372 lines
6.6 KiB
HTML
372 lines
6.6 KiB
HTML
<HTML
|
|
><HEAD
|
|
><TITLE
|
|
>Unsecure solution: piercing using telnet</TITLE
|
|
><META
|
|
NAME="GENERATOR"
|
|
CONTENT="Modular DocBook HTML Stylesheet Version 1.63
|
|
"><LINK
|
|
REL="HOME"
|
|
TITLE="Firewall Piercing mini-HOWTO"
|
|
HREF="index.html"><LINK
|
|
REL="PREVIOUS"
|
|
TITLE="Secure solution: piercing using ssh"
|
|
HREF="x189.html"><LINK
|
|
REL="NEXT"
|
|
TITLE="Routing"
|
|
HREF="x296.html"></HEAD
|
|
><BODY
|
|
CLASS="SECT1"
|
|
BGCOLOR="#FFFFFF"
|
|
TEXT="#000000"
|
|
LINK="#0000FF"
|
|
VLINK="#840084"
|
|
ALINK="#0000FF"
|
|
><DIV
|
|
CLASS="NAVHEADER"
|
|
><TABLE
|
|
WIDTH="100%"
|
|
BORDER="0"
|
|
CELLPADDING="0"
|
|
CELLSPACING="0"
|
|
><TR
|
|
><TH
|
|
COLSPAN="3"
|
|
ALIGN="center"
|
|
>Firewall Piercing mini-HOWTO</TH
|
|
></TR
|
|
><TR
|
|
><TD
|
|
WIDTH="10%"
|
|
ALIGN="left"
|
|
VALIGN="bottom"
|
|
><A
|
|
HREF="x189.html"
|
|
>Prev</A
|
|
></TD
|
|
><TD
|
|
WIDTH="80%"
|
|
ALIGN="center"
|
|
VALIGN="bottom"
|
|
></TD
|
|
><TD
|
|
WIDTH="10%"
|
|
ALIGN="right"
|
|
VALIGN="bottom"
|
|
><A
|
|
HREF="x296.html"
|
|
>Next</A
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><HR
|
|
ALIGN="LEFT"
|
|
WIDTH="100%"></DIV
|
|
><DIV
|
|
CLASS="SECT1"
|
|
><H1
|
|
CLASS="SECT1"
|
|
><A
|
|
NAME="AEN244"
|
|
>5. Unsecure solution: piercing using telnet</A
|
|
></H1
|
|
><DIV
|
|
CLASS="SECT2"
|
|
><H2
|
|
CLASS="SECT2"
|
|
><A
|
|
NAME="AEN246"
|
|
>5.1. Principle</A
|
|
></H2
|
|
><P
|
|
>If all you can do is <B
|
|
CLASS="COMMAND"
|
|
>telnet</B
|
|
>
|
|
(because of a <B
|
|
CLASS="COMMAND"
|
|
>telnet</B
|
|
> proxy),
|
|
then this solution might be fit for you.</P
|
|
><P
|
|
>The firewall-piercing program, <B
|
|
CLASS="COMMAND"
|
|
>fwprc</B
|
|
>,
|
|
will use a "tty proxy", <B
|
|
CLASS="COMMAND"
|
|
>cotty</B
|
|
>,
|
|
that opens two pseudo-tty devices,
|
|
launches some command on each of those devices' slaves,
|
|
and stubbornly copies every character that one outputs
|
|
to the tty that serves as input of the other command.
|
|
One command will be telnet connection to server site,
|
|
and the other will be the client's <B
|
|
CLASS="COMMAND"
|
|
>pppd</B
|
|
>.
|
|
<B
|
|
CLASS="COMMAND"
|
|
>pppd</B
|
|
> can then open and control the telnet session
|
|
with a chat script as usual.</P
|
|
><P
|
|
>Actually, if your telnet proxy allows connection to an arbitrary port,
|
|
and if you can reliably run a daemon on the server host
|
|
(with a cron job to relaunch it in case of breakage),
|
|
then you'd better write some program that will just connect
|
|
a client side port to the server side port through the proxy,
|
|
so you can use the above secure solution,
|
|
possibly using some variant of
|
|
<TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="PROGRAMLISTING"
|
|
>ssh -t -o "ProxyCommand ..."</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
>
|
|
(if you submit it to me, I'll gladly integrate such a solution
|
|
to the <B
|
|
CLASS="COMMAND"
|
|
>fwprc</B
|
|
> distribution).</P
|
|
><P
|
|
>Note: if you must use the unsecure telnet-based solution,
|
|
be sure that nothing lies in your target account
|
|
that you want to keep secret or untampered,
|
|
since the password will be sent in clear text accross the Internet.
|
|
If you can control these things, a one-time-password system,
|
|
or an explicit cryptographic challenge system will enhance your security,
|
|
although it will make automated connection scripts much more complex.</P
|
|
></DIV
|
|
><DIV
|
|
CLASS="SECT2"
|
|
><H2
|
|
CLASS="SECT2"
|
|
><A
|
|
NAME="AEN260"
|
|
>5.2. fwprc</A
|
|
></H2
|
|
><P
|
|
>I wrote a very well self-documented script
|
|
to pierce firewalls, <B
|
|
CLASS="COMMAND"
|
|
>fwprc</B
|
|
>,
|
|
available from
|
|
<A
|
|
HREF="http://fare.tunes.org/files/fwprc/"
|
|
TARGET="_top"
|
|
>my site</A
|
|
>,
|
|
together with <B
|
|
CLASS="COMMAND"
|
|
>cotty</B
|
|
>
|
|
(which is required by <B
|
|
CLASS="COMMAND"
|
|
>fwprc</B
|
|
> <TT
|
|
CLASS="LITERAL"
|
|
>0.2</TT
|
|
>
|
|
and later).
