">端口</span>
<span style="font-size: 9pt">2.</span><span style="font-size: 9pt">使用</span><span style="font-size: 9pt">fport</span><span style="font-size: 9pt">命令察看出是哪个程序在****</span><span style="font-size: 9pt">113</span><span style="font-size: 9pt">端口</span>
<span style="font-size: 9pt">fport</span><span style="font-size: 9pt">工具下载</span>
<span style="font-size: 9pt">例如我们用</span><span style="font-size: 9pt">fport</span><span style="font-size: 9pt">看到如下结果:</span>
<span style="font-size: 9pt">Pid</span><span style="font-size: 9pt"> Process Port</span><span style="font-size: 9pt"> Proto Path </span>
<span style="font-size: 9pt">392 svchost -> 113 TCP C:\WINNT\system32\vhos.exe </span>
<span style="font-size: 9pt">我们就可以确定在****在</span><span style="font-size: 9pt">113</span><span style="font-size: 9pt">端口的木马程序是</span><span style="font-size: 9pt">vhos.exe</span><span style="font-size: 9pt">而该程序所在的路径为</span>
<span style="font-size: 9pt">c:\winnt\system32</span><span style="font-size: 9pt">下。</span>
<span style="font-size: 9pt">3.</span><span style="font-size: 9pt">确定了木马程序名(就是****</span><span style="font-size: 9pt">113</span><span style="font-size: 9pt">端口的程序)后,在任务管理器中查找到该进程,</span>
<span style="font-size: 9pt">并使用管理器结束该进程。</span>
<span style="font-size: 9pt">4.</span><span style="font-size: 9pt">在开始</span><span style="font-size: 9pt">-</span><span style="font-size: 9pt">运行中键入</span><span style="font-size: 9pt">regedit</span><span style="font-size: 9pt">运行注册表管理程序,在注册表里查找刚才找到那个程序,</span>
<span style="font-size: 9pt">并将相关的键值全部删掉。</span>
<span style="font-size: 9pt">5.</span><span style="font-size: 9pt">到木马程序所在的目录下删除该木马程序。(通常木马还会包括其他一些程序,如</span>
<span style="font-size: 9pt">rscan.exe</span><span style="font-size: 9pt">、</span><span style="font-size: 9pt">p***ec.exe</span><span style="font-size: 9pt">、</span><span style="font-size: 9pt">ipcpass.dic</span><span style="font-size: 9pt">、</span><span style="font-size: 9pt">ipcscan.txt</span><span style="font-size: 9pt">等,根据</span>
<span style="font-size: 9pt">木马程序不同,文件也有所不同,你可以通过察看程序的生成和修改的时间来确定与</span>
<span style="font-size: 9pt">****</span><span style="font-size: 9pt">113</span><span style="font-size: 9pt">端口的木马程序有关的其他程序)</span>
<span style="font-size: 9pt">6.</span><span style="font-size: 9pt">重新启动机器。</span>
<span style="font-size: 9pt">3389</span><span style="font-size: 9pt">端口的关闭:</span>
<span style="font-size: 9pt">首先说明</span><span style="font-size: 9pt">3389</span><span style="font-size: 9pt">端口是</span><span style="font-size: 9pt">windows</span><span style="font-size: 9pt">的远程管理终端所开的端口,它并不是一个木马程序,请先</span>
<span style="font-size: 9pt">确定该<a target="_blank" href="#" class="UBBWordLink">服务</a>是否是你自己开放的。如果不是必须的,请关闭该<a target="_blank" href="#" class="UBBWordLink">服务</a>。</span>
<span style="font-size: 9pt">win2000</span><span style="font-size: 9pt">关闭的<a target="_blank" href="#" class="UBBWordLink">方法</a>:</span>
