Question

我有一种情况，在服务器（dusxxxiweb2）中检测到一个漏洞，说端口8081已打开。我通过netstat -a -n -o | |获得了端口号。找到“ 8081”命令，我发现端口“ 8081”正在被系统进程使用PID 4

我想知道哪个系统进程在使用此服务.IIS未安装在该服务器中。但是我可以如下访问一个登录页面（.Net应用程序）。我不知道没有IIS怎么可能 http://dusxxxiweb2:8081/login

我想阻止此端口以解决漏洞问题。在这种情况下我该怎么办？

Answer 1

运行命令；

netsh http show servicestate view=requestq

这将提供所有HTTP侦听器的快照。找到包含您要查找的端口号的“注册URL”，控制进程的PID将在其上方几行，就像我在这里的恶意进程一样；

Request queue name: Request queue is unnamed.
    Version: 2.0
    State: Active
    Request queue 503 verbosity level: Basic
    Max requests: 1000
    Number of active processes attached: 1
--> Process IDs:
        14035
    URL groups:
    URL group ID: F80000014000004F
        State: Active
        Request queue name: Request queue is unnamed.
        Properties:
            Max bandwidth: inherited
            Max connections: inherited
            Timeouts:
                Timeout values inherited
            Number of registered URLs: 1
-->         Registered URLs:
              HTTP://+:8081/ROGUESERVICE/
        Server session ID: F70000011000012D
            Version: 2.0
            State: Active
            Properties:
                Max bandwidth: 4294967295
                Timeouts:
                    Entity body timeout (secs): 120
                    Drain entity body timeout (secs): 120
                    Request queue timeout (secs): 120
                    Idle connection timeout (secs): 120
                    Header wait timeout (secs): 120
                    Minimum send rate (bytes/sec): 150

SYSTEM（PID 4）正在使用端口8081，如何停止该端口

1 个答案: