[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-security] fpipe - interesting security experiment
- Subject: [cobalt-security] fpipe - interesting security experiment
- From: "Kevin D" <kdlists@xxxxxxxxxxxxxxx>
- Date: Wed, 13 Jun 2001 10:54:28 -0400
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
This pertains to anyone filtering connections to port 81 on their raqs via
external firewalls...
I picked up an interesting utility today called fpipe. This utility allows
the user to connect to a server through an open port on a firewall... say
port 80. Once the connection is extablished, the program enables the user to
connect to any port on the server, regardless of external firewall rules.
I decided to try a little experiment. I have a raq3 located behind a
sonicwall soho firewall. The raq is used only as an email server, so only
ports 25 and 110 are open on the firewall. This is setup using port
forwarding, as the raq does not have a public IP address.
I fired up fpipe and set the starting connection to port 25, and the final
source connection to port 81. That means I could connect to the server
through the firewall on port 25, and then fpipe would allow me to forward
requests to port 81 on the server.
The actual client connection from a client program to a server is made
locally. Fpipe is configured to listen on a local port on the client, and
then it forwards the client connection to the remote server. I setup fpipe
to listen on port 100. The command line for this is:
fpipe -l 100 -s 25 -r 81 <ip address>
I then typed this into my web browser:
http://localhost:100/.cobalt/sysManage/index.html
And guess what I got? The cobalt user login.... scary.
I would suggest that anyone interested in filtering port 81 on their raqs do
so with local ipchains rules, and not just an external firewall.
Kevin