- 用 nmap 等工具掃描會看到全部 port 是 open 的
- 每一個 port 都是假的
下載編譯
git clone https://github.com/drk1wi/portspoof.git cd portspoof ./configure make
新增一筆 iptables 讓封包都導到 4444 port (portspoof 預設吃的)
iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 1:65535 -j REDIRECT --to-ports 4444
測試 (加個 -D 就背景執行了,它也有 init script)
./src/portspoof -c tools/portspoof.conf -s tools/portspoof_signatures
用 nmap 掃
Starting Nmap 6.40 ( http://nmap.org ) at 2014-05-07 11:47 CST Nmap scan report for mail.ssorc.net (10.10.10.137) Host is up (0.00012s latency). PORT STATE SERVICE 1/tcp open tcpmux 3/tcp open compressnet 4/tcp open unknown 6/tcp open unknown 7/tcp open echo 9/tcp open discard 13/tcp open daytime 17/tcp open qotd 19/tcp open chargen .. . 146/tcp open iso-tp0 161/tcp open snmp 163/tcp open cmip-man 179/tcp open bgp 199/tcp open smux 211/tcp open 914c-g 212/tcp open anet 222/tcp open rsh-spx 254/tcp open unknown .. . 57797/tcp open unknown 58080/tcp open unknown 60020/tcp open unknown 60443/tcp open unknown 61532/tcp open unknown 61900/tcp open unknown 62078/tcp open iphone-sync 63331/tcp open unknown 64623/tcp open unknown 64680/tcp open unknown 65000/tcp open unknown 65129/tcp open unknown 65389/tcp open unknown MAC Address: 00:E0:81:DB:0C:29 (Tyan Computer) Nmap done: 1 IP address (1 host up) scanned in 0.28 seconds
切記
iptables PREROUTING 之前一定要先 ACCEPT 正式服務的 port,不然一用 portspoof 時,正常服務也會被導到假的
留言