Information Networking Security and Assurance Lab National Chung Cheng University Anti-hacker Tool Kit: CH13 Port Redirection Jared 04/03/31.

Slides:



Advertisements
Similar presentations
1 Ports and IPv6. 2 Ports Transmission Control Protocol (TCP) or the User Datagram Protocol (UDP), used for communication Generally speaking, a computer.
Advertisements

Chapter 7: Transport Layer
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 7: Transport Layer Introduction to Networking.
© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—4-1 Managing IP Traffic with ACLs Introducing ACLs.
© 2007 Cisco Systems, Inc. All rights reserved.ICND2 v1.0—6-1 Access Control Lists Introducing ACL Operation.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Network Services Networking for Home and Small Businesses – Chapter 6.
CCNA 1 v3.1 Module 11 Review.
Introduction to Transport Layer. Transport Layer: Motivation A B R1 R2 r Recall that NL is responsible for forwarding a packet from one HOST to another.
1 Some TCP/IP Basics....NFSDNSTELNETSMTPFTP UDPTCP IP and ICMP Ethernet, serial line,..etc. Application Layer Transport Layer Network Layer Low-level &
TCP/IP Network and Firewall. IP Packet Protocol  1 ICMP packet  6 TCP packet  17 UDP packet.
1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 1 v3.0 Module 11 TCP/IP Transport and Application Layers.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
Controls. Chapter 9: Identifying and Analyzing Risk Mitigation Controls.
Anti-Hacker Tool Kit Chapter 13 Port Redirection Roy Chang Information Networking Security and Assurance LAB Department of Communications Engineering National.
TCP/IP Tools Lesson 5. Objectives Skills/ConceptsObjective Domain Description Objective Domain Number Using basic TCP/IP commands Understanding TCP/IP3.6.
1 Enabling Secure Internet Access with ISA Server.
Firewalls CS158B Don Tran. What is a Firewall? A firewall can be a program or a device that controls access to a network.
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
1 Figure 5-4: Drivers of Performance Requirements: Traffic Volume and Complexity of Filtering Performance Requirements Traffic Volume (Packets per Second)
1 ISA Server 2004 Installation & Configuration Overview By Nicholas Quinn.
Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.
Firewall and Internet Access Mechanism that control (1)Internet access, (2)Handle the problem of screening a particular network or an organization from.
Chabot College ELEC Ports (Layer 4).
This courseware is copyrighted © 2015 gtslearning. No part of this courseware or any training material supplied by gtslearning International Limited to.
SECURITY ZONES. Security Zones  A security zone is a logical grouping of resources, such as systems, networks, or processes, that are similar in the.
Access Control List (ACL)
1 © 2004, Cisco Systems, Inc. All rights reserved. Chapter 9 Intermediate TCP/IP/ Access Control Lists (ACLs)
1 Chapter 7: NAT in Internet and Intranet Designs Designs That Include NAT Essential NAT Design Concepts Data Protection in NAT Designs NAT Design Optimization.
11 TRANSPORT LAYER PROTOCOLS Chapter 6 TCP and UDP SPX and NCP.
CCNA 1 v3.0 Module 11 TCP/IP Transport and Application Layers.
Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.
© 2006 Cisco Systems, Inc. All rights reserved. Cisco IOS Threat Defense Features.
Page 1 Access Lists Lecture 7 Hassan Shuja 04/25/2006.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Filtering Traffic Using Access Control Lists Introducing Routing and Switching.
Packet Filtering COMP 423. Packets packets datagram To understand how firewalls work, you must first understand packets. Packets are discrete blocks of.
Verify that timestamps for debugging and logging messages has been enabled. Verify the severity level of events that are being captured. Verify that the.
Networking in Linux. ♦ Introduction A computer network is defined as a number of systems that are connected to each other and exchange information across.
1 Network Firewalls CSCI Web Security Spring 2003 Presented By Yasir Zahur.
Firewalls and proxies Unit objectives
ACCESS CONTROL LIST.
Tracking Rejected Traffic.  When creating Cisco router access lists, one of the greatest downfalls of the log keyword is that it only records matches.
Firewalls2 By using a firewall: We can disable a service by throwing out packets whose source or destination port is the port number for that service.
TCP and UDP Ports. 1.The TCP part of TCP/IP stands for Transmission Control Protocol, and it is a reliable transport-oriented way for information to be.
Firewalls A brief introduction to firewalls. What does a Firewall do? Firewalls are essential tools in managing and controlling network traffic Firewalls.
Access Control List (ACL) W.lilakiatsakun. Transport Layer Review (1) TCP (Transmission Control Protocol) – HTTP (Web) – SMTP (Mail) UDP (User Datagram.
“ is not to be used to pass on information or data. It should used only for company business!” – Memo from IBM Executive The Languages, Methods &
© 2002, Cisco Systems, Inc. All rights reserved..
Computer Network Architecture Lecture 7: OSI Model Layers Examples II 1 26/12/2012.
Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.
Chapter 8.  Upon completion of this chapter, you should be able to:  Understand the purpose of a firewall  Name two types of firewalls  Identify common.
© 2001, Cisco Systems, Inc. CSPFA 2.0—5-1 Chapter 5 Cisco PIX Firewall Translations.
Polytechnic University Firewall and Trusted Systems Presented by, Lekshmi. V. S cos
Understand IPv6 Part 2 LESSON 3.3_B Networking Fundamentals.
Chapter 7: Transport Layer
Port Scanning James Tate II
Accessing the WAN – Chapter 5
Instructor Materials Chapter 9: Testing and Troubleshooting
Firewall – Survey Purpose of a Firewall Characteristic of a firewall
Accessing the WAN – Chapter 5
Accessing the WAN – Chapter 5
Chapter 4: Access Control Lists (ACLs)
Lecture # 7 Firewalls الجدر النارية. Lecture # 7 Firewalls الجدر النارية.
Digital Pacman: Firewall Edition
Access Control Lists CCNA 2 v3 – Module 11
Firewalls Purpose of a Firewall Characteristic of a firewall
CS580 Special Project: IOS Firewall Setup using CISCO 1600 router
Firewalls Jiang Long Spring 2002.
Firewalls.
Access Control Lists (ACLs)
46 to 1500 bytes TYPE CODE CHECKSUM IDENTIFIER SEQUENCE NUMBER OPTIONAL DATA ICMP Echo message.
Presentation transcript:

