我刚刚对一个网站进行了 nmap 扫描,结果发现该网站开放了过多的端口。说实话,我从未见过这样的情况。在所有 65,000 多个端口中,几乎所有端口都是开放的,包括运行比特币服务的端口 8333。
现在,当我运行 -sV 扫描时,几乎所有这些开放端口都已 tcpwrapped。所以我有两个问题:
- tcpwrapped 是什么意思,它会使服务器更容易还是更少受到攻击?
- 运行比特币服务器的端口 8333 到底是什么?
部分扫描结果:
PORT STATE SERVICE VERSION
1/tcp open tcpwrapped
3/tcp open tcpwrapped
4/tcp open tcpwrapped
6/tcp open tcpwrapped
7/tcp open tcpwrapped
9/tcp open tcpwrapped
13/tcp open tcpwrapped
17/tcp open tcpwrapped
19/tcp open tcpwrapped
20/tcp open tcpwrapped
21/tcp open tcpwrapped
22/tcp open ssh?
23/tcp open tcpwrapped
24/tcp open tcpwrapped
25/tcp filtered smtp
26/tcp open tcpwrapped
30/tcp open tcpwrapped
32/tcp open tcpwrapped
33/tcp open tcpwrapped
37/tcp open tcpwrapped
42/tcp open tcpwrapped
43/tcp open tcpwrapped
49/tcp open tcpwrapped
53/tcp open tcpwrapped
70/tcp open tcpwrapped
79/tcp open tcpwrapped
80/tcp open http Apache httpd
81/tcp open tcpwrapped
82/tcp open tcpwrapped
83/tcp open tcpwrapped
84/tcp open tcpwrapped
85/tcp open tcpwrapped
88/tcp open tcpwrapped
89/tcp open tcpwrapped
90/tcp open tcpwrapped
99/tcp open tcpwrapped
100/tcp open tcpwrapped
106/tcp open tcpwrapped
109/tcp open tcpwrapped
110/tcp open tcpwrapped
111/tcp open tcpwrapped
113/tcp open tcpwrapped
119/tcp open tcpwrapped
125/tcp open tcpwrapped
135/tcp open tcpwrapped
139/tcp filtered netbios-ssn
143/tcp open tcpwrapped
144/tcp open tcpwrapped
146/tcp open tcpwrapped
161/tcp open tcpwrapped
163/tcp open tcpwrapped
179/tcp open tcpwrapped
199/tcp open tcpwrapped
211/tcp open tcpwrapped
212/tcp open tcpwrapped
222/tcp open tcpwrapped
254/tcp open tcpwrapped
255/tcp open tcpwrapped
256/tcp open tcpwrapped
259/tcp open tcpwrapped
264/tcp open tcpwrapped
280/tcp open tcpwrapped
301/tcp open tcpwrapped
306/tcp open tcpwrapped
311/tcp open tcpwrapped
340/tcp open tcpwrapped
366/tcp open tcpwrapped
389/tcp filtered ldap
406/tcp open tcpwrapped
407/tcp open tcpwrapped
416/tcp open tcpwrapped
417/tcp open tcpwrapped
425/tcp open tcpwrapped
427/tcp open tcpwrapped
443/tcp open ssl/http Apache httpd
444/tcp open tcpwrapped
445/tcp filtered microsoft-ds
458/tcp open tcpwrapped
464/tcp open tcpwrapped
465/tcp closed smtps
481/tcp open tcpwrapped
497/tcp open tcpwrapped
500/tcp open tcpwrapped
512/tcp open tcpwrapped
513/tcp open tcpwrapped
514/tcp open tcpwrapped
515/tcp open tcpwrapped
524/tcp open tcpwrapped
541/tcp open tcpwrapped
543/tcp open tcpwrapped
544/tcp open tcpwrapped
545/tcp open tcpwrapped
548/tcp open tcpwrapped
554/tcp open tcpwrapped
555/tcp open tcpwrapped
563/tcp open tcpwrapped
587/tcp closed submission
593/tcp open tcpwrapped
616/tcp open tcpwrapped
