通过 VPN 连接时 Nmap 结果不正确

tag-icon tag-icon nmap
通过 VPN 连接时 Nmap 结果不正确

我正在尝试确定为什么nmap当我连接到 VPN 提供商时我的结果不正确。

正如您在下文中看到的,nmap即使主机没有开放端口,连接到 VPN 提供商时端口也是开放的。

以下是一个例子:

无需 VPN

root@localhost# nmap -vvv --open 156.145.28.186
Starting Nmap 7.80 ( https://nmap.org ) at 2021-05-31 11:41 EDT
Initiating Ping Scan at 11:41
Scanning 156.145.28.186 [2 ports]
Completed Ping Scan at 11:41, 3.01s elapsed (1 total hosts)
Read data files from: /usr/local/bin/../share/nmap
Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
Nmap done: 1 IP address (0 hosts up) scanned in 3.08 seconds

Windscribe VPN

显示 TCP 443 已打开

root@localhost# nmap -vvv --open 156.145.28.186
Starting Nmap 7.80 ( https://nmap.org ) at 2021-05-31 11:40 EDT
Initiating Ping Scan at 11:40
Scanning 156.145.28.186 [2 ports]
Completed Ping Scan at 11:40, 0.01s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 11:40
Completed Parallel DNS resolution of 1 host. at 11:40, 0.01s elapsed
DNS resolution of 1 IPs took 0.02s. Mode: Async [#: 1, OK: 1, NX: 0, DR: 0, SF: 0, TR: 1, CN: 0]
Initiating Connect Scan at 11:40
Scanning ariel.c2b2.columbia.edu (156.145.28.186) [1000 ports]
Discovered open port 443/tcp on 156.145.28.186
Completed Connect Scan at 11:40, 4.10s elapsed (1000 total ports)
Nmap scan report for ariel.c2b2.columbia.edu (156.145.28.186)
Host is up, received syn-ack (0.014s latency).
Scanned at 2021-05-31 11:40:34 EDT for 4s
Not shown: 999 filtered ports
Reason: 999 no-responses
Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
PORT    STATE SERVICE REASON
443/tcp open  https   syn-ack

Read data files from: /usr/local/bin/../share/nmap
Nmap done: 1 IP address (1 host up) scanned in 4.21 seconds

Nord VPN

显示TCP 80,443,5060,8080打开

root@localhost# nmap -vvv --open 156.145.28.186
Starting Nmap 7.80 ( https://nmap.org ) at 2021-05-31 12:00 EDT
Initiating Ping Scan at 12:00
Scanning 156.145.28.186 [2 ports]
Completed Ping Scan at 12:00, 0.03s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 12:00
Completed Parallel DNS resolution of 1 host. at 12:00, 0.41s elapsed
DNS resolution of 1 IPs took 0.41s. Mode: Async [#: 1, OK: 1, NX: 0, DR: 0, SF: 0, TR: 1, CN: 0]
Initiating Connect Scan at 12:00
Scanning ariel.c2b2.columbia.edu (156.145.28.186) [1000 ports]
Discovered open port 443/tcp on 156.145.28.186
Discovered open port 8080/tcp on 156.145.28.186
Discovered open port 80/tcp on 156.145.28.186
Discovered open port 5060/tcp on 156.145.28.186
Completed Connect Scan at 12:00, 4.09s elapsed (1000 total ports)
Nmap scan report for ariel.c2b2.columbia.edu (156.145.28.186)
Host is up, received syn-ack (0.028s latency).
Scanned at 2021-05-31 12:00:44 EDT for 4s
Not shown: 996 filtered ports
Reason: 996 no-responses
Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
PORT     STATE SERVICE    REASON
80/tcp   open  http       syn-ack
443/tcp  open  https      syn-ack
5060/tcp open  sip        syn-ack
8080/tcp open  http-proxy syn-ack

Read data files from: /usr/local/bin/../share/nmap
Nmap done: 1 IP address (1 host up) scanned in 4.62 seconds

答案1

我认为 VPN 服务正在代理这些连接,因此有 SYN ACK。

我测试了同样的事情

无需VPN

nmap --version-intensity 0 -T4 -Pn -sTV 156.145.28.186 -vv -top-ports 1000
Starting Nmap 7.92 ( https://nmap.org ) at 2021-11-24 13:28 CST
NSE: Loaded 45 scripts for scanning.
Initiating Parallel DNS resolution of 1 host. at 13:28
Completed Parallel DNS resolution of 1 host. at 13:28, 0.28s elapsed
Initiating Connect Scan at 13:28
Scanning ariel.c2b2.columbia.edu (156.145.28.186) [1000 ports]
Discovered open port 995/tcp on 156.145.28.186
Discovered open port 143/tcp on 156.145.28.186
Discovered open port 110/tcp on 156.145.28.186
Discovered open port 993/tcp on 156.145.28.186
Completed Connect Scan at 13:29, 4.93s elapsed (1000 total ports)
Initiating Service scan at 13:29
Scanning 4 services on ariel.c2b2.columbia.edu (156.145.28.186)

使用 VPN(Nord VPN)

nmap --version-intensity 0 -T4 -Pn -sTV 156.145.28.186 -vv -top-ports 1000
Starting Nmap 7.92 ( https://nmap.org ) at 2021-11-24 15:01 CST
NSE: Loaded 45 scripts for scanning.
Initiating Parallel DNS resolution of 1 host. at 15:01
Completed Parallel DNS resolution of 1 host. at 15:01, 1.10s elapsed
Initiating Connect Scan at 15:01
Scanning ariel.c2b2.columbia.edu (156.145.28.186) [1000 ports]
Discovered open port 8080/tcp on 156.145.28.186
Discovered open port 110/tcp on 156.145.28.186
Discovered open port 80/tcp on 156.145.28.186
Discovered open port 993/tcp on 156.145.28.186
Discovered open port 443/tcp on 156.145.28.186
Discovered open port 995/tcp on 156.145.28.186
Discovered open port 143/tcp on 156.145.28.186
Discovered open port 5060/tcp on 156.145.28.186
Completed Connect Scan at 15:01, 4.83s elapsed (1000 total ports)
Initiating Service scan at 15:01
Scanning 8 services on ariel.c2b2.columbia.edu (156.145.28.186)

相关内容