Georgi Rakovski Posted March 22, 2013 Report Share Posted March 22, 2013 Искам да направя един порт невидим за http://www.pcflank.com този сайт. Как да стане? Link to comment Share on other sites More sharing options...
Mupo neTkoB Posted March 22, 2013 Report Share Posted March 22, 2013 http://www.pcflank.com/scanner_stealthed_r.htm?session_id=777d306b0f04480824d5aaddba4e613b&test_page=report защо изобщо позволяваш да те сканират? Теория - това е когато знаете всичко, но нищо не работи Практика - това е когато всичко работи, но не знаете защо При нас съчетаваме теорията с практиката - НИЩО не работи и нямаме понятие защо!!! Link to comment Share on other sites More sharing options...
Administrator Самуил Арсов Posted March 22, 2013 Administrator Report Share Posted March 22, 2013 http://www.linuxtopia.org/Linux_Firewall_iptables/x4550.html https://itservice-bg.net Link to comment Share on other sites More sharing options...
Mupo neTkoB Posted March 22, 2013 Report Share Posted March 22, 2013 така спира заявките към порта, не го "прави невидим" Теория - това е когато знаете всичко, но нищо не работи Практика - това е когато всичко работи, но не знаете защо При нас съчетаваме теорията с практиката - НИЩО не работи и нямаме понятие защо!!! Link to comment Share on other sites More sharing options...
Administrator Самуил Арсов Posted March 23, 2013 Administrator Report Share Posted March 23, 2013 (edited) Еми, той не спира заявките а не отговаря на заявките което го прави невидим. Ето реален пример: конфигурираме tcp-reset на ether2 което е WAN [admin@core3] > interface print Flags: D - dynamic, X - disabled, R - running, S - slave # NAME TYPE MTU L2MTU MAX-L2MTU 0 R ether1 ether 1500 9014 9014 1 R ether2 ether 1500 9014 9014 2 R ether3 ether 1500 9014 9014 3 R ether4 ether 1500 9014 9014 4 R vlan523 vlan 1500 9010 5 R vlan104 vlan 1500 9010 6 R tun1 gre-tunnel 1476 65535 7 R tun2 gre-tunnel 1476 65535 8 R tun3 gre-tunnel 1476 65535 9 R tun4 gre-tunnel 1476 65535 /ip firewall filter export add action=accept chain=forward disabled=no src-address-list=50M add action=accept chain=forward disabled=no src-address-list=70M add action=drop chain=forward disabled=no src-address=10.0.0.0/8 add action=drop chain=forward disabled=no src-address=172.16.0.0/12 add action=drop chain=forward disabled=no src-address=192.168.0.0/16 add action=drop chain=forward disabled=no src-address=169.254.0.0/16 add action=reject chain=input disabled=no dst-port=21,80,2000 in-interface=ether2 protocol=tcp reject-with=tcp-reset сканираме от хост през ether2 (през Интернет). Трите порта 21,80 и 2000 ги няма. sami@sami:~$ nmap 93.155.131.1 Starting Nmap 6.00 ( http://nmap.org ) at 2013-03-23 14:46 EET Nmap scan report for core2-vlan100.itservice-bg.net (93.155.131.1) Host is up (0.44s latency). Not shown: 995 closed ports PORT STATE SERVICE 25/tcp filtered smtp 53/tcp open domain 2222/tcp open EtherNet/IP-1 8080/tcp open http-proxy 8291/tcp open unknown Nmap done: 1 IP address (1 host up) scanned in 76.36 seconds сканираме от хост през vlan523 (локално) портовете 21,80 и 2000 са тук. root@host:~# nmap 93.155.131.1 Starting Nmap 5.21 ( http://nmap.org ) at 2013-03-23 14:57 EET Nmap scan report for 93.155.131.1 Host is up (0.0050s latency). Not shown: 993 closed ports PORT STATE SERVICE 21/tcp open ftp 53/tcp open domain 80/tcp open http 2000/tcp open cisco-sccp 2222/tcp open unknown 8080/tcp open http-proxy 8291/tcp open unknown Nmap done: 1 IP address (1 host up) scanned in 13.39 seconds Edited March 23, 2013 by samyil https://itservice-bg.net Link to comment Share on other sites More sharing options...
Georgi Rakovski Posted March 23, 2013 Author Report Share Posted March 23, 2013 искам начин с iptables за порт 80. Link to comment Share on other sites More sharing options...
gbdesign Posted March 23, 2013 Report Share Posted March 23, 2013 (edited) За дропване на определен IP адрес: iptables -A INPUT -s 195.131.4.164 -j DROP iptables -A OUTPUT -d 195.131.4.164 -j DROP За дропване на специфичен порт: iptables -A INPUT -p tcp --destination-port 80 -j DROP За дропване на определен IP адрес и определен порт: iptables -A INPUT -s 195.131.4.164 -p tcp --destination-port 80 -j DROP Edited March 23, 2013 by gbdesign Link to comment Share on other sites More sharing options...
Georgi Rakovski Posted March 23, 2013 Author Report Share Posted March 23, 2013 не искам да го дропвам, а да го направя невидим. Link to comment Share on other sites More sharing options...
Mitko Posted March 23, 2013 Report Share Posted March 23, 2013 не искам да го дропвам, а да го направя невидим. Няма как да стане - порта или е отворен и е "видим" или е затворен и се дропва и е "невидим". Link to comment Share on other sites More sharing options...
Administrator Самуил Арсов Posted March 23, 2013 Administrator Report Share Posted March 23, 2013 (edited) iptables -A INPUT -p tcp --dport 80 -i eth0 -j ACCEPT (порта е отворен - видим) iptables -A INPUT -p tcp --dport 81 -i eth0 -j DROP (порта е затворен, но отговаря - видим със статус filtered) iptables -A INPUT -p tcp --dport 82 -i eth0 -j REJECT --reject-with tcp-reset (порта е затворен, не отговаря - тоест е невидим) Това е машината която току що сканирах. Забележете как се пълнят пълнят веригите pkts bytes: root@server2:~# iptables -nvL Chain INPUT (policy ACCEPT 192K packets, 31M bytes) pkts bytes target prot opt in out source destination 1 44 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 2 88 DROP tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:81 1 44 REJECT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:82 reject-with tcp-reset Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 39891 packets, 43M bytes) pkts bytes target prot opt in out source destination А това е сканиращия, вижда порт 81 като filtered а 82 не : root@host:~# nmap 93.155.130.13 Starting Nmap 5.21 ( http://nmap.org ) at 2013-03-23 21:20 EET Nmap scan report for 93.155.130.13 Host is up (0.00034s latency). Not shown: 993 closed ports PORT STATE SERVICE 22/tcp open ssh 25/tcp open smtp 53/tcp open domain 80/tcp open http 81/tcp filtered unknown 139/tcp open netbios-ssn 445/tcp open microsoft-ds MAC Address: 00:0C:29:32:85:79 (VMware) Nmap done: 1 IP address (1 host up) scanned in 14.29 seconds Незнам как по друг начин да го обясня ?!?!? Edited March 23, 2013 by samyil https://itservice-bg.net Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now