天天看點
傳回

linux實作防止惡意掃描 PortSentry

端口做為伺服器的大門安全很重要,當伺服器運作很多服務時并向外提供服務,為防止有人惡意偵測伺服器用途,可使用portsentry來迷惑對方

portsentry可設定偵聽指定的TCP/UDP端口,當遇到掃描時會回應端口開放,并記錄掃描者資訊可做相應處理:防火牆阻止、路由定向、執行自定義腳本

實驗環境

centos-5.8

實驗軟體

gcc gcc-c++

portsentry-1.2.tar.gz

軟體安裝

yum install -y gcc gcc-c++

tar zxvf portsentry-1.2.tar.gz

cd portsentry_beta/

vim portsentry.c

1584   printf ("Copyright 1997-2003 Craig H. Rowland <craigrowland at users dot sourceforget dot net>\n");         次行編譯的時候不能折行

make linux

make install

vim /usr/local/psionic/portsentry/portsentry.conf

#TCP_PORTS="1,7,9,11,15,70,79,80,109,110,111,119,138,139,143,512,513,514,515,540,635,1080,1524,2000,2001,4000,4    001,5742,6000,6001,6667,12345,12346,20034,27665,30303,32771,32772,32773,32774,31337,40421,40425,49724,54320"

#UDP_PORTS="1,7,9,66,67,68,69,111,137,138,161,162,474,513,517,518,635,640,641,666,700,2049,31335,27444,34555,32,770,32771,32772,32773,32774,31337,54321"

這兩行定義端口政策

83 IGNORE_FILE="/usr/local/psionic/portsentry/portsentry.ignore"

這行定義拒絕ip

87 BLOCKED_FILE="/usr/local/psionic/portsentry/portsentry.blocked"

這行定義拒絕ip記錄

132 BLOCK_UDP="1"

133 BLOCK_TCP="1

對掃描IP的操作,0為無動作,1防火牆阻止,2執行腳本

211 KILL_ROUTE="/sbin/ipfw add 1 deny all from $TARGET$:255.255.255.255 to any"

Iptables阻止

/usr/local/psionic/portsentry/portsentry -tcp TCP基本端口綁定,以配置檔案端口為準

/usr/local/psionic/portsentry/portsentry -udp  UDP基本端口綁定,以配置檔案端口為準

/usr/local/psionic/portsentry/portsentry -stcp TCP私密檢測,隻記錄不回應端口開放

/usr/local/psionic/portsentry/portsentry -sudp UDP私密檢測,隻記錄不回應端口開放

/usr/local/psionic/portsentry/portsentry -stcp UDP進階秘密檢測,自動選擇監聽端口

/usr/local/psionic/portsentry/portsentry -audp UDP進階秘密檢測,自動選擇監聽端口

驗證

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2012-06-11 22:35 CST

Interesting ports on typecho.domain.com (192.168.1.2):

Not shown: 1654 closed ports

PORT      STATE SERVICE

1/tcp     open  tcpmux

11/tcp    open  systat

15/tcp    open  netstat

22/tcp    open  ssh

79/tcp    open  finger

80/tcp    open  http

111/tcp   open  rpcbind

119/tcp   open  nntp

143/tcp   open  imap

443/tcp   open  https

540/tcp   open  uucp

635/tcp   open  unknown

1080/tcp  open  socks

1524/tcp  open  ingreslock

2000/tcp  open  callbook

6667/tcp  open  irc

12345/tcp open  NetBus

12346/tcp open  NetBus

27665/tcp open  Trinoo_Master

31337/tcp open  Elite

32771/tcp open  sometimes-rpc5

32772/tcp open  sometimes-rpc7

32773/tcp open  sometimes-rpc9

32774/tcp open  sometimes-rpc11

54320/tcp open  bo2k

檢視防火牆阻止記錄

cat /etc/hosts.deny

ALL: 192.168.1.6

到此為止 PortSentry,就搭建完整了

本文轉自 mailfile 51CTO部落格,原文連結:http://blog.51cto.com/mailfile/1331848,如需轉載請自行聯系原作者

網絡協定 Linux 網絡安全 linux協定網絡 linux錯誤user linux優化web web網站linux linux阻塞
上一篇: nginx+tomcat
下一篇: KVM 虛拟機腳本

繼續閱讀