Thoughts on tcp packet and udp packet penetration network firewall tracing experiment

Through the httptunnel technology in this article, we can see that network security is unreliable only by some or some of the following methods, at the same time, the blind dependence on the security system often causes huge security risks. It is hoped that this article will cause the Administrator to think about the network security protection system.

What is an http hidden channel?

What is LAN security? How can system administrators ensure LAN security? This is a changing concept of security. For a long period of time, a firewall has been placed in the LAN and the external network to strictly control open ports, to a large extent, you can take the initiative in security to easily control the services that users inside and outside the network can use. For example, if only port 80 and port 53 are opened on the firewall, malicious people inside or outside will not be able to use services that have proved to be dangerous.

However, it should be noted that the firewall is stupid in a sense. Excessive reliance on the firewall by administrators and the resulting slack will inevitably lead to a major security risk, as a proof, the "channel" Technology is a good example, which is also discussed in this article.

So what is a channel? The channel is a communication method that bypasses firewall port shielding. Packets at both ends of the firewall are encapsulated on the data packet type or port allowed by the firewall, and then communicate with the peer end through the firewall. When the encapsulated data packet arrives at the destination, the data packet is restored, and send the restored data packets to the corresponding service. Example:

Host A is protected by the firewall after the firewall. The Access Control Principle configured by the firewall is to allow data access from port 80 only. Host B is open outside the firewall. What should I do if I need to Telnet from system A to system B? Normal telnet is certainly impossible, but we know that only port 80 is available, so using the Httptunnel channel at this time is a good method, the idea is as follows:

Start A tunnel client on machine A and let it listen to an unused arbitrary specified port on the local machine, such as 1234, at the same time, direct the data from Port 1234 to port 80 of the remote machine (B) (note that port 80 is allowed by the firewall), and then start a server on machine B, it is also attached to port 80, and the port 80 is forwarded from the client to the local telnet service port 23, so that it is OK. Now telnet the local port 1234 on machine A. According to the preceding settings, the data packet will be forwarded to the machine B with the target port 80, because the firewall allows data through port 80, as a result, data packets pass through the firewall smoothly and reach machine B. In this case, the process listening on port 80 receives A packet from A, restores the packet, and returns it to the telnet process. When the data packet needs to be returned from B to A, it will be sent back from port 80, and it can also pass through the firewall smoothly.

In fact, the concept of tunnel has been generated for a long time, and it is likely that readers have used similar technology, such as the following URL http://www.http-tunnel.com. It is a professional tunnel service company, through their online tunnel server, LAN users can use the firewall blocked ICQ, E-MAIL, pcanywhere, AIM, MSN, Yahoo, morpheus, Napster, and many other software