原帖由 伯夷叔齐 于 2007-10-29 02:50 发表 
此外说点题外话,ZA7同时也显示我的113端口大开,但V2就没有此困绕,V3也是隐藏。。。。。哎。。。。ZA呀ZA。。。。。
113端口ZA是"适应性隐藏".如果楼主是在SHIELDS UP做的端口检查,不知道有没有看它的说明.如果不是在那里做的检查,那么看看以下内容:
Adaptive IDENT Stealthing Experimentation
The IDENT protocol's port 113 is quite problematical and tricky to stealth. If the user's port 113 is completely stealthed, connections to some remote Internet servers such as eMail, Internet Relay Chat (IRC), and others, may be delayed or denied altogether. For this reason, many NAT routers and personal firewalls do not attempt to stealth port 113, they settle for leaving it closed. One of the first things that caught my eye about the ZoneAlarm personal firewall was that it was clever about handling port 113: It "adaptively stealthed" the port.
To understand the following discussion, you should familiarize yourself with the details of the IDENT protocol and port 113. Please read port 113's Port Authority database page before proceeding.
Even after many years, the (free) ZoneAlarm personal firewall from Zone Labs is the only personal firewall to "adaptively" stealth port 113. Unlike any other firewall or NAT router (any of which could also do the same) this allows port 113 to be stealthed to any passing Internet scanners or probes, but "unstealthed" for any valid IDENT connection attempts originating from remote servers with which the user's computer is attempting to connect. (Since this could easily be done by any personal firewall or even NAT routers, I am hopeful that this feature might yet appear in other products.)
"Adaptive Stealthing" means that when a TCP SYN packet arrives to request a connection to your machine's port 113, ZoneAlarm checks, on the fly, to see whether your machine currently has any sort of "relationship" with the remote machine (such as a pending outgoing connection attempt). If so, the remote machine is considered to be "friendly" and its IDENT request packet is allowed to pass through ZoneAlarm's firewall. But if the IDENT originating machine is not known to ZoneAlarm as a "friendly" machine, the connection requesting packet is dropped and discarded, rendering port 113 stealth to all unknown port scanners. It's very slick.
在SHIELDS UP检查ZA 113端口的方法:
IDENT, ZoneAlarm, and ShieldsUP!
Even though your computer's web browser already has a relationship with the web server at GRC, our tests originate from a different "foreign" IP address. ZoneAlarm therefore drops incoming packets to port 113 from this different probing IP address and ZoneAlarm users see that port 113 is stealthed to passing Internet scans.
To demonstrate how ZoneAlarm (and perhaps someday other firewalls or NAT routers) selectively "unstealth" port 113 — but only for known "friendly" machines — we simply initiate a connection from your web browser to the ShieldsUP! scanning IP. Even though the connection attempt will ultimately fail (since there's no web server at the probing address), ZoneAlarm will note the outgoing attempt and will unstealth port 113 for subsequent probes.
Step One: Verify that our scan currently show port 113 stealthed. (You may wish to use one of the other remote port tests which will be faster than an entire 1056-port grid scan.)
Step Two: Open a secondary web browser window to initiate a connection to the probing IP. (Users of Microsoft Internet Explorer can press Ctrl-N to "clone" their current browser window.)
Step Three: In the secondary web browser window, click this URL or enter this address:
This second connection attempt will ultimately fail, but ZoneAlarm will notice the effort, which is all that's necessary.
Step Four: Finally, refresh the port probe window or repeat the scan to check your system's current port status. You should find that port 113 is no longer "stealth" to the probing IP address because you are attempting to connect to it and it has been determined to be "friendly".
Step Five: If you're curious, stop and close the secondary web browser window and periodically refresh your port probe window to see how long the "friendly" status persists before Zone Alarm returns the probing IP to unknown status and port 113 to full stealth.
如果不要ZA的这种适应性隐藏,那么在专家规则里写条阻止规则就可以了...
[ 本帖最后由 薄荷 于 2007-10-31 10:01 编辑 ] |
楼主: 伯夷叔齐
发表于 2007-10-29 22:50:09
