Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Connecting to different services with source port 53

from [Thor (Hammer of God)] Network Security [Permanent Link]
Subject: Re: Connecting to different services with source port 53
Date: Thu, 23 Jun 2005 10:06:08 -0700
FPipe does indeed work for this kind of thing... While nc allows you to change the source, it's still the nc client. FPipe allows you to redirect whatever client you want to...

I use it all the time (well, alot anyway) for terminal services access on systems where it is not feasible to have the firewall allow only specific clients. In these cases, I further obfuscate TS services by only allowing 3389 (or whatever port you change it to) in if it comes from a particular source port. FPipe allows one to easily set up a secondary relay connection to a host/port from a specified source port. I've actually been playing around with all kinds of different services like this, and it's been working fine. I spend a few minutes in my Blackhat Training talking about this (configuring ISA)- it's kinda cool to further limit access based on source address, and can easily be batched to simplify client access.

t

------
*Secure your infrastructure*
Microsoft Ninjitsu: Securely Deploying MS Technologies
security training delivered by Timothy Mullen.
Registration now open for Blackhat Vegas 2005:
http://www.blackhat.com/html/bh-usa-05/train-bh-usa-05-tm.html





----- Original Message ----- From: "Jacob Weeks" <jaweeks@gmail.com>
To: <chris_perst@gmx.de>; <pen-test@securityfocus.com>
Sent: Thursday, June 23, 2005 6:58 AM
Subject: Re: Connecting to different services with source port 53


just a quick search in google for "telnet source port", came up with
some results.. one being
http://www.foundstone.com/index.htm?subnav=resources/navigation.htm&subcontent=/resources/proddesc/fpipe.htm

havn't tried it, so i can't say for sure it'll work. But that has potential.

Hope that helps.

On 6/23/05, Christian Perst <chris_perst@gmx.de> wrote: 
Hi list,

I'm pen-testing a system and with a normal "nmap -sS" I get no
response. If I change the source port I could get through to
the system, as you can see.

21/tcp    open     ftp
80/tcp    open     http
88/tcp    open     kerberos-sec
135/tcp   open     msrpc
389/tcp   open     ldap
443/tcp   open     https
464/tcp   open     kpasswd5
593/tcp   open     http-rpc-epmap
636/tcp   open     ldapssl
1026/tcp  open     LSA-or-nterm
1029/tcp  open     ms-lsa
1033/tcp  open     netinfo
1720/tcp  open     H.323/Q.931
1723/tcp  open     pptp
3268/tcp  open     globalcatLDAP
3269/tcp  open     globalcatLDAPssl
3372/tcp  open     msdtc
3389/tcp  open     ms-term-serv
6101/tcp  open     VeritasBackupExec
6106/tcp  open     isdninfo
8080/tcp  filtered http-proxy
10000/tcp open     snet-sensor-mgmt

Is there a way, how I can establish a connection using source
port 53?

Thanks,
Chris



[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Connecting to different services with source port 53, David Corn
Next by Date:  Re: TFTP and XP_CMDSHELL - Weird, Javier Fernandez-Sanguino
Previous by Thread:  Re: Connecting to different services with source port 53, David Cravshaw
Next by Thread:  RE: Connecting to different services with source port 53, Edstrom Johan
Indexes:  [Date] [Thread] [Top] [All Lists]