Security Basics mailing list archives
RE: How to tweak tools against targets that block ICMP
From: "Demetris Papapetrou" <dpapapetrou () internalaudit gov cy>
Date: Thu, 22 Jul 2010 12:24:13 +0300
Hi, I can think of 4 ways to achieve this. 1) Contact the software developer to make the changes 2) Disassemble the software yourself and patch it (not recommended) 3) Spoof an ICMP echo reply in order to fool the software 4) Follow the procedure below: Let target be: www.xyz.test (10.1.1.1) Insert the following in your hosts file (Linux /etc/hosts & Windows c:\windows\system32\drivers\etc\hosts) 127.0.0.1 www.xyz.test Run a port forwarding tool on your machine. I usually use connect.exe for port forwarding traffic through an HTTP Proxy (you probably don't need the proxying functionality) hxxp://www.taiyo.co.jp/%7Egotoh/ssh/connect.c hxxp://www.taiyo.co.jp/%7Egotoh/ssh/connect.exe connect.exe -p 443 -H My_LAN_Proxy_IP:8080 10.1.1.1 443
Basically this instructs connect.exe to listen to local port 443 for
connections, then connect to the LAN proxy server on port 8080 and from there to xyz's webserver at 10.1.1.1 Now if you open your web client software or browser and visit the URL hxxps://www.xyz.test:443/ the software will first try to resolve the IP address of the target website but will do so by checking the /etc/hosts file first. It will use 127.0.0.1 as the target's IP and Ping your own machine. Upon receiving an ICMP echo reply it will then proceed to connect to port 443 on your machine (127.0.0.1). However, the port forwarding tool is listening on that port for connections and will take over from there. You will probably ask why not just enter hxxps://127.0.0.1:443/ in your web client software and you have to edit your /etc/hosts file. This is because the web client software / browser needs to include the HTTP Host header (Host: www.xyz.test) in its request so as the web server handling the traffic will know which virtual website to serve. If the /etc/hosts trick is not performed then the web client software will ask for Host: 127.0.0.1 and probably receive an error message in reply. Comments: ------------- 1) I downloaded httprecon and ran an analysis on a webserver that does not reply to Pings. The analysis was performed successfully. This was also confirmed by Wireshark which did not capture any ICMP requests / replies. I understand your concern regarding many software out there that send Pings before they do their job and fail miserably if they don't receive a reply, because a came across a few of them myself. 2) The connect.exe tool is probably not the exact software what you need because its main purpose is to do port forwarding via a proxy. However, there are many different port forwarding tools out there that cover what you need. Just Google it. 3) You probably need a port forwarding tool that can keep the listening port persistently open (it does not accept only one connection and then shuts down). I tried netcat on my Windows PC but failed with a connection error msg. Perhaps it works better under Linux. SSH can probably do the trick. Demetris Papapetrou ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- How to tweak tools against targets that block ICMP Jacky Jack (Jul 19)
- Re: How to tweak tools against targets that block ICMP Ansgar Wiechers (Jul 19)
- Re: How to tweak tools against targets that block ICMP Adam Mooz (Jul 19)
- Re: How to tweak tools against targets that block ICMP innate one (Jul 19)
- Re: How to tweak tools against targets that block ICMP Pen Testr (Jul 20)
- Re: How to tweak tools against targets that block ICMP Jacky Jack (Jul 20)
- Re: How to tweak tools against targets that block ICMP Adam Mooz (Jul 19)
- Re: How to tweak tools against targets that block ICMP Jacky Jack (Jul 20)
- Re: How to tweak tools against targets that block ICMP Ansgar Wiechers (Jul 20)
- Re: How to tweak tools against targets that block ICMP Ansgar Wiechers (Jul 19)
- Re: How to tweak tools against targets that block ICMP Naruto Uzumaki (Jul 19)
- RE: How to tweak tools against targets that block ICMP Demetris Papapetrou (Jul 22)
- Re: How to tweak tools against targets that block ICMP Jacky Jack (Jul 22)
- RE: How to tweak tools against targets that block ICMP Demetris Papapetrou (Jul 23)
- Re: How to tweak tools against targets that block ICMP Jacky Jack (Jul 23)