How to make TCP packets and UDP packets penetrate the firewall

Through the Httptunnel technology of this paper, while escaping the shield of firewall and the tracking test of the system, we can see that the network security depends only on some or some means is unreliable, while the blind dependence on the safety system often causes huge security hidden trouble. It is hoped that this paper can arouse the administrator's thinking on the network security protection system.

What is an HTTP hidden channel

What is LAN security, how can the system administrator ensure the security of LAN? This is a constantly changing concept of security, for a long period of time, in the LAN and the outside world to place a firewall, strict control of the open port, you can master the security initiative to a large extent, easy to control the network and other users can use the service. For example, only 80, 532 ports are open on the firewall, and malicious people, both inside and outside, will not be able to use some of the services that have proved more dangerous.

However, it should be noted that the firewall in a sense is very stupid, the administrator of the firewall and the excessive reliance on the resulting slack will inevitably form a major security risks, as a proof, "channel" technology is a good example, this article is to discuss.

So what is a channel? The so-called channel here refers to a way of communicating around the firewall port shielding. Packets at both ends of the firewall are encapsulated in the packet type or port allowed by the firewall, and then through the firewall and the End-to-end communication, when the encapsulated packets arrive at their destination, the packets are restored and the restored packets are delivered to the corresponding service. Examples are as follows:

A host system after the firewall, protected by the firewall, firewall configuration access control principle is to allow only 80 port data access, B host system outside the firewall, is open. Now suppose you need to go from system A to Telnet to B. Using normal Telnet is certainly not possible, but we know that only 80 ports are available, so this time using the Httptunnel channel is a good idea, as follows:

On the A machine, a tunnel client side is allowed to listen for an unused, arbitrary port on this machine, such as 1234, while directing data from Port 1234 to the 80 port on the remote (b-Machine) (note, 80 ports, firewall allowed to pass), Then a server on the B-machine, also hooked on port 80, also directs 80 ports from the client forward to the local Telnet service port 23, so OK. Now on the a machine Telnet native port 1234, according to the packet will be forwarded to the target port 80 of the B-machine, because the firewall allows the data through 80 ports, so the packet flow through the firewall, to B machine. At this point, the B-machine is listening on the 80-port process received packets from a, the packet will be restored, and then returned to the Telnet process. When the packet needs to be returned from B to a, it will be loopback by 80 ports, which can also pass through the firewall smoothly.

In fact, the concept of tunnel has been in effect for a long time, and it is likely that readers have used similar techniques, such as the following URL http://www.http-tunnel.com. It is a professional provider of tunnel services, through their online tunnel server, users in the LAN can use the firewall screen icq,e-mail,pcanywhere, aim,msn, Yahoo,morpheus, Napster and so on a lot of software. We see that there are icq,napster and other software, I believe that many of our readers have used the ICQ,OICQ of the proxy and so on, in fact, they are the same principle.

What is Httptunnel

As a practical example, we introduce a channel software used in "Non-public domain", httptunnel. On the Httptunnel home page (see Resources), there is one end to this conversation,

Httptunnel creates a bidirectional virtual data connection tunnelled in HTTP requests. The HTTP requests can be sent via a HTTP proxy if so desired.

This can is useful for users behind restrictive firewalls. If WWW access is allowed through a HTTP proxy, it's possible to use Httptunnel and, say, Telnet or PPP to connect to a COM Puter outside the firewall.

From this note we can see that it is a proof of the tunnel technology that we are going to introduce today, and we'll give you a general introduction to its use.

Httptunnel's current relatively stable version is 3.0.5, which supports a wide variety of common UNIX systems, including window platforms. It can be downloaded from the relevant site (see Resources), its installation is relatively simple, as install file to do it, not described here.

After installing the entire software, we will get two key files, HTC and Hts, where HTC is the client (c), and HTS is the server (s) end, let's look at how to use it specifically.

Suppose there is a (domain name client.yiming.com) machine, B (domain server.yiming.com) machine, two machines are Solaris environment, a machine in the firewall protection, B machine outside the firewall, the firewall administrator control access rules, only allow 80 and 53 ports for incoming and outgoing packets. And our task is to use Httptunnel from a machine to telnet to B machine, through the restrictions of the firewall. The operation is as follows:

First we start the client side on a, and the command is simple:

Client.yiming.com#htc-f 1234 server.yiming.com:80,

The system is back at the prompt, and now we can see the 1234-port interception in the system with Netstat-an.

*.1234 *.* 0 0 0 0 LISTEN