我有一个案例,在服务器(dusxxxiweb2)中检测到一个漏洞,说端口 8081 已打开。我通过 netstat -a -n -o | 获取端口号 |找到“8081”命令,我发现端口“8081”正在被PID为4的系统进程使用
我想知道使用此服务的系统进程。此服务器中未安装 IIS。但我可以访问一个登录页面(.Net 应用程序),如下所示。我不知道没有 IIS 怎么可能
http://dusxxxiweb2:8081/login
我想阻止此端口以修复漏洞问题。在这种情况下我该怎么办?
最佳答案
运行命令;netsh http show servicestate view=requestq
这将提供所有 HTTP 监听器的快照。找到包含您要查找的端口号的“注册 URL”,控制进程的 PID 将在其上方几行,就像我自己的流氓进程一样;
Request queue name: Request queue is unnamed.
Version: 2.0
State: Active
Request queue 503 verbosity level: Basic
Max requests: 1000
Number of active processes attached: 1
--> Process IDs:
14035
URL groups:
URL group ID: F80000014000004F
State: Active
Request queue name: Request queue is unnamed.
Properties:
Max bandwidth: inherited
Max connections: inherited
Timeouts:
Timeout values inherited
Number of registered URLs: 1
--> Registered URLs:
HTTP://+:8081/ROGUESERVICE/
Server session ID: F70000011000012D
Version: 2.0
State: Active
Properties:
Max bandwidth: 4294967295
Timeouts:
Entity body timeout (secs): 120
Drain entity body timeout (secs): 120
Request queue timeout (secs): 120
Idle connection timeout (secs): 120
Header wait timeout (secs): 120
Minimum send rate (bytes/sec): 150
关于.net - 系统(PID 4)正在使用端口 8081,如何阻止它,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/53724188/