mysql屏蔽nmap扫描

admin
admin
admin
143079
文章
118
评论
2025年6月7日09:54:34评论2 views字数 4911阅读16分22秒阅读模式
一、简介
mysql屏蔽nmap扫描
常用的端口扫描1telnet[root@k8s03 ~]# telnet 192.168.10.131 3306Trying 192.168.10.131...Connected to 192.168.10.131.Escape character is '^]'.J8.0.13) (sd@z▒c[>PKzr6caching_sha2_password##会扫描出mysql的版本号2、nmap[root@k8s03 ~]# nmap -p3306 -sV -sC 192.168.10.131Nmap scan report for k8s01 (192.168.10.131)Host is up (0.00038s latency).PORT     STATE SERVICE VERSION3306/tcp open  mysql?| mysql-info: Protocol: 10| Version: 8.0.13| Thread ID: 40| Some Capabilities: Long Passwords, Connect with DB, Compress, ODBC, SSL, Transactions, Secure Connection| Status: Autocommit|_Salt: ZI%x02Y~(B##会扫描出mysql的版本号和盐值salt

二、解决办法

1、更改mysqld,设置假的版本号
##但是没法屏蔽nmap扫描时,盐值salt信息
1、使用strings查看/usr/sbin/mysqld中包含版本号的字符串strings mysqld | grep 8.0.282、试过置空,但是mysql启动会报错,必须设置一个版本号,并且这个版本号还有要求,可以多试几次,改成一个mysql历史版本中不存在的此处改成5.9.55 ##mysql没有5.9的版本sed -i 's/8.0.28/5.9.55/' mysqld ##只需要将mysqld中第一个版本号改掉就行3、重启mysql此时使用telnet或者nmap扫描,扫出来的mysql版本号都是5.9.55命令登录后执行select @@version;查出来的也是5.9.55

2、mysql.user账号host不包含nmap所在ip

1、当用户host全是localhost的时候
+++++++++++++++++++++telnet+++++++++++++++++++++++++++++++++++++++++++++++++
[root@k8s03 ~]# telnet 192.168.10.131 3306
Trying 192.168.10.131...
Connected to 192.168.10.131.
Escape character is '^]'.
>Host 'k8s03' is not allowed to connect to this MySQL serverConnection closed by foreign host.
You have new mail in /var/spool/mail/root
+++++++++++++++++++++nmap:+++++++++++++++++++++++++++++++++++++++++++++++++
[root@k8s03 ~]# nmap -p3306 -sV -sC 192.168.10.131
Starting Nmap 6.40 ( http://nmap.org ) at 2022-07-0916:04 CST
Nmap scan report for k8s01 (192.168.10.131)
Host is up (0.00039s latency).
PORT     STATE SERVICE VERSION
3306/tcp open  mysql   MySQL (unauthorized)
MAC Address: 00:0C:29:2C:F5:22 (VMware)
Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done1 IP address (1 host up) scanned in0.77 seconds
+++++++++++++++++++++++总结+++++++++++++++++++++++++++++++++++++++++++++++++
可以发现telnet和nmap都是无法获取mysql版本号相关信息的

2、创建一个账号,host为nmap服务器可以连接(nmap所在ip为192.168.10.133)
create user qingchen2@'192.168.10.133' identified by '123456';
flush privileges;
+++++++++++++++++++++telnet+++++++++++++++++++++++++++++++++++++++++++++++++
[root@k8s03 ~]# telnet 192.168.10.131 3306
Trying 192.168.10.131...
Connected to 192.168.10.131.
Escape character is '^]'.
8.0.13.+Dmm▒c5  MVz?bkcaching_sha2_password
+++++++++++++++++++++nmap:+++++++++++++++++++++++++++++++++++++++++++++++++
[root@k8s03 ~]# nmap -p3306 -sV -sC 192.168.10.131
Starting Nmap 6.40 ( http://nmap.org ) at 2022-07-0916:05 CST
Nmap scan report for k8s01 (192.168.10.131)
Host is up (0.00037s latency).
PORT     STATE SERVICE VERSION
3306/tcp open  mysql?
| mysql-info: Protocol: 10
| Version: 8.0.13
| Thread ID: 72
| Some Capabilities: Long Passwords, Connect with DB, Compress, ODBC, SSL, Transactions, Secure Connection
| Status: Autocommit
|_Salt: 'y8k|vQM'
总结
当mysql.user表中用户(无论业务用户还是管理员用户)host不包含nmap所在ip时,telnet和nmap都无法获取版本号等信息