<span style="font-size: 9pt">win2000server </span><span style="font-size: 9pt">开始</span><span style="font-size: 9pt">--></span><span style="font-size: 9pt">程序</span><span style="font-size: 9pt">--></span><span style="font-size: 9pt">管理工具</span><span style="font-size: 9pt">--></span><span style="font-size: 9pt"><a target="_blank" href="#" class="UBBWordLink">服务</a>里找到</span><span style="font-size: 9pt">Terminal Services</span><span style="font-size: 9pt"><a target="_blank" href="#" class="UBBWordLink">服务</a>项,</span>
<span style="font-size: 9pt">选中属性选项将启动类型改成手动,并停止该<a target="_blank" href="#" class="UBBWordLink">服务</a>。</span>
<span style="font-size: 9pt">win2000pro </span><span style="font-size: 9pt">开始</span><span style="font-size: 9pt">--></span><span style="font-size: 9pt"><a target="_blank" href="#" class="UBBWordLink">设置</a></span><span style="font-size: 9pt">--></span><span style="font-size: 9pt">控制面板</span><span style="font-size: 9pt">--></span><span style="font-size: 9pt">管理工具</span><span style="font-size: 9pt">--></span><span style="font-size: 9pt"><a target="_blank" href="#" class="UBBWordLink">服务</a>里找到</span><span style="font-size: 9pt">Terminal Services </span>
<span style="font-size: 9pt"><a target="_blank" href="#" class="UBBWordLink">服务</a>项,选中属性选项将启动类型改成手动,并停止该<a target="_blank" href="#" class="UBBWordLink">服务</a>。</span>
<span style="font-size: 9pt">winxp</span><span style="font-size: 9pt">关闭的<a target="_blank" href="#" class="UBBWordLink">方法</a>:</span>
<span style="font-size: 9pt">在我的电脑上点右键选属性</span><span style="font-size: 9pt">--></span><span style="font-size: 9pt">远程,将里面的远程协助和远程桌面两个选项框里的勾去掉。</span>
<span style="font-size: 9pt">4899</span><span style="font-size: 9pt">端口的关闭:</span>
<span style="font-size: 9pt">首先说明</span><span style="font-size: 9pt">4899</span><span style="font-size: 9pt">端口是一个远程控制软件(</span><span style="font-size: 9pt">remote administrator)</span><span style="font-size: 9pt"><a target="_blank" href="#" class="UBBWordLink">服务</a>端****的端口,他不能</span>
<span style="font-size: 9pt">算是一个木马程序,但是具有远程控制功能,通常杀毒软件是无法查出它来的,请先确定该服</span>
<span style="font-size: 9pt">务是否是你自己开放并且是必需的。如果不是请关闭它。</span>
<span style="font-size: 9pt">关闭</span><span style="font-size: 9pt">4899</span><span style="font-size: 9pt">端口:</span>
<span style="font-size: 9pt">请在开始</span><span style="font-size: 9pt">--></span><span style="font-size: 9pt">运行中输入</span><span style="font-size: 9pt">cmd(98</span><span style="font-size: 9pt">以下为</span><span style="font-size: 9pt">command),</span><span style="font-size: 9pt">然后</span><span style="font-size: 9pt">cd C:\winnt\system32(</span><span style="font-size: 9pt">你的<a target="_blank" href="#" class="UBBWordLink">系统</a></span>
<span style="font-size: 9pt"><a target="_blank" href="#" class="UBBWordLink">安装</a>目录),输入</span><span style="font-size: 9pt">r_server.exe /stop</span><span style="font-size: 9pt">后按回车。</span>
<span style="font-size: 9pt">然后在输入</span><span style="font-size: 9pt">r_server /uninstall /silence </span>
<span style="font-size: 9pt">到</span><span style="font-size: 9pt">C:\winnt\system32(</span><span style="font-size: 9pt"><a target="_blank" href="#" class="UBBWordLink">系统</a>目录)下删除</span><span style="font-size: 9pt">r_server.exe admdll.dll radbrv.dll</span><span style="font-size: 9pt">三个文件</span>
