当我扫描服务器端口时,如何隐藏正在运行的 Linux 版本?
当我从外部对服务器的 IP 进行 nmap(nmap -A -T4 192.168.40.12)时,结果如下:
Starting Nmap 4.62 ( http://nmap.org ) at 2009-11-07 11:27 IRST
LUA INTERPRETER in nse_init.cc:763: /usr/share/nmap/scripts/robots.nse:4: module 'http' not found:
no field package.preload['http']
no file '/usr/share/nmap/nselib/http.lua'
no file './http.lua'
no file '/usr/local/share/lua/5.1/http.lua'
no file '/usr/local/share/lua/5.1/http/init.lua'
no file '/usr/local/lib/lua/5.1/http.lua'
no file '/usr/local/lib/lua/5.1/http/init.lua'
no file '/usr/lib/nmap/nselib-bin/http.so'
no file './http.so'
no file '/usr/local/lib/lua/5.1/http.so'
no file '/usr/local/lib/lua/5.1/loadall.so'
SCRIPT ENGINE: Aborting script scan.
Interesting ports on 192.168.40.12:
Not shown: 1710 closed ports
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 3.9p1 (protocol 1.99)
53/tcp open domain dnsmasq 2.47
80/tcp open http Apache httpd
222/tcp open ssh OpenSSH 3.9p1 (protocol 1.99)
8081/tcp open http CherryPy httpd 2.3.0
MAC Address: 00:10:F3:0F:59:B7 (Nexcom International Co.)
Device type: firewall
Running: IPCop Linux 2.4.X
OS details: IPCop firewall 1.4.10 - 1.4.15 (Linux 2.4.31 - 2.4.34)
Network Distance: 1 hop
OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 8.180 seconds
我不想显示操作系统详细信息。我正在使用 IPCop 防火墙。
谢谢。
答案1
nmap 通过使用 TCP/IP 堆栈的特性(以及其他方法)来猜测目标主机上运行的操作系统。除非您更改 Linux 的 TCP/IP 堆栈的工作方式,否则无法阻止这种情况。
nmap 操作系统检测的详细信息:
此外自述文件被动操作系统指纹识别工具(p0f)也可以为你提供关于其工作原理的线索。
答案2
我修改了 /etc/sysctl.conf
并添加以下行:
net.ipv4.ip_default_ttl = 199
保存/退出