617/tcp open tcpwrapped
625/tcp open tcpwrapped
631/tcp open tcpwrapped
636/tcp open tcpwrapped
646/tcp open tcpwrapped
648/tcp open tcpwrapped
666/tcp open tcpwrapped
667/tcp open tcpwrapped
668/tcp open tcpwrapped
683/tcp open tcpwrapped
687/tcp open tcpwrapped
691/tcp open tcpwrapped
700/tcp open tcpwrapped
705/tcp open tcpwrapped
711/tcp open tcpwrapped
714/tcp open tcpwrapped
720/tcp open tcpwrapped
722/tcp open tcpwrapped
726/tcp open tcpwrapped
749/tcp open tcpwrapped
765/tcp open tcpwrapped
777/tcp open tcpwrapped
783/tcp open tcpwrapped
787/tcp open tcpwrapped
800/tcp open tcpwrapped
801/tcp open tcpwrapped
808/tcp open tcpwrapped
843/tcp open tcpwrapped
873/tcp open tcpwrapped
880/tcp open tcpwrapped
888/tcp open tcpwrapped
898/tcp open tcpwrapped
900/tcp open tcpwrapped
901/tcp open tcpwrapped
902/tcp open tcpwrapped
903/tcp open tcpwrapped
911/tcp open tcpwrapped
912/tcp open tcpwrapped
981/tcp open tcpwrapped
987/tcp open tcpwrapped
990/tcp open tcpwrapped
992/tcp open tcpwrapped
993/tcp open tcpwrapped
995/tcp open tcpwrapped
999/tcp open tcpwrapped
1000/tcp open tcpwrapped
1001/tcp open tcpwrapped
1002/tcp open tcpwrapped
1007/tcp open tcpwrapped
1009/tcp open tcpwrapped
1010/tcp open tcpwrapped
1011/tcp open tcpwrapped
1021/tcp open tcpwrapped
1022/tcp open tcpwrapped
1023/tcp open tcpwrapped
1024/tcp open tcpwrapped
1025/tcp open tcpwrapped
1026/tcp open tcpwrapped
1027/tcp open tcpwrapped
1028/tcp open tcpwrapped
1029/tcp open tcpwrapped
1030/tcp open tcpwrapped
1031/tcp open tcpwrapped
1032/tcp open tcpwrapped
1033/tcp open tcpwrapped
1034/tcp open tcpwrapped
1035/tcp open tcpwrapped
1036/tcp open tcpwrapped
1037/tcp open tcpwrapped
1038/tcp open tcpwrapped
1039/tcp open tcpwrapped
1040/tcp open tcpwrapped
1041/tcp open tcpwrapped
1042/tcp open tcpwrapped
1043/tcp open tcpwrapped
1044/tcp open tcpwrapped
1045/tcp open tcpwrapped
1046/tcp open tcpwrapped
1047/tcp open tcpwrapped
1048/tcp open tcpwrapped
1049/tcp open tcpwrapped
1050/tcp open tcpwrapped
1051/tcp open tcpwrapped
1052/tcp open tcpwrapped
1053/tcp open tcpwrapped
1054/tcp open tcpwrapped
1055/tcp open tcpwrapped
1056/tcp open tcpwrapped
1057/tcp open tcpwrapped
1058/tcp open tcpwrapped
1059/tcp open tcpwrapped
1060/tcp open tcpwrapped
1061/tcp open tcpwrapped
1062/tcp open tcpwrapped
1063/tcp open tcpwrapped
1064/tcp open tcpwrapped
1065/tcp open tcpwrapped
1066/tcp open tcpwrapped
1067/tcp open tcpwrapped
1068/tcp open tcpwrapped
1069/tcp open tcpwrapped
1070/tcp open tcpwrapped
1071/tcp open tcpwrapped
1072/tcp open tcpwrapped
1073/tcp open tcpwrapped
1074/tcp open tcpwrapped
