1. Linux f (port)
@@1.1 O port H
@@1.2 [ portG netstat, nmap
2. port ҰʻP
@@2.1 stand alone P super daemon
@@2.2 ]w}ɱҰʪA
@@2.3 wʪҶq
3. ҫm
4. w糧媺ĳGhttp://phorum.vbird.org/viewtopic.php?p=112964

ڭ̦b¦qTwӤp`gͨ TCP ʥ]Y̭nNOӷPؼЪf (port) FAYA[WӷPؼЪ IP Ni@ Socket pair Ao port NOΦbsuɴѳsufNNoAb}lo@`eAбze¦@A@@@C FoӤ~A٦SLݭn`NƶOHUڭ̴Nӽͤ@ͥI

O port

Aγ\``|bWťyڪD}Fh֪ port A||QJIrHz Ϊ̬Oy} port |wHSAڪAӹ port rHzIܯ_aI@DWoh_Ǫ port OH

]աIb¦̭ڭ̴gйLܦhA ҥHA|DnF@ server/client suAݭn@ Socket pair ӫإ߳suA o]NOAsuOyVzC ~AJMڭ̷QnsuDݡADեonҰʤ@ӤjaD port byťzaA _hpFsuOHzOaIt~A client ݬO_nҥΩTw port ӳsuH Mݭnڡ㨺@h port OHUڭ̴Nӽͤ@͡C

Dݪť (Listen)G
Q@QAAnpsW Yahoo hݷsDHMOn}sAMJ Yahoo }Aڭ̪sN|s Yahoo WWW hnDƤFCJMpܡA򨺳 Yahoo WWW DMNonҰ WWW AȰաA Mڭ̪s~sӪAȡCo]NOyDұҥΪ port OѬYǺA (program) ұҰʪzCӬFsWKA]ܦhAȩҶ}Ҫ port OTwAҦp WWW }Ҧb port 80 Amail }Ҧb port 25 F
Τݪ portG
ΤݱҰʪ port OHͪA DnO}Ҧbj 1024 HWfAo port ]OѬYǳnҲͪAҦpW쪺ҤlA ڭ̪sQns Yahoo WWW DAsNonҥΤ@ port ӻPDisuA Hզ@ Socket pair ӶǿƹI

ҿתyťzOYӪAȵ{|@`nbOAҥHӵ{Ұʪ port N|@sbC ܩ port bǿL{P_AN TCP/UDP qTwYƨӰOڡA ڭ̪DzLR TCP/UDP YƴNAѨӳsuһݭnsnOӡA ӵTƦ^CҥHA@DWMiHPɱҰʫܦhPAȰڡI ^_^C

٦W쪺@ǭIA]oAAѤ@UANOG

@ 65536 portG
w]pUAڭ̪D| 65536 portAӳo port SӳAH port 1024 @ϹjG
u root ~ҰʪOd portG
bp 1023 (sP 1023) fAOݭnH root ~ҰʪA o port DnOΩ@Ǳ`qTAȡAb Linux tΤUA`wP port OOb /etc/services ̭C @ӻAo port ̦nOd@ǹw]AȨӨϥΡAnۤvHNϥΨo portA ]o port Oثe Internet WҺDΪAҥH@ǵ{}o̦bin骺}oɡA Nwo well know fӶ}oAja]eϥΦA\ڡI
j 1024 Ω client ݪ portG
bj 1024 HW port DnO@ client ݪnҰʪ port Co port XGO̧HϥΪA Ҧpeͨ쪺sANOϥΤj 1024 HW portCpGΨ port 65535 A tη|DʦAѫeSϥΨ쪺f (p 1024) AşǨϥΡC
O_ݭnTV洤G
إߥiasuAȻݭnϥΨ TCP wA]Nݭnҿת TV洤FA pGODiasuAȡAҦp DNS Aunϥ UDP wYiC
qTwҥΦbDW portG
ڭ̪Dsw]|s WWW D port 80AA WWW O_iHҰʦbD 80 LfH MiHڡIAiHzL WWW n骺]w\NӳnϥΪ port ҰʦbDWfA uOp@ӡAzΤݭnsADɡANonbsaB~wAұҥΪDWf~C oӱҰʦbDWf\A``QΦb@ǩҿתaUաI^_^Ct~A Yǳnw]NҰʦbj 1024 HWfAp MySQL ƮwnNҰʦb 3306C
ҿת port wG
ƹWASҿת port wʡI]yPort ҥάOѪAȳnҳyzA ]NOAuvTwäO port AӬOҰ port ӳn ({)I γ\Aӷ|ťGyS׸ɹL|} bind 8.x AܮeQ«ȩҤJIAкɧ֤ɯŨ bind 9.x H᪩zAҥHoAwuM`OyYǤwAȡz ӤOy}F port z~OI]ASnAȴNNLaI רYǺAٷ|Ұʤ@ port It~AǤwҰʪn]ݭn򪺫OsI

