瑞星防火墙系统信息中显示:“Local:127.0.0.1:1045[RASmin木马] => 127.0.0.1:1025”。网络防火墙,比如瑞星防火墙、天网防火墙,所报告的木马病毒一般是根据端口来判断的,如检测到某网络端口有网络活动,而此端口曾被某木马或病毒利用,则报出病毒木马名字,这种判断应该是不很严谨的,不一定真的存在该木马或病毒,大多数时候可能是正常的网络活动,就象瑞星防火墙比较喜欢报的2003蠕虫王,不表示电脑上真的有蠕虫王,只是检测到端口1434网络活动(2003蠕虫王使用1434端口),而本例则是由于检测到端口1045,才报告RASmin木马。
对于防火墙的越俎代疱,不用过分紧张,小心求证就是,毕竟防火墙主要不是干这个的。一般情况下,防火墙报告病毒木马基本不用担心,甚至可看作误报,就算真有危险,也是机器外面的,而且也被防火墙挡住了(这才是防火墙该做的事,阻止可能的危险网络连接)。如果要防火墙不报,除了关闭提示外,如果确认确实没有用到相应端口,可以在防火墙设置或windows本地安全策略中禁用相关端口。
附:
常见端口列表
TCP端口 | TCP端口 | UDP端口 |
7 = 回显 9 = 丢弃 11 = 在线用户 13 = 时间服务 15 = 网络状态 17 = 每日引用 18 = 消息发送 19 = 字符发生器 20 = ftp数据 21 = 文件传输 22 = SSH端口 23 = 远程终端 25 = 发送邮件 31 = Masters Paradise木马 37 = 时间 39 = 资源定位协议 41 = DeepThroat木马 42 = WINS 主机名服务 43 = WhoIs服务 58 = DMSetup木马 59 = 个人文件服务 63 = WHOIS端口 69 = TFTP服务 70 = 信息检索 79 = 查询在线用户 80 = WEB网页 88 = Kerberros5认证 101 = 主机名 102 = ISO 107 = 远程登录终端 109 = pop2邮件 110 = pop3邮件 111 = SUN远程控制 113 = 身份验证 117 = UUPC 119 = nntp新闻组 121 = JammerKillah木马 135 = 本地服务 138 = 隐形大盗 139 = 文件共享 143 = IMAP4邮件 146 = FC-Infector木马 158 = 邮件服务 170 = 打印服务 179 = BGP 194 = IRC PORT 213 = TCP OVER IPX 220 = IMAP3邮件 389 = 目录服务 406 = IMSP PORT 411 = DC++ 421 = TCP Wrappers 443 = 安全WEB访问 445 = SMB(交换服务器消息块) 456 = Hackers Paradise木马 464 = Kerberros认证 512 = 远程执行或卫星通讯 513 = 远程登录与查询 514 = SHELL/系统日志 515 = 打印服务 517 = Talk 518 = 网络聊天 520 = EFS 525 = 时间服务 526 = 日期更新 530 = RPC 531 = RASmin木马 532 = 新闻阅读 533 = 紧急广播 540 = UUCP 543 = Kerberos登录 544 = 远程shell 550 = who 554 = RTSP 555 = Ini-Killer木马 556 = 远程文件系统 560 = 远程监控 561 = 监控 636 = 安全目录服务 666 = Attack FTP木马 749 = Kerberos管理 750 = Kerberos V4 911 = Dark Shadow木马 989 = FTPS 990 = FTPS 992 = TelnetS 993 = IMAPS 999 = DeepThroat木马 1001 = Silencer木马 1010 = Doly木马 1011 = Doly木马 1012 = Doly木马 1015 = Doly木马 1024 = NetSpy木马 1042 = Bla木马 1045 = RASmin木马 1080 = SOCKS代理 1090 = Extreme木马 1095 = Rat木马 1097 = Rat木马 1098 = Rat木马 1099 = Rat木马 1109 = Kerberos POP 1167 = 私用电话 1170 = Psyber Stream Server 1214 = KAZAA下载 1234 = Ultors/恶鹰木马 1243 = Backdoor/SubSeven木马 1245 = VooDoo Doll木马 1349 = BO DLL木马 1352 = Lotus Notes 1433 = SQL SERVER 1492 = FTP99CMP木马 1494 = CITRIX 1503 = Netmeeting 1512 = WINS解析 1524 = IngresLock后门 1600 = Shivka-Burka木马 1630 = 网易泡泡 1701 = L2TP 1720 = H323 1723 = PPTP(虚拟专用网) 1731 = Netmeeting 1755 = 流媒体服务 1807 = SpySender木马 1812 = Radius认证 1813 = Radius评估 1863 = MSN聊天 1981 = ShockRave木马 1999 = Backdoor木马 2000 = TransScout-Remote-Explorer木马 2001 = TransScout木马 2002 = TransScout/恶鹰木马 2003 = TransScout木马 2004 = TransScout木马 2005 = TransScout木马 2023 = Ripper木马 2049 = NFS服务器 2053 = KNETD 2115 = Bugs木马 2140 = Deep Throat木马 2401 = CVS 2535 = 恶鹰 2565 = Striker木马 2583 = WinCrash木马 2773 = Backdoor/SubSeven木马 2774 = SubSeven木马 2801 = Phineas Phucker木马 2869 = UPNP(通用即插即用) 3024 = WinCrash木马 3050 = InterBase 3128 = squid代理 3129 = Masters Paradise木马 3150 = DeepThroat木马 3306 = MYSQL 3389 = 远程桌面 3544 = MSN语音 3545 = MSN语音 3546 = MSN语音 3547 = MSN语音 3548 = MSN语音 3549 = MSN语音 3550 = MSN语音 3551 = MSN语音 3552 = MSN语音 3553 = MSN语音 3554 = MSN语音 3555 = MSN语音 3556 = MSN语音 3557 = MSN语音 3558 = MSN语音 3559 = MSN语音 3560 = MSN语音 3561 = MSN语音 3562 = MSN语音 3563 = MSN语音 3564 = MSN语音 3565 = MSN语音 3566 = MSN语音 3567 = MSN语音 3568 = MSN语音 3569 = MSN语音 3570 = MSN语音 3571 = MSN语音 3572 = MSN语音 3573 = MSN语音 3574 = MSN语音 3575 = MSN语音 3576 = MSN语音 3577 = MSN语音 3578 = MSN语音 3579 = MSN语音 3700 = Portal of Doom木马 4080 = WebAdmin 4081 = WebAdmin+SSL 4092 = WinCrash木马 4267 = SubSeven木马 4443 = AOL MSN 4567 = File Nail木马 4590 = ICQ木马 4661 = 电驴下载 4662 = 电驴下载 4663 = 电驴下载 4664 = 电驴下载 4665 = 电驴下载 4666 = 电驴下载 | 4899 = Radmin木马 5000 = Sokets-de木马 5000 = UPnP(通用即插即用) 5001 = Back Door Setup木马 5060 = SIP 5168 = 高波蠕虫 5190 = AOL MSN 5321 = Firehotcker木马 5333 = NetMonitor木马 5400 = Blade Runner木马 5401 = Blade Runner木马 5402 = Blade Runner木马 5550 = JAPAN xtcp木马 5554 = 假警察蠕虫 5555 = ServeMe木马 5556 = BO Facil木马 5557 = BO Facil木马 5569 = Robo-Hack木马 5631 = pcAnywhere 5632 = pcAnywhere 5742 = WinCrash木马 5800 = VNC端口 5801 = VNC端口 5890 = VNC端口 5891 = VNC端口 5892 = VNC端口 6267 = 广外女生 6400 = The Thing木马 6665 = IRC 6666 = IRC SERVER PORT 6667 = 小邮差 6668 = IRC 6669 = IRC 6670 = DeepThroat木马 6711 = SubSeven木马 6771 = DeepThroat木马 6776 = BackDoor-G木马 6881 = BT下载 6882 = BT下载 6883 = BT下载 6884 = BT下载 6885 = BT下载 6886 = BT下载 6887 = BT下载 6888 = BT下载 6889 = BT下载 6890 = BT下载 6939 = Indoctrination木马 6969 = GateCrasher/Priority木马 6970 = GateCrasher木马 7000 = Remote Grab木马 7001 = Windows messager 7070 = RealAudio控制口 7215 = Backdoor/SubSeven木马 7300 = 网络精灵木马 7301 = 网络精灵木马 7306 = 网络精灵木马 7307 = 网络精灵木马 7308 = 网络精灵木马 7424 = Host Control Trojan 7467 = Padobot 7511 = 聪明基因 7597 = QaZ木马 7626 = 冰河木马 7789 = Back Door Setup/ICKiller木马 8011 = 无赖小子 8102 = 网络神偷 8181 = 灾飞 9408 = 山泉木马 9535 = 远程管理 9872 = Portal of Doom木马 9873 = Portal of Doom木马 9874 = Portal of Doom木马 9875 = Portal of Doom木马 9898 = 假警察蠕虫 9989 = iNi-Killer木马 10066 = Ambush Trojan 10067 = Portal of Doom木马 10167 = Portal of Doom木马 10168 = 恶邮差 10520 = Acid Shivers木马 10607 = COMA木马 11000 = Senna Spy木马 11223 = Progenic木马 11927 = Win32.Randin 12076 = GJammer木马 12223 = Keylogger木马 12345 = NetBus木马 12346 = GabanBus木马 12361 = Whack-a-mole木马 12362 = Whack-a-mole木马 12363 = Whack-a-Mole木马 12631 = WhackJob木马 13000 = Senna Spy木马 13223 = PowWow聊天 14500 = PC Invader木马 14501 = PC Invader木马 14502 = PC Invader木马 14503 = PC Invader木马 15000 = NetDemon木马 15382 = SubZero木马 16484 = Mosucker木马 16772 = ICQ Revenge木马 16969 = Priority木马 17072 = Conducent广告 17166 = Mosaic木马 17300 = Kuang2 the virus Trojan 17449 = Kid Terror Trojan 17499 = CrazzyNet Trojan 17500 = CrazzyNet Trojan 17569 = Infector Trojan 17593 = Audiodoor Trojan 17777 = Nephron Trojan 19191 = 蓝色火焰 19864 = ICQ Revenge木马 20001 = Millennium木马 20002 = Acidkor Trojan 20005 = Mosucker木马 20023 = VP Killer Trojan 20034 = NetBus 2 Pro木马 20808 = QQ女友 21544 = GirlFriend木马 22222 = Proziack木马 23005 = NetTrash木马 23006 = NetTrash木马 23023 = Logged木马 23032 = Amanda木马 23432 = Asylum木马 23444 = 网络公牛 23456 = Evil FTP木马 23456 = EvilFTP-UglyFTP木马 23476 = Donald-Dick木马 23477 = Donald-Dick木马 25685 = Moonpie木马 25686 = Moonpie木马 25836 = Trojan-Proxy 25982 = Moonpie木马 26274 = Delta Source木马 27184 = Alvgus 2000 Trojan 29104 = NetTrojan木马 29891 = The Unexplained木马 30001 = ErrOr32木马 30003 = Lamers Death木马 30029 = AOL木马 30100 = NetSphere木马 30101 = NetSphere木马 30102 = NetSphere木马 30103 = NetSphere 木马 30103 = NetSphere木马 30133 = NetSphere木马 30303 = Sockets de Troie 30947 = Intruse木马 31336 = Butt Funnel木马 31337 = Back-Orifice木马 31338 = NetSpy DK 木马 31339 = NetSpy DK 木马 31666 = BOWhack木马 31785 = Hack Attack木马 31787 = Hack Attack木马 31788 = Hack-A-Tack木马 31789 = Hack Attack木马 31791 = Hack Attack木马 31792 = Hack-A-Tack木马 32100 = Peanut Brittle木马 32418 = Acid Battery木马 33333 = Prosiak木马 33577 = Son of PsychWard木马 33777 = Son of PsychWard木马 33911 = Spirit 2000/2001木马 34324 = Big Gluck木马 34555 = Trinoo木马 35555 = Trinoo木马 36549 = Trojan-Proxy 37237 = Mantis Trojan 40412 = The Spy木马 40421 = Agent 40421木马 40422 = Master-Paradise木马 40423 = Master-Paradise木马 40425 = Master-Paradise木马 40426 = Master-Paradise木马 41337 = Storm木马 41666 = Remote Boot tool木马 46147 = Backdoor.sdBot 47262 = Delta Source木马 49301 = Online KeyLogger木马 50130 = Enterprise木马 50505 = Sockets de Troie木马 50766 = Fore木马 51996 = Cafeini木马 53001 = Remote Windows Shutdown木马 54283 = Backdoor/SubSeven木马 54320 = Back-Orifice木马 54321 = Back-Orifice木马 55165 = File Manager木马 57341 = NetRaider木马 58339 = Butt Funnel木马 60000 = DeepThroat木马 60411 = Connection木马 61348 = Bunker-hill木马 61466 = Telecommando木马 61603 = Bunker-hill木马 63485 = Bunker-hill木马 65000 = Devil木马 65390 = Eclypse木马 65432 = The Traitor木马 65535 = Rc1木马 | 31 = Masters Paradise木马 41 = DeepThroat木马 53 = 域名解析 67 = 动态IP服务 68 = 动态IP客户端 135 = 本地服务 137 = NETBIOS名称 138 = NETBIOS DGM服务 139 = 文件共享 146 = FC-Infector木马 161 = SNMP服务 162 = SNMP查询 445 = SMB(交换服务器消息块) 500 = VPN密钥协商 666 = Bla木马 999 = DeepThroat木马 1027 = 灰鸽子 1042 = Bla木马 1561 = MuSka52木马 1900 = UPNP(通用即插即用) 2140 = Deep Throat木马 2989 = Rat木马 3129 = Masters Paradise木马 3150 = DeepThroat木马 3700 = Portal of Doom木马 4000 = QQ聊天 4006 = 灰鸽子 5168 = 高波蠕虫 6670 = DeepThroat木马 6771 = DeepThroat木马 6970 = ReadAudio音频数据 8000 = QQ聊天 8099 = VC远程调试 8225 = 灰鸽子 9872 = Portal of Doom木马 9873 = Portal of Doom木马 9874 = Portal of Doom木马 9875 = Portal of Doom木马 10067 = Portal of Doom木马 10167 = Portal of Doom木马 22226 = 高波蠕虫 26274 = Delta Source木马 31337 = Back-Orifice木马 31785 = Hack Attack木马 31787 = Hack Attack木马 31788 = Hack-A-Tack木马 31789 = Hack Attack木马 31791 = Hack Attack木马 31792 = Hack-A-Tack木马 34555 = Trin00 DDoS木马 40422 = Master-Paradise木马 40423 = Master-Paradise木马 40425 = Master-Paradise木马 40426 = Master-Paradise木马 47262 = Delta Source木马 54320 = Back-Orifice木马 54321 = Back-Orifice木马 60000 = DeepThroat木马 |
>> 除非说明均为原创,如转载请注明来源于http://www.stormcn.cn/post/247.html