<span style="font-size: 9pt">5800</span><span style="font-size: 9pt">,</span><span style="font-size: 9pt">5900</span><span style="font-size: 9pt">端口:</span>
<span style="font-size: 9pt">1.</span><span style="font-size: 9pt">首先使用</span><span style="font-size: 9pt">fport</span><span style="font-size: 9pt">命令确定出****在</span><span style="font-size: 9pt">5800</span><span style="font-size: 9pt">和</span><span style="font-size: 9pt">5900</span><span style="font-size: 9pt">端口的程序所在位置(通常会是</span><span style="font-size: 9pt">c:\winnt\fonts\ </span>
<span style="font-size: 9pt">explorer.exe) </span>
<span style="font-size: 9pt">2.</span><span style="font-size: 9pt">在任务管理器中杀掉相关的进程(注意有一个是<a target="_blank" href="#" class="UBBWordLink">系统</a>本身正常的,请注意!如果错杀可以重新</span>
<span style="font-size: 9pt">运行</span><span style="font-size: 9pt">c:\winnt\explorer.exe) </span>
<span style="font-size: 9pt">3.</span><span style="font-size: 9pt">删除</span><span style="font-size: 9pt">C:\winnt\fonts\</span><span style="font-size: 9pt">中的</span><span style="font-size: 9pt">explorer.exe</span><span style="font-size: 9pt">程序。</span>
<span style="font-size: 9pt">4.</span><span style="font-size: 9pt">删除注册表</span><span style="font-size: 9pt">HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run</span><span style="font-size: 9pt">中的</span>
<span style="font-size: 9pt">Explorer</span><span style="font-size: 9pt">项。</span>
<span style="font-size: 9pt">5.</span><span style="font-size: 9pt">重新启动机器。</span>
<span style="font-size: 9pt">6129</span><span style="font-size: 9pt">端口的关闭:</span>
<span style="font-size: 9pt">首先说明</span><span style="font-size: 9pt">6129</span><span style="font-size: 9pt">端口是一个远程控制软件(</span><span style="font-size: 9pt">dameware nt utilities)</span><span style="font-size: 9pt"><a target="_blank" href="#" class="UBBWordLink">服务</a>端****得端口,他不是</span>
<span style="font-size: 9pt">一个木马程序,但是具有远程控制功能,通常的杀毒软件是无法查出它来的。请先确定该<a target="_blank" href="#" class="UBBWordLink">服务</a></span>
<span style="font-size: 9pt">是否是你自己<a target="_blank" href="#" class="UBBWordLink">安装</a>并且是必需的,如果不是请关闭。</span>
<span style="font-size: 9pt">关闭</span><span style="font-size: 9pt">6129</span><span style="font-size: 9pt">端口:</span>
<span style="font-size: 9pt">选择开始</span><span style="font-size: 9pt">--></span><span style="font-size: 9pt"><a target="_blank" href="#" class="UBBWordLink">设置</a></span><span style="font-size: 9pt">--></span><span style="font-size: 9pt">控制面板</span><span style="font-size: 9pt">--></span><span style="font-size: 9pt">管理工具</span><span style="font-size: 9pt">--></span><span style="font-size: 9pt"><a target="_blank" href="#" class="UBBWordLink">服务</a></span>
<span style="font-size: 9pt">找到</span><span style="font-size: 9pt">DameWare Mini Remote Control</span><span style="font-size: 9pt">项点击右键选择属性选项,将启动类型改成禁用后</span>
<span style="font-size: 9pt">停止该<a target="_blank" href="#" class="UBBWordLink">服务</a>。</span>
