| 阅读上一个主题 :: 阅读下一个主题 |
| 作者 |
留言 |
miniqq
半仙
注册时间: 2007-03-20
文章: 79
|
 发表于: Mon 2010-02-08 21:01:48 发表主题: 为什么 Openssh总是暴露操作系统? |
 |
|
freebsd不开任何端口, pf可以阻止 nmap的扫描,
但一开sshd就被扫描出来了? |
|
| 返回页首 |
|
 |
delphij
精神病
注册时间: 2002-08-07
文章: 9246
来自: Mountain View, California
|
| 发表于: Tue 2010-02-09 10:23:11 发表主题: |
|
|
可以用VersionAddendum改掉,不过这个无非是给自己制造安全的幻象而已。
_________________
BSD是独立的一蹴,我们有自己的圈子,我们不以商业驱动,追求完美是我们的源动力,任何不好的代码都不能在这里存活。 |
|
| 返回页首 |
|
|
chendy
半仙
注册时间: 2002-12-21
文章: 174
来自: 深圳南山
|
| 发表于: Tue 2010-02-09 19:30:02 发表主题: |
|
|
不开端口怎么和服务器上的daemon程序通讯?
sshd一般作为管理用途,可以对使用者进行比较严格的限制,比如限制来源主机ip,或者做端口敲门配合防火墙来暂时开启发起sshd端口连接。 |
|
| 返回页首 |
|
|
miniqq
半仙
注册时间: 2007-03-20
文章: 79
|
| 发表于: Wed 2010-02-10 22:03:45 发表主题: |
|
|
pf synproxy 暂时搞定nmap 解恨!
Starting Nmap 5.21 ( http://nmap.org ) at 2010-02-10 21:59 中国标准时间
NSE: Loaded 36 scripts for scanning.
Initiating ARP Ping Scan at 21:59
Scanning 192.168.0.5 [1 port]
Completed ARP Ping Scan at 21:59, 0.46s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 21:59
Completed Parallel DNS resolution of 1 host. at 22:00, 8.20s elapsed
Initiating SYN Stealth Scan at 22:00
Scanning 192.168.0.5 [1000 ports]
Discovered open port 22/tcp on 192.168.0.5
Completed SYN Stealth Scan at 22:00, 5.29s elapsed (1000 total ports)
Initiating Service scan at 22:00
Scanning 1 service on 192.168.0.5
Completed Service scan at 22:00, 0.01s elapsed (1 service on 1 host)
Initiating OS detection (try #1) against 192.168.0.5
Retrying OS detection (try #2) against 192.168.0.5
NSE: Script scanning 192.168.0.5.
NSE: Starting runlevel 1 (of 1) scan.
Initiating NSE at 22:00
Completed NSE at 22:00, 0.31s elapsed
NSE: Script Scanning completed.
Nmap scan report for 192.168.0.5
Host is up (0.0094s latency).
Not shown: 999 filtered ports
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH (protocol 2.0)
| ssh-hostkey: 1024 ad:d7:ee:d5:9b:de:0b:22:f9:9d:b7:75:29:66:5e:53 (DSA)
|_2048 d8:bc:1a:d8:72:82:e5:22:d9:04:aa:c4:07:57:41:b6 (RSA)
MAC Address: 00:xxxxxxxxxxF:B2 (Asustek Computer)
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: phone|switch|WAP
Running (JUST GUESSING) : Nokia Symbian OS (97%), HP embedded (96%), D-Link embedded (94%), TRENDnet embedded (94%)
Aggressive OS guesses: Nokia E70 mobile phone (Symbian OS) (97%), HP 4000M ProCurve switch (J4121A) (96%), D-Link DWL-624+ or DWL-2000AP, or TRENDnet TEW-432BRP WAP (94%)
No exact OS matches for host (test conditions non-ideal).
Network Distance: 1 hop
Service Info: Device: terminal server
HOP RTT ADDRESS
1 9.43 ms 192.168.0.5 |
|
| 返回页首 |
|
|
zhengwei_zw
道童
注册时间: 2005-10-14
文章: 492
来自: SC=CD
|
| 发表于: Fri 2010-02-12 10:50:55 发表主题: |
|
|
楼上如何处理的?全部syn proxy?
_________________
希望BSD发扬光大! |
|
| 返回页首 |
|
|
|
常见问题
搜索
会员列表
团队
注册
个人资料
登录查看您的站内信件
登录
