我目前正在尝试“强化”我的所有服务器,首先关闭所有我不需要的服务。
这是一个 nginx 反向代理,metasploit 说 smb 445 tcp 被过滤了 http://gyazo.com/6adcdcf4982801f481b8338d913545bb
但是我找不到在此端口上运行的任何服务:service --status-all
[ + ] bind9
[ - ] bootlogs
[ ? ] bootmisc.sh
[ ? ] checkfs.sh
[ ? ] checkroot-bootclean.sh
[ - ] checkroot.sh
[ + ] cron
[ + ] fail2ban
[ - ] fetchmail
[ - ] hostname.sh
[ ? ] hwclock.sh
[ - ] kbd
[ - ] keymap.sh
[ ? ] killprocs
[ ? ] kmod
[ ? ] modules_dep.sh
[ - ] motd
[ ? ] mountall-bootclean.sh
[ ? ] mountall.sh
[ ? ] mountdevsubfs.sh
[ ? ] mountkernfs.sh
[ ? ] mountnfs-bootclean.sh
[ ? ] mountnfs.sh
[ ? ] mtab.sh
[ ? ] networking
[ + ] nginx
[ ? ] plymouth
[ ? ] plymouth-log
[ - ] procps
[ - ] quota
[ - ] quotarpc
[ ? ] rc.local
[ - ] rmnologin
[ - ] rpcbind
[ - ] rsync
[ + ] rsyslog
[ + ] saslauthd
[ ? ] screen-cleanup
[ + ] sendmail
[ ? ] sendsigs
[ + ] ssh
[ - ] sudo
[ - ] udev
[ ? ] udev-mtab
[ ? ] umountfs
[ ? ] umountnfs.sh
[ ? ] umountroot
[ - ] urandom
[ - ] wide-dhcpv6-client
[ ? ] xinetd
谁能给我指出正确的方向?
Samba 已被完全删除(apt-get purge samba*),所以不确定为什么它仍然打开端口 445。
很确定这是一个非常基本的问题,但我的研究没有得出任何结论。
谢谢
网络状态监测
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 LOCALHOST:53 0.0.0.0:* LISTEN 1586/named
tcp 0 0 127.0.0.2:53 0.0.0.0:* LISTEN 1586/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 1586/named
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1722/sendmail: MTA:
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 1586/named
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 8772/nginx
tcp 0 0 0.0.0.0:PORT 0.0.0.0:* LISTEN 1763/sshd
tcp 0 0 127.0.0.1:587 0.0.0.0:* LISTEN 1722/sendmail: MTA:
tcp6 0 0 :::53 :::* LISTEN 1586/named
tcp6 0 0 ::1:953 :::* LISTEN 1586/named
tcp6 0 0 :::PORT :::* LISTEN 1763/sshd
udp 0 0 LOCALHOST:53 0.0.0.0:* 1586/named
udp 0 0 127.0.0.2:53 0.0.0.0:* 1586/named
udp 0 0 127.0.0.1:53 0.0.0.0:* 1586/named
udp6 0 0 :::53 :::* 1586/named
Active UNIX domain sockets (only servers)
Proto RefCnt Flags Type State I-Node PID/Program name Path
unix 2 [ ACC ] STREAM LISTENING 3750021142 1/init @/com/ubuntu/upstart
unix 2 [ ACC ] STREAM LISTENING 3750023597 1662/saslauthd /var/run/saslauthd/mux
unix 2 [ ACC ] SEQPACKET LISTENING 3750021553 101/udevd /run/udev/control
unix 2 [ ACC ] STREAM LISTENING 3820548573 6223/python /var/run/fail2ban/fail2ban.sock
unix 2 [ ACC ] STREAM LISTENING 3820548623 6225/gam_server @/tmp/fam-root-
unix 2 [ ACC ] STREAM LISTENING 3750023674 1722/sendmail: MTA: /var/run/sendmail/mta/smcontrol
答案1
“smb 445 tcp 过滤”不是意味着某些东西正在监听端口 445。来自 nmap 手册页:
已过滤。意味着防火墙、过滤器或其他网络障碍物正在阻塞端口,因此 Nmap 无法判断端口是打开还是关闭