LDP
/
old-www
1
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity
old-www/HOWTO/Firewall-Piercing/x244.html

372 lines
6.6 KiB
HTML
Raw Permalink Blame History

<HTML
><HEAD
><TITLE
>Unsecure solution: piercing using telnet</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.63
"><LINK
REL="HOME"
TITLE="Firewall Piercing mini-HOWTO"
HREF="index.html"><LINK
REL="PREVIOUS"
TITLE="Secure solution: piercing using ssh"
HREF="x189.html"><LINK
REL="NEXT"
TITLE="Routing"
HREF="x296.html"></HEAD
><BODY
CLASS="SECT1"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><DIV
CLASS="NAVHEADER"
><TABLE
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TH
COLSPAN="3"
ALIGN="center"
>Firewall Piercing mini-HOWTO</TH
></TR
><TR
><TD
WIDTH="10%"
ALIGN="left"
VALIGN="bottom"
><A
HREF="x189.html"
>Prev</A
></TD
><TD
WIDTH="80%"
ALIGN="center"
VALIGN="bottom"
></TD
><TD
WIDTH="10%"
ALIGN="right"
VALIGN="bottom"
><A
HREF="x296.html"
>Next</A
></TD
></TR
></TABLE
><HR
ALIGN="LEFT"
WIDTH="100%"></DIV
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="AEN244"
>5. Unsecure solution: piercing using telnet</A
></H1
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN246"
>5.1. Principle</A
></H2
><P
>If all you can do is <B
CLASS="COMMAND"
>telnet</B
>
(because of a <B
CLASS="COMMAND"
>telnet</B
> proxy),
then this solution might be fit for you.</P
><P
>The firewall-piercing program, <B
CLASS="COMMAND"
>fwprc</B
>,
will use a "tty proxy", <B
CLASS="COMMAND"
>cotty</B
>,
that opens two pseudo-tty devices,
launches some command on each of those devices' slaves,
and stubbornly copies every character that one outputs
to the tty that serves as input of the other command.
One command will be telnet connection to server site,
and the other will be the client's <B
CLASS="COMMAND"
>pppd</B
>.
<B
CLASS="COMMAND"
>pppd</B
> can then open and control the telnet session
with a chat script as usual.</P
><P
>Actually, if your telnet proxy allows connection to an arbitrary port,
and if you can reliably run a daemon on the server host
(with a cron job to relaunch it in case of breakage),
then you'd better write some program that will just connect
a client side port to the server side port through the proxy,
so you can use the above secure solution,
possibly using some variant of
<TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="PROGRAMLISTING"
>ssh -t -o "ProxyCommand ..."</PRE
></FONT
></TD
></TR
></TABLE
>
(if you submit it to me, I'll gladly integrate such a solution
to the <B
CLASS="COMMAND"
>fwprc</B
> distribution).</P
><P
>Note: if you must use the unsecure telnet-based solution,
be sure that nothing lies in your target account
that you want to keep secret or untampered,
since the password will be sent in clear text accross the Internet.
If you can control these things, a one-time-password system,
or an explicit cryptographic challenge system will enhance your security,
although it will make automated connection scripts much more complex.</P
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN260"
>5.2. fwprc</A
></H2
><P
>I wrote a very well self-documented script
to pierce firewalls, <B
CLASS="COMMAND"
>fwprc</B
>,
available from
<A
HREF="http://fare.tunes.org/files/fwprc/"
TARGET="_top"
>my site</A
>,
together with <B
CLASS="COMMAND"
>cotty</B
>
(which is required by <B
CLASS="COMMAND"
>fwprc</B
> <TT
CLASS="LITERAL"
>0.2</TT
>
and later).
At the time of my writing these lines, latest versions are
<B
CLASS="COMMAND"
>fwprc</B
> <TT
CLASS="LITERAL"
>0.3e</TT
> and
<B
CLASS="COMMAND"
>cotty</B
> <TT
CLASS="LITERAL"
>0.4c</TT
>.</P
><P
>The name "fwprc" is voluntarily made unreadable and unpronounceable,
so that it will confuse the incompetent paranoid sysadm
who might be the cause of the firewall that annoys you
(of course, there can be legitimate firewalls, too,
and even indispensable ones;
security is all a matter of <EM
>correct</EM
> configuration).
If you must read it aloud, choose the worst way you can imagine.</P
><P
>CONTEST! CONTEST! Send me an audio file
with a digital audio recording of how you pronounce "fwprc".
The worst entry will win a free upgrade and his name
on the <B
CLASS="COMMAND"
>fwprc</B
> <TT
CLASS="LITERAL"
>1.0</TT
> page!</P
><P
>I tested the program in several settings,
by configuring it through resource files.
But of course, by Murphy's law, it will break for you.
Feel free to contribute enhancements that will make life
easier to other people who'll configure it after you.</P
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN278"
>5.3. .fwprcrc</A
></H2
><P
><B
CLASS="COMMAND"
>fwprc</B
> can be customized through a file
<TT
CLASS="FILENAME"
>.fwprcrc</TT
>
meant to be the same on both sides of the firewall.
Having several alternate configurations to choose from is sure possible
(for instance, <EM
>I</EM
> do it),
and is left as an exercise to the reader.</P
><P
>To begin with, copy the appropriate section of <B
CLASS="COMMAND"
>fwprc</B
>
(the previous to last) into a file named <TT
CLASS="FILENAME"
>.fwprcrc</TT
>
in your home directory.
Then replace variable values with stuff that fits your configuration.
Finally, copy to the other host, and test.</P
><P
>Default behavior is to use <B
CLASS="COMMAND"
>pppd</B
> on the client,
and <B
CLASS="COMMAND"
>slirp</B
> on the server.
To modify that, you can redefine the appropriate function
in your <TT
CLASS="FILENAME"
>.fwprcrc</TT
> with such a line as:
<TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="PROGRAMLISTING"
>remote_IP_emu () { remote_pppd }</PRE
></FONT
></TD
></TR
></TABLE
></P
><P
>Note that <SPAN
CLASS="PRODUCTNAME"
>SLiRP</SPAN
>
is safer than <B
CLASS="COMMAND"
>pppd</B
>,
and easier to have access to,
since it does not require being root on the server machine,
and needn't additional firewall configuration to prevent
connections from the outside world into the firewalled network.
The basic functionality in <SPAN
CLASS="PRODUCTNAME"
>SLiRP</SPAN
> works quite well,
but I haven't managed to get some advertised pluses to work
(like run-time controllability).
Of course, since it is free software,
feel free to hack the source
so as to actually implement or fix whichever feature you need.</P
></DIV
></DIV
><DIV
CLASS="NAVFOOTER"
><HR
ALIGN="LEFT"
WIDTH="100%"><TABLE
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
><A
HREF="x189.html"
>Prev</A
></TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="index.html"
>Home</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
><A
HREF="x296.html"
>Next</A
></TD
></TR
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
>Secure solution: piercing using ssh</TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
>&nbsp;</TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
>Routing</TD
></TR
></TABLE
></DIV
></BODY
></HTML
>
Reference in New Issue View Git Blame Copy Permalink