1 문제상황
Console
Copy
root@zetawiki:~# nc -vz 135.79.246.80 22
Connection to 135.79.246.80 22 port [tcp/ssh] succeeded!
root@zetawiki:~# nc -vz 135.79.246.80 8080
nc: connect to 135.79.246.80 port 8080 (tcp) failed: No route to host
2 서버측 확인
확인
Console
Copy
root@server1:~# netstat -tnlp | grep 8080
tcp6 0 0 :::8080 :::* LISTEN 30172/apache2
Console
Copy
root@server1:~# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain RH-Firewall-1-INPUT (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp any
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ftp-data
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ftp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:smtp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:pop3
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:imap2
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https
ACCEPT tcp -- anywhere anywhere state NEW tcp dpts:50001:50005
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
3 서버측 조치
- ★주의★ 방화벽 룰이 모두 사라지게 되니 보안상 취약할 수 있음
Console
Copy
root@server1:~# iptables -F
root@server1:~# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain RH-Firewall-1-INPUT (0 references)
target prot opt source destination
4 확인
Console
Copy
root@zetawiki:~# nc -vz 135.79.246.80 22
Connection to 115.68.222.4 22 port [tcp/ssh] succeeded!
root@zetawiki:~# nc -vz 135.79.246.80 8080
Connection to 115.68.222.4 8080 port [tcp/http-alt] succeeded!
5 같이 보기
6 참고
편집자 Jmnote
로그인하시면 댓글을 쓸 수 있습니다.