linux实现防止恶意扫描 PortSentry
2013-11-26 15:01
316 查看
端口做为服务器的大门安全很重要,当服务器运行很多服务时并向外提供服务,为防止有人恶意侦测服务器用途,可使用portsentry来迷惑对方
portsentry可设定侦听指定的TCP/UDP端口,当遇到扫描时会回应端口开放,并记录扫描者信息可做相应处理:防火墙阻止、路由定向、执行自定义脚本
实验环境
centos-5.8
实验软件
gcc gcc-c++
portsentry-1.2.tar.gz
软件安装
yum install -y gcc gcc-c++
tar zxvf portsentry-1.2.tar.gz
cd portsentry_beta/
vim portsentry.c
1584 printf ("Copyright 1997-2003 Craig H. Rowland <craigrowland at users dot sourceforget dot net>\n"); 次行编译的时候不能折行
make linux
make install
vim /usr/local/psionic/portsentry/portsentry.conf
#TCP_PORTS="1,7,9,11,15,70,79,80,109,110,111,119,138,139,143,512,513,514,515,540,635,1080,1524,2000,2001,4000,4 001,5742,6000,6001,6667,12345,12346,20034,27665,30303,32771,32772,32773,32774,31337,40421,40425,49724,54320"
#UDP_PORTS="1,7,9,66,67,68,69,111,137,138,161,162,474,513,517,518,635,640,641,666,700,2049,31335,27444,34555,32,770,32771,32772,32773,32774,31337,54321"
这两行定义端口策略
83 IGNORE_FILE="/usr/local/psionic/portsentry/portsentry.ignore"
这行定义拒绝ip
87 BLOCKED_FILE="/usr/local/psionic/portsentry/portsentry.blocked"
这行定义拒绝ip记录
132 BLOCK_UDP="1"
133 BLOCK_TCP="1
对扫描IP的操作,0为无动作,1防火墙阻止,2执行脚本
211 KILL_ROUTE="/sbin/ipfw add 1 deny all from $TARGET$:255.255.255.255 to any"
Iptables阻止
/usr/local/psionic/portsentry/portsentry -tcp TCP基本端口绑定,以配置文件端口为准
/usr/local/psionic/portsentry/portsentry -udp UDP基本端口绑定,以配置文件端口为准
/usr/local/psionic/portsentry/portsentry -stcp TCP私密检测,只记录不回应端口开放
/usr/local/psionic/portsentry/portsentry -sudp UDP私密检测,只记录不回应端口开放
/usr/local/psionic/portsentry/portsentry -stcp UDP高级秘密检测,自动选择监听端口
/usr/local/psionic/portsentry/portsentry -audp UDP高级秘密检测,自动选择监听端口
验证
nmap -sS www.2cto.com
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2012-06-11 22:35 CST
Interesting ports on typecho.domain.com (192.168.1.2):
Not shown: 1654 closed ports
PORT STATE SERVICE
1/tcp open tcpmux
11/tcp open systat
15/tcp open netstat
22/tcp open ssh
79/tcp open finger
80/tcp open http
111/tcp open rpcbind
119/tcp open nntp
143/tcp open imap
443/tcp open https
540/tcp open uucp
635/tcp open unknown
1080/tcp open socks
1524/tcp open ingreslock
2000/tcp open callbook
3306/tcp open mysql
6667/tcp open irc
12345/tcp open NetBus
12346/tcp open NetBus
27665/tcp open Trinoo_Master
31337/tcp open Elite
32771/tcp open sometimes-rpc5
32772/tcp open sometimes-rpc7
32773/tcp open sometimes-rpc9
32774/tcp open sometimes-rpc11
54320/tcp open bo2k
查看防火墙阻止记录
cat /etc/hosts.deny
ALL: 192.168.1.6
到此为止 PortSentry,就搭建完整了
portsentry可设定侦听指定的TCP/UDP端口,当遇到扫描时会回应端口开放,并记录扫描者信息可做相应处理:防火墙阻止、路由定向、执行自定义脚本
实验环境
centos-5.8
实验软件
gcc gcc-c++
portsentry-1.2.tar.gz
软件安装
yum install -y gcc gcc-c++
tar zxvf portsentry-1.2.tar.gz
cd portsentry_beta/
vim portsentry.c
1584 printf ("Copyright 1997-2003 Craig H. Rowland <craigrowland at users dot sourceforget dot net>\n"); 次行编译的时候不能折行
