February 5th, 2002, 10:08 PM
I have recently found a tool that you can install on your workstation and manually setup various protocols to be tunnelled through different ports. Confused??
Ill see if I can elaborate. Hypothetically speaking, if your ISP is blocking incoming Netbios, you can set your workstation to accept this Netbios traffic via any port that you specify, like Port 9000. Circumventing rules setup by your ISP.
Does anyone have more information on how this may be a useful tool for malicious use? Keeping in mind that you can only tunnel INCOMING traffic to your workstation.
Another question, is anyone aware of this process, but in reverse. For example, tunnelling OUTBOUND Telnet traffic via http? Im just interested, as if there is, what use would firewalls/access lists be?
Your thought/comments would be appreciated.
[glowpurple]There were so many fewer questions when the stars where still just the holes to heaven - JJ[/glowpurple] [gloworange]I sure could use a vacation from this bull$hit, three ringed circus side show of freaks. - Tool. [/gloworange]
February 5th, 2002, 10:35 PM
There is a problem with this. If your ISP is blocking a port (like NetBIOS) then that traffic will never reach your machine, thus, how can it be tunneled. It is possible to tunnel traffic through different ports, but the hosts on both sides must know about it. In this situation, the ISP may be just filtering based on port number, which is what most do. Therefore you can take netbios and encapslate it in another port (say 1234 for example), which would get through the ISP filter. But, unless the mahine on the other end knows that this traffic coming in on port 1234 is actually netbios and is not listening on port 1234, it is useless.
April 29th, 2002, 06:42 PM
Just read the help files that come with netcat. You gotta love that nifty sweet thing :-)
<--- The data went dataway --->
April 29th, 2002, 06:58 PM
Basically, you could set up a webserver to listen on port 8000. Then, in somones browser, they would type http://www.whatever.com:8000 to connect to you. Or if you moved telnet to 6969, then they would have to know to telnet to that port. So if you ISP turns off incomming port 80, you can move it, but the other end has to know also. That basically describes both sides. You can't say, I want AO to show up at port 7251, because AO has to do it.
Tunnelling outboud telnet via http works if you telnet to port 80 on the remote machine, and they have moved telnet to port 80. That is it. This tool is not used maliciously in any way, and it only works for your machine.
\"Ignorance is bliss....
but only for your enemy\"