Lubuntu 与 Windows 10 - 默认防火墙 - 默认设置

Lubuntu 与 Windows 10 - 默认防火墙 - 默认设置

从连接到同一专用网络的第三台设备(与讨论中的两台设备 Lubuntu 和 Windows 10)扫描的结果如下:

第一个扫描的设备Ubuntu 20.04.2 LTS安装了 Lubuntu( ),防火墙设置默认:

    nmap -p 1-65535 192.168.100.7 -vvv                                130 ⨯
Starting Nmap 7.91 ( https://nmap.org ) at 2021-02-02 15:58 EST
Initiating Ping Scan at 15:58
Scanning 192.168.100.7 [2 ports]
Completed Ping Scan at 15:58, 0.00s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 15:58
Completed Parallel DNS resolution of 1 host. at 15:58, 0.00s elapsed
DNS resolution of 1 IPs took 0.00s. Mode: Async [#: 1, OK: 0, NX: 1, DR: 0, SF: 0, TR: 1, CN: 0]
Initiating Connect Scan at 15:58
Scanning 192.168.100.7 [65535 ports]
Discovered open port 11393/tcp on 192.168.100.7
Discovered open port 39457/tcp on 192.168.100.7
Discovered open port 55628/tcp on 192.168.100.7
Discovered open port 62408/tcp on 192.168.100.7
Discovered open port 30630/tcp on 192.168.100.7
Discovered open port 36629/tcp on 192.168.100.7
Completed Connect Scan at 15:58, 1.78s elapsed (65535 total ports)
Nmap scan report for 192.168.100.7
Host is up, received conn-refused (0.00016s latency).
Scanned at 2021-02-02 15:58:03 EST for 2s
Not shown: 65529 closed ports
Reason: 65529 conn-refused
PORT      STATE SERVICE REASON
11393/tcp open  unknown syn-ack
30630/tcp open  unknown syn-ack
36629/tcp open  unknown syn-ack
39457/tcp open  unknown syn-ack
55628/tcp open  unknown syn-ack
62408/tcp open  unknown syn-ack

Read data files from: /usr/bin/../share/nmap
Nmap done: 1 IP address (1 host up) scanned in 1.87 seconds

第二台扫描的设备安装了 Windows 10,防火墙设置默认:

nmap -Pn 1-65535 192.168.100.11 -vvv                              130 ⨯
Host discovery disabled (-Pn). All addresses will be marked 'up' and scan times will be slower.
Starting Nmap 7.91 ( https://nmap.org ) at 2021-02-02 16:07 EST
Warning: Hostname 1-65535 resolves to 2 IPs. Using "ISP ".
Initiating Parallel DNS resolution of 2 hosts. at 16:07
Completed Parallel DNS resolution of 2 hosts. at 16:07, 0.00s elapsed
DNS resolution of 2 IPs took 0.00s. Mode: Async [#: 1, OK: 1, NX: 1, DR: 0, SF: 0, TR: 2, CN: 0]
Initiating Connect Scan at 16:07
Scanning 2 hosts [1000 ports/host]
Discovered open port 80/tcp on "ISP IP"
Completed Connect Scan against "ISP IP"in 12.47s (1 host left)
Completed Connect Scan at 16:07, 12.66s elapsed (2000 total ports)
Nmap scan report for 1-65535 ("ISP IP")
Host is up, received user-set (0.0078s latency).
Other addresses for 1-65535 (not scanned): "ISP IP"
rDNS record for "ISP IP": "ISP IP"
Scanned at 2021-02-02 16:07:05 EST for 13s
Not shown: 999 filtered ports
Reason: 999 no-responses
PORT   STATE SERVICE REASON
80/tcp open  http    syn-ack

Nmap scan report for 192.168.100.11
Host is up, received user-set.
All 1000 scanned ports on 192.168.100.11 are filtered because of 1000 no-responses

Read data files from: /usr/bin/../share/nmap
Nmap done: 2 IP addresses (2 hosts up) scanned in 12.76 seconds

输出中的公共 IP 被替换为“ISP IP”