[ port

nFAڭ̲{bDo port O򰭪FFAAӴNOnhyݥL쩳bFԣHzSI AӴNOnAѤ@UAڭ̪D쩳O}Fh֪ port OHpPڭ̫eA zonAѤ@UAڭ̪yAȡzy port zɮ׬O@ӡHA@IOy /etc/services zաI ӱ`Ψ[ port hUӵ{G

netstatGbWHۤv{ʴۤv portF

nmapGzLn黪UAiDWLDAHkC

LjYIϥ nmap |HkHIѩ nmap \ӱjjFAҥHܦh cracker (ǫȡAWH) |HLӰOHDAoӮɭԴNiyHkաI unzϥ nmap ɭԤnhOHqDAN|DաI Uڭ̤Oӻ@o_aI

netstat

bD Linux tΤA}ҪAȶVֶVnI ]֪AȥiHe (debug) PAѦw|}AåiקKnJI޹DI ҥHAoӮɭԽAѤ@UztηSǪAȳQ}ҤFOH nAѦۤvtηAȶءA²KkNOϥ netstat FIoӪF褣² (C@ Linux w]|w˪{I) AӥB\]OܤC oӫOϥΤkb Linux `κ\OзLFA Uڭ̶ȴѦpϥγoӤu㪺koI

CXbťAȡG
CXAȪ觋²ApUҥܡG

[root@linux ~]# netstat -tunl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address       Foreign Address     State
tcp        0      0 0.0.0.0:25          0.0.0.0:*           LISTEN
tcp        0      0 :::80               :::*                LISTEN
tcp        0      0 :::22               :::*                LISTEN
tcp        0      0 :::25               :::*                LISTEN

WFڪDҰ port 25, 80, 22 AӥB[UsuAio{oT port ~ѳsuOI

CXwsusuAG
pGȬOnCXWwgsuΪ̬O@ǳsuL{_Bs{ǪAA iHϥΦpU觋ӳBzG

[root@linux ~]# netstat -tun
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address        Foreign Address      State
tcp        0      0 192.168.10.100:25    192.168.10.5:3151    TIME_WAIT
tcp        0      0 192.168.10.100:22    192.168.10.150:1832  ESTABLISHED

qWƨӬݡAڪD (192.168.10.100) ثeȦ@wإߪsuA NOP 192.168.10.150 DssuAåBsuuOѹsڥD port 22 ӨΧڥDAȧoIܩ󨺭 TIME_WAIT hObݸӳsu_աI

RwإߩΦbťsuG
pGQnNwgإߡAΪ̬ObťAܡA²檺kMNOXӳsu PIDA MNL kill YiڡIҦpUdҡG

[root@linux ~]# netstat -tunp
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address     Foreign Address      State       PID/P name
tcp        0     68 192.168.10.100:22 192.168.10.150:1832  ESTABLISHED 13247/sshd

pWdҡAڭ̥iHXӸӳsuO sshd oӵ{ӱҥΪAåBL PID O 13247A ƱAn߫檺 killall oӫOA_heRH (]AḒi|h sshd sb)A ӭnϥ kill oӫO~I

[root@linux ~]# kill -9 13247

nmap

pGAn]ƨèSۤv@~tΡA|ҨӻAAQnAѤ@UqLO_}YǨwɡA ӦpBzڡH{bAD netstat iHΨӬd\W\hťqTwA ҦpLo˪D]ơAnpd߰ڡHI nmap NFI

nmap M󻡩W٬GyNetwork exploration tool and security scannerzAUWqA oӪFOQtκ޲zΨӺ޲ztΦwʬd֪uILyz]FA nmap iHgѵ{ۦwqX port ơAӬdX port AȬAҥHڭ̤]iHǦAѧڭ̥D port 쩳OFΪIpGzOw Linux O Red Hat tΪܡAo nmap MӤwgw˧FAU@SoӮM󪺸ܡA]iHӨ쩳UUG

