Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information Networking Security and Assurance Lab National Chung Cheng University Anti-hacker Tool Kit: CH13 Port Redirection Jared 04/03/31.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "Information Networking Security and Assurance Lab National Chung Cheng University Anti-hacker Tool Kit: CH13 Port Redirection Jared 04/03/31."— Presentation transcript:

1 Information Networking Security and Assurance Lab National Chung Cheng University Anti-hacker Tool Kit: CH13 Port Redirection Jared 04/03/31

2 Information Networking Security and Assurance Lab National Chung Cheng University 2 Agenda Introduction Datapipe FPipe Case Study: Port Hopping Case Study: Packet Filters, Ports, and Problems Conclusion Reference

3 Information Networking Security and Assurance Lab National Chung Cheng University 3 Introduction Port  For a packet to reach its destination, it must have a destination IP address and a destination port.  TCP/IP allows 16-bit port numbers.  Well-known port number: 0~1023 The Well Known Ports are controlled and assigned by the IANA and on most systems can only be used by system (or root) processes or by programs executed by privileged users.  Registered port number:1024~65535 The Registered Ports are not controlled by the IANA and on most systems can be used by ordinary user processes or programs executed by ordinary users. ms-sql-s 1433/tcp Microsoft-SQL-Server ms-sql-s 1433/udp Microsoft-SQL-Server

4 Information Networking Security and Assurance Lab National Chung Cheng University 4 netstat

5 Information Networking Security and Assurance Lab National Chung Cheng University 5 datapipe A port redirection tool passes TCP/IP traffic received by the tool on one port to another port to which the tool points. Port redirection is protocol ignorant Neither a client nor a server

6 Information Networking Security and Assurance Lab National Chung Cheng University 6 datapipe

7 Information Networking Security and Assurance Lab National Chung Cheng University 7

8 Information Networking Security and Assurance Lab National Chung Cheng University 8 protocol ignorant

9 Information Networking Security and Assurance Lab National Chung Cheng University 9 FPipe  By Foundstone  Implement port redirection techniques natively in Windows  Adds User Datagram Protocol (UDP) and outbound source port number support, which datapipe lacks

10 Information Networking Security and Assurance Lab National Chung Cheng University 10 FPipe (cont.)

11 Information Networking Security and Assurance Lab National Chung Cheng University 11

12 Information Networking Security and Assurance Lab National Chung Cheng University 12 Case Study: Port Hopping Local Redirection Client Redirection Dual Redirection

13 Information Networking Security and Assurance Lab National Chung Cheng University 13 Case Study: Port Hopping Local Redirection  C:\>fpipe –l 22 –r 3389 localhost  $./datapipe localhost 3389 33

14 Information Networking Security and Assurance Lab National Chung Cheng University 14 Case Study: Port Hopping (cont.) Client Redirection IIS server running on port 7070 C:\>fpipe.exe –l 80 –r 7070 www.target.com C:\>spork localhost spork “spork” is IIS exploit code written to run against port 80

15 Information Networking Security and Assurance Lab National Chung Cheng University 15 Case Study: Port Hopping (cont.) Dual Redirection ABCD C:\>fpipe –l 1433 –r 80 $./datapipe 80 1433

16 Information Networking Security and Assurance Lab National Chung Cheng University 16 Case Study: Packet Filters, Ports, and Problems Basic packet filters allow or deny traffic based on IP addresses and port numbers.  Linux’s ipchains and Cisco routers Source IP address Source port Destination IP address Destination port Source-port problems  ftp data connection  DNS Use FPipe’s outbound source port option (-s)  C:\>fpipe –l 3389 –r 3389 –s 20 192.168.0.116

17 Information Networking Security and Assurance Lab National Chung Cheng University 17 Case Study: Packet Filters, Ports, and Problems (cont.) Blocking Port Redirection  Host security command-line access Patch, configure, verify  Ingress filters “DENY ALL”  Egress filters Web server

18 Information Networking Security and Assurance Lab National Chung Cheng University 18 Conclusion Ports are used in the TCP to name the ends of logical connections. The port redirection tool is neither a client nor a server. It functions as a conduit for TCP/IP connections, not an end point. A firewall or router access control list should be defined as detail as possible.

