Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Firewalls
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Remotecontrol pc behind nat

from [Luis Lopez Sanchez] Network Security [Permanent Link]
Subject: RE: Remotecontrol pc behind nat
Date: Fri, 11 May 2007 11:41:04 +0200 
Please, glance at http://www.stunnel.org/ . This is an Open Source initiative 
to perform SSL tunnels (VPN-SSL).

Whith this solution, you will can open a https (SSL) connection from internet 
to firewalled https services behind the wall. 

This solutions works if your firewall hasn't any 'anti-ssl' tunnels controls. 
You will need install the stunnel client in the internet client system and the 
stunnel server in the protected host where the https connection is permitted. 
When the tunnel are open and stablished you can use whatever protocol inside, 
such as RDP or VNC to control remotely the firewalled https host. 

You have a lot of commercial solutions from the majors vendors also (some 
examples: Cisco ASA, Juniper SSL solutions -formerly IVE Neoteris- and F5 
FirePass).

... But thinking about it carefully, all this smell like if you was trying to 
cheat an explicit firewall rule ... Why? This is not a good practice !!! Be 
carefull.

Regards,

--
Luislo 

pub  1024D/8A688104 1999/07/28 Luis Lopez luis.lopez@atosorigin.com
Key fingerprint = 550F 3545 C847 F61E 821C 3D8C 1A12 2C19  8A68 8104

"These are the thoughts and opinions of Luis Lopez, and does not represent Atos 
Origin company policy."

"Estos son los pensamientos y las opiniones de Luis Lopez, y no representan la 
política de compañía de Atos Origin."


-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com] On 
Behalf Of joseph
Sent: miércoles, 09 de mayo de 2007 21:51
To: Ralph Forsythe
Cc: Safe Packet; firewalls@securityfocus.com; 
firewalls-return-5517-joeml=securesoftware.ca@securityfocus.com
Subject: Re: Remotecontrol pc behind nat


One think I do, is went IPv6. If you have a IPv6 internet connection (or get a 
free connection via freenet6.org project) you just connection to your machine.

You can create IPv6-IPv4 NAT Traversing and now your home machine has a routed 
IPv6 address!



On Mon, 27 Nov 2006, Ralph Forsythe wrote:


Why not just use remote desktop (aka terminal services), and have it listen 
on a different port?  This web article shows you how to change the port 
setting:
http://support.microsoft.com/kb/187623

It defaults to 3389, but there is no reason you can't put it on 80, 443, or 
21 as long as there aren't other services already listening on them.

Be smart about it though, don't get owned!  Keep the box patched and user 
accounts locked down with strong passwords, especially since you can't 
restrict the source IP's that will connect from the firewall.  Expect that 
you will get scanned, and someone will try and break their way in.


Cheers,
- Ralph

On Tue, 28 Nov 2006, Safe Packet wrote:


Hi list ,

I have a requirement where in I want to remotely control a windows machine
from internet which is behind a firewall and has a natted ip. The firewall
has a public ip configured on its untrusted interface and it has http, 
https
and ftp ports open. The restriction here is that with out making any 
changes
to the existing firewall and nat configuration this has to be achieved? Is
this possible  ?Any suggestions will be appreciated.

I know a package from ultra vnc (NAT2NAT plug-in) which can do this but
unfortunately vnc port is also blocked in my case.

Thanks in advance





-- 
Joseph Renda <Joseph@Renda.CA>


------------------------------------------------------------------
This e-mail and the documents attached are confidential and intended solely
for the addressee; it may also be privileged. If you receive this e-mail
in error, please notify the sender immediately and destroy it.
As its integrity cannot be secured on the Internet, the Atos Origin group
liability cannot be triggered for the message content. Although the
sender endeavours to maintain a computer virus-free network, the sender does
not warrant that this transmission is virus-free and will not be liable for
any damages resulting from any virus transmitted.

Este mensaje y los ficheros adjuntos pueden contener informacion
confidencial destinada solamente a la(s) persona(s) mencionadas
anteriormente. Pueden estar protegidos por secreto profesional Si usted
recibe este correo electronico por error, gracias de informar inmediatamente
al remitente y destruir el mensaje.
Al no estar asegurada la integridad de este mensaje sobre la red, Atos
Origin no se hace responsable por su contenido. Su contenido no constituye
ningun compromiso para el grupo Atos Origin, salvo ratificacion escrita por
ambas partes.
Aunque se esfuerza al maximo por mantener su red libre de virus, el emisor
no puede garantizar nada al respecto y no sera responsable de cualesquiera
danos que puedan resultar de una transmision de virus
------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Remotecontrol pc behind nat, joseph
Next by Date:  Re: Remotecontrol pc behind nat, Fabio Fagundes
Previous by Thread:  Re: Remotecontrol pc behind nat, joseph
Next by Thread:  Re: Remotecontrol pc behind nat, Fabio Fagundes
Indexes:  [Date] [Thread] [Top] [All Lists]