我曾尝试使用网络地图测试我的服务器的端口:)详细信息如下。
我的服务器上是否存在易受攻击的端口?如果是,为什么易受攻击?我应该怎么做才能保护我的系统?
有没有更好的替代软件可以提供相同的功能,或者我必须关闭该端口?
nmap -A -T4 xxx.xxx.xxx
Starting Nmap 5.00 ( http://nmap.org ) at 2012-08-24 01:46 CST
Interesting ports on xxx.xxx:
Not shown: 979 closed ports
PORT STATE SERVICE VERSION
21/tcp open ftp PureFTPd
|_ ftp-anon: Anonymous FTP login allowed
22/tcp open ssh OpenSSH 4.3 (protocol 2.0)
| ssh-hostkey: 1024 f4:96:78:13:12:21:e2:e0:aa:88:ac:00:d8:aa:1b:6f (DSA)
|_ 2048 15:f1:4e:73:b4:e4:b1:04:d1:01:a4:2c:3d:52:35:71 (RSA)
25/tcp open smtp netqmail smtpd 1.04
| smtp-commands: EHLO xxx.xxx - Welcome to Qmail, STARTTLS, PIPELINING, 8BITMIME, SIZE 20971520, AUTH LOGIN PLAIN CRAM-MD5
|_ HELP netqmail home page: http://qmail.org/netqmail
53/tcp open domain
80/tcp open http Apache httpd 2.2.22 ((CentOS))
|_ html-title: Site doesn't have a title (text/html; charset=UTF-8).
110/tcp open pop3 Courier pop3d
|_ pop3-capabilities: USER IMPLEMENTATION(Courier Mail Server) UIDL PIPELINING LOGIN-DELAY(10) TOP
135/tcp filtered msrpc
139/tcp filtered netbios-ssn
143/tcp open imap Courier Imapd (released 2005)
|_ imap-capabilities: THREAD=ORDEREDSUBJECT QUOTA THREAD=REFERENCES UIDPLUS SORT IMAP4rev1 IDLE NAMESPACE CHILDREN
443/tcp open ssl/http Apache httpd 2.2.22 ((CentOS))
|_ sslv2: server still supports SSLv2
|_ html-title: Site doesn't have a title (text/html; charset=UTF-8).
445/tcp filtered microsoft-ds
593/tcp filtered http-rpc-epmap
801/tcp open http nginx web server 1.3.5
|_ html-title: Welcome to nginx!
993/tcp open ssl/imap Courier Imapd (released 2005)
|_ sslv2: server still supports SSLv2
|_ imap-capabilities: IMAP4rev1
995/tcp open ssl/pop3 Courier pop3d
|_ pop3-capabilities: USER IMPLEMENTATION(Courier Mail Server) UIDL PIPELINING LOGIN-DELAY(10) TOP
|_ sslv2: server still supports SSLv2
1434/tcp filtered ms-sql-m
2000/tcp open http Apache httpd 2.4.2 ((Unix))
|_ html-title: Site doesn't have a title (text/html).
3000/tcp open ntop-http Ntop web interface 3.3.9
3306/tcp open mysql MySQL 5.0.95
| mysql-info: Protocol: 10
| Version: 5.0.95
| Thread ID: 1942
| Some Capabilities: Connect with DB, Compress, Transactions, Secure Connection
| Status: Autocommit
|_ Salt: jzF0ZU|3&a71/7g#uF>B
7777/tcp open ssl/http lighttpd 1.4.29
|_ html-title: Site doesn't have a title (text/html; charset=utf-8).
7778/tcp open http lighttpd 1.4.29
|_ html-title: Site doesn't have a title (text/html; charset=utf-8).
Service Info: OSs: Unix, Linux
Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 52.62 seconds
答案1
如果您从 LAN 外部运行 nmap,那将会非常令人担忧。
在安全良好的局域网内就没那么担心了。
您正在运行许多服务,特别是许多不同的 HTTP 服务器。nmap 已经能够识别产品和版本,我猜这使得人们更容易查找特定于这些产品和版本的漏洞。
您是否需要让 MySQL 对局域网中的其他计算机可见?
您真的需要 POP3、IMAP 和 Webmail 吗?
您能用 SFTP 代替 FTP 吗?
您能否过滤其中一些服务(限制它们将响应哪些源 IP 地址)?