Neurohazard
暮雲煙月,皓首窮經;森羅萬象,如是我聞。

Nmap 关于端口的 tcpwrapped 状态

wpadmin~August 29, 2018 /InfoSec

Nmap 关于端口的 tcpwrapped 状态

参考资料

https://secwiki.org/w/FAQ_tcpwrapped

正文

What does “tcpwrapped” mean ?

tcpwrapped refers to tcpwrapper, a host-based network access control program on Unix and Linux. When Nmap labels something > tcpwrapped, it means that the behavior of the port is consistent with one that is protected by tcpwrapper. Specifically, it means that a full TCP handshake was completed, but the remote host closed the connection without receiving any data.

It is important to note that tcpwrapper protects programs, not ports. This means that a valid (not false-positive) tcpwrapped response indicates a real network service is available, but you are not on the list of hosts allowed to talk with it. When a very large number of ports are shown as tcpwrapped, it is unlikely that they represent real services, so the behavior probably means something else like a load balancer or firewall is intercepting the connection requests.

tcpwrapper 是一个 Linux/Unix 环境的 基于主机的 网络访问控制程序。
当 Nmap 提供 tcpwrapped 标记时, 可以认为 一个 完整的 TCP 握手 (TCP handshake) 已经完成,但远程主机还没接收任何数据就关闭了连接。
简而言之, tcpwrapped 标记可以认为一个真实的网络服务是存在的,但当前扫描主机不在允许访问的主机列表 (allowed host) 内。

如果扫描一台主机,其中大量端口被标记为 tcpwrapped ,很可能存在 防火墙 或者 负载均衡 (load balancer) 在中间截取数据。

Leave a Reply

Your email address will not be published. Required fields are marked *