Redhat/Centos 7 的 Firewalld 有什么好的防 namp 扫描的办法吗? - V2EX
V2EX = way to explore
V2EX 是一个关于分享和探索的地方
现在注册
已注册用户请  登录
sstu

Redhat/Centos 7 的 Firewalld 有什么好的防 namp 扫描的办法吗?

  •  
  •   sstu 2019 年 3 月 22 日 4091 次点击
    这是一个创建于 2589 天前的主题,其中的信息可能已经有所发展或是发生改变。

    nginx 日志里经常出现

    202.61.87.159 - - [22/Mar/2019:01:56:10 +0800] "GET /nmaplowercheck1553190762 HTTP/1.1" 400 5 "-" "Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)" 202.61.87.159 - - [22/Mar/2019:01:56:10 +0800] "GET / HTTP/1.0" 400 0 "-" "-" 202.61.87.159 - - [22/Mar/2019:01:56:10 +0800] "POST /sdk HTTP/1.1" 400 5 "-" "Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)" 202.61.87.159 - - [22/Mar/2019:01:56:10 +0800] "GET /HNAP1 HTTP/1.1" 400 5 "-" "Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)" 202.61.87.159 - - [22/Mar/2019:01:56:10 +0800] "GET / HTTP/1.1" 400 5 "-" "-" 123.249.13.251 - - [22/Mar/2019:01:56:12 +0800] "GET / HTTP/2.0" 400 0 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Firefox/31.0" 202.61.87.159 - - [22/Mar/2019:02:35:01 +0800] "GET / HTTP/1.0" 400 0 "-" "-" 202.61.87.159 - - [22/Mar/2019:02:35:01 +0800] "GET /nmaplowercheck1553193092 HTTP/1.1" 400 5 "-" "Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)" 202.61.87.159 - - [22/Mar/2019:02:35:01 +0800] "POST /sdk HTTP/1.1" 400 5 "-" "Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)" 202.61.87.159 - - [22/Mar/2019:02:35:01 +0800] "GET /HNAP1 HTTP/1.1" 400 5 "-" "Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)" 202.61.87.159 - - [22/Mar/2019:02:35:01 +0800] "GET / HTTP/1.1" 200 42248 "-" "-" 

    目前是临时用 fail2ban,发现 nginx 日志中有 HTTP/1.*的请求就直接封禁 86400s (正常日志一般是 HTTP/2.0 )

    另外搜到的解决办法是 iptables 的规则,而且博文都挺老的,2014 年左右的...
    centos7 也换用 firewalld 了

    设想是如果 nmap 还是用的这些协议进行扫描,是不是把 iptables 的规则换成 firewalld 就可以了?

    #附搜到的 iptables 规则 iptables -F ptables -A INPUT -p tcp tcp-flags ALL FIN,URG,PSH -j Drop ptables -A INPUT -p tcp tcp-flags SYN,RST SYN,RST -j Drop ptables -A INPUT -p tcp tcp-flags SYN,FIN SYN,FIN -j Drop ptables -A INPUT -p tcp tcp-flags SyN SYN dport 80 -j Drop 
    6 条回复    2019-03-23 12:41:15 +08:00
    wzw
        1
    wzw  
       2019 年 3 月 23 日 via iPhone
    公网的机器? 80 被扫,没事吧
    WordTian
        2
    WordTian  
       2019 年 3 月 23 日 via Android   1
    只要你的服务还开着,就不可能完全禁止 nmap 扫描,只能说增大扫描难度,或者说增大扫描花费的时间成本

    一般来说,用 firewalld 选择合适的 zone,drop 掉所有非服务端口的包也就差不多了
    sstu
        3
    sstu  
    OP
       2019 年 3 月 23 日 via Android
    @wzw 被扫了总得预防吧……
    sstu
        4
    sstu  
    OP
       2019 年 3 月 23 日 via Android
    @WordTian 好咧,这去学习 firewalld 的配置办法
    wtks1
        5
    wtks1  
       2019 年 3 月 23 日 via Android
    其实 centos7 也是可以用 iptables 的啊
    sstu
        6
    sstu  
    OP
       2019 年 3 月 23 日 via Android
    @wtks1 firewalld 已经配好服务了,再切换到 iptables 有点麻烦,太懒了:P
    关于     帮助文档     自助推广系统     博客     API     FAQ     Solana     2806 人在线   最高记录 6679       Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.5 48ms UTC 15:08 PVG 23:08 LAX 08:08 JFK11:08
    Do have faith in what you're doing.
    ubao msn snddm index pchome yahoo rakuten mypaper meadowduck bidyahoo youbao zxmzxm asda bnvcg cvbfg dfscv mmhjk xxddc yybgb zznbn ccubao uaitu acv GXCV ET GDG YH FG BCVB FJFH CBRE CBC GDG ET54 WRWR RWER WREW WRWER RWER SDG EW SF DSFSF fbbs ubao fhd dfg ewr dg df ewwr ewwr et ruyut utut dfg fgd gdfgt etg dfgt dfgd ert4 gd fgg wr 235 wer3 we vsdf sdf gdf ert xcv sdf rwer hfd dfg cvb rwf afb dfh jgh bmn lgh rty gfds cxv xcv xcs vdas fdf fgd cv sdf tert sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf shasha9178 shasha9178 shasha9178 shasha9178 shasha9178 liflif2 liflif2 liflif2 liflif2 liflif2 liblib3 liblib3 liblib3 liblib3 liblib3 zhazha444 zhazha444 zhazha444 zhazha444 zhazha444 dende5 dende denden denden2 denden21 fenfen9 fenf619 fen619 fenfe9 fe619 sdf sdf sdf sdf sdf zhazh90 zhazh0 zhaa50 zha90 zh590 zho zhoz zhozh zhozho zhozho2 lislis lls95 lili95 lils5 liss9 sdf0ty987 sdft876 sdft9876 sdf09876 sd0t9876 sdf0ty98 sdf0976 sdf0ty986 sdf0ty96 sdf0t76 sdf0876 df0ty98 sf0t876 sd0ty76 sdy76 sdf76 sdf0t76 sdf0ty9 sdf0ty98 sdf0ty987 sdf0ty98 sdf6676 sdf876 sd876 sd876 sdf6 sdf6 sdf9876 sdf0t sdf06 sdf0ty9776 sdf0ty9776 sdf0ty76 sdf8876 sdf0t sd6 sdf06 s688876 sd688 sdf86