HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 26 guests online
 
Advertisement

You are here: Home arrow Ethical Hacking Discussions and Related Certificationsarrow Network Pen Testingarrow Linux port redirect
EH-Net
May 24, 2013, 07:31:21 PM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Go back to The Ethical Hacker Network Online Magazine Home Page
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: Linux port redirect  (Read 6653 times)
0 Members and 1 Guest are viewing this topic.
BillV
Hero Member
*****
Offline Offline

Posts: 1892


View Profile WWW
« on: April 10, 2007, 08:52:22 PM »
Hey guys, for the life of me I can't remember the port redirect tool for linux systems....

What I have is a DNS server that can't get the responses back out to the person making the query. I think it's my ISP blocking it (though they say they aren't). See full story at linuxquestions.org.

I need to accept queries on 53 and then send the reply back out a different port.. at least just to be sure that they are in fact blocking it, or that it's somehow something on my end. If anyone has any suggestions.. feel free to shout as I've been fighting with this for a couple weeks now.

Thanks Smiley
Logged
jimbob
Guest
« Reply #1 on: April 11, 2007, 01:51:07 AM »
Hi,
There are various programs out there that will do this. You'll find many examples like the one for TCP....

http://packetstormsecurity.org/Exploit_Code_Archive/datapipe.c

You can also use OpenSSH to do port forwarding with the added benefit of encryption. Check the SSH man page for the -L and -R flags

$ ssh -L 53:<dns_server>:53 <your_box>

This is OK if you just need to forward to a single DNS server but if you need to forward DNS requests to multiple servers consider using a DNS proxy.

Jimbob
Logged
Craig
EH-Net Columnist
Jr. Member
*****
Offline Offline

Posts: 69


View Profile WWW
« Reply #2 on: April 11, 2007, 08:15:29 AM »
If the issue is that your ISP is blocking, then they are probably blocking the incoming connections to the DNS server rather than outbound traffic from the server. From reading your posts on linuxquestions.org, this seems to be the case since you can't telnet into the server on port 53 *although* the server may not be configured to listen for TCP connections as most DNS traffic is UDP. I'd try using netcat to connect to UDP port 53 from outside the your network and see if that works.

Also if I understand what you are saying correctly, I'm not sure if the client would accept a reply packet that had a different UDP source port than the port that they sent a request to (I know this wouldn't work with TCP).

Have you tried setting the DNS server to listen on a different port? If you can connect to it at that point, then the ISP is probably blocking incoming DNS requests and you'll have to use some type of DNS proxy as jimbob mentioned.
Logged
http://www.sourcesec.com
BillV
Hero Member
*****
Offline Offline

Posts: 1892


View Profile WWW
« Reply #3 on: April 11, 2007, 02:18:50 PM »
Thanks for the help and suggestions.

I've been mostly using the XP server for diagnosing. As I said, I can see that the DNS queries are coming through and hitting the server. I can also see the server process the query and then send out a response. I've double checked this by logging outbound port 53 traffic through the firewall, so I know that the answers are going out. On the other end, I never see the reply. Running a sniffer outside just shows the request, no response.

I can't get a response by using telnet regardless of whether I'm on the LAN or outside on the Internet. I also thought of trying netcat, and it failed as well on port 53. So that should pretty much tell me that something is blocking it (and again, I can see the request come in and a reply head out, but it never makes it to the other end).

Yeah... I also figured that a reply from a different port probably wouldn't be accepted either.

I can not change the port that the XP DNS server listens on. When I try to edit the port for the Linux firewall DNS (I've been trying to change it in /etc/init.d/named) BIND says that it is starting up correctly, but then I don't see it listening when I run netstat. How can I query a DNS server on a different port anyway? I tried to find someway to do that but didn't have any luck.

At this point I'm still waiting to hear back from my email to my ISP. I think from all that I've done it definitely points to a problem at their end.
Logged
BillV
Hero Member
*****
Offline Offline

Posts: 1892


View Profile WWW
« Reply #4 on: April 11, 2007, 02:42:54 PM »
Also, here's a quick glance at what I'm seeing on both ends as well as the firewall... check here
Logged
Negrita
Sr. Member
****
Offline Offline

Posts: 299



View Profile
« Reply #5 on: April 11, 2007, 04:52:10 PM »
Why don't you run hping on the DNS server using the ports showing up on the sniffer capture to see where it's getting stuck?
Logged
CEH, CCSA NG/AI, NNCSS, MCP, MCSA 2003

There are 10 kinds of people, those that understand binary, and those that don't.
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.091 seconds with 22 queries.
 
Exclusive Deal

sansfire13_245x90_cw90.jpg
SANSFIRE 2013
June 15 - 22

5% Off w/ Code: EHN_5

SANS Deals 4 EH-Netters
5% OFF Any SANS Course in Any Format!
Coupon Code: EHN_5 Including SANS Rocky Mountain 2013 & SANS Boston 2013
Polls
Compared to this year, 2013 will be:
 
Recent Forum Topics
EH-Net News Feeds
Latest Additions
 
         
Advertisement

© 2013 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.