หน้าเว็บ

วันศุกร์ที่ 9 ตุลาคม พ.ศ. 2552

ฺBasic Firewall on iptables

เมื่อเรากำลัง ตรวจดู port ที่เปิดอยู่ของเครื่องของเราด้วย nmap localhost

ผลที่ได้ก็ประมาณนี้

*************************************************************
Starting Nmap 5.00 ( http://nmap.org ) at 2009-10-09 16:22 ICT
Warning: Hostname localhost resolves to 2 IPs. Using 127.0.0.1.
Interesting ports on localhost.localdomain (127.0.0.1):
Not shown: 981 closed ports
PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
80/tcp open http
110/tcp open pop3
111/tcp open rpcbind
143/tcp open imap
443/tcp open https
465/tcp open smtps
587/tcp open submission
631/tcp open ipp
993/tcp open imaps
995/tcp open pop3s
5222/tcp open unknown
5269/tcp open unknown
5900/tcp open vnc
7025/tcp open unknown
7777/tcp open unknown
10024/tcp open unknown
10025/tcp open unknown

Nmap done: 1 IP address (1 host up) scanned in 0.33 seconds

*************************************************************


แล้วเราจะป้องกันเครื่องของเราได้อย่างไรหล่ะที่นี้ ลองมาดูกันนะ

1. ไปที่ iptables ซึ่งเป็น firewall ของเครื่องกันเลย

# vim /etc/sysconfig/iptables


-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 25 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 143 -j ACCEPT

