Linux

主機名和 ip 顯示埠 4444 的不同記錄。為什麼?

  • May 24, 2018

我試圖阻止所有系統埠在 Kali Linux 中接受 4444。我在我的 iptables 中添加了 4444 並重新啟動了 iptables 服務。

現在nmap hostname -p 4444將其顯示為開放埠,但是當我使用我的系統 IP 時192.168.1.3,它顯示 4444 埠為關閉

   $ nmap linux -p 4444
   Starting Nmap 7.70 ( https://nmap.org ) at 2018-05-24 15:42 +0430
   sendto in send_ip_packet_sd: sendto(4, packet, 44, 0, 127.0.1.1, 16) => Operation not permitted
   Offending packet: TCP 127.0.0.1:50026 > 127.0.1.1:4444 S ttl=44 id=30247 iplen=44  seq=3026860575 win=1024 <mss 1460>
   sendto in send_ip_packet_sd: sendto(4, packet, 44, 0, 127.0.1.1, 16) => Operation not permitted
   Offending packet: TCP 127.0.0.1:50027 > 127.0.1.1:4444 S ttl=53 id=24606 iplen=44  seq=3026926110 win=1024 <mss 1460>
   Nmap scan report for linux (127.0.1.1)
   Host is up.
   rDNS record for 127.0.1.1: Linux.domain.linux

   PORT     STATE    SERVICE
   4444/tcp filtered krb524

   Nmap done: 1 IP address (1 host up) scanned in 2.11 seconds


   $ nmap 192.168.1.3 -p 4444
   Starting Nmap 7.70 ( https://nmap.org ) at 2018-05-24 15:43 +0430
   Nmap scan report for 192.168.1.3
   Host is up (0.000022s latency).

   PORT     STATE  SERVICE
   4444/tcp closed krb524

   Nmap done: 1 IP address (1 host up) scanned in 13.22 seconds


   $ hostname
   Linux

   $ ifconfig
   eth0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
           ether ec:f4:bb:2f:a2:d9  txqueuelen 1000  (Ethernet)
           RX packets 0  bytes 0 (0.0 B)
           RX errors 0  dropped 0  overruns 0  frame 0
           TX packets 0  bytes 0 (0.0 B)
           TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
           device interrupt 20  memory 0xf7e00000-f7e20000  

   lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
           inet 127.0.0.1  netmask 255.0.0.0
           loop  txqueuelen 1000  (Local Loopback)
           RX packets 63438  bytes 78026474 (74.4 MiB)
           RX errors 0  dropped 0  overruns 0  frame 0
           TX packets 63438  bytes 78026474 (74.4 MiB)
           TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

   tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1500
           inet 10.115.210.220  netmask 255.255.254.0  destination 10.115.210.220
           unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 100  (UNSPEC)
           RX packets 182  bytes 69832 (68.1 KiB)
           RX errors 0  dropped 0  overruns 0  frame 0
           TX packets 234  bytes 40743 (39.7 KiB)
           TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

   wlan0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
           inet 192.168.1.3  netmask 255.255.255.0  broadcast 192.168.1.255
           inet6 fe80::8286:f2ff:fe6e:59e2  prefixlen 64  scopeid 0x20<link>
           ether 80:86:f2:6e:59:e2  txqueuelen 1000  (Ethernet)
           RX packets 387176  bytes 530891372 (506.2 MiB)
           RX errors 0  dropped 0  overruns 0  frame 0
           TX packets 357454  bytes 58810528 (56.0 MiB)
           TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

您的主機名linux不會映射到您的外部 ip-address 192.168.1.3,而是映射到如下所示的環回介面:Nmap scan report for linux (127.0.1.1),與掃描外部介面相比,這將解釋不同的結果。

您不顯示防火牆配置,但通常防火牆規則對於環回介面是不同的(典型的規則集包括iptables -I INPUT -i lo -j ACCEPT接受系統內部的所有流量)

引用自:https://serverfault.com/questions/913611