Penetration Testing mailing list archives

Re: Connecting to different services with source port 53

From: "Thor (Hammer of God)" <thor () hammerofgod com>
Date: Thu, 23 Jun 2005 10:06:08 -0700

FPipe does indeed work for this kind of thing... While nc allows you tochange the source, it's still the nc client. FPipe allows you to redirectwhatever client you want to...

I use it all the time (well, alot anyway) for terminal services access onsystems where it is not feasible to have the firewall allow only specificclients. In these cases, I further obfuscate TS services by only allowing3389 (or whatever port you change it to) in if it comes from a particularsource port. FPipe allows one to easily set up a secondary relay connectionto a host/port from a specified source port. I've actually been playingaround with all kinds of different services like this, and it's been workingfine. I spend a few minutes in my Blackhat Training talking about this(configuring ISA)- it's kinda cool to further limit access based on sourceaddress, and can easily be batched to simplify client access.


t

------
*Secure your infrastructure*
Microsoft Ninjitsu: Securely Deploying MS Technologies
security training delivered by Timothy Mullen.
Registration now open for Blackhat Vegas 2005:
http://www.blackhat.com/html/bh-usa-05/train-bh-usa-05-tm.html

----- Original Message -----From: "Jacob Weeks" <jaweeks () gmail com>

To: <chris_perst () gmx de>; <pen-test () securityfocus com>
Sent: Thursday, June 23, 2005 6:58 AM
Subject: Re: Connecting to different services with source port 53

just a quick search in google for "telnet source port", came up with
some results.. one being
http://www.foundstone.com/index.htm?subnav=resources/navigation.htm&subcontent=/resources/proddesc/fpipe.htm

havn't tried it, so i can't say for sure it'll work. But that haspotential.


Hope that helps.

On 6/23/05, Christian Perst <chris_perst () gmx de> wrote:

Hi list,

I'm pen-testing a system and with a normal "nmap -sS" I get no
response. If I change the source port I could get through to
the system, as you can see.

21/tcp    open     ftp
80/tcp    open     http
88/tcp    open     kerberos-sec
135/tcp   open     msrpc
389/tcp   open     ldap
443/tcp   open     https
464/tcp   open     kpasswd5
593/tcp   open     http-rpc-epmap
636/tcp   open     ldapssl
1026/tcp  open     LSA-or-nterm
1029/tcp  open     ms-lsa
1033/tcp  open     netinfo
1720/tcp  open     H.323/Q.931
1723/tcp  open     pptp
3268/tcp  open     globalcatLDAP
3269/tcp  open     globalcatLDAPssl
3372/tcp  open     msdtc
3389/tcp  open     ms-term-serv
6101/tcp  open     VeritasBackupExec
6106/tcp  open     isdninfo
8080/tcp  filtered http-proxy
10000/tcp open     snet-sensor-mgmt

Is there a way, how I can establish a connection using source
port 53?

Thanks,
Chris

Current thread:

Connecting to different services with source port 53 Christian Perst (Jun 23)
- Re: Connecting to different services with source port 53 Martin Stöfler (Jun 23)
- Re: Connecting to different services with source port 53 James Bowman Sineath, III (Jun 23)
- Re: Connecting to different services with source port 53 nick johnson (Jun 23)
- Re: Connecting to different services with source port 53 Ron (Jun 23)
- Re: Connecting to different services with source port 53 Jacob Weeks (Jun 23)
  - Re: Connecting to different services with source port 53 David Cravshaw (Jun 23)
  - Re: Connecting to different services with source port 53 Thor (Hammer of God) (Jun 23)
- <Possible follow-ups>
- RE: Connecting to different services with source port 53 Edstrom Johan (Jun 23)
- RE: Connecting to different services with source port 53 David Corn (Jun 23)