<span style="font-size: 9pt">到</span><span style="font-size: 9pt">c:\winnt\system32(</span><span style="font-size: 9pt"><a target="_blank" href="#" class="UBBWordLink">系统</a>目录)下将</span><span style="font-size: 9pt">DWRCS.EXE</span><span style="font-size: 9pt">程序删除。</span>
<span style="font-size: 9pt">到注册表内将</span><span style="font-size: 9pt">HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DWMRCS</span><span style="font-size: 9pt">表项删除。</span>
<span style="font-size: 9pt">1029</span><span style="font-size: 9pt">端口和</span><span style="font-size: 9pt">20168</span><span style="font-size: 9pt">端口:</span>
<span style="font-size: 9pt">这两个端口是</span><span style="font-size: 9pt">lovgate</span><span style="font-size: 9pt">蠕虫所开放的后门端口。</span>
<span style="font-size: 9pt">蠕虫相关信息请参见:</span><span style="font-size: 9pt">Lovgate</span><span style="font-size: 9pt">蠕虫:</span><span style="font-size: 9pt">http://it.rising.com.cn/newSite/ ... rus/Antivirus_Base/ </span>
<span style="font-size: 9pt">TopicExplorerPagePackage/lovgate.htm </span>
<span style="font-size: 9pt">你可以下载专杀工具:</span><span style="font-size: 9pt">http://it.rising.com.cn/service/ ... ovGate_download.htm </span>
<span style="font-size: 9pt">使用<a target="_blank" href="#" class="UBBWordLink">方法</a>:下载后直接运行,在该程序运行结束后重起机器后再运行一遍该程序。</span>
<span style="font-size: 9pt">45576</span><span style="font-size: 9pt">端口:</span>
<span style="font-size: 9pt">这是一个代理软件的控制端口,请先确定该代理软件并非你自己<a target="_blank" href="#" class="UBBWordLink">安装</a>(代理软件会给你的机器带</span>
<span style="font-size: 9pt">来额外的流量)</span>
<span style="font-size: 9pt">关闭代理软件:</span>
<span style="font-size: 9pt">1.</span><span style="font-size: 9pt">请先使用</span><span style="font-size: 9pt">fport</span><span style="font-size: 9pt">察看出该代理软件所在的位置</span>
<span style="font-size: 9pt">2.</span><span style="font-size: 9pt">在<a target="_blank" href="#" class="UBBWordLink">服务</a>中关闭该<a target="_blank" href="#" class="UBBWordLink">服务</a>(通常为</span><span style="font-size: 9pt">SkSocks</span><span style="font-size: 9pt">),将该<a target="_blank" href="#" class="UBBWordLink">服务</a>关掉。</span>
<span style="font-size: 9pt">3.</span><span style="font-size: 9pt">到该程序所在目录下将该程序删除。</span>
<span style="font-size: 9pt">对于</span><span style="font-size: 9pt">139</span><span style="font-size: 9pt">端口攻击的防范针对不同<a target="_blank" href="#" class="UBBWordLink">系统</a>的<a target="_blank" href="#" class="UBBWordLink">设置</a>也有所不同,下面就来分别描述。</span>
<span style="font-size: 9pt"> 针对使用</span><span style="font-size: 9pt">Windows 9x</span><span style="font-size: 9pt"><a target="_blank" href="#" class="UBBWordLink">系统</a>拨号上网用户,可以不必登录到</span><span style="font-size: 9pt">NT</span><span style="font-size: 9pt">局域<a target="_blank" href="#" class="UBBWordLink">网络</a>环境,打开控制面板,然后双击“<a target="_blank" href="#" class="UBBWordLink">网络</a>”图标,在“主<a target="_blank" href="#" class="UBBWordLink">网络</a>登录”中选择“</span><span style="font-size: 9pt">Microsoft</span><span style="font-size: 9pt">友好登录”,不必选择“</span><span style="font-size: 9pt">Windows</span><span style="font-size: 9pt"><a target="_blank" href="#" class="UBBWordLink">网络</a>用户”方式。此外,也不必<a target="_blank" href="#" class="UBBWordLink">设置</a>“文件打印共享”</span>
