PortSentry
端口做為服務器的大門安全很重要,當服務器運行很多服務時并向外提供服務,為防止有人惡意偵測服務器用途,可使用portsentry來迷惑對方
portsentry可設定偵聽指定的TCP/UDP端口,當遇到掃描時會回應端口開放,并記錄掃描者信息可做相應處理:防火墻阻止、路由定向、執(zhí)行自定義腳本
實驗環(huán)境
centos-5.8
實驗軟件
gcc gcc-c++
portsentry-1.2.tar.gz
軟件安裝
yum install -y gcc gcc-c++
tar zxvf portsentry-1.2.tar.gz
cd portsentry_beta/
vim portsentry.c
1584 ? printf ("Copyright 1997-2003 Craig H. Rowland <craigrowland at users dot sourceforget dot net>\n"); ? ? ? ? 次行編譯的時候不能折行
make linux
make install
vim /usr/local/psionic/portsentry/portsentry.conf
#TCP_PORTS="1,7,9,11,15,70,79,80,109,110,111,119,138,139,143,512,513,514,515,540,635,1080,1524,2000,2001,4000,4 ? ?001,5742,6000,6001,6667,12345,12346,20034,27665,30303,32771,32772,32773,32774,31337,40421,40425,49724,54320"
#UDP_PORTS="1,7,9,66,67,68,69,111,137,138,161,162,474,513,517,518,635,640,641,666,700,2049,31335,27444,34555,32,770,32771,32772,32773,32774,31337,54321"
這兩行定義端口策略
83 IGNORE_FILE="/usr/local/psionic/portsentry/portsentry.ignore"
這行定義拒絕ip
87 BLOCKED_FILE="/usr/local/psionic/portsentry/portsentry.blocked"
這行定義拒絕ip記錄
132 BLOCK_UDP="1"
133 BLOCK_TCP="1
對掃描IP的操作,0為無動作,1防火墻阻止,2執(zhí)行腳本
211 KILL_ROUTE="/sbin/ipfw add 1 deny all from $TARGET$:255.255.255.255 to any"
Iptables阻止
/usr/local/psionic/portsentry/portsentry -tcp TCP基本端口綁定,以配置文件端口為準
/usr/local/psionic/portsentry/portsentry -udp ?UDP基本端口綁定,以配置文件端口為準
/usr/local/psionic/portsentry/portsentry -stcp TCP私密檢測,只記錄不回應端口開放
/usr/local/psionic/portsentry/portsentry -sudp UDP私密檢測,只記錄不回應端口開放
/usr/local/psionic/portsentry/portsentry -stcp UDP高級秘密檢測,自動選擇監(jiān)聽端口
/usr/local/psionic/portsentry/portsentry -audp UDP高級秘密檢測,自動選擇監(jiān)聽端口
驗證
nmap -sS ?www.2cto.com
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2012-06-11 22:35 CST
Interesting ports on typecho.domain.com (192.168.1.2):
Not shown: 1654 closed ports
PORT ? ? ?STATE SERVICE
1/tcp ? ? open ?tcpmux
11/tcp ? ?open ?systat
15/tcp ? ?open ?netstat
22/tcp ? ?open ?ssh
79/tcp ? ?open ?finger
80/tcp ? ?open ?http
111/tcp ? open ?rpcbind
119/tcp ? open ?nntp
143/tcp ? open ?imap
443/tcp ? open ?https
540/tcp ? open ?uucp
635/tcp ? open ?unknown
1080/tcp ?open ?socks
1524/tcp ?open ?ingreslock
2000/tcp ?open ?callbook
3306/tcp ?open ?mysql
6667/tcp ?open ?irc
12345/tcp open ?NetBus
12346/tcp open ?NetBus
27665/tcp open ?Trinoo_Master
31337/tcp open ?Elite
32771/tcp open ?sometimes-rpc5
32772/tcp open ?sometimes-rpc7
32773/tcp open ?sometimes-rpc9
32774/tcp open ?sometimes-rpc11
54320/tcp open ?bo2k
查看防火墻阻止記錄
cat /etc/hosts.deny
ALL: 192.168.1.6
轉(zhuǎn)載于:https://blog.51cto.com/mailfile/1331848
總結(jié)
以上是生活随笔為你收集整理的PortSentry的全部內(nèi)容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: 移动时代的互联网格局变化
- 下一篇: Objective-C中的hasPref