当前位置: 技术问答>linux和unix
为何我没有安装相关服务 而端口都是开放的
来源: 互联网 发布时间:2016-04-19
本文导语: 用扫描器扫描的是开放 21 22 80 110 8080 3128端口,22是我开的没错 可是其他的确实没有安装服务 telnet可以连上那些端口但是没有任何回复 机器也是根服务器 难道是我见鬼了? 还是人品问题? 就算端口是开放...
用扫描器扫描的是开放 21 22 80 110 8080 3128端口,22是我开的没错 可是其他的确实没有安装服务 telnet可以连上那些端口但是没有任何回复 机器也是根服务器 难道是我见鬼了? 还是人品问题? 就算端口是开放的 IPTABLES也已经过滤了22以外的端口 那为何还会检测到有端口开放?
以下是netstat的结果
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 *:sunrpc *:* LISTEN
tcp 0 0 MNone:domain *:* LISTEN
tcp 0 0 *:33109 *:* LISTEN
tcp 0 0 *:ssh *:* LISTEN
tcp 0 0 smtp *:* LISTEN
tcp 0 0 rndc *:* LISTEN
tcp 0 0 *:ssh *:* LISTEN
tcp 0 0 localhost6.localdomain:rndc *:* LISTEN
udp 0 0 *:768 *:*
udp 0 0 domain *:*
udp 0 0 *:53561 *:*
udp 0 0 *:bootps *:*
udp 0 0 *:55627 *:*
udp 0 0 *:flexlm *:*
udp 0 0 *:mdns *:*
udp 0 0 *:sunrpc *:*
udp 0 0 *:34290 *:*
udp 0 0 *:54062 *:*
以下是IPTABLE的配置
# Generated by iptables-save v1.4.1.1 on Sat Oct 18 17:16:20 2008 *filter
:INPUT DROP [106:7660]
:FORWARD ACCEPT [48326:14619188]
:OUTPUT ACCEPT [1004:105000]
-A INPUT -m state --state RELATED -j ACCEPT
-A INPUT -m state --state ESTABLISHED -j ACCEPT
-A INPUT -i eth1 -p icmp -m icmp --icmp-type 0 -j ACCEPT
-A INPUT -i eth1 -p icmp -m icmp --icmp-type 3 -j ACCEPT
-A INPUT -i eth1 -p icmp -m icmp --icmp-type 3/4 -j ACCEPT
-A INPUT -i eth1 -p icmp -m icmp --icmp-type 4 -j ACCEPT
-A INPUT -i eth1 -p icmp -m icmp --icmp-type 11 -j ACCEPT
-A INPUT -i eth1 -p icmp -m icmp --icmp-type 12 -j ACCEPT
-A INPUT -i eth1 -p icmp -m icmp --icmp-type 14 -j ACCEPT
-A INPUT -i eth1 -p icmp -m icmp --icmp-type 16 -j ACCEPT
-A INPUT -i eth1 -p icmp -m icmp --icmp-type 18 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
COMMIT
# Completed on Sat Oct 18 17:16:20 2008
# Generated by iptables-save v1.4.1.1 on Sat Oct 18 17:16:50 2008
*nat
:PREROUTING ACCEPT [1314:79963]
:POSTROUTING ACCEPT [12:1499]
:OUTPUT ACCEPT [12:1499]
-A POSTROUTING -s 192.168.0.0/24 -o eth1 -j MASQUERADE
COMMIT
# Completed on Sat Oct 18 17:16:50 2008
以下是netstat的结果
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 *:sunrpc *:* LISTEN
tcp 0 0 MNone:domain *:* LISTEN
tcp 0 0 *:33109 *:* LISTEN
tcp 0 0 *:ssh *:* LISTEN
tcp 0 0 smtp *:* LISTEN
tcp 0 0 rndc *:* LISTEN
tcp 0 0 *:ssh *:* LISTEN
tcp 0 0 localhost6.localdomain:rndc *:* LISTEN
udp 0 0 *:768 *:*
udp 0 0 domain *:*
udp 0 0 *:53561 *:*
udp 0 0 *:bootps *:*
udp 0 0 *:55627 *:*
udp 0 0 *:flexlm *:*
udp 0 0 *:mdns *:*
udp 0 0 *:sunrpc *:*
udp 0 0 *:34290 *:*
udp 0 0 *:54062 *:*
以下是IPTABLE的配置
