|
|
用扫描器扫描的是开放 21 22 80 110 8080 3128端口,22是我开的没错 可是其他的确实没有安装服务 telnet可以连上那些端口但是没有任何回复 机器也是根服务器 难道是我见鬼了? 还是人品问题? 就算端口是开放的 IPTABLES也已经过滤了22以外的端口 那为何还会检测到有端口开放?
以下是netstat的结果
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 *:sunrpc *:* LISTEN
tcp 0 0 MNone:domain *:* LISTEN
tcp 0 0 *:33109 *:* LISTEN
tcp 0 0 *:ssh *:* LISTEN
tcp 0 0 smtp *:* LISTEN
tcp 0 0 rndc *:* LISTEN
tcp 0 0 *:ssh *:* LISTEN
tcp 0 0 localhost6.localdomain:rndc *:* LISTEN
udp 0 0 *:768 *:*
udp 0 0 domain *:*
udp 0 0 *:53561 *:*
udp 0 0 *:bootps *:*
udp 0 0 *:55627 *:*
udp 0 0 *:flexlm *:*
udp 0 0 *:mdns *:*
udp 0 0 *:sunrpc *:*
udp 0 0 *:34290 *:*
udp 0 0 *:54062 *:*
以下是IPTABLE的配置
# Generated by iptables-save v1.4.1.1 on Sat Oct 18 17:16:20 2008 *filter
:INPUT DROP [106:7660]
:FORWARD ACCEPT [48326:14619188]
:OUTPUT ACCEPT [1004:105000]
-A INPUT -m state --state RELATED -j ACCEPT
-A INPUT -m state --state ESTABLISHED -j ACCEPT
-A INPUT -i eth1 -p icmp -m icmp --icmp-type 0 -j ACCEPT
-A INPUT -i eth1 -p icmp -m icmp --icmp-type 3 -j ACCEPT
-A INPUT -i eth1 -p icmp -m icmp --icmp-type 3/4 -j ACCEPT
-A INPUT -i eth1 -p icmp -m icmp --icmp-type 4 -j ACCEPT
-A INPUT -i eth1 -p icmp -m icmp --icmp-type 11 -j ACCEPT
-A INPUT -i eth1 -p icmp -m icmp --icmp-type 12 -j ACCEPT
-A INPUT -i eth1 -p icmp -m icmp --icmp-type 14 -j ACCEPT
-A INPUT -i eth1 -p icmp -m icmp --icmp-type 16 -j ACCEPT
-A INPUT -i eth1 -p icmp -m icmp --icmp-type 18 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
COMMIT
# Completed on Sat Oct 18 17:16:20 2008
# Generated by iptables-save v1.4.1.1 on Sat Oct 18 17:16:50 2008
*nat
 REROUTING ACCEPT [1314:79963]
OSTROUTING ACCEPT [12:1499]
:OUTPUT ACCEPT [12:1499]
-A POSTROUTING -s 192.168.0.0/24 -o eth1 -j MASQUERADE
COMMIT
# Completed on Sat Oct 18 17:16:50 2008 |
|
IP卡
狗仔卡
发表于 2008-10-18 17:48:20
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
显身卡