Next Previous Contents

16. 安全

16.1 Access limitations

有許多服務使用 tcp_wrapper library 控制訪問.Below is described the use of tcp_wrapper

內容有待增加...

16.2 IPv6安全審核

目前沒有什麼較好的商業工具來進行

Legal issues

警告:您只能掃瞄自己的系統,不然,可能會觸及法律.開始之前,請檢察您要掃瞄的IPv6目標地址兩次!.

16.3 Security auditing using IPv6-enabled netcat(使用適應IPv6的netcat)

關於IPv6-enabled netcat的詳細資訊請參照: IPv6?status-apps/security-auditing

例子:


         # nc6 ::1 daytime
         13 JUL 2002 11:22:22 CEST
        

16.4 Security auditing using IPv6-enabled nmap

全世界最為優秀的掃瞄程式之一.它的首頁: http://www.insecure.org/nmap/ 從 3.10ALPHA1 的版本開始支持IPv6. 例子:


         # nmap -6 -sT ::1
         Starting nmap V. 3.10ALPHA3 ( www.insecure.org/nmap/ ) 
         Interesting ports on localhost6 (::1): 
         (The 1600 ports scanned but not shown below are in state: closed) 
         Port       State       Service 
         22/tcp     open        ssh 
         53/tcp     open        domain 
         515/tcp    open        printer 
         2401/tcp   open        cvspserver
         Nmap run completed -- 1 IP address (1 host up) scanned in 0.525 seconds
        

16.5 Security auditing using IPv6-enabled strobe

Strobe 同 NMap相比更不具靈活性,但已經有 IPv6-enabling patch (see IPv6?status-apps/security-auditing for more). Usage example:


         # ./strobe ::1 strobe 1.05 (c) 1995-1999 Julian Assange <proff@iq.org>.
         ::1 2401 unassigned unknown
         ::1 22 ssh Secure Shell - RSA encrypted rsh 
         ::1 515 printer spooler (lpd)
         ::1 6010 unassigned unknown 
         ::1 53 domain Domain Name Server
        

16.6 審核結果

如果審核結果同您的IPv6安全策略有出入, 請堵上檢測出的漏洞.


Next Previous Contents