|
|
At the time of my writing these lines, latest versions are
|
|
<B
|
|
CLASS="COMMAND"
|
|
>fwprc</B
|
|
> <TT
|
|
CLASS="LITERAL"
|
|
>0.3e</TT
|
|
> and
|
|
<B
|
|
CLASS="COMMAND"
|
|
>cotty</B
|
|
> <TT
|
|
CLASS="LITERAL"
|
|
>0.4c</TT
|
|
>.</P
|
|
><P
|
|
>The name "fwprc" is voluntarily made unreadable and unpronounceable,
|
|
so that it will confuse the incompetent paranoid sysadm
|
|
who might be the cause of the firewall that annoys you
|
|
(of course, there can be legitimate firewalls, too,
|
|
and even indispensable ones;
|
|
security is all a matter of <EM
|
|
>correct</EM
|
|
> configuration).
|
|
If you must read it aloud, choose the worst way you can imagine.</P
|
|
><P
|
|
>CONTEST! CONTEST! Send me an audio file
|
|
with a digital audio recording of how you pronounce "fwprc".
|
|
The worst entry will win a free upgrade and his name
|
|
on the <B
|
|
CLASS="COMMAND"
|
|
>fwprc</B
|
|
> <TT
|
|
CLASS="LITERAL"
|
|
>1.0</TT
|
|
> page!</P
|
|
><P
|
|
>I tested the program in several settings,
|
|
by configuring it through resource files.
|
|
But of course, by Murphy's law, it will break for you.
|
|
Feel free to contribute enhancements that will make life
|
|
easier to other people who'll configure it after you.</P
|
|
></DIV
|
|
><DIV
|
|
CLASS="SECT2"
|
|
><H2
|
|
CLASS="SECT2"
|
|
><A
|
|
NAME="AEN278"
|
|
>5.3. .fwprcrc</A
|
|
></H2
|
|
><P
|
|
><B
|
|
CLASS="COMMAND"
|
|
>fwprc</B
|
|
> can be customized through a file
|
|
<TT
|
|
CLASS="FILENAME"
|
|
>.fwprcrc</TT
|
|
>
|
|
meant to be the same on both sides of the firewall.
|
|
Having several alternate configurations to choose from is sure possible
|
|
(for instance, <EM
|
|
>I</EM
|
|
> do it),
|
|
and is left as an exercise to the reader.</P
|
|
><P
|
|
>To begin with, copy the appropriate section of <B
|
|
CLASS="COMMAND"
|
|
>fwprc</B
|
|
>
|
|
(the previous to last) into a file named <TT
|
|
CLASS="FILENAME"
|
|
>.fwprcrc</TT
|
|
>
|
|
in your home directory.
|
|
Then replace variable values with stuff that fits your configuration.
|
|
Finally, copy to the other host, and test.</P
|
|
><P
|
|
>Default behavior is to use <B
|
|
CLASS="COMMAND"
|
|
>pppd</B
|
|
> on the client,
|
|
and <B
|
|
CLASS="COMMAND"
|
|
>slirp</B
|
|
> on the server.
|
|
To modify that, you can redefine the appropriate function
|
|
in your <TT
|
|
CLASS="FILENAME"
|
|
>.fwprcrc</TT
|
|
> with such a line as:
|
|
<TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="PROGRAMLISTING"
|
|
>remote_IP_emu () { remote_pppd }</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
></P
|
|
><P
|
|
>Note that <SPAN
|
|
CLASS="PRODUCTNAME"
|
|
>SLiRP</SPAN
|
|
>
|
|
is safer than <B
|
|
CLASS="COMMAND"
|
|
>pppd</B
|
|
>,
|
|
and easier to have access to,
|
|
since it does not require being root on the server machine,
|
|
and needn't additional firewall configuration to prevent
|
|
connections from the outside world into the firewalled network.
|
|
The basic functionality in <SPAN
|
|
CLASS="PRODUCTNAME"
|
|
>SLiRP</SPAN
|
|
> works quite well,
|
|
but I haven't managed to get some advertised pluses to work
|
|
(like run-time controllability).
|
|
Of course, since it is free software,
|
|
feel free to hack the source
|
|
so as to actually implement or fix whichever feature you need.</P
|
|
></DIV
|
|
></DIV
|
|
><DIV
|
|
CLASS="NAVFOOTER"
|
|
><HR
|
|
ALIGN="LEFT"
|
|
WIDTH="100%"><TABLE
|
|
WIDTH="100%"
|
|
BORDER="0"
|
|
CELLPADDING="0"
|
|
CELLSPACING="0"
|
|
><TR
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="left"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="x189.html"
|
|
>Prev</A
|
|
></TD
|
|
><TD
|
|
WIDTH="34%"
|
|
ALIGN="center"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="index.html"
|
|
>Home</A
|
|
></TD
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="right"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="x296.html"
|
|
>Next</A
|
|
></TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="left"
|
|
VALIGN="top"
|
|
>Secure solution: piercing using ssh</TD
|
|
><TD
|
|
WIDTH="34%"
|
|
ALIGN="center"
|
|
VALIGN="top"
|
|
> </TD
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="right"
|
|
VALIGN="top"
|
|
>Routing</TD
|
|
></TR
|
|
></TABLE
|
|
></DIV
|
|
></BODY
|
|
></HTML
|
|
> |