SMB 服务正在端口 445 上运行/原因/什么过程

tag-icon tag-icon linux samba server-message-block debian-wheezy
SMB 服务正在端口 445 上运行/原因/什么过程

我目前正在尝试“强化”我的所有服务器,首先关闭所有我不需要的服务。

这是一个 nginx 反向代理,metasploit 说 smb 445 tcp 被过滤了 http://gyazo.com/6adcdcf4982801f481b8338d913545bb

但是我找不到在此端口上运行的任何服务:service --status-all

 [ + ]  bind9
 [ - ]  bootlogs
 [ ? ]  bootmisc.sh
 [ ? ]  checkfs.sh
 [ ? ]  checkroot-bootclean.sh
 [ - ]  checkroot.sh
 [ + ]  cron
 [ + ]  fail2ban
 [ - ]  fetchmail
 [ - ]  hostname.sh
 [ ? ]  hwclock.sh
 [ - ]  kbd
 [ - ]  keymap.sh
 [ ? ]  killprocs
 [ ? ]  kmod
 [ ? ]  modules_dep.sh
 [ - ]  motd
 [ ? ]  mountall-bootclean.sh
 [ ? ]  mountall.sh
 [ ? ]  mountdevsubfs.sh
 [ ? ]  mountkernfs.sh
 [ ? ]  mountnfs-bootclean.sh
 [ ? ]  mountnfs.sh
 [ ? ]  mtab.sh
 [ ? ]  networking
 [ + ]  nginx
 [ ? ]  plymouth
 [ ? ]  plymouth-log
 [ - ]  procps
 [ - ]  quota
 [ - ]  quotarpc
 [ ? ]  rc.local
 [ - ]  rmnologin
 [ - ]  rpcbind
 [ - ]  rsync
 [ + ]  rsyslog
 [ + ]  saslauthd
 [ ? ]  screen-cleanup
 [ + ]  sendmail
 [ ? ]  sendsigs
 [ + ]  ssh
 [ - ]  sudo
 [ - ]  udev
 [ ? ]  udev-mtab
 [ ? ]  umountfs
 [ ? ]  umountnfs.sh
 [ ? ]  umountroot
 [ - ]  urandom
 [ - ]  wide-dhcpv6-client
 [ ? ]  xinetd

谁能给我指出正确的方向?

Samba 已被完全删除(apt-get purge samba*),所以不确定为什么它仍然打开端口 445。

很确定这是一个非常基本的问题,但我的研究没有得出任何结论。

谢谢

网络状态监测

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 LOCALHOST:53        0.0.0.0:*               LISTEN      1586/named      
tcp        0      0 127.0.0.2:53            0.0.0.0:*               LISTEN      1586/named      
tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN      1586/named      
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      1722/sendmail: MTA:
tcp        0      0 127.0.0.1:953           0.0.0.0:*               LISTEN      1586/named      
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      8772/nginx      
tcp        0      0 0.0.0.0:PORT            0.0.0.0:*               LISTEN      1763/sshd       
tcp        0      0 127.0.0.1:587           0.0.0.0:*               LISTEN      1722/sendmail: MTA:
tcp6       0      0 :::53                   :::*                    LISTEN      1586/named      
tcp6       0      0 ::1:953                 :::*                    LISTEN      1586/named      
tcp6       0      0 :::PORT                 :::*                    LISTEN      1763/sshd       
udp        0      0 LOCALHOST:53        0.0.0.0:*                           1586/named      
udp        0      0 127.0.0.2:53            0.0.0.0:*                           1586/named      
udp        0      0 127.0.0.1:53            0.0.0.0:*                           1586/named      
udp6       0      0 :::53                   :::*                                1586/named      
Active UNIX domain sockets (only servers)
Proto RefCnt Flags       Type       State         I-Node   PID/Program name    Path
unix  2      [ ACC ]     STREAM     LISTENING     3750021142 1/init              @/com/ubuntu/upstart
unix  2      [ ACC ]     STREAM     LISTENING     3750023597 1662/saslauthd      /var/run/saslauthd/mux
unix  2      [ ACC ]     SEQPACKET  LISTENING     3750021553 101/udevd           /run/udev/control
unix  2      [ ACC ]     STREAM     LISTENING     3820548573 6223/python         /var/run/fail2ban/fail2ban.sock
unix  2      [ ACC ]     STREAM     LISTENING     3820548623 6225/gam_server     @/tmp/fam-root-
unix  2      [ ACC ]     STREAM     LISTENING     3750023674 1722/sendmail: MTA: /var/run/sendmail/mta/smcontrol

答案1

“smb 445 tcp 过滤”不是意味着某些东西正在监听端口 445。来自 nmap 手册页:

已过滤。意味着防火墙、过滤器或其他网络障碍物正在阻塞端口,因此 Nmap 无法判断端口是打开还是关闭

相关内容