我只是在对一个网站进行 nmap 扫描,结果发现它有过多的开放端口。老实说,我从来没有见过这样的事情。在所有 65,000 多个端口中,几乎所有端口都是开放的,包括运行比特币服务的端口 8333。
现在,当我运行 -sV 扫描时,几乎所有这些打开的端口都是 tcpwrapped。所以我的两个问题是:
- tcpwrapped 是什么意思,它是否使服务器或多或少容易受到攻击?
- 运行比特币服务器的端口 8333 到底是什么?
部分扫描结果:
PORT STATE SERVICE VERSION
1/tcp open tcpwrapped
3/tcp open tcpwrapped
4/tcp open tcpwrapped
6/tcp open tcpwrapped
7/tcp open tcpwrapped
9/tcp open tcpwrapped
13/tcp open tcpwrapped
17/tcp open tcpwrapped
19/tcp open tcpwrapped
20/tcp open tcpwrapped
21/tcp open tcpwrapped
22/tcp open ssh?
23/tcp open tcpwrapped
24/tcp open tcpwrapped
25/tcp filtered smtp
26/tcp open tcpwrapped
30/tcp open tcpwrapped
32/tcp open tcpwrapped
33/tcp open tcpwrapped
37/tcp open tcpwrapped
42/tcp open tcpwrapped
43/tcp open tcpwrapped
49/tcp open tcpwrapped
53/tcp open tcpwrapped
70/tcp open tcpwrapped
79/tcp open tcpwrapped
80/tcp open http Apache httpd
81/tcp open tcpwrapped
82/tcp open tcpwrapped
83/tcp open tcpwrapped
84/tcp open tcpwrapped
85/tcp open tcpwrapped
88/tcp open tcpwrapped
89/tcp open tcpwrapped
90/tcp open tcpwrapped
99/tcp open tcpwrapped
100/tcp open tcpwrapped
106/tcp open tcpwrapped
109/tcp open tcpwrapped
110/tcp open tcpwrapped
111/tcp open tcpwrapped
113/tcp open tcpwrapped
119/tcp open tcpwrapped
125/tcp open tcpwrapped
135/tcp open tcpwrapped
139/tcp filtered netbios-ssn
143/tcp open tcpwrapped
144/tcp open tcpwrapped
146/tcp open tcpwrapped
161/tcp open tcpwrapped
163/tcp open tcpwrapped
179/tcp open tcpwrapped
199/tcp open tcpwrapped
211/tcp open tcpwrapped
212/tcp open tcpwrapped
222/tcp open tcpwrapped
254/tcp open tcpwrapped
255/tcp open tcpwrapped
256/tcp open tcpwrapped
259/tcp open tcpwrapped
264/tcp open tcpwrapped
280/tcp open tcpwrapped
301/tcp open tcpwrapped
306/tcp open tcpwrapped
311/tcp open tcpwrapped
340/tcp open tcpwrapped
366/tcp open tcpwrapped
389/tcp filtered ldap
406/tcp open tcpwrapped
407/tcp open tcpwrapped
416/tcp open tcpwrapped
417/tcp open tcpwrapped
425/tcp open tcpwrapped
427/tcp open tcpwrapped
443/tcp open ssl/http Apache httpd
444/tcp open tcpwrapped
445/tcp filtered microsoft-ds
458/tcp open tcpwrapped
464/tcp open tcpwrapped
465/tcp closed smtps
481/tcp open tcpwrapped
497/tcp open tcpwrapped
500/tcp open tcpwrapped
512/tcp open tcpwrapped
513/tcp open tcpwrapped
514/tcp open tcpwrapped
515/tcp open tcpwrapped
524/tcp open tcpwrapped
541/tcp open tcpwrapped
543/tcp open tcpwrapped
544/tcp open tcpwrapped
545/tcp open tcpwrapped
548/tcp open tcpwrapped
554/tcp open tcpwrapped
555/tcp open tcpwrapped
563/tcp open tcpwrapped
587/tcp closed submission
593/tcp open tcpwrapped
616/tcp open tcpwrapped
617/tcp open tcpwrapped
625/tcp open tcpwrapped
631/tcp open tcpwrapped
636/tcp open tcpwrapped
