Penetration Testing mailing list archives
Re: Connecting to different services with source port 53
From: "Thor (Hammer of God)" <thor () hammerofgod com>
Date: Thu, 23 Jun 2005 10:06:08 -0700
FPipe does indeed work for this kind of thing... While nc allows you to change the source, it's still the nc client. FPipe allows you to redirect whatever client you want to...
I use it all the time (well, alot anyway) for terminal services access on systems where it is not feasible to have the firewall allow only specific clients. In these cases, I further obfuscate TS services by only allowing 3389 (or whatever port you change it to) in if it comes from a particular source port. FPipe allows one to easily set up a secondary relay connection to a host/port from a specified source port. I've actually been playing around with all kinds of different services like this, and it's been working fine. I spend a few minutes in my Blackhat Training talking about this (configuring ISA)- it's kinda cool to further limit access based on source address, and can easily be batched to simplify client access.
t ------ *Secure your infrastructure* Microsoft Ninjitsu: Securely Deploying MS Technologies security training delivered by Timothy Mullen. Registration now open for Blackhat Vegas 2005: http://www.blackhat.com/html/bh-usa-05/train-bh-usa-05-tm.html----- Original Message ----- From: "Jacob Weeks" <jaweeks () gmail com>
To: <chris_perst () gmx de>; <pen-test () securityfocus com> Sent: Thursday, June 23, 2005 6:58 AM Subject: Re: Connecting to different services with source port 53 just a quick search in google for "telnet source port", came up with some results.. one being http://www.foundstone.com/index.htm?subnav=resources/navigation.htm&subcontent=/resources/proddesc/fpipe.htmhavn't tried it, so i can't say for sure it'll work. But that has potential.
Hope that helps. On 6/23/05, Christian Perst <chris_perst () gmx de> wrote:
Hi list, I'm pen-testing a system and with a normal "nmap -sS" I get no response. If I change the source port I could get through to the system, as you can see. 21/tcp open ftp 80/tcp open http 88/tcp open kerberos-sec 135/tcp open msrpc 389/tcp open ldap 443/tcp open https 464/tcp open kpasswd5 593/tcp open http-rpc-epmap 636/tcp open ldapssl 1026/tcp open LSA-or-nterm 1029/tcp open ms-lsa 1033/tcp open netinfo 1720/tcp open H.323/Q.931 1723/tcp open pptp 3268/tcp open globalcatLDAP 3269/tcp open globalcatLDAPssl 3372/tcp open msdtc 3389/tcp open ms-term-serv 6101/tcp open VeritasBackupExec 6106/tcp open isdninfo 8080/tcp filtered http-proxy 10000/tcp open snet-sensor-mgmt Is there a way, how I can establish a connection using source port 53? Thanks, Chris
Current thread:
- Connecting to different services with source port 53 Christian Perst (Jun 23)
- Re: Connecting to different services with source port 53 Martin Stöfler (Jun 23)
- Re: Connecting to different services with source port 53 James Bowman Sineath, III (Jun 23)
- Re: Connecting to different services with source port 53 nick johnson (Jun 23)
- Re: Connecting to different services with source port 53 Ron (Jun 23)
- Re: Connecting to different services with source port 53 Jacob Weeks (Jun 23)
- Re: Connecting to different services with source port 53 David Cravshaw (Jun 23)
- Re: Connecting to different services with source port 53 Thor (Hammer of God) (Jun 23)
- <Possible follow-ups>
- RE: Connecting to different services with source port 53 Edstrom Johan (Jun 23)
- RE: Connecting to different services with source port 53 David Corn (Jun 23)