nmap的扫描结果如果STATE是open,但是SERVICE是tcpwrapped。
说明tcp在建立之后迅速断开。该端口实际上是开放的,但是访问的ip不在允许的列表中。例如:该端口可能仅对内网开放。
参考:https://security.stackexchange.com/questions/23407/how-to-bypass-tcpwrapped-with-nmap-scan
"tcpwrapped" refers to tcpwrapper, a host-based network access control program on Unix and Linux. When Nmap labels something tcpwrapped, it means that the behavior of the port is consistent with one that is protected by tcpwrapper. Specifically, it means that a full TCP handshake was completed, but the remote host closed the connection without receiving any data.
It is important to note that tcpwrapper protects programs, not ports. This means that a valid (not false-positive) tcpwrapped response indicates a real network service is available, but you are not on the list of hosts allowed to talk with it. When such a large number of ports are shown as tcpwrapped, it is unlikely that they represent real services, so the behavior probably means something else.
What you are probably seeing is a network security device like a firewall or IPS. Many of these are configured to respond to TCP portscans, even for IP addresses which are not assigned to them. This behavior can slow down a port scan and cloud the results with false positives.
EDIT: Since this post was flagged as plagiarism and deleted, I would like to point out that the assumed source (this page on SecWiki.org) was also written by me. This Security.StackExchange answer (October 31, 2013) predates that page (November 12, 2013) by nearly two weeks.
扫一扫
469
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
