|
端口做为服务器的大门安全很重要,当服务器运行很多服务时并向外提供服务,为防止有人恶意侦测服务器用途,可使用portsentry来迷惑对方 portsentry可设定侦听指定的TCP/UDP端口,当遇到扫描时会回应端口开放,并记录扫描者信息可做相应处理:防火墙阻止、路由定向、执行自定义脚本
实验环境 centos-5.8
实验软件 gcc gcc-c++ portsentry-1.2.tar.gz
软件安装 yum install -y gcc gcc-c++ tar zxvf portsentry-1.2.tar.gz cd portsentry_beta/ vim portsentry.c 1584 printf ("Copyright 1997-2003 Craig H. Rowland <craigrowland at users dot sourceforget dot net>\n"); 次行编译的时候不能折行 make linux make install
vim /usr/local/psionic/portsentry/portsentry.conf #TCP_PORTS="1,7,9,11,15,70,79,80,109,110,111,119,138,139,143,512,513,514,515,540,635,1080,1524,2000,2001,4000,4 001,5742,6000,6001,6667,12345,12346,20034,27665,30303,32771,32772,32773,32774,31337,40421,40425,49724,54320" #UDP_PORTS="1,7,9,66,67,68,69,111,137,138,161,162,474,513,517,518,635,640,641,666,700,2049,31335,27444,34555,32,770,32771,32772,32773,32774,31337,54321" 这两行定义端口策略 83 IGNORE_FILE="/usr/local/psionic/portsentry/portsentry.ignore" 这行定义拒绝ip 87 BLOCKED_FILE="/usr/local/psionic/portsentry/portsentry.blocked" 这行定义拒绝ip记录
132 BLOCK_UDP="1" 133 BLOCK_TCP="1 对扫描IP的操作,0为无动作,1防火墙阻止,2执行脚本 211 KILL_ROUTE="/sbin/ipfw add 1 deny all from $TARGET$:255.255.255.255 to any" Iptables阻止
/usr/local/psionic/portsentry/portsentry -tcp TCP基本端口绑定,以配置文件端口为准 /usr/local/psionic/portsentry/portsentry -udp UDP基本端口绑定,以配置文件端口为准 /usr/local/psionic/portsentry/portsentry -stcp TCP私密检测,只记录不回应端口开放 /usr/local/psionic/portsentry/portsentry -sudp UDP私密检测,只记录不回应端口开放 /usr/local/psionic/portsentry/portsentry -stcp UDP高级秘密检测,自动选择监听端口 /usr/local/psionic/portsentry/portsentry -audp UDP高级秘密检测,自动选择监听端口
验证
nmap -sS www.2cto.com
查看防火墙阻止记录 到此为止 PortSentry,就搭建完整了 (责任编辑:IT) |