Information Networking Security and Assurance Lab National Chung Cheng University Anti-hacker Tool Kit: CH13 Port Redirection Jared 04/03/31

Information Networking Security and Assurance Lab National Chung Cheng University 2 Agenda Introduction Datapipe FPipe Case Study: Port Hopping Case Study: Packet Filters, Ports, and Problems Conclusion Reference

Information Networking Security and Assurance Lab National Chung Cheng University 3 Introduction Port  For a packet to reach its destination, it must have a destination IP address and a destination port.  TCP/IP allows 16-bit port numbers.  Well-known port number: 0~1023 The Well Known Ports are controlled and assigned by the IANA and on most systems can only be used by system (or root) processes or by programs executed by privileged users.  Registered port number:1024~65535 The Registered Ports are not controlled by the IANA and on most systems can be used by ordinary user processes or programs executed by ordinary users. ms-sql-s 1433/tcp Microsoft-SQL-Server ms-sql-s 1433/udp Microsoft-SQL-Server

Information Networking Security and Assurance Lab National Chung Cheng University 4 netstat

Information Networking Security and Assurance Lab National Chung Cheng University 5 datapipe A port redirection tool passes TCP/IP traffic received by the tool on one port to another port to which the tool points. Port redirection is protocol ignorant Neither a client nor a server

Information Networking Security and Assurance Lab National Chung Cheng University 6 datapipe

Information Networking Security and Assurance Lab National Chung Cheng University 7

Information Networking Security and Assurance Lab National Chung Cheng University 8 protocol ignorant

Information Networking Security and Assurance Lab National Chung Cheng University 9 FPipe  By Foundstone  Implement port redirection techniques natively in Windows  Adds User Datagram Protocol (UDP) and outbound source port number support, which datapipe lacks

Information Networking Security and Assurance Lab National Chung Cheng University 10 FPipe (cont.)

Information Networking Security and Assurance Lab National Chung Cheng University 11

Information Networking Security and Assurance Lab National Chung Cheng University 12 Case Study: Port Hopping Local Redirection Client Redirection Dual Redirection

Information Networking Security and Assurance Lab National Chung Cheng University 13 Case Study: Port Hopping Local Redirection  C:\>fpipe –l 22 –r 3389 localhost  $./datapipe localhost

Information Networking Security and Assurance Lab National Chung Cheng University 14 Case Study: Port Hopping (cont.) Client Redirection IIS server running on port 7070 C:\>fpipe.exe –l 80 –r C:\>spork localhost spork “spork” is IIS exploit code written to run against port 80

Information Networking Security and Assurance Lab National Chung Cheng University 15 Case Study: Port Hopping (cont.) Dual Redirection ABCD C:\>fpipe –l 1433 –r 80 $./datapipe

Information Networking Security and Assurance Lab National Chung Cheng University 16 Case Study: Packet Filters, Ports, and Problems Basic packet filters allow or deny traffic based on IP addresses and port numbers.  Linux’s ipchains and Cisco routers Source IP address Source port Destination IP address Destination port Source-port problems  ftp data connection  DNS Use FPipe’s outbound source port option (-s)  C:\>fpipe –l 3389 –r 3389 –s

Information Networking Security and Assurance Lab National Chung Cheng University 17 Case Study: Packet Filters, Ports, and Problems (cont.) Blocking Port Redirection  Host security command-line access Patch, configure, verify  Ingress filters “DENY ALL”  Egress filters Web server

Information Networking Security and Assurance Lab National Chung Cheng University 18 Conclusion Ports are used in the TCP to name the ends of logical connections. The port redirection tool is neither a client nor a server. It functions as a conduit for TCP/IP connections, not an end point. A firewall or router access control list should be defined as detail as possible.

Information Networking Security and Assurance Lab National Chung Cheng University 19 Reference DATAPIPE htdocs/datapipe.c htdocs/datapipe.c Foundstone RFC 1700 ASSIGNED NUMBERS = =1700

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.