如何使用VC ++检测远程系统防火墙是打开还是关闭 [英] How to detect whether the remote system firewall is on or off using VC++

问题描述

如何使用VC ++检测远程系统防火墙是打开还是关闭

How to detect whether the remote system firewall is on or off using VC++

推荐答案

如果您坐在Internet端，则可能会不知道它是否已经正确配置.

许多面向Internet的地址/端口不会响应任何ping请求等，也不会承认存在.如果他们确认了，那只是在向潜在的黑客宣传那儿有东西".

例如，访问 http://www.grc.com/ [

If you are sitting at the internet side looking in, the chances are you will never know if it has been properly configured.

Many internet facing addresses/ports will not respond to any ping requests etc, or acknowledge there existence. If they did ack, that is just advertising to potential hackers that there is ''something'' there.

For example, Visit http://www.grc.com/[^] follow the links to ShieldsUp and put your internet ip in.

首先，DaveAuld有一个很好的答案.如果通过Internet访问计算机，则其访问很可能会受到路由器或网关的限制.
但是，如果计算机是通过调制解调器连接的，则直接连接到Internet(在许多大学中就是这样)或在您家和隔壁房间的本地网络中，您懒得去看看，那么，您可以考虑使用代码找出答案.

然后，您遇到了下一个障碍:没有明确的方法可以告诉您是否正在运行防火墙，防火墙没有对其进行广告或其他任何操作，并且有许多不同的防火墙以不同的方式运行，但是它们会拒绝您访问其他一些通常可以使用的功能.

除非出于任何原因明确告知不要，否则几乎所有的防火墙都将阻止回显请求(ping)，而回声响应服务器通常在所有系统上运行，从而提供了一种快速简便的方法来对系统进行了防火墙进行良好的估计. .

如果您知道操作系统(我将坚持使用Windows)，那么通常还会打开许多​​其他端口.
135-Microsoft End Point Mapper(用于远程管理员的RPC服务器)
139-NetBIOS NetBIOS会话服务(Windows文件共享)
445-Microsoft-DS Active Directory，Windows共享(更多Windows文件共享)

如果打开了端口135，则您应该可以使用RPC连接到远程管理界面，并在知道有效的用户名和密码的情况下查看计算机上运行的服务.

您也可以使用mmc.exe进行检查，并使用远程计算机的地址添加服务管理单元.

戴夫·莫利(Dave Morley)对nmap的建议是一个很好的建议，并且它还具有带有预设命令行的用户界面，易于使用.

还有其他一些工具也可能有用(与nmap不同，没有提供源代码)，尽管它们证明合理使用这些工具是合理的，但这些板子并不是共享系统漏洞利用分析工具的地方.

Firstly, DaveAuld has a good Answer. If the computer is accessed over the internet, its access will most likely be restricted by a router or gateway.
If however, the computer is attached via a modem, direct link to the internet (as is the case in many universities) or on the local network in your house and in the room next door that you are too lazy to go look at, then you may consider using code to find out.

Then you hit the next hurdle: There is no explicit way of telling if there is a firewall running, they don''t advertise it or anything and there are so many different ones that behave in different ways, but they will deny you access to several features that are otherwise commonly available.

Almost all firewalls will block a echo request (ping) unless explicitly told not to for whatever reason, while the echo response server is most commonly running on all systems, providing a pretty quick and easy way of getting a good estimate if the system is firewalled.

If you know the OS (I will stick with Windows) then there are also a number of other ports that are commonly open.
135 - Microsoft End Point Mapper (RPC server for remote admin)
139 - NetBIOS NetBIOS Session Service (Windows file sharing)
445 - Microsoft-DS Active Directory, Windows shares (more Windows file sharing)

If port 135 is open they you should be able to connect to the remote management interface with RPC and look at the services running on the computer given you know a valid username and password.

You can also check this with mmc.exe and add a services snap-in with the remote computer''s address.

Dave Morley''s suggestion of nmap is a very good one, and it also has a user interface with pre-set command lines for easy use.

There are other tools that may also be useful (no source code provided unlike nmap), and although they justify making these tools with legitimate uses, these boards are not the place to be sharing system exploit analysis tools.

这篇关于如何使用VC ++检测远程系统防火墙是打开还是关闭的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！