http://insecure.org/nmap/

[root@linux ~]# nmap [] [˰Ѽ] [hosts }Pd]
ѼơG
[]GDnUXءG
    -sTG TCP ʥ]wإߪsu connect() I
    -sSG TCP ʥ]a SYN Ҫ
    -sPGH ping 觋i汽
    -sUGH UDP ʥ]榡i汽
    -sOGH IP w ( protocol ) iD
[˰Ѽ]GDn˰ѼƦXءG
    -PTGϥ TCP Y ping 觋Ӷi汽ˡAiH򪾥ثeXqs(`)
    -PIGϥιڪ ping (a ICMP ʥ]) Ӷi汽
    -p GoӬO port range AҦp 1024-, 80-1023, 30000-60000 ϥΤ觋
[Hosts }Pd]GoӦhFAX
    192.168.0.100  GgJ HOST IP ӤwAˬd@F
    192.168.0.0/24 G C Class AA
    192.168.*.*@@GKKIhܬ B Class AFI˪dܼsFI
    192.168.0.0-50,60-100,103,200 GoجOܧΪDdաIܦnΧaI

dҤ@Gϥιw]ѼƱ˥ұҥΪ port
[root@linux ~]# nmap localhost
PORT     STATE SERVICE
22/tcp   open  ssh
25/tcp   open  smtp
80/tcp   open  http
139/tcp  open  netbios-ssn
# bw]pUA nmap ȷ| TCP wI

nmap Ϊk²oINbO᭱W IP Ϊ̬ODW٧YiCLAbw]pU nmap ȷ|AR TCP oӳqTwӤwAWoӨҤlALu|ڦCX 4 Ӥwg}Ҫ TCP fXA uIOD]N}ҸӰfAȤ]CXӤFAuOnI ^_^IpGQnPɤR TCP/UDP oӱ`qTwOHiHo˰G

[root@linux ~]# nmap -sTU localhost
PORT      STATE         SERVICE
22/tcp    open          ssh
25/tcp    open          smtp
80/tcp    open          http
137/udp   open|filtered netbios-ns
138/udp   open|filtered netbios-dgm
139/tcp   open          netbios-ssn

KKIPedҤ@UAA|o{ohF UDP fAOO 137 P 138 A oˤRnhFaIMApGAQnAѤ@U쩳XDbAɡA hiHo˰G

[root@linux ~]# nmap -sP 192.168.10.0/24
Host 192.168.10.171 appears to be up.
MAC Address: 00:01:E6:B3:AA:CC (Hewlett-Packard Company)
Host 192.168.10.174 appears to be up.
MAC Address: 00:04:75:FF:CC:DD (3 Com)
Host 192.168.10.175 appears to be up.
MAC Address: 00:0C:6E:BA:11:22 (Asustek Computer)

ݨ_HAҷTDۧoIåB IP ҹ MAC ]|QOUӡA ܤaIpGAٷQnNUӥDҰʪ port @@fܡANonϥΡG

[root@linux ~]# nmap 192.168.10.0/24

AN|ݨ@ port number QXùWopGQnHɰOӺqDO_p߶}FYǪAȡA KKIQ nmap tXƬyɦV (>, >> ) ӿXɮסA HɥiHxzϰCDAȱҰʪpڡI ^_^

ЯSOdNAo nmap \۷jjA]O]pA ҥHܦhbmߪ«ȷ|ϥγoӳnӰOHqAoӮɭԽбzSOdNA ثeܦhHwgySO觋zӶinu@IҦpH TCP_Wrappers (/etc/hosts.allow, /etc/hosts.deny) \ӰOgL port IPI oӳnΨӡyۤvwʡzOܤ@ӤuAOpGΨӰOHDA iO|yYWxqzISOdNII