1075/tcp open tcpwrapped
1076/tcp open tcpwrapped
1077/tcp open tcpwrapped
1078/tcp open tcpwrapped
1079/tcp open tcpwrapped
1080/tcp open tcpwrapped
1081/tcp open tcpwrapped
1082/tcp open tcpwrapped
1083/tcp open tcpwrapped
1084/tcp open tcpwrapped
1085/tcp open tcpwrapped
1086/tcp open tcpwrapped
1087/tcp open tcpwrapped
1088/tcp open tcpwrapped
1089/tcp open tcpwrapped
1090/tcp open tcpwrapped
1091/tcp open tcpwrapped
1092/tcp open tcpwrapped
1093/tcp open tcpwrapped
1094/tcp open tcpwrapped
1095/tcp open tcpwrapped
1096/tcp open tcpwrapped
1097/tcp open tcpwrapped
1098/tcp open tcpwrapped
1099/tcp open tcpwrapped
1100/tcp open tcpwrapped
1102/tcp open tcpwrapped
1104/tcp open tcpwrapped
1105/tcp open tcpwrapped
1106/tcp open tcpwrapped
1107/tcp open tcpwrapped
1108/tcp open tcpwrapped
1110/tcp open tcpwrapped
1111/tcp open tcpwrapped
1112/tcp open tcpwrapped
1113/tcp open tcpwrapped
1114/tcp open tcpwrapped
1117/tcp open tcpwrapped
1119/tcp open tcpwrapped
1121/tcp open tcpwrapped
1122/tcp open tcpwrapped
1123/tcp open tcpwrapped
1124/tcp open tcpwrapped
1126/tcp open tcpwrapped
1130/tcp open tcpwrapped
1131/tcp open tcpwrapped
1132/tcp open tcpwrapped
1137/tcp open tcpwrapped
1138/tcp open tcpwrapped
1141/tcp open tcpwrapped
1145/tcp open tcpwrapped
1147/tcp open tcpwrapped
1148/tcp open tcpwrapped
1149/tcp open tcpwrapped
1151/tcp open tcpwrapped
1152/tcp open tcpwrapped
1154/tcp open tcpwrapped
1163/tcp open tcpwrapped
1164/tcp open tcpwrapped
1165/tcp open tcpwrapped
1166/tcp open tcpwrapped
1169/tcp open tcpwrapped
1174/tcp open tcpwrapped
1175/tcp open tcpwrapped
1183/tcp open tcpwrapped
1185/tcp open tcpwrapped
1186/tcp open tcpwrapped
1187/tcp open tcpwrapped
1192/tcp open tcpwrapped
1198/tcp open tcpwrapped
1199/tcp open tcpwrapped
1201/tcp open tcpwrapped
1213/tcp open tcpwrapped
1216/tcp open tcpwrapped
1217/tcp open tcpwrapped
1218/tcp open tcpwrapped
1233/tcp open tcpwrapped
1234/tcp open tcpwrapped
1236/tcp open tcpwrapped
1244/tcp open tcpwrapped
1247/tcp open tcpwrapped
1248/tcp open tcpwrapped
1259/tcp open tcpwrapped
1271/tcp open tcpwrapped
1272/tcp open tcpwrapped
1277/tcp open tcpwrapped
1287/tcp open tcpwrapped
1296/tcp open tcpwrapped
1300/tcp open tcpwrapped
1301/tcp open tcpwrapped
1309/tcp open tcpwrapped
1310/tcp open tcpwrapped
1311/tcp open tcpwrapped
1322/tcp open tcpwrapped
1328/tcp open tcpwrapped
1334/tcp open tcpwrapped
1352/tcp open tcpwrapped
1417/tcp open tcpwrapped
1433/tcp open tcpwrapped
1434/tcp open tcpwrapped
1443/tcp open tcpwrapped
1455/tcp open tcpwrapped
1461/tcp open tcpwrapped
1494/tcp open tcpwrapped