646/tcp open tcpwrapped
648/tcp open tcpwrapped
666/tcp open tcpwrapped
667/tcp open tcpwrapped
668/tcp open tcpwrapped
683/tcp open tcpwrapped
687/tcp open tcpwrapped
691/tcp open tcpwrapped
700/tcp open tcpwrapped
705/tcp open tcpwrapped
711/tcp open tcpwrapped
714/tcp open tcpwrapped
720/tcp open tcpwrapped
722/tcp open tcpwrapped
726/tcp open tcpwrapped
749/tcp open tcpwrapped
765/tcp open tcpwrapped
777/tcp open tcpwrapped
783/tcp open tcpwrapped
787/tcp open tcpwrapped
800/tcp open tcpwrapped
801/tcp open tcpwrapped
808/tcp open tcpwrapped
843/tcp open tcpwrapped
873/tcp open tcpwrapped
880/tcp open tcpwrapped
888/tcp open tcpwrapped
898/tcp open tcpwrapped
900/tcp open tcpwrapped
901/tcp open tcpwrapped
902/tcp open tcpwrapped
903/tcp open tcpwrapped
911/tcp open tcpwrapped
912/tcp open tcpwrapped
981/tcp open tcpwrapped
987/tcp open tcpwrapped
990/tcp open tcpwrapped
992/tcp open tcpwrapped
993/tcp open tcpwrapped
995/tcp open tcpwrapped
999/tcp open tcpwrapped
1000/tcp open tcpwrapped
1001/tcp open tcpwrapped
1002/tcp open tcpwrapped
1007/tcp open tcpwrapped
1009/tcp open tcpwrapped
1010/tcp open tcpwrapped
1011/tcp open tcpwrapped
1021/tcp open tcpwrapped
1022/tcp open tcpwrapped
1023/tcp open tcpwrapped
1024/tcp open tcpwrapped
1025/tcp open tcpwrapped
1026/tcp open tcpwrapped
1027/tcp open tcpwrapped
1028/tcp open tcpwrapped
1029/tcp open tcpwrapped
1030/tcp open tcpwrapped
1031/tcp open tcpwrapped
1032/tcp open tcpwrapped
1033/tcp open tcpwrapped
1034/tcp open tcpwrapped
1035/tcp open tcpwrapped
1036/tcp open tcpwrapped
1037/tcp open tcpwrapped
1038/tcp open tcpwrapped
1039/tcp open tcpwrapped
1040/tcp open tcpwrapped
1041/tcp open tcpwrapped
1042/tcp open tcpwrapped
1043/tcp open tcpwrapped
1044/tcp open tcpwrapped
1045/tcp open tcpwrapped
1046/tcp open tcpwrapped
1047/tcp open tcpwrapped
1048/tcp open tcpwrapped
1049/tcp open tcpwrapped
1050/tcp open tcpwrapped
1051/tcp open tcpwrapped
1052/tcp open tcpwrapped
1053/tcp open tcpwrapped
1054/tcp open tcpwrapped
1055/tcp open tcpwrapped
1056/tcp open tcpwrapped
1057/tcp open tcpwrapped
1058/tcp open tcpwrapped
1059/tcp open tcpwrapped
1060/tcp open tcpwrapped
1061/tcp open tcpwrapped
1062/tcp open tcpwrapped
1063/tcp open tcpwrapped
1064/tcp open tcpwrapped
1065/tcp open tcpwrapped
1066/tcp open tcpwrapped
1067/tcp open tcpwrapped
1068/tcp open tcpwrapped
1069/tcp open tcpwrapped
1070/tcp open tcpwrapped
1071/tcp open tcpwrapped
1072/tcp open tcpwrapped
1073/tcp open tcpwrapped
1074/tcp open tcpwrapped
1075/tcp open tcpwrapped
1076/tcp open tcpwrapped
1077/tcp open tcpwrapped
1078/tcp open tcpwrapped
1079/tcp open tcpwrapped
1080/tcp open tcpwrapped
1081/tcp open tcpwrapped
1082/tcp open tcpwrapped
1083/tcp open tcpwrapped
1084/tcp open tcpwrapped
1085/tcp open tcpwrapped
1086/tcp open tcpwrapped
1087/tcp open tcpwrapped
1088/tcp open tcpwrapped
1089/tcp open tcpwrapped
1090/tcp open tcpwrapped
1091/tcp open tcpwrapped
1092/tcp open tcpwrapped
1093/tcp open tcpwrapped
1094/tcp open tcpwrapped
1095/tcp open tcpwrapped
1096/tcp open tcpwrapped
1097/tcp open tcpwrapped
1098/tcp open tcpwrapped
1099/tcp open tcpwrapped
1100/tcp open tcpwrapped
1102/tcp open tcpwrapped
1104/tcp open tcpwrapped
1105/tcp open tcpwrapped
1106/tcp open tcpwrapped
1107/tcp open tcpwrapped
1108/tcp open tcpwrapped
1110/tcp open tcpwrapped
1111/tcp open tcpwrapped
1112/tcp open tcpwrapped
1113/tcp open tcpwrapped
1114/tcp open tcpwrapped
1117/tcp open tcpwrapped
1119/tcp open tcpwrapped
1121/tcp open tcpwrapped
1122/tcp open tcpwrapped
1123/tcp open tcpwrapped
1124/tcp open tcpwrapped
1126/tcp open tcpwrapped
1130/tcp open tcpwrapped
1131/tcp open tcpwrapped
1132/tcp open tcpwrapped
1137/tcp open tcpwrapped
1138/tcp open tcpwrapped
1141/tcp open tcpwrapped
1145/tcp open tcpwrapped
1147/tcp open tcpwrapped
1148/tcp open tcpwrapped
1149/tcp open tcpwrapped
1151/tcp open tcpwrapped
1152/tcp open tcpwrapped
1154/tcp open tcpwrapped
1163/tcp open tcpwrapped
1164/tcp open tcpwrapped
1165/tcp open tcpwrapped
1166/tcp open tcpwrapped
1169/tcp open tcpwrapped
1174/tcp open tcpwrapped
1175/tcp open tcpwrapped
1183/tcp open tcpwrapped
1185/tcp open tcpwrapped
1186/tcp open tcpwrapped
1187/tcp open tcpwrapped
1192/tcp open tcpwrapped
1198/tcp open tcpwrapped
1199/tcp open tcpwrapped
1201/tcp open tcpwrapped
1213/tcp open tcpwrapped
1216/tcp open tcpwrapped
1217/tcp open tcpwrapped
1218/tcp open tcpwrapped
1233/tcp open tcpwrapped
1234/tcp open tcpwrapped
1236/tcp open tcpwrapped
1244/tcp open tcpwrapped
1247/tcp open tcpwrapped
1248/tcp open tcpwrapped
1259/tcp open tcpwrapped
1271/tcp open tcpwrapped
1272/tcp open tcpwrapped
1277/tcp open tcpwrapped
1287/tcp open tcpwrapped
1296/tcp open tcpwrapped
1300/tcp open tcpwrapped
1301/tcp open tcpwrapped
1309/tcp open tcpwrapped
1310/tcp open tcpwrapped
1311/tcp open tcpwrapped
1322/tcp open tcpwrapped
1328/tcp open tcpwrapped
1334/tcp open tcpwrapped
1352/tcp open tcpwrapped
1417/tcp open tcpwrapped
1433/tcp open tcpwrapped
1434/tcp open tcpwrapped
1443/tcp open tcpwrapped
1455/tcp open tcpwrapped
1461/tcp open tcpwrapped
1494/tcp open tcpwrapped
1500/tcp open tcpwrapped
1501/tcp open tcpwrapped
1503/tcp open tcpwrapped
1521/tcp open tcpwrapped
1524/tcp open tcpwrapped
1533/tcp open tcpwrapped
1556/tcp open tcpwrapped
1580/tcp open tcpwrapped
1583/tcp open tcpwrapped
1594/tcp open tcpwrapped
1600/tcp open tcpwrapped