{bAD port OѬYǵ{ұҰʪAҥHnY port ɡANNYӵ{LNOFI kAMiHϥ kill ALAOΪѨMDA] kill oӫOq`㦳jYǵ{\Aڭ̷Qn`ӵ{ڡI ҥHANQΨtεڭ̪ script NnFڡC bPɡAڭ̴NoAӵyLƲߤ@UA@ǲΪAȦXH

stand alone P super daemon

ڭ̦b Linux pе -- ¦ǲ߽gͨA b@륿` Linux tҤUAAȪҰʻP޲zDnؤ觋G

stand alone
UWqAstand alone NOӪAȪɡAӰɪJOB@A γoؤ觋ӱҰʥiHӪAȨ㦳ֳt^uIC@ӻAoتAȪҰ script |m /etc/init.d/ oӥؿUAҥHAq`iHϥΡGy /etc/init.d/sshd restart z觋ӱҰʳoتAȡF
Super daemon
Τ@ӶWŪAȧ@`ޡAH޲z@ǺAȡCb CentOS 4.x ̭ϥΪhO xinetd o super daemon ڡIoؤ觋ҰʪAMb^Wt׷|CA LAiHzL super daemon B~Ѥ@ǱޡAҦpɱҰʡBɥiHisuB IP iHsiӡBO_\PɳsuCq`]wɩmb /etc/xinetd.d/ A]wݭnsHy /etc/init.d/xinetd restart zsӱҰʤ~I

ԲӪAȻAаѦҰ¦g {ѪA @A bo̤AحzCnApGڷQnNڨtΤW port 25 ܡA ӦpOH²檺@kNOX port 25 Ұʵ{I

[root@linux ~]# netstat -tnlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State   PID/Program name
tcp        0      0 127.0.0.1:25  0.0.0.0:*       LISTEN  2030/master
tcp        0      0 :::22         :::*            LISTEN  1961/sshd
# xI|O master oӪNH which oӫO٧䤣o master
# HSYAڭ̥iHzL locate tXWܪkoӫOI

[root@linux ~]# locate master | grep '/master$'
/usr/libexec/postfix/master
# KKIӥWܪkNiHWzXGAMA rpm ӳBzI

[root@linux ~]# rpm -qf /usr/libexec/postfix/master
postfix-2.2.2-2
# FINOoӮMIҥHNLkiNOG

[root@linux ~]# rpm -qc postfix | grep init
/etc/rc.d/init.d/postfix
[root@linux ~]# /etc/init.d/postfix stop

zLWoӤRy{AAiHQΨtδѪܦhKuӹFYӪAȪI ԣo·СHOQ kill -9 2030 NiHRӪAȤFܡH OSաILAADӪAȬOԣΪܡHADNLAAtη|XDܡH pGDܡAQΤWy{NiHXӪAȮMAAQ rpm dߥ\A NDӪAȪ@ΤFHҥHAoӤ觋٬Oz|UաI Uбzյ۱Nz CentOS Ϊ̬OL Linux Telnet }լݬݡC

DGڭ̪DtΪ Telnet Aȳq`OH super daemon ӱުAбzҰʱztΪ telnet լݬݡC

G

nҰ telnet nwgwˤF telnet A~AҥHХH rpm d߬ݬݬO_w telnet-server OH yrpm -qa | grep telnet-serverzpGSw˪ܡAЧQέ쪩ШӦwˡAΪ̨ϥΡyyum install telnet-serverz wˤ@UF
ѩO super daemon ޡAҥHнs /etc/xinetd.d/telnet oɮסAN𫟺ydisable = yesz令 ydisable = nozHy/etc/init.d/xinetd restartzsҰ super daemon aI
Q netstat -tnlp ݬO_Ұ port 23 OH

]w}ɱҰʪA

pGAwgQe@`kN@ǪAFAOUAs}AxI 򨺨ǳQAȤSyKjS͡zLyzXӤFHSڡA ]e@`@kOiHߧYNYӪAAOo|vT}ɬO_|ҰʻP_]wC ˸

pGAQnb}ɭԴNҰʩΤҰʬYAȮɡANonAѤ@U ¦ǲ߽g̭ͨ쪺}y{޲z eաI b Unix like tηڭ̳OzL run level ӳ]wYǰ浥ŻݭnҰʪAȡA H Red Hat tΨӻAo run level ҰʪƳOmb /etc/rc.d/rc[0-6].d/ ̭Ap޲zӥؿU script OH ʳBzܡH|ƱoIҥHAnx chkconfig Red Hat tΪ ntsysv oXӫO~I
oXӫOܡHoӮɭԳoFGy man ΪݥΡAݵL man Ŧ۲qz򵹥L man UhաI

