Download presentation
Presentation is loading. Please wait.
1
Information Networking Security and Assurance Lab National Chung Cheng University Anti-hacker Tool Kit: CH13 Port Redirection Jared 04/03/31
2
Information Networking Security and Assurance Lab National Chung Cheng University 2 Agenda Introduction Datapipe FPipe Case Study: Port Hopping Case Study: Packet Filters, Ports, and Problems Conclusion Reference
3
Information Networking Security and Assurance Lab National Chung Cheng University 3 Introduction Port For a packet to reach its destination, it must have a destination IP address and a destination port. TCP/IP allows 16-bit port numbers. Well-known port number: 0~1023 The Well Known Ports are controlled and assigned by the IANA and on most systems can only be used by system (or root) processes or by programs executed by privileged users. Registered port number:1024~65535 The Registered Ports are not controlled by the IANA and on most systems can be used by ordinary user processes or programs executed by ordinary users. ms-sql-s 1433/tcp Microsoft-SQL-Server ms-sql-s 1433/udp Microsoft-SQL-Server
4
Information Networking Security and Assurance Lab National Chung Cheng University 4 netstat
5
Information Networking Security and Assurance Lab National Chung Cheng University 5 datapipe A port redirection tool passes TCP/IP traffic received by the tool on one port to another port to which the tool points. Port redirection is protocol ignorant Neither a client nor a server
6
Information Networking Security and Assurance Lab National Chung Cheng University 6 datapipe
7
Information Networking Security and Assurance Lab National Chung Cheng University 7
8
Information Networking Security and Assurance Lab National Chung Cheng University 8 protocol ignorant
9
Information Networking Security and Assurance Lab National Chung Cheng University 9 FPipe By Foundstone Implement port redirection techniques natively in Windows Adds User Datagram Protocol (UDP) and outbound source port number support, which datapipe lacks
10
Information Networking Security and Assurance Lab National Chung Cheng University 10 FPipe (cont.)
11
Information Networking Security and Assurance Lab National Chung Cheng University 11
12
Information Networking Security and Assurance Lab National Chung Cheng University 12 Case Study: Port Hopping Local Redirection Client Redirection Dual Redirection
13
Information Networking Security and Assurance Lab National Chung Cheng University 13 Case Study: Port Hopping Local Redirection C:\>fpipe –l 22 –r 3389 localhost $./datapipe localhost 3389 33
14
Information Networking Security and Assurance Lab National Chung Cheng University 14 Case Study: Port Hopping (cont.) Client Redirection IIS server running on port 7070 C:\>fpipe.exe –l 80 –r 7070 www.target.com C:\>spork localhost spork “spork” is IIS exploit code written to run against port 80
15
Information Networking Security and Assurance Lab National Chung Cheng University 15 Case Study: Port Hopping (cont.) Dual Redirection ABCD C:\>fpipe –l 1433 –r 80 $./datapipe 80 1433
16
Information Networking Security and Assurance Lab National Chung Cheng University 16 Case Study: Packet Filters, Ports, and Problems Basic packet filters allow or deny traffic based on IP addresses and port numbers. Linux’s ipchains and Cisco routers Source IP address Source port Destination IP address Destination port Source-port problems ftp data connection DNS Use FPipe’s outbound source port option (-s) C:\>fpipe –l 3389 –r 3389 –s 20 192.168.0.116
17
Information Networking Security and Assurance Lab National Chung Cheng University 17 Case Study: Packet Filters, Ports, and Problems (cont.) Blocking Port Redirection Host security command-line access Patch, configure, verify Ingress filters “DENY ALL” Egress filters Web server
18
Information Networking Security and Assurance Lab National Chung Cheng University 18 Conclusion Ports are used in the TCP to name the ends of logical connections. The port redirection tool is neither a client nor a server. It functions as a conduit for TCP/IP connections, not an end point. A firewall or router access control list should be defined as detail as possible.
19
Information Networking Security and Assurance Lab National Chung Cheng University 19 Reference DATAPIPE http://cvs.sourceforge.net/viewcvs.py/synce/ htdocs/datapipe.c http://cvs.sourceforge.net/viewcvs.py/synce/ htdocs/datapipe.c Foundstone http://www.foundstone.com/ http://www.foundstone.com/ RFC 1700 ASSIGNED NUMBERS http://www.ietf.org/rfc/rfc1700.txt?number =1700 http://www.ietf.org/rfc/rfc1700.txt?number =1700
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.