<span style="font-size: 9pt"> 对于</span><span style="font-size: 9pt">Windows NT</span><span style="font-size: 9pt">用户,可以取消</span><span style="font-size: 9pt">NetBIOS</span><span style="font-size: 9pt">与</span><span style="font-size: 9pt">TCP/IP</span><span style="font-size: 9pt">协议的绑定,打开“控制面板”,然后双击“<a target="_blank" href="#" class="UBBWordLink">网络</a>”图标,在“</span><span style="font-size: 9pt">NetBIOS</span><span style="font-size: 9pt">接口”中选择“</span><span style="font-size: 9pt">WINS</span><span style="font-size: 9pt">客户</span><span style="font-size: 9pt">(TCP/IP)</span><span style="font-size: 9pt">”为“禁用”,并重新启动计算机即可。</span>
<span style="font-size: 9pt">Windows 2000</span><span style="font-size: 9pt">用户可以使用鼠标右键单击“<a target="_blank" href="#" class="UBBWordLink">网络</a>邻居”图标,然后选择“属性”命令,打开“<a target="_blank" href="#" class="UBBWordLink">网络</a>和拨号连接”对话框,用鼠标右键单击“本地连接”图标,然后执行“属性”命令,打开“本地连接属性”对话框。双击“</span><span style="font-size: 9pt">Internet</span><span style="font-size: 9pt">协议</span><span style="font-size: 9pt">(TCP/IP)</span><span style="font-size: 9pt">”,在打开的对话框中单击[高级]按钮。打开“高级</span><span style="font-size: 9pt">TCP/IP</span><span style="font-size: 9pt"><a target="_blank" href="#" class="UBBWordLink">设置</a>”对话框,选择“选项”选项卡,在列表中单击选中“</span><span style="font-size: 9pt">TCP/IP</span><span style="font-size: 9pt">筛选”选项</span>
<span style="font-size: 9pt"> 单击[属性]按钮,在“只允许”单击[添加]按钮,填入除了</span><span style="font-size: 9pt">139</span><span style="font-size: 9pt">之外要用到的端口。</span>
<span style="font-size: 9pt">对于个人上网用户可以使用“天网防火墙”定制防火墙规则。启动“天网个人防火墙”,选择一条空规则,<a target="_blank" href="#" class="UBBWordLink">设置</a>数据包方向为“接收”,对方</span><span style="font-size: 9pt">IP</span><span style="font-size: 9pt">地址选“任何地址”,协议设定为“</span><span style="font-size: 9pt">TCP</span><span style="font-size: 9pt">”,本地端口<a target="_blank" href="#" class="UBBWordLink">设置</a>为“</span><span style="font-size: 9pt">139</span><span style="font-size: 9pt">到</span><span style="font-size: 9pt">139</span><span style="font-size: 9pt">”,对方端口<a target="_blank" href="#" class="UBBWordLink">设置</a>为“</span><span style="font-size: 9pt">0</span><span style="font-size: 9pt">到</span><span style="font-size: 9pt">0</span><span style="font-size: 9pt">”,<a target="_blank" href="#" class="UBBWordLink">设置</a>标志位为“</span><span style="font-size: 9pt">SYN</span><span style="font-size: 9pt">”,动作<a target="_blank" href="#" class="UBBWordLink">设置</a>为“拦截”,最后单击[确定]按钮,并在“自定义</span><span style="font-size: 9pt">IP</span><span style="font-size: 9pt">规则”列表中勾选此规则即可启动拦截</span><span style="font-size: 9pt">139</span><span style="font-size: 9pt">端口攻击了</span><span style="font-size: 9pt">.</span><span style="font-size: 9pt">了解</span><span style="font-size: 9pt">139</span><span style="font-size: 9pt">端口是为了更好地</span>
<span style="font-size: 9pt">经常不用的端口可以通过关闭</span><span style="font-size: 9pt">139</span><span style="font-size: 9pt">端口的<a target="_blank" href="#" class="UBBWordLink">方法</a>来关闭。</span>
頁:
[1]