当mysql.user表中用户(无论业务用户还是管理员用户)host不包含nmap所在ip时,telnet和nmap都无法获取版本号等信息
3、通过iptables设置拒绝
iptable默认的都是ACCEPT
首先设置拒绝-Aiptables -A INPUT -p tcp --tcp-flags ALL SYN --dport 3306 -j REJECT然后设置应用主机放行(mysql不用设置本机放行,依旧可以通过localhost连接)-Iiptables -I INPUT -p tcp --tcp-flags ALL SYN -s 192.168.10.132 --dport 3306 -j ACCEPT###-s可以跟具体192.168.10.132,也可跟192.0.0.0/8192.168.0.0/16192.168.10.0/24iptables -L查看ACCEPT     tcp  --  k8s02                anywhere             tcp dpt:mysql flags:FIN,SYN,RST,PSH,ACK,URG/SYNREJECT     tcp  --  anywhere             anywhere             tcp dpt:mysql flags:FIN,SYN,RST,PSH,ACK,URG/SYN reject-with icmp-port-unreachable##还得让mysql.user的host包含nmap所在ip,不然就成了解决方法2##直接将root的host改成%update mysql.user set host='%' where user='root';flush privileges;测试+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++[root@k8s03 ~]# telnet 192.168.10.131 3306Trying 192.168.10.131...telnet: connect to address 192.168.10.131: Connection refused++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++[root@k8s03 ~]# nmap -p3306 -sV -sC 192.168.10.131Starting Nmap 6.40 ( http://nmap.org ) at 2022-07-09 16:28 CSTNmap scan report for k8s01 (192.168.10.131)Host is up (0.00037s latency).PORT     STATE    SERVICE VERSION3306/tcp filtered mysqlMAC Address: 00:0C:29:2C:F5:22 (VMware)Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .Nmap done: 1 IP address (1 host up) scanned in 0.79 seconds++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++防火墙确实拒绝了nmap扫描3306端口将nmap所在主机也添加到防火墙放行规则-Iiptables -I INPUT -p tcp --tcp-flags ALL SYN -s 192.168.10.133 --dport 3306 -j ACCEPT测试结果是又可以扫描出mysql信息了

防火墙可以限制nmap扫描

三、附录

telnet正常扫描出mysql信息,但是nmap报错"Host blocked because of too many connections"再使用telnet扫描"Host '192.168.10.133' is blocked because of many connection errors; unblock with 'mysqladmin flush-hosts'Connection closed by foreign host"​ ​这个报错可以看这里​​我使用mysql登录后flush hosts之后,重新用nmap扫描一次,select * from performance_schema.host_cache;发现SUM_CONNECT_ERRORS达到26次之多(额外测了一下telnet,只会增加一次)max_connect_errors在mysql8里面默认100,(show variables like '%max_connect_errors%';)当我改成10以后(set global max_connect_errors=10;)flush hosts然后重新使用nmap扫描3306/tcp open  mysql   MySQL (Host blocked because of too many connections)

原文始发于微信公众号(三沐数安):mysql屏蔽nmap扫描

免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉。
  • 左青龙
  • 微信扫一扫
  • weinxin
  • 右白虎
  • 微信扫一扫
  • weinxin
admin
  • 本文由 发表于 2025年6月7日09:54:34
  • 转载请保留本文链接(CN-SEC中文网:感谢原作者辛苦付出):
                   mysql屏蔽nmap扫描https://cn-sec.com/archives/3807570.html
                  免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉.

发表评论

匿名网友 填写信息