# Generated by iptables-save v1.4.1.1 on Sat Oct 18 17:16:20 2008 *filter
:INPUT DROP [106:7660]
:FORWARD ACCEPT [48326:14619188]
:OUTPUT ACCEPT [1004:105000]
-A INPUT -m state --state RELATED -j ACCEPT
-A INPUT -m state --state ESTABLISHED -j ACCEPT
-A INPUT -i eth1 -p icmp -m icmp --icmp-type 0 -j ACCEPT
-A INPUT -i eth1 -p icmp -m icmp --icmp-type 3 -j ACCEPT
-A INPUT -i eth1 -p icmp -m icmp --icmp-type 3/4 -j ACCEPT
-A INPUT -i eth1 -p icmp -m icmp --icmp-type 4 -j ACCEPT
-A INPUT -i eth1 -p icmp -m icmp --icmp-type 11 -j ACCEPT
-A INPUT -i eth1 -p icmp -m icmp --icmp-type 12 -j ACCEPT
-A INPUT -i eth1 -p icmp -m icmp --icmp-type 14 -j ACCEPT
-A INPUT -i eth1 -p icmp -m icmp --icmp-type 16 -j ACCEPT
-A INPUT -i eth1 -p icmp -m icmp --icmp-type 18 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
COMMIT
# Completed on Sat Oct 18 17:16:20 2008
# Generated by iptables-save v1.4.1.1 on Sat Oct 18 17:16:50 2008
*nat
:PREROUTING ACCEPT [1314:79963]
:POSTROUTING ACCEPT [12:1499]
:OUTPUT ACCEPT [12:1499]
-A POSTROUTING -s 192.168.0.0/24 -o eth1 -j MASQUERADE
COMMIT
# Completed on Sat Oct 18 17:16:50 2008
|
netstat
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 192.168.1.107:41777 211.100.26.123:http TIME_WAIT
tcp 0 0 192.168.1.107:47444 211.100.26.122:http TIME_WAIT
tcp 0 0 192.168.1.107:41774 211.100.
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 192.168.1.107:41777 211.100.26.123:http TIME_WAIT
tcp 0 0 192.168.1.107:47444 211.100.26.122:http TIME_WAIT
tcp 0 0 192.168.1.107:41774 211.100.
|
iptab
+----------------------------------------------+
| addrs bits pref class mask |
+----------------------------------------------+
| 1 0 /32 255.255.255.255 |
| 2 1 /31 255.255.255.254 |
| 4 2 /30 255.255.255.252 |
| 8 3 /29 255.255.255.248 |
| 16 4 /28 255.255.255.240 |
| 32 5 /27 255.255.255.224 |
| 64 6 /26 255.255.255.192 |
| 128 7 /25 255.255.255.128 |
| 256 8 /24 1C 255.255.255.0 |
| 512 9 /23 2C 255.255.254.0 |
+----------------------------------------------+
| addrs bits pref class mask |
+----------------------------------------------+
| 1 0 /32 255.255.255.255 |
| 2 1 /31 255.255.255.254 |
| 4 2 /30 255.255.255.252 |
| 8 3 /29 255.255.255.248 |
| 16 4 /28 255.255.255.240 |
| 32 5 /27 255.255.255.224 |
| 64 6 /26 255.255.255.192 |
| 128 7 /25 255.255.255.128 |
| 256 8 /24 1C 255.255.255.0 |
| 512 9 /23 2C 255.255.254.0 |
|
防火墙没有配置?
|
# lsof -i
有什么?
您可能感兴趣的文章:
本站(WWW.)旨在分享和传播互联网科技相关的资讯和技术,将尽最大努力为读者提供更好的信息聚合和浏览方式。
本站(WWW.)站内文章除注明原创外,均为转载、整理或搜集自网络。欢迎任何形式的转载,转载请注明出处。
本站(WWW.)站内文章除注明原创外,均为转载、整理或搜集自网络。欢迎任何形式的转载,转载请注明出处。