-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited



หรือ ไม่ก็ลองดูว่า port นี้ process ตัวไหน เป็นคนทำงานอยู่ ก็ปิดมันซะ

# netstat -tanp

หรือ จะดูข้อมูลอย่างละเีอียด

# nmap -A -T4 localhost


ผลที่ได้ก็ประมาณนี้

****************************************************************
Starting Nmap 5.00 ( http://nmap.org ) at 2009-10-09 16:17 ICT
Warning: Hostname localhost resolves to 2 IPs. Using 127.0.0.1.
Stats: 0:01:59 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan
NSE Timing: About 92.31% done; ETC: 16:19 (0:00:02 remaining)
Interesting ports on localhost.localdomain (127.0.0.1):
Not shown: 981 closed ports
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 5.2 (protocol 2.0)
| ssh-hostkey: 1024 a6:1c:7d:c7:44:bf:fc:9e:29:a0:6b:a5:ae:ea:b5:d4 (DSA)
|_ 2048 4f:ee:5e:2e:e3:40:45:ef:ed:57:90:a5:b4:52:da:29 (RSA)
25/tcp open smtp Postfix smtpd
|_ smtp-commands: EHLO zimbra.agss.com, PIPELINING, SIZE 10240000, VRFY, ETRN, STARTTLS, ENHANCEDSTATUSCODES, 8BITMIME, DSN
80/tcp open http?
|_ html-title: Did not follow redirect to https://localhost/zimbra/?zinitmode=http and no page was returned.
110/tcp open pop3 Zimbra pop3d
|_ pop3-capabilities: USER STLS EXPIRE(31 USER) UIDL IMPLEMENTATION(ZimbraInc) XOIP TOP SASL
111/tcp open rpcbind
| rpcinfo:
| 100000 2,3,4 111/udp rpcbind
| 100024 1 42604/udp status
| 100000 2,3,4 111/tcp rpcbind
|_ 100024 1 58036/tcp status
143/tcp open imap Zimbra imapd
|_ imap-capabilities: CONDSTORE THREAD=ORDEREDSUBJECT ESEARCH STARTTLS BINARY UNSELECT LOGINDISABLED UIDPLUS SORT SEARCHRES ID SASL-IR WITHIN AUTH=X-ZIMBRA LIST-EXTENDED QUOTA QRESYNC CHILDREN ENABLE LOGIN-REFERRALS I18NLEVEL=1 RIGHTS=ektx ACL IDLE CATENATE IMAP4rev1 LITERAL+ ESORT NAMESPACE MULTIAPPEND
443/tcp open ssl/http Zimbra http config
|_ html-title: Zimbra Collaboration Suite Log In
465/tcp open ssl/smtp Postfix smtpd
|_ smtp-commands: EHLO zimbra.agss.com, PIPELINING, SIZE 10240000, VRFY, ETRN, AUTH PLAIN LOGIN, AUTH=PLAIN LOGIN, ENHANCEDSTATUSCODES, 8BITMIME, DSN
587/tcp open smtp Postfix smtpd
|_ smtp-commands: EHLO zimbra.agss.com, PIPELINING, SIZE 10240000, VRFY, ETRN, STARTTLS, ENHANCEDSTATUSCODES, 8BITMIME, DSN
631/tcp open ipp CUPS 1.4
993/tcp open ssl/imap Zimbra imapd
|_ imap-capabilities: CONDSTORE THREAD=ORDEREDSUBJECT ESEARCH AUTH=PLAIN SASL-IR IMAP4rev1 UNSELECT UIDPLUS SORT ID SEARCHRES WITHIN AUTH=X-ZIMBRA LIST-EXTENDED BINARY QUOTA QRESYNC CATENATE CHILDREN LOGIN-REFERRALS RIGHTS=ektx ACL I18NLEVEL=1 ENABLE IDLE LITERAL+ ESORT NAMESPACE MULTIAPPEND
995/tcp open ssl/pop3 Zimbra pop3d
|_ pop3-capabilities: USER EXPIRE(31 USER) UIDL IMPLEMENTATION(ZimbraInc) XOIP TOP SASL(PLAIN X-ZIMBRA)
5222/tcp open unknown
5269/tcp open unknown
5900/tcp open vnc VNC (protocol 3.7)
7025/tcp open lmtp Zimbra lmtpd
7777/tcp open socks5 (No authentication; connection not allowed by ruleset)
10024/tcp open smtp amavisd smtpd
| smtp-commands: EHLO [127.0.0.1], VRFY, PIPELINING, SIZE, ENHANCEDSTATUSCODES, 8BITMIME, DSN, XFORWARD NAME ADDR PORT PROTO HELO SOURCE
|_ HELP 2.0.0 See amavisd-new home page at: 2.0.0 http://www.ijs.si/software/amavisd/
10025/tcp open smtp Postfix smtpd
|_ smtp-commands: EHLO zimbra.agss.com, PIPELINING, SIZE 10240000, VRFY, ETRN, STARTTLS, ENHANCEDSTATUSCODES, 8BITMIME, DSN
3 services unrecognized despite returning data. If you know the service/version, please submit the following fingerprints at http://www.insecure.org/cgi-bin/servicefp-submit.cgi :
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port80-TCP:V=5.00%I=7%D=10/9%Time=4ACEFFAF%P=i386-redhat-linux-gnu%r(Ge
SF:tRequest,117,"HTTP/1\.1\x20302\x20Found\r\nExpires:\x20Tue,\x2024\x20Ja
SF:n\x202000\x2020:46:50\x20GMT\r\nCache-Control:\x20no-store,\x20no-cache
SF:,\x20must-revalidate,\x20max-age=0\r\nPragma:\x20no-cache\r\nContent-Ty
SF:pe:\x20text/html;\x20charset=utf-8\r\nContent-Language:\x20en-US\r\nLoc
SF:ation:\x20https://127\.0\.0\.1/zimbra/\?zinitmode=http\r\nContent-Lengt
SF:h:\x200\r\n\r\n")%r(HTTPOptions,C7,"HTTP/1\.1\x20200\x20OK\r\nExpires:\
SF:x20Tue,\x2024\x20Jan\x202000\x2020:46:50\x20GMT\r\nCache-Control:\x20no
SF:-store,\x20no-cache,\x20must-revalidate,\x20max-age=0\r\nPragma:\x20no-
SF:cache\r\nAllow:\x20GET,\x20HEAD,\x20POST,\x20TRACE,\x20OPTIONS\r\nConte
SF:nt-Length:\x200\r\n\r\n")%r(RTSPRequest,2F,"HTTP/1\.1\x20400\x20Bad\x20
SF:Request\r\nConnection:\x20close\r\n\r\n")%r(X11Probe,2F,"HTTP/1\.1\x204
SF:00\x20Bad\x20Request\r\nConnection:\x20close\r\n\r\n")%r(FourOhFourRequ
SF:est,5BD,"HTTP/1\.1\x20404\x20Not\x20Found\r\nContent-Type:\x20text/html
SF:;\x20charset=utf-8\r\nContent-Language:\x20en-US\r\nContent-Length:\x20
SF:1356\r\n\r\n\n\n\n\n\n\n\n\n\nSF:ML\x20PUBLIC\x20\"-//W3C//DTD\x20HTML\x204\.01\x20Transitional//EN\">\n
SF:\n\n\n\n\n\n\n\n\n\n\n\x20\x20\x20\x20SF:"Content-Type\"\x20content=\"text/html;charset=utf-8\">\n\x20\x20\x20\x
SF:20404\x20-\x20Not\x20Found\n\x20\x20\x20\x20SF:e=\"viewport\"\x20content=\"width=320;\x20initial-scale=1\.0;\x20maximu
SF:m-scale=8\.0;\x20user-scalable=1;\">\n\x20\x20\x20\x20SF:escription\"\x20content=\"Zimbra\x20provides\x20open\x20source\x20serve
SF:r\x20and\x20client\x20software\x20for\x20messaging\x20and\x20collaborat
SF:ion\.\x20To\x20find\x20out\x20more\x20visit\x20http://www\.zimbra\.com\
SF:.\">\n\x20\x20\x20\x20SF:s\"\x20href=\"/zimbra/css/common,login,zhtml,skin\.css\?skin=&v=0909111
SF:85028\">\n\t\n\t\n\t\x20\x20\x20\x20\n\t\n\x20\x20\x20\x20SF:\"SHORTCUT\x20ICON\"\x20href=\"/zimbra/img/logo/favicon\.ico\">\nSF:>\n\n\n





\n<
SF:tr>\n==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port5222-TCP:V=5.00%I=7%D=10/9%Time=4ACEFFD2%P=i386-redhat-linux-gnu%r(
SF:Help,10,"")%r(X11Probe,10,"")%r(LPDStri
SF:ng,10,"")%r(TerminalServer,10,"");
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port5269-TCP:V=5.00%I=7%D=10/9%Time=4ACEFFD2%P=i386-redhat-linux-gnu%r(
SF:Help,10,"")%r(X11Probe,10,"")%r(LPDStri
SF:ng,10,"")%r(TerminalServer,10,"");
Device type: general purpose
Running: Linux 2.6.X
OS details: Linux 2.6.15 - 2.6.27
Network Distance: 0 hops
Service Info: Hosts: zimbra.agss.com, 127.0.0.1

OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 127.55 seconds

*******************************************************************

Thanks : thaiadmin.org

ไม่มีความคิดเห็น: