proceeding
扫描
$ nmap --top-ports 10000 10.162.8.227
Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-11-29 17:07 CST
Nmap scan report for star (10.162.8.227)
Host is up (0.00023s latency).
Not shown: 8367 closed tcp ports (conn-refused)
PORT STATE SERVICE
5556/tcp filtered freeciv
Nmap done: 1 IP address (1 host up) scanned in 1.49 seconds
查看端口对应的进程
$ sudo netstat -tulnp | grep :5556
tcp 0 0 0.0.0.0:5556 0.0.0.0:* LISTEN 10594/./com.alibaba
强制杀死进程
sudo kill -9 10594
查看进程存活
$ sudo netstat -tulnp | grep :5556
iptables丢弃端口的传入报文,
sudo iptables -A INPUT -p tcp --dport 5556 -j DROP
再次扫描端口
$ nmap --top-ports 10000 10.162.8.227
Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-11-29 17:13 CST
Nmap scan report for star (10.162.8.227)
Host is up (0.00023s latency).
Not shown: 8367 closed tcp ports (conn-refused)
PORT STATE SERVICE
5556/tcp filtered freeciv
Nmap done: 1 IP address (1 host up) scanned in 1.58 seconds
如何彻底关闭端口5556?
进程仅仅启动2:25,可能不是恶意的
$ ps -e | grep 10594
10594 ? 00:02:25 com.alibabainc.
开机后保持iptables表
- 使用以下命令将端口 5556 的流量丢弃:
sudo iptables -A INPUT -p tcp --dport 5556 -j DROP
- 保存 iptables 规则:
安装iptables-persistent
sudo apt-get install iptables-persistent
在安装过程中,系统会提示您保存当前的 iptables 规则,选择“是”即可。
在 Ubuntu 中,iptables 规则在重启后不会自动保存。您可以使用以下命令保存规则:
sudo iptables-save | sudo tee /etc/iptables/rules.v4
- ufw不行
接着卸载iptables,重装ufw,拒绝所有流量,再拒绝5556/tcp
sudo ufw deny 5556/tcp
无效
完结-撒💐
- 接着对传出和转发规则丢弃
sudo iptables -A FORWARD -p tcp --dport 5556 -j DROP
sudo iptables -A OUTPUT -p tcp --dport 5556 -j DROP
- 结果
$ !826
Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-11-29 17:52 CST
Nmap scan report for star (10.162.8.227)
Host is up (0.00016s latency).
Not shown: 8367 closed tcp ports (conn-refused)
PORT STATE SERVICE
5556/tcp filtered freeciv
Nmap done: 1 IP address (1 host up) scanned in 1.42 seconds
- 好像百度上传服务就会开启5556~,也可能是恶意的
总结
-
ufw会和firewall-config冲突,因此舍弃ufw
-
iptables和firewall-config双管齐下,
-
firewall可限制局域网下主机提供的客户端服务,真实杀死遥测和所有不想要的服务;
-
iptables关闭特定端口
-
滚去写作也亚fw!
