Re: ncat tunnelling

[David Fifield <david () bamsoftware com>]

On Mon, Feb 04, 2013 at 03:55:43PM +0000, Darren Martyn wrote:
> So, I spent the last while experimenting with ncat, finding it a
> suitable replacement for the original netcat. However I was wondering if
> it is possible to do something rather unusual.
>
> Lets say Host A, my internet facing server, has SSH open on port 22/TCP
>
> Host B is behind NAT, and a firewall which only allows 53/UDP. Any UDP
> packets will do.
>
> Now, on the server side - Host A, I basically want to setup ncat as a
> listener on 53/UDP, acting as a bidirectional pipe between 22/TCP and
> 53/UDP.
>
> On the client side - Host B, I want to bind a listener to 1337/TCP,
> acting as a proxy that sends all traffic bidirectionally over UDP to
> host A (on 53/UDP).
>
> The reasons for this should be fairly obvious, and I have been using DNS
> tunnels up to now. However a "faster" solution is a UDP tunnel, and I
> was wondering someone could advise me as to the correct way to get this
> working with ncat.
>
> Apologies if this is to the wrong list, I figured it would be best to
> ask the people who develop the software :)
>  
> I have tried using | and > to pipe data, but failed miserably BTW. We
> can also assume both hosts use the latest SVN versions of ncat.

Please show us the commands you are trying to use. Typically you do
something like this with the --sh-exec option.
        ncat -l --udp 53 --sh-exec "ncat localhost 22"
        ncat -l -k 1337 --sh-exec "ncat --udp hosta 53"
I think you're going to run into trouble though, as the UDP listener has
no idea when a stream begins or ends. Different simultaneous
connections, even different connections separated in time, are going to
get confused, unless you find a way to do some kind of a timeout.

David Fifield
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/