Anti-Hacker Anti-Hacker Tool Tool KitKitChapter 13Chapter 13
Port RedirectionPort Redirection
Roy Chang
IInformation nformation NNetworking etworking SSecurity and ecurity and AAssurance LABssurance LABDepartment of Communications EngineeringDepartment of Communications EngineeringNational Chung Cheng University National Chung Cheng University
IntroductionIntroduction
Listen on a portListen on a port Client/Server method Client/Server method
WEB
FTP
SSHSMTP
Port RedirectionPort Redirection
80
5050 804023
DataPipeDataPipe
Pass TCP/IP trafficPass TCP/IP traffic
http://www.bovine.net/~jlawson/coding/dahttp://www.bovine.net/~jlawson/coding/datapipe/datapipe.ctapipe/datapipe.c
FpipeFpipe
Out band source port and UDP supportOut band source port and UDP support
http://www.foundstone.com/resources/proddesc/fpipe.htmhttp://www.foundstone.com/resources/proddesc/fpipe.htm
Port:4433 Port:5678 Port:80
Port Hopping-Port Hopping-Local Local
RedirectionRedirection
C:\fpipe –l 1234 –r 80 localhost
./datapipe localhost 1234 80
1234
80
Host
Port Hopping-Port Hopping-Client RedirectionClient Redirection
Spork, IIS exploit code on Port 80
<host A>
IIS Port 7070
80
8080C:\fpipe –l 80 –r 7070 <host A>
./datapipe <host A> 80 7070
80
Port Hopping-Port Hopping-Dual RedirectionDual Redirection
fpipe –l 1433 –r 25 <Host C>
Host A Host B Host C Host D
./datapipe 25 1433 <Host D>
SQLFTP+mail
SummarySummary
Host securityHost security Ingress filterIngress filter
Allow what you wantAllow what you want Deny allDeny all
Egress filterEgress filter Proxy firewallProxy firewall
ReferenceReference
RFC 1700RFC 1700