1. 防火墙识别
防火墙识别:
- 在尽量隐蔽的情况下,扫描出防火墙的过滤规则,开放哪些端口;
- 我们的扫描行为,并不希望防火墙发现,所以扫描防火墙的目的就是通过发送的数据包,检查回包,识别防火墙过滤的端口;
- 设备多种多样,结果存在一定误差;
可以根据如下四种情况判断防火墙的过滤规则;
(1)使用python脚本实现防火墙识别:firewall_detect.py
#!/usr/bin/python
#Author:橘子女侠
#Time:2019/04/15
#该脚本用于实现判断防火墙的过滤端口(注:脚本有点小问题,未解决)
from scapy.all import *
import sys
if len(sys.argv) != 3:
print ("This script needs 2 args!\nExample:./firewall_detect.py 192.168.0.0 80")
sys.exit()
ip = sys.argv[1]
port = int(sys.argv[2])
SYN_response = sr1(IP(dst = ip) / TCP(flags = "S", dport = port), timeout = 1, verbose = 0)
ACK_response = sr1(IP(dst = ip) / TCP(flags = "A", dport = port), timeout = 1, verbose = 0)
if (SYN_response == None) and (ACK_response == "None"):
print("1. Port is filtered or host is down!")
elif (SYN_response[TCP].flags == "SA" or SYN_response[TCP].flags == "SR") and (ACK_response == None):
print("2. Port is filtered!")
elif int(SYN_response[TCP].flags) == 18:
print ("Port is unfiltered and open" )
elif int(SYN_response[TCP].flags) == 20:
print ("Port is unfiltered and closed")
else:
print ("4. Port is Closed!")
结果如下:
root@root:~# ./firewall_detect.py 192.168.37.128 25
Port is unfiltered and open
root@root:~# ./firewall_detect.py 192.168.37