如何隐藏我在扫描服务器端口时运行的Linux版本?
当我从外部映射(nmap -A -T4 192.168.40.12)服务器的ip时,结果如下:
Starting Nmap 4.62 ( http://nmap.org ) at 2009-11-07 11:27 IRST LUA INTERPRETER in nse_init.cc:763: /usr/share/nmap/scripts/robots.nse:4: module 'http' not found: no field package.preload['http'] no file '/usr/share/nmap/nselib/http.lua' no file './http.lua' no file '/usr/local/share/lua/5.1/http.lua' no file '/usr/local/share/lua/5.1/http/init.lua' no file '/usr/local/lib/lua/5.1/http.lua' no file '/usr/local/lib/lua/5.1/http/init.lua' no file '/usr/lib/nmap/nselib-bin/http.so' no file './http.so' no file '/usr/local/lib/lua/5.1/http.so' no file '/usr/local/lib/lua/5.1/loadall.so' SCRIPT ENGINE: Aborting script scan. Interesting ports on 192.168.40.12: Not shown: 1710 closed ports PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 3.9p1 (protocol 1.99) 53/tcp open domain dnsmasq 2.47 80/tcp open http Apache httpd 222/tcp open ssh OpenSSH 3.9p1 (protocol 1.99) 8081/tcp open http CherryPy httpd 2.3.0 MAC Address: 00:10:F3:0F:59:B7 (Nexcom International Co.) Device type: firewall Running: IPCop Linux 2.4.X OS details: IPCop firewall 1.4.10 - 1.4.15 (Linux 2.4.31 - 2.4.34) Network Distance: 1 hop OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 8.180 seconds 我不希望操作系统的细节显示。 我正在使用IPCop防火墙。
谢谢。
nmap通过使用(除其他之外)TCP / IP协议栈的特性来猜测在目标主机上运行的操作系统。 除非您改变Linux的TCP / IP协议栈的工作方式,否则无法防止这种情况发生。
nmap的操作系统检测的细节:
此外,被动操作系统指纹识别工具(p0f)的README文件也可以告诉您这是如何工作的。
我修改/etc/sysctl.conf
并添加以下行:
net.ipv4.ip_default_ttl = 199
保存/退出