1500/tcp open tcpwrapped
1501/tcp open tcpwrapped
1503/tcp open tcpwrapped
1521/tcp open tcpwrapped
1524/tcp open tcpwrapped
1533/tcp open tcpwrapped
1556/tcp open tcpwrapped
1580/tcp open tcpwrapped
1583/tcp open tcpwrapped
1594/tcp open tcpwrapped
1600/tcp open tcpwrapped
1641/tcp open tcpwrapped
1658/tcp open tcpwrapped
1666/tcp open tcpwrapped
1687/tcp open tcpwrapped
1688/tcp open tcpwrapped
1700/tcp open tcpwrapped
1717/tcp open tcpwrapped
1718/tcp open tcpwrapped
1719/tcp open tcpwrapped
1720/tcp open tcpwrapped
1721/tcp open tcpwrapped
1723/tcp open tcpwrapped
1755/tcp open tcpwrapped
1761/tcp open tcpwrapped
1782/tcp open tcpwrapped
1783/tcp open tcpwrapped
1801/tcp open tcpwrapped
1805/tcp open tcpwrapped
1812/tcp open tcpwrapped
1839/tcp open tcpwrapped
1840/tcp open tcpwrapped
1862/tcp open tcpwrapped
1863/tcp open tcpwrapped
1864/tcp open tcpwrapped
1875/tcp open tcpwrapped
1900/tcp open tcpwrapped
1914/tcp open tcpwrapped
1935/tcp open tcpwrapped
1947/tcp open tcpwrapped
1971/tcp open tcpwrapped
1972/tcp open tcpwrapped
1974/tcp open tcpwrapped
1984/tcp open tcpwrapped
1998/tcp open tcpwrapped
1999/tcp open tcpwrapped
2000/tcp open tcpwrapped
2001/tcp open tcpwrapped
2002/tcp open tcpwrapped
2003/tcp open tcpwrapped
2004/tcp open tcpwrapped
2005/tcp open tcpwrapped
2006/tcp open tcpwrapped
2007/tcp open tcpwrapped
2008/tcp open tcpwrapped
2009/tcp open tcpwrapped
2010/tcp open tcpwrapped
2013/tcp open tcpwrapped
2020/tcp open tcpwrapped
2021/tcp open tcpwrapped
2022/tcp open tcpwrapped
2030/tcp open tcpwrapped
2033/tcp open tcpwrapped
2034/tcp open tcpwrapped
2035/tcp open tcpwrapped
2038/tcp open tcpwrapped
2040/tcp open tcpwrapped
2041/tcp open tcpwrapped
2042/tcp open tcpwrapped
2043/tcp open tcpwrapped
2045/tcp open tcpwrapped
2046/tcp open tcpwrapped
答案1
在所有 65,000 多个端口中,几乎所有端口都是开放的
服务器配置为对所有连接尝试返回虚假的 TCP SYN-ACK 响应。这可能是入侵防御的一部分(这是一种已知的防止端口扫描的技术),也可能是 DDoS 防御的一部分(配置不当同步代理过滤器,用于防御 SYN 洪水攻击)。
包括运行比特币服务的端口8333。
它不一定运行比特币服务。它是 nmap 的“已知端口列表”中列出的端口标记属于比特币。它实际上在运行 bitcoind 吗?可能不是。它可能在该端口上运行其他程序。或者它可能只是出于同样的原因出现所有其他端口出现在扫描中。
虽然它可以实际上正在运行 bitcoind。这取决于您扫描的网站。有些人从单个多用途服务器运行他们的个人网站,该服务器还运行他们的邮件系统、数据库、Minecraft 服务器等。如果您扫描专业网络托管提供商的系统,看到非网络服务会令人惊讶——但如果您扫描某人的自管 VPS,这并不奇怪。
tcpwrapped 是什么意思,它会使服务器更容易还是更少受到攻击?
这意味着服务器接受了 TCP 连接,但随后立即关闭。
这类似于某些服务用于基于 IP 的访问控制的“tcp_wrappers”库的行为(您可能也知道它是/etc/hosts.deny)——因为它在服务级别工作,所以它来得太晚,无法完全拒绝连接,因此如果主机不被允许,它会在连接被接受后立即关闭连接。因此 nmap 分配了“tcpwrapped”标签。
让--reasonnmap 告诉您它针对每个端口得出结论的原因。
但这并不意味着服务器使用了 tcp_wrappers – nmap 只看到行为但不是实际的软件。如果应用于单个端口(如 22(ssh)),则该软件为 tcp_wrappers。如果应用于所有可能的端口,则该软件更可能是 SYNPROXY 或类似软件。