19 Information Networking Security and Assurance Lab National Chung Cheng University 19 Reference DATAPIPE http://cvs.sourceforge.net/viewcvs.py/synce/ htdocs/datapipe.c http://cvs.sourceforge.net/viewcvs.py/synce/ htdocs/datapipe.c Foundstone http://www.foundstone.com/ http://www.foundstone.com/ RFC 1700 ASSIGNED NUMBERS http://www.ietf.org/rfc/rfc1700.txt?number =1700 http://www.ietf.org/rfc/rfc1700.txt?number =1700

Download ppt "Information Networking Security and Assurance Lab National Chung Cheng University Anti-hacker Tool Kit: CH13 Port Redirection Jared 04/03/31."

Similar presentations

1 Ports and IPv6. 2 Ports Transmission Control Protocol (TCP) or the User Datagram Protocol (UDP), used for communication Generally speaking, a computer.

1 Ports and IPv6. 2 Ports Transmission Control Protocol (TCP) or the User Datagram Protocol (UDP), used for communication Generally speaking, a computer.
Chapter 7: Transport Layer

Chapter 7: Transport Layer
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 7: Transport Layer Introduction to Networking.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 7: Transport Layer Introduction to Networking.
© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—4-1 Managing IP Traffic with ACLs Introducing ACLs.

© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—4-1 Managing IP Traffic with ACLs Introducing ACLs.
© 2007 Cisco Systems, Inc. All rights reserved.ICND2 v1.0—6-1 Access Control Lists Introducing ACL Operation.

© 2007 Cisco Systems, Inc. All rights reserved.ICND2 v1.0—6-1 Access Control Lists Introducing ACL Operation.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Network Services Networking for Home and Small Businesses – Chapter 6.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Network Services Networking for Home and Small Businesses – Chapter 6.
CCNA 1 v3.1 Module 11 Review.

CCNA 1 v3.1 Module 11 Review.
Introduction to Transport Layer. Transport Layer: Motivation A B R1 R2 r Recall that NL is responsible for forwarding a packet from one HOST to another.

Introduction to Transport Layer. Transport Layer: Motivation A B R1 R2 r Recall that NL is responsible for forwarding a packet from one HOST to another.
1 Some TCP/IP Basics....NFSDNSTELNETSMTPFTP UDPTCP IP and ICMP Ethernet, serial line,..etc. Application Layer Transport Layer Network Layer Low-level &

1 Some TCP/IP Basics....NFSDNSTELNETSMTPFTP UDPTCP IP and ICMP Ethernet, serial line,..etc. Application Layer Transport Layer Network Layer Low-level &
TCP/IP Network and Firewall. IP Packet Protocol  1 ICMP packet  6 TCP packet  17 UDP packet.

TCP/IP Network and Firewall. IP Packet Protocol  1 ICMP packet  6 TCP packet  17 UDP packet.
1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 1 v3.0 Module 11 TCP/IP Transport and Application Layers.

1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 1 v3.0 Module 11 TCP/IP Transport and Application Layers.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
Controls. Chapter 9: Identifying and Analyzing Risk Mitigation Controls.

Controls. Chapter 9: Identifying and Analyzing Risk Mitigation Controls.
Anti-Hacker Tool Kit Chapter 13 Port Redirection Roy Chang Information Networking Security and Assurance LAB Department of Communications Engineering National.

Anti-Hacker Tool Kit Chapter 13 Port Redirection Roy Chang Information Networking Security and Assurance LAB Department of Communications Engineering National.
TCP/IP Tools Lesson 5. Objectives Skills/ConceptsObjective Domain Description Objective Domain Number Using basic TCP/IP commands Understanding TCP/IP3.6.

TCP/IP Tools Lesson 5. Objectives Skills/ConceptsObjective Domain Description Objective Domain Number Using basic TCP/IP commands Understanding TCP/IP3.6.
1 Enabling Secure Internet Access with ISA Server.

1 Enabling Secure Internet Access with ISA Server.
Firewalls CS158B Don Tran. What is a Firewall? A firewall can be a program or a device that controls access to a network.

Firewalls CS158B Don Tran. What is a Firewall? A firewall can be a program or a device that controls access to a network.
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.

CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
1 Figure 5-4: Drivers of Performance Requirements: Traffic Volume and Complexity of Filtering Performance Requirements Traffic Volume (Packets per Second)

1 Figure 5-4: Drivers of Performance Requirements: Traffic Volume and Complexity of Filtering Performance Requirements Traffic Volume (Packets per Second)
1 ISA Server 2004 Installation & Configuration Overview By Nicholas Quinn.

1 ISA Server 2004 Installation & Configuration Overview By Nicholas Quinn.

Similar presentations

Ads by Google