我有一个我刚刚购买的VPS盒子。 它在默认端口上运行Apache和SSHD。
当我进行端口扫描时,我得到的结果是说端口139和各种其他看似随机的端口是开放的。 我没有运行任何使用这些端口的服务。 VPS提供者通过VNC提供控制台访问。
iptables正在运行,规则在这里:
Chain INPUT (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere DROP all -- anywhere anywhere state INVALID ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT icmp -- anywhere anywhere icmp echo-request state NEW OPEN-UDP udp -- anywhere anywhere state NEW OPEN-TCP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN state NEW REJECT udp -- anywhere anywhere reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere reject-with tcp-reset REJECT all -- anywhere anywhere reject-with icmp-proto-unreachable Chain FORWARD (policy DROP) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain OPEN-TCP (1 references) target prot opt source destination ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ACCEPT tcp -- anywhere anywhere tcp dpt:http Chain OPEN-UDP (1 references) target prot opt source destination ACCEPT udp -- anywhere anywhere udp dpt:ssh ACCEPT udp -- anywhere anywhere udp dpt:http 编辑:
来自Jamesbuild议的评论结果( netstat -anp | grep LISTEN | grep tcp ):
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN - tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN - tcp 0 0 127.0.0.1:5432 0.0.0.0:* LISTEN -
我有postgres运行,但只接受本地主机的连接。
这些端口是否由于我的VPS提供的VNC软件而打开(又名这是常见的?)或者是我做错了什么,或者我已经被植根了?
端口139是Windows文件/打印机共享的注册端口。 检查samba是否正在运行ps aux | grep smb ps aux | grep smb