我刚买了一个 VPS 机箱。它在其默认端口上运行 Apache 和 SSHD。
当我进行端口扫描时,我得到的结果是端口 139 和其他看似随机的端口处于打开状态。我没有运行任何使用这些端口的服务。VPS 提供商通过 VNC 提供控制台访问。
iptables 正在运行,规则如下:
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
DROP all -- anywhere anywhere state INVALID
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere icmp echo-request state NEW
OPEN-UDP udp -- anywhere anywhere state NEW
OPEN-TCP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN state NEW
REJECT udp -- anywhere anywhere reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere reject-with tcp-reset
REJECT all -- anywhere anywhere reject-with icmp-proto-unreachable
Chain FORWARD (policy DROP)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain OPEN-TCP (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:http
Chain OPEN-UDP (1 references)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp dpt:ssh
ACCEPT udp -- anywhere anywhere udp dpt:http
编辑:
James 在评论中建议的结果(netstat -anp | grep LISTEN | grep tcp):
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:5432 0.0.0.0:* LISTEN -
我正在运行 postgres,但只接受来自本地主机的连接。
这些端口是否因为我的 VPS 提供的 VNC 软件而打开(也就是说,这是很常见的吗?)还是我做错了什么,或者我已经被 root 了?
答案1
端口 139 是 Windows 文件/打印机共享的注册端口。检查 samba 是否正在运行
ps aux | grep smb