我正在尝试确定为什么nmap
当我连接到 VPN 提供商时我的结果不正确。
正如您在下文中看到的,nmap
即使主机没有开放端口,连接到 VPN 提供商时端口也是开放的。
以下是一个例子:
无需 VPN
root@localhost# nmap -vvv --open 156.145.28.186
Starting Nmap 7.80 ( https://nmap.org ) at 2021-05-31 11:41 EDT
Initiating Ping Scan at 11:41
Scanning 156.145.28.186 [2 ports]
Completed Ping Scan at 11:41, 3.01s elapsed (1 total hosts)
Read data files from: /usr/local/bin/../share/nmap
Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
Nmap done: 1 IP address (0 hosts up) scanned in 3.08 seconds
Windscribe VPN
显示 TCP 443 已打开
root@localhost# nmap -vvv --open 156.145.28.186
Starting Nmap 7.80 ( https://nmap.org ) at 2021-05-31 11:40 EDT
Initiating Ping Scan at 11:40
Scanning 156.145.28.186 [2 ports]
Completed Ping Scan at 11:40, 0.01s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 11:40
Completed Parallel DNS resolution of 1 host. at 11:40, 0.01s elapsed
DNS resolution of 1 IPs took 0.02s. Mode: Async [#: 1, OK: 1, NX: 0, DR: 0, SF: 0, TR: 1, CN: 0]
Initiating Connect Scan at 11:40
Scanning ariel.c2b2.columbia.edu (156.145.28.186) [1000 ports]
Discovered open port 443/tcp on 156.145.28.186
Completed Connect Scan at 11:40, 4.10s elapsed (1000 total ports)
Nmap scan report for ariel.c2b2.columbia.edu (156.145.28.186)
Host is up, received syn-ack (0.014s latency).
Scanned at 2021-05-31 11:40:34 EDT for 4s
Not shown: 999 filtered ports
Reason: 999 no-responses
Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
PORT STATE SERVICE REASON
443/tcp open https syn-ack
Read data files from: /usr/local/bin/../share/nmap
Nmap done: 1 IP address (1 host up) scanned in 4.21 seconds
Nord VPN
显示TCP 80,443,5060,8080打开
root@localhost# nmap -vvv --open 156.145.28.186
Starting Nmap 7.80 ( https://nmap.org ) at 2021-05-31 12:00 EDT
Initiating Ping Scan at 12:00
Scanning 156.145.28.186 [2 ports]
Completed Ping Scan at 12:00, 0.03s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 12:00
Completed Parallel DNS resolution of 1 host. at 12:00, 0.41s elapsed
DNS resolution of 1 IPs took 0.41s. Mode: Async [#: 1, OK: 1, NX: 0, DR: 0, SF: 0, TR: 1, CN: 0]
Initiating Connect Scan at 12:00
Scanning ariel.c2b2.columbia.edu (156.145.28.186) [1000 ports]
Discovered open port 443/tcp on 156.145.28.186
Discovered open port 8080/tcp on 156.145.28.186
Discovered open port 80/tcp on 156.145.28.186
Discovered open port 5060/tcp on 156.145.28.186
Completed Connect Scan at 12:00, 4.09s elapsed (1000 total ports)
Nmap scan report for ariel.c2b2.columbia.edu (156.145.28.186)
Host is up, received syn-ack (0.028s latency).
Scanned at 2021-05-31 12:00:44 EDT for 4s
Not shown: 996 filtered ports
Reason: 996 no-responses
Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
PORT STATE SERVICE REASON
80/tcp open http syn-ack
443/tcp open https syn-ack
5060/tcp open sip syn-ack
8080/tcp open http-proxy syn-ack
Read data files from: /usr/local/bin/../share/nmap
Nmap done: 1 IP address (1 host up) scanned in 4.62 seconds
答案1
我认为 VPN 服务正在代理这些连接,因此有 SYN ACK。
我测试了同样的事情
无需VPN
nmap --version-intensity 0 -T4 -Pn -sTV 156.145.28.186 -vv -top-ports 1000
Starting Nmap 7.92 ( https://nmap.org ) at 2021-11-24 13:28 CST
NSE: Loaded 45 scripts for scanning.
Initiating Parallel DNS resolution of 1 host. at 13:28
Completed Parallel DNS resolution of 1 host. at 13:28, 0.28s elapsed
Initiating Connect Scan at 13:28
Scanning ariel.c2b2.columbia.edu (156.145.28.186) [1000 ports]
Discovered open port 995/tcp on 156.145.28.186
Discovered open port 143/tcp on 156.145.28.186
Discovered open port 110/tcp on 156.145.28.186
Discovered open port 993/tcp on 156.145.28.186
Completed Connect Scan at 13:29, 4.93s elapsed (1000 total ports)
Initiating Service scan at 13:29
Scanning 4 services on ariel.c2b2.columbia.edu (156.145.28.186)
使用 VPN(Nord VPN)
nmap --version-intensity 0 -T4 -Pn -sTV 156.145.28.186 -vv -top-ports 1000
Starting Nmap 7.92 ( https://nmap.org ) at 2021-11-24 15:01 CST
NSE: Loaded 45 scripts for scanning.
Initiating Parallel DNS resolution of 1 host. at 15:01
Completed Parallel DNS resolution of 1 host. at 15:01, 1.10s elapsed
Initiating Connect Scan at 15:01
Scanning ariel.c2b2.columbia.edu (156.145.28.186) [1000 ports]
Discovered open port 8080/tcp on 156.145.28.186
Discovered open port 110/tcp on 156.145.28.186
Discovered open port 80/tcp on 156.145.28.186
Discovered open port 993/tcp on 156.145.28.186
Discovered open port 443/tcp on 156.145.28.186
Discovered open port 995/tcp on 156.145.28.186
Discovered open port 143/tcp on 156.145.28.186
Discovered open port 5060/tcp on 156.145.28.186
Completed Connect Scan at 15:01, 4.83s elapsed (1000 total ports)
Initiating Service scan at 15:01
Scanning 8 services on ariel.c2b2.columbia.edu (156.145.28.186)