我有一个案例,服务器(dusxxxiweb2)检测到一个漏洞,指出端口8081已打开。我通过netstat -a -n -o | find "8081"命令获取了端口号,发现端口"8081"被PID为4的系统进程使用。
我想知道哪个系统进程使用了这个服务。在此服务器上未安装IIS,但是我可以像下面这样访问一个登录页面(.Net应用程序)。我不知道没有IIS如何实现这一点。
http://dusxxxiweb2:8081/login
我想阻止该端口以解决漏洞问题。在这种情况下我该怎么做?
netsh http show servicestate view=requestq
,会给出所有HTTP监听器的快照。找到包含所需端口号的“Registered URL”,控制进程的PID将在其上方数行,就像我的恶意进程一样;Request queue name: Request queue is unnamed.
Version: 2.0
State: Active
Request queue 503 verbosity level: Basic
Max requests: 1000
Number of active processes attached: 1
--> Process IDs:
14035
URL groups:
URL group ID: F80000014000004F
State: Active
Request queue name: Request queue is unnamed.
Properties:
Max bandwidth: inherited
Max connections: inherited
Timeouts:
Timeout values inherited
Number of registered URLs: 1
--> Registered URLs:
HTTP://+:8081/ROGUESERVICE/
Server session ID: F70000011000012D
Version: 2.0
State: Active
Properties:
Max bandwidth: 4294967295
Timeouts:
Entity body timeout (secs): 120
Drain entity body timeout (secs): 120
Request queue timeout (secs): 120
Idle connection timeout (secs): 120
Header wait timeout (secs): 120
Minimum send rate (bytes/sec): 150