如何隐藏 Linux 版本以避免被端口扫描?

如何隐藏 Linux 版本以避免被端口扫描?

当我扫描服务器端口时,如何隐藏正在运行的 Linux 版本?

当我从外部对服务器的 IP 进行 nmap(nmap -A -T4 192.168.40.12)时,结果如下:

Starting Nmap 4.62 ( http://nmap.org ) at 2009-11-07 11:27 IRST
LUA INTERPRETER in nse_init.cc:763: /usr/share/nmap/scripts/robots.nse:4: module 'http' not found:
 no field package.preload['http']
 no file '/usr/share/nmap/nselib/http.lua'
 no file './http.lua'
 no file '/usr/local/share/lua/5.1/http.lua'
 no file '/usr/local/share/lua/5.1/http/init.lua'
 no file '/usr/local/lib/lua/5.1/http.lua'
 no file '/usr/local/lib/lua/5.1/http/init.lua'
 no file '/usr/lib/nmap/nselib-bin/http.so'
 no file './http.so'
 no file '/usr/local/lib/lua/5.1/http.so'
 no file '/usr/local/lib/lua/5.1/loadall.so'
SCRIPT ENGINE: Aborting script scan.
Interesting ports on 192.168.40.12:
Not shown: 1710 closed ports
PORT     STATE SERVICE VERSION
22/tcp   open  ssh     OpenSSH 3.9p1 (protocol 1.99)
53/tcp   open  domain  dnsmasq 2.47
80/tcp   open  http    Apache httpd
222/tcp  open  ssh     OpenSSH 3.9p1 (protocol 1.99)
8081/tcp open  http    CherryPy httpd 2.3.0
MAC Address: 00:10:F3:0F:59:B7 (Nexcom International Co.)
Device type: firewall
Running: IPCop Linux 2.4.X
OS details: IPCop firewall 1.4.10 - 1.4.15 (Linux 2.4.31 - 2.4.34)
Network Distance: 1 hop

OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 8.180 seconds

我不想显示操作系统详细信息。我正在使用 IPCop 防火墙。

谢谢。

答案1

nmap 通过使用 TCP/IP 堆栈的特性(以及其他方法)来猜测目标主机上运行的操作系统。除非您更改 Linux 的 TCP/IP 堆栈的工作方式,否则无法阻止这种情况。

nmap 操作系统检测的详细信息:

此外自述文件被动操作系统指纹识别工具(p0f)也可以为你提供关于其工作原理的线索。

答案2

我修改了 /etc/sysctl.conf

并添加以下行:

net.ipv4.ip_default_ttl = 199

保存/退出

相关内容