make linux
make install
vim /usr/local/psionic/portsentry/portsentry.conf
#TCP_PORTS="1,7,9,11,15,70,79,80,109,110,111,119,138,139,143,512,513,514,515,540,635,1080,1524,2000,2001,4000,4 001,5742,6000,6001,6667,12345,12346,20034,27665,30303,32771,32772,32773,32774,31337,40421,40425,49724,54320"
#UDP_PORTS="1,7,9,66,67,68,69,111,137,138,161,162,474,513,517,518,635,640,641,666,700,2049,31335,27444,34555,32,770,32771,32772,32773,32774,31337,54321"
这两行定义端口策略
83 IGNORE_FILE="/usr/local/psionic/portsentry/portsentry.ignore"
这行定义拒绝ip
87 BLOCKED_FILE="/usr/local/psionic/portsentry/portsentry.blocked"
这行定义拒绝ip记录
132 BLOCK_UDP="1"
133 BLOCK_TCP="1
对扫描IP的操作,0为无动作,1防火墙阻止,2执行脚本
211 KILL_ROUTE="/sbin/ipfw add 1 deny all from $TARGET$:255.255.255.255 to any"
Iptables阻止
/usr/local/psionic/portsentry/portsentry -tcp TCP基本端口绑定,以配置文件端口为准
/usr/local/psionic/portsentry/portsentry -udp UDP基本端口绑定,以配置文件端口为准
/usr/local/psionic/portsentry/portsentry -stcp TCP私密检测,只记录不回应端口开放
/usr/local/psionic/portsentry/portsentry -sudp UDP私密检测,只记录不回应端口开放
/usr/local/psionic/portsentry/portsentry -stcp UDP高级秘密检测,自动选择监听端口
/usr/local/psionic/portsentry/portsentry -audp UDP高级秘密检测,自动选择监听端口
验证
nmap -sS www.2cto.com
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2012-06-11 22:35 CST
Interesting ports on typecho.domain.com (192.168.1.2):
Not shown: 1654 closed ports
PORT STATE SERVICE
1/tcp open tcpmux
11/tcp open systat
15/tcp open netstat
22/tcp open ssh
79/tcp open finger
80/tcp open http
111/tcp open rpcbind
119/tcp open nntp
143/tcp open imap
443/tcp open https
540/tcp open uucp
635/tcp open unknown
1080/tcp open socks
1524/tcp open ingreslock
2000/tcp open callbook
3306/tcp open mysql
6667/tcp open irc
12345/tcp open NetBus
12346/tcp open NetBus
27665/tcp open Trinoo_Master
31337/tcp open Elite
32771/tcp open sometimes-rpc5
32772/tcp open sometimes-rpc7
32773/tcp open sometimes-rpc9
32774/tcp open sometimes-rpc11
54320/tcp open bo2k
查看防火墙阻止记录
cat /etc/hosts.deny
ALL: 192.168.1.6
到此为止 PortSentry,就搭建完整了
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- LINUX下防恶意扫描软件PortSentry
- PortSentry防止恶意扫描
- C#.NET 大型企业信息化系统集成快速开发平台 4.2 版本 - 访问频率限制功能实现、防止黑客扫描、防止恶意刷屏
- linux系统shell脚本实现 恶意扫描服务器密码 自动屏蔽
- IT零起步-防止恶意扫描 安装PortSentry
- 防止恶意扫描 用PortSentry保护Linux服务器
- Linux中实现一个目录扫描程序
- 【linux服务器安全系列】之防止黑客端口扫描
- linux下端口扫描的实现(TCP connect、TCP SYN、TCP FIN、UDP四种方式)1 原理篇
- linux下端口扫描的实现(TCP connect、TCP SYN、TCP FIN、UDP四种方式)
- Linux下nc命来实现文件传输、端口扫描
- Linux防止ssh暴力扫描IP
- Linux中实现一个目录扫描程序
- linux下防止syn攻击,端口扫描和死亡之ping
- 【转】Centos5.5 X86_64下安装PortSentry1.2防止恶意扫描 (2011-12-15 11:41)
- linux下目录扫描的实现
- Linux系统防止黑客NMAP扫描的方法
- 防止恶意刷新页面的Java实现
- Centos5.5 X86_64下安装PortSentry1.2防止恶意扫描 推荐
- PHP、Java、C#实现URI参数签名算法,确保应用与REST服务器之间的安全通信,防止Secret Key盗用、数据篡改等恶意攻击行为