Anti-Hacker Anti-Hacker Tool Tool KitKitChapter 13Chapter 13

Port RedirectionPort Redirection

Roy Chang

IInformation nformation NNetworking etworking SSecurity and ecurity and AAssurance LABssurance LABDepartment of Communications EngineeringDepartment of Communications EngineeringNational Chung Cheng University National Chung Cheng University

IntroductionIntroduction

Listen on a portListen on a port Client/Server method Client/Server method

WEB

FTP

SSHSMTP

Port RedirectionPort Redirection

80

5050 804023

DataPipeDataPipe

Pass TCP/IP trafficPass TCP/IP traffic

http://www.bovine.net/~jlawson/coding/dahttp://www.bovine.net/~jlawson/coding/datapipe/datapipe.ctapipe/datapipe.c

FpipeFpipe

Out band source port and UDP supportOut band source port and UDP support

http://www.foundstone.com/resources/proddesc/fpipe.htmhttp://www.foundstone.com/resources/proddesc/fpipe.htm

Port:4433 Port:5678 Port:80

Port Hopping-Port Hopping-Local Local

RedirectionRedirection

C:\fpipe –l 1234 –r 80 localhost

./datapipe localhost 1234 80

1234

80

Host

Port Hopping-Port Hopping-Client RedirectionClient Redirection

Spork, IIS exploit code on Port 80

<host A>

IIS Port 7070

80

8080C:\fpipe –l 80 –r 7070 <host A>

./datapipe <host A> 80 7070

80

Port Hopping-Port Hopping-Dual RedirectionDual Redirection

fpipe –l 1433 –r 25 <Host C>

Host A Host B Host C Host D

./datapipe 25 1433 <Host D>

SQLFTP+mail

SummarySummary

Host securityHost security Ingress filterIngress filter

Allow what you wantAllow what you want Deny allDeny all

Egress filterEgress filter Proxy firewallProxy firewall

ReferenceReference

RFC 1700RFC 1700