DG(1)pd\ portmap oӵ{@}NH (2)pG}NApNLאּ}ɤnҰʡH (3)pߧYo portmap AȡH

G

iHzLy chkconfig --list | grep portmap zPy runlevel zT{@UAһP portmap O_ҰʡH
pGҰʡAizLy chkconfig --level 35 portmap off zӳ]w}ɤnҰʡF
iHzLy /etc/init.d/portmap stop zӥߧYLI

oA@w|ݻGyAANOunNtΩҦAȳAtδN|woHz M....OI]yܦhtΪAȬOnsbA_htαN|XDz |ҨӻAӫOtΥiH㦳u@Ƶ{ crond AȴN@wnsbAӨӰOtΪp syslogd ]Mnsb_h窾DtΥXFԣDH UCXXӱ`nsbtΪAȵjaѦҰѦҥIoǪAȽФnڡI

AȦW	AȤe
acpid	sq޲zҲաAq`ĳ}ҡALAYǵOqiण䴩AȡANo
atd	b޲z@wRO檺AȡAӭnҰʪ
crond	b޲zu@Ƶ{nAȡAаȥnҰʰڡI
iptables	Linux تnAoӤ]iHҰʰաI
keytables	pGALDW榡ɡAoӪAȪҰʩγ\iHUAI
network	oӭnFaHnNnLڡI
sshd	oOtιw]\|ҰʪAiHAbݥHrA׺ݾnJI
syslog	tΪnɰOAܭnAȥҰʰڡI
xinetd	NO super daemon IҥH]nҰʰաI
xfs	ΨӺ޲z X Window rθƪAȡApGA\|ݭn X Window ɡAoӪAȭnҰʡC

SInháIunoǴNiHաIoXӪAȬOnҰʪI ܩLAȫhαҰʡIҦp sendmail աILLL``ơA\ۡI ڭ̷|b򪺳`pҰʳoǪAȪաI

wʪҶq

ڭ̪ Linux distribution ܦnߪϥΪ̷QܦhFAҥHb@w˧A tη|}Ҥ@靈SAȡAҦp portmap NNAHκL cups AȵA oǪFAγ\Dγ\DALLNO}ҡڭ̪DNOΨӰAA ҥHoǥӹwpn client ϥΪAȨ꦳Iyh@|zPı ҥHաAЧANLaINQ ntsysv chkconfig LI udUe@`̫ĳǪAȴNnFLHAڡI

LnOoA ntsysv chkconfig Ob޲z}O_ҰʬYǪAȪ script ӤwA ҥHϥ chkconfig ޲zAаOo̦nϥ reboot ӧ㪺sJoǪAȡA MHy netstat -tunpl zӬݬݬO_LAȦbҰʰڡH pGܡAb@ˤ@˪NLaI ^_^

p[z Linux DWwgh port Q}FH

1. pGO Linux oӧ@~tΤWܡAiHQΡy netstat -tunlp z[wgbť port PAȪF
2. pGOQnd\Ҧ port (]twإߪsu)AiHϥΡy netstat -tunp zӬd\F
3. pGb Linux WAiHΡy nmap IP zӳBzڡI

p[{ǡH

QΡy ps -aux zΡy top ziHAt~Ay pstree -p zhiHAѩҦ{Ǭ̩ۨʡAӡy lsof z hiHݩҦ{ǩҶ}ɮ׳I

а LISTEN port P daemon YH

b LISTEN fOѬYǪA(daemons)ұҰʪAҥHnҰʰfNoҥάYӪAȡA nAѬYӰfOѨ daemon ұҰʪANQ netstat -tulp Ӭd\C

а stand alone P super daemon UOH

Linux tΪAȦW߱Ұ(stand alone)ζWŪAȭ(super daemon)رҰʪ觋Cb super daemon UAȥiHg super daemon ޡAH[j@Ǧw\ALѩ٭ngL super daemon ޲zAҥHAȪstפW| stand alone C@IC

аݱz Linux D (׬O distributions ) daemon ҰʻP scripts PɮשmbӥؿUH

U daemons ҰʻP scripts Omb /etc/init.d/ A Red Hat tΫhO /etc/rc.d/init.d ̭Aܩ super daemon ްѼɮ׫hb /etc/xinetd.d ̭I

_A (DDoS) |ytΪPȡHեѤTV洤רӱQC

ҿת_AȬOQΤTV洤{Ǫ|}Ah cient ݫoe tcp ʥ]sunDA oz| server ݪ SYN/ACK ʥ]AɭP server ݷ|Ұʫܦh port b client ݪ^A ڭ̪D@ port 65536 ӡAU@ΧFAtκNȤFIҥH DDoS |ytκȪDC t~Aѩh client PɭnDAҥHWe]|QΥI