有人能说说为什么 Lubuntu 的默认防火墙设置开放了这么多端口,而 Windows 10 却没有?谢谢。

编辑:对于 Lubuntu 机器:

sudo ss -tulp
Netid     State      Recv-Q     Send-Q         Local Address:Port            Peer Address:Port     Process                                                                                            
udp       UNCONN     0          0                    0.0.0.0:43611                0.0.0.0:*         users:(("avahi-daemon",pid=441,fd=14))                                                            
udp       UNCONN     0          0                224.0.0.251:mdns                 0.0.0.0:*         users:(("chrome",pid=2008,fd=135))                                                                
udp       UNCONN     0          0                    0.0.0.0:mdns                 0.0.0.0:*         users:(("avahi-daemon",pid=441,fd=12))                                                            
udp       UNCONN     0          0              127.0.0.53%lo:domain               0.0.0.0:*         users:(("systemd-resolve",pid=431,fd=12))                                                         
udp       UNCONN     0          0                    0.0.0.0:631                  0.0.0.0:*         users:(("cups-browsed",pid=4799,fd=7))                                                            
udp       UNCONN     0          0                          *:11393                      *:*         users:(("outline-ss-serv",pid=1568,fd=8))                                                         
udp       UNCONN     0          0                          *:36629                      *:*         users:(("outline-ss-serv",pid=1568,fd=10))                                                        
udp       UNCONN     0          0                       [::]:mdns                    [::]:*         users:(("avahi-daemon",pid=441,fd=13))                                                            
udp       UNCONN     0          0                          *:30630                      *:*         users:(("outline-ss-serv",pid=1568,fd=12))                                                        
udp       UNCONN     0          0                          *:55628                      *:*         users:(("outline-ss-serv",pid=1568,fd=14))                                                        
udp       UNCONN     0          0                          *:6666                       *:*         users:(("qlipper",pid=1156,fd=13))                                                                
udp       UNCONN     0          0                          *:39457                      *:*         users:(("outline-ss-serv",pid=1568,fd=16))                                                        
udp       UNCONN     0          0                       [::]:56865                   [::]:*         users:(("avahi-daemon",pid=441,fd=15))                                                            
tcp       LISTEN     0          4096           127.0.0.53%lo:domain               0.0.0.0:*         users:(("systemd-resolve",pid=431,fd=13))                                                         
tcp       LISTEN     0          5                  127.0.0.1:ipp                  0.0.0.0:*         users:(("cupsd",pid=4798,fd=7))                                                                   
tcp       LISTEN     0          4096               127.0.0.1:9050                 0.0.0.0:*         users:(("tor",pid=563,fd=6))                                                                      
tcp       LISTEN     0          4096               127.0.0.1:9090                 0.0.0.0:*         users:(("prometheus",pid=1555,fd=8))                                                              
tcp       LISTEN     0          511                127.0.0.1:9091                 0.0.0.0:*         users:(("node",pid=1540,fd=19))                                                                   
tcp       LISTEN     0          4096               127.0.0.1:9092                 0.0.0.0:*         users:(("outline-ss-serv",pid=1568,fd=3))                                                         
tcp       LISTEN     0          4096                       *:36629                      *:*         users:(("outline-ss-serv",pid=1568,fd=9))                                                         
tcp       LISTEN     0          5                      [::1]:ipp                     [::]:*         users:(("cupsd",pid=4798,fd=6))                                                                   
tcp       LISTEN     0          4096                       *:39457                      *:*         users:(("outline-ss-serv",pid=1568,fd=15))                                                        
tcp       LISTEN     0          4096                       *:11393                      *:*         users:(("outline-ss-serv",pid=1568,fd=7))                                                         
tcp       LISTEN     0          4096                       *:30630                      *:*         users:(("outline-ss-serv",pid=1568,fd=11))                                                        
tcp       LISTEN     0          511                        *:62408                      *:*         users:(("node",pid=1540,fd=22))                                                                   
tcp       LISTEN     0          4096                       *:55628                      *:*         users:(("outline-ss-serv",pid=1568,fd=13))

答案1

让我们重新排列监听端口列表以包含您在输出中提供的数据sudo ss -tulp

PORT      STATE APPLICATION     PID 
11393/tcp open  outline-ss-serv 1568
30630/tcp open  outline-ss-serv 1568
36629/tcp open  outline-ss-serv 1568
39457/tcp open  outline-ss-serv 1568
55628/tcp open  outline-ss-serv 1568
62408/tcp open  node            1540

看起来你的 Lubuntu 系统正在运行服务器应用程序...因此预计客户端的连接端口是开放的。

如果您确实想在 Ubuntu 系统上测试开放和可利用的端口,欢迎您这样做。我们欢迎测试人员!我们建议您从库存系统开始。开放端口与可利用端口不同。如果您发现开放和可利用的端口,请提交错误报告并订阅 Ubuntu 安全团队。

相关内容