| blackhawk | Date: Tuesday, 2012-02-14, 1:41 PM | Message # 1 |
 Private
Group: Checked
Messages: 15
Awards: 0
Reputation: 0
Status: Offline
| As you probably know, a firewall is nothing more than a prebuilt set of rules that determines what happens on a network, or what did not
happen there. However, if the firewall is poorly implemented or buggy, the override will be a breeze because the filtering rules normally
could become important therefore totally useless.
Set a source port for its connections is one of many methods used to bypass a firewall. In fact, the Firewall check mainly the IP addresses
and source ports and destination ports for each packet sent across the network, which allows to write rules far more easily. There are two
categories of firewall, Stateless and Stateful. The Stateful Firewall, the opposite of Stateless memorize the state of connections
(Connection Request, Connection established ...).
However, certain applications or protocols such as FTP are a real problem for packet filtering. FTP indeed indicates that the server sends
data from its port 20, to a client port. Therefore, if an administrator wants to allow the opportunity for guests to use its network for FTP
clients, it will probably have to allow any packets whose source port is 20.
The attack is to discover the services normally hidden by performing a port scanning by configuring its packets whose source port is 20.
Nmap offers this opportunity through the command option '-g'.
The challenges thereafter, once found an accessible, will ensure that all connections come from source port, providing access to the
machine. In our case, this will be port 20 (Port link up for FTP). For this, different tools are already on the net.
These include, for example, AMP Fund, which is a tool for port forwarding. Indeed, by establishing a "AMP Fund-v-l 8080-s 20-r 80
<IP_Cible>, we bypass the firewall of the remote system, provided that the source port 20 is not filtered. There are also KevProxy, or a
simple "kp 8080 <IP_Cible> 80 20 v" can establish a tunnel to port 80 of the target machine.
Thank you for reading ! =)
|
| |
| |
