是否有任何可靠的工具可以从外部测试给定服务器的给定全局 IP 地址的开放端口,我可以一次测试所有端口?
我需要扫描我的服务器的开放端口。 我在本地网络中通过以下方式尝试了 nmap:nmap ***.dyndns.info 。 它给了我:
Starting Nmap 5.21 ( http://nmap.org ) at 2011-04-09 16:05 JST
Nmap scan report for ***.dyndns.info (***.***.***.39)
Host is up (0.00097s latency).
rDNS record for ***.***.***.39: ************.ne.jp
Not shown: 994 closed ports
PORT STATE SERVICE
23/tcp open telnet
53/tcp open domain
80/tcp open http
然后我通过指定特定端口尝试了 dyndns.com 提供的开放端口工具,例如:
global ip address 23
global ip address 53
global ip address 80
对于每个测试,它都给了我“超时”结果,这与 nmap 结果相矛盾。
我知道根据 nmap 执行测试的方式,结果可能是“打开”。
因此,我认为测试给定服务器端口的最佳方法是从外部,例如 dyndns 开放端口工具。 但我想一次测试所有端口,而不是一个一个地测试。
有没有可靠的工具,特别是我可以在命令行中使用的工具? 我用的是ubuntu 10.10。
I need to scan the open ports of my server.
I tried nmap by: nmap ***.dyndns.info from within my local network.
It gave me:
Starting Nmap 5.21 ( http://nmap.org ) at 2011-04-09 16:05 JST
Nmap scan report for ***.dyndns.info (***.***.***.39)
Host is up (0.00097s latency).
rDNS record for ***.***.***.39: ************.ne.jp
Not shown: 994 closed ports
PORT STATE SERVICE
23/tcp open telnet
53/tcp open domain
80/tcp open http
Then I tried the open ports tool provided by dyndns.com by specifying a specific port like:
global ip address 23
global ip address 53
global ip address 80
For each of those tests, it gave me "timed out" as a result, which is contradictory with the nmap results.
I know that depending on the way that nmap performs the tests, it may turn out that the result is "open".
So, I think the best way to test the ports of a given server is from outside, like the dyndns open ports tool.
But I'd like to test all ports at once, as opposed to one by one.
Is there any reliable tool for that, especially that I can use in command line?
I am on ubuntu 10.10.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
尝试吉布森研究公司 ShieldsUP。它将测试您的防火墙。
Try Gibson Research Corporation ShieldsUP. It will test your firewall.
请注意,端口是否“开放”也是请求源主机和端口的函数;配置防火墙系统来为一组特定的源 IP 和端口范围打开端口非常容易。因此,没有可靠的方法可以从外部判断端口是否打开。
netstat -an或类似工具将更可靠地告诉您哪些端口是开放的。 (除了 Rootkit 的情况外,任何受人尊敬的 Rootkit 也可能会限制少数网络块对开放端口的访问,只是为了保留他们的财产。)购买 VPS 切片是小菜一碟从您最喜欢的托管提供商处购买,每月 10 美元,并通过端口扫描您自己的机器;
nmap的默认-T3扫描选项已经并行扫描,这很有用,但如果您的网络连接良好,-T4可能会进行更快。Note that whether or not a port is 'open' is also a function of the requesting source host and port; it is pretty easy to configure a firewall system to open a port for a specific set of source IP and port ranges. So there's no sure-fire way to tell if a port is open or not from the outside;
netstat -anor similar tools will more reliably tell you which ports are open. (Except in the case of a rootkit, but any respectable rootkit would probably limit access to the open ports to a handful of netblocks as well, just to keep their property theirs.)It'd be a piece of cake to buy a VPS slice from your favorite hosting provider for $10 for a month and portscan your own machine;
nmap's default-T3scanning option already parallelizes the scan, which is useful, but if your network connection is decent,-T4may go more quickly.