1641/tcp open tcpwrapped
1658/tcp open tcpwrapped
1666/tcp open tcpwrapped
1687/tcp open tcpwrapped
1688/tcp open tcpwrapped
1700/tcp open tcpwrapped
1717/tcp open tcpwrapped
1718/tcp open tcpwrapped
1719/tcp open tcpwrapped
1720/tcp open tcpwrapped
1721/tcp open tcpwrapped
1723/tcp open tcpwrapped
1755/tcp open tcpwrapped
1761/tcp open tcpwrapped
1782/tcp open tcpwrapped
1783/tcp open tcpwrapped
1801/tcp open tcpwrapped
1805/tcp open tcpwrapped
1812/tcp open tcpwrapped
1839/tcp open tcpwrapped
1840/tcp open tcpwrapped
1862/tcp open tcpwrapped
1863/tcp open tcpwrapped
1864/tcp open tcpwrapped
1875/tcp open tcpwrapped
1900/tcp open tcpwrapped
1914/tcp open tcpwrapped
1935/tcp open tcpwrapped
1947/tcp open tcpwrapped
1971/tcp open tcpwrapped
1972/tcp open tcpwrapped
1974/tcp open tcpwrapped
1984/tcp open tcpwrapped
1998/tcp open tcpwrapped
1999/tcp open tcpwrapped
2000/tcp open tcpwrapped
2001/tcp open tcpwrapped
2002/tcp open tcpwrapped
2003/tcp open tcpwrapped
2004/tcp open tcpwrapped
2005/tcp open tcpwrapped
2006/tcp open tcpwrapped
2007/tcp open tcpwrapped
2008/tcp open tcpwrapped
2009/tcp open tcpwrapped
2010/tcp open tcpwrapped
2013/tcp open tcpwrapped
2020/tcp open tcpwrapped
2021/tcp open tcpwrapped
2022/tcp open tcpwrapped
2030/tcp open tcpwrapped
2033/tcp open tcpwrapped
2034/tcp open tcpwrapped
2035/tcp open tcpwrapped
2038/tcp open tcpwrapped
2040/tcp open tcpwrapped
2041/tcp open tcpwrapped
2042/tcp open tcpwrapped
2043/tcp open tcpwrapped
2045/tcp open tcpwrapped
2046/tcp open tcpwrapped
服务器被配置为对所有连接尝试返回虚假的 TCP SYN-ACK 响应。这可能是入侵防御的一部分(这是一种防止端口扫描的已知技术),也可能是 DDoS 防御的一部分(配置不当的SYNPROXY过滤器应该可以防止 SYN 泛滥)。
它不一定运行比特币服务。这是一个被 nmap 的“已知端口列表”标记为属于比特币的端口。它实际上是在运行 bitcoind 吗?可能不是。它可能在该端口上运行其他东西。或者它可能只是出于同样的原因而出现,所有其他端口都出现在扫描中。
虽然它实际上可能正在运行 bitcoind。这取决于您扫描的网站。有些人从一个多用途服务器上运行他们的个人网站,该服务器还运行他们的邮件系统、他们的数据库、他们的 Minecraft 服务器等。如果你扫描一个专业的网络托管服务提供商的系统,看到非网络服务会令人惊讶——但是,如果您扫描某人的自我管理的 VPS,这一点也不奇怪。
这意味着服务器接受了 TCP 连接,但随后立即关闭。
This is similar to the behavior of the "tcp_wrappers" library that some services use for IP-based access control (you might also know it as
/etc/hosts.deny) – because it works at service level it comes in too late to outright reject connections, so if the host is not allowed it'll just close the connection as soon as it's accepted. Hence the "tcpwrapped" label that nmap assigns.Use
--reasonto have nmap tell you why it came to its conclusion regarding each port.It doesn't actually mean the server uses tcp_wrappers though – nmap only sees the behavior but not the actual software. If applied to single ports like 22 (ssh), it would be tcp_wrappers. If applied to all possible ports, it's more likely to be SYNPROXY or something similar.