LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
LinkBack Search this Thread
Old 02-12-2013, 10:30 AM   #1
NozeDive
LQ Newbie
 
Registered: Nov 2012
Distribution: Backtrack mostly, but also Ubuntu, Mint, Fedora/RHEL
Posts: 11

Rep: Reputation: Disabled
Comprehensive Reverse Port Scan


I found a similar thread, with a similar name, from back in 2005 that doesn't answer my question, so here it goes:

I have servers running on my home network that I want to be able to access from college, but our school evidently blocks traffic on certain port numbers on it's LAN (i.e. SSH, other obscure ports).

I'd like to be able to connect to my home LAN mostly to be able to connect to some IP webcams and to access my file server, but the only port I've successfully connect to is 80, and I'm not about to forward that port to anything for obvious reasons.

I'm wondering if there is a program or utility that I can use to figure this out. Would nmap do the trick?
 
Old 02-12-2013, 10:44 AM   #2
TB0ne
Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 13,802

Rep: Reputation: 2365Reputation: 2365Reputation: 2365Reputation: 2365Reputation: 2365Reputation: 2365Reputation: 2365Reputation: 2365Reputation: 2365Reputation: 2365Reputation: 2365
Quote:
Originally Posted by NozeDive View Post
I found a similar thread, with a similar name, from back in 2005 that doesn't answer my question, so here it goes:

I have servers running on my home network that I want to be able to access from college, but our school evidently blocks traffic on certain port numbers on it's LAN (i.e. SSH, other obscure ports).

I'd like to be able to connect to my home LAN mostly to be able to connect to some IP webcams and to access my file server, but the only port I've successfully connect to is 80, and I'm not about to forward that port to anything for obvious reasons.

I'm wondering if there is a program or utility that I can use to figure this out. Would nmap do the trick?
Why don't you ask your IT people what ports they allow?

And I'll point out the obvious, that running a network sniffer on a college LAN isn't a good thing, and could land you in serious trouble. The best way to do this, would be to explain what you want to do to one of the IT folks, and see what they suggest. Could be they deal with this all the time, and would be happy to help you.
 
Old 02-12-2013, 11:18 AM   #3
NozeDive
LQ Newbie
 
Registered: Nov 2012
Distribution: Backtrack mostly, but also Ubuntu, Mint, Fedora/RHEL
Posts: 11

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by TB0ne View Post
Why don't you ask your IT people what ports they allow?
Okay, I'll try that. But for the sake of discussion, I'd still like to hear from anyone who has discovered a way to do this. After all, I'm majoring in information systems security.
 
Old 02-12-2013, 12:00 PM   #4
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,534
Blog Entries: 51

Rep: Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604
Quote:
Originally Posted by NozeDive View Post
Okay, I'll try that. But for the sake of discussion, I'd still
What TB0ne tried to point out is that you're operating inside a network that you don't own or control. Your network: your rules, their network: their rules. Besides circumventing access restrictions is not a LQ topic.


Quote:
Originally Posted by NozeDive View Post
After all, I'm majoring in information systems security.
That really doesn't matter but OK, so let's see:
0) What network recon have you done so far? What type of firewall(s) do they use? Do they use a proxy or proxies?
1) Asserting they are not total BOFHs using "-j TARPIT", what flags would the TCP header of the first returning packet minimally contain starting the handshake? How would you confirm that looking at the ISN? What type of packet would you expect if you don't manage to start a handshake?
2) The port you've successfully connect to is TCP/80. List the ways in which you can restrict access to that port.
 
Old 02-12-2013, 12:26 PM   #5
NozeDive
LQ Newbie
 
Registered: Nov 2012
Distribution: Backtrack mostly, but also Ubuntu, Mint, Fedora/RHEL
Posts: 11

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by unSpawn View Post
Besides circumventing access restrictions is not a LQ topic.
That's true, but I'm not trying to circumvent access restrictions. If I were trying to pass traffic on ports that had been blocked, that would be circumventing access restrictions. I'm trying to use ports that are not blocked i.e. not access restrictions. I can't use those ports if I don't know what they are. If I find that port 40000 is open, then I'll remap my home port forwarding to make my home LAN compatible with the campus LAN.


Quote:
Originally Posted by unSpawn View Post
0) What network recon have you done so far? What type of firewall(s) do they use? Do they use a proxy or proxies?
The only recon I've done thus far is locating JetDirect enabled networked printers at the request of my Intro to Linux instructor because he couldn't for the life of him figure out the IPs of the printers we were trying to connect to for lab that night, and he refused to use CUPS. (We were on Fedora 14, so CUPS was the logical choice)

Quote:
Originally Posted by unSpawn View Post
1) Asserting they are not total BOFHs using "-j TARPIT", what flags would the TCP header of the first returning packet minimally contain starting the handshake?
How would you confirm that looking at the ISN? What type of packet would you expect if you don't manage to start a handshake?
Zeiko isn't a BOFH. He's a nice guy. What you're describing, my classes haven't got to that point yet. I'm not claiming to be some "super duper leet haxor zomg", nor am I even asking for help "hacking" from LQ, I'm just trying to learn how to back up my assignments in more than one place (the hdd access i mentioned earlier), and access my ip webcams to make sure my house hasn't been broken into again. I'm using SSH to do a lot of this, running Mint on my laptop at school, and Ubuntu Server on my hardware at home, so I guess that qualifies it as a Linux question.


Quote:
Originally Posted by unSpawn View Post
2) The port you've successfully connect to is TCP/80. List the ways in which you can restrict access to that port.
Why on Earth would I want to block port 80?

Maybe I can see how this question got misinterpreted, but how dare you imply I'm up to no good. How dare you, sir!
 
Old 02-12-2013, 02:13 PM   #6
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,534
Blog Entries: 51

Rep: Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604
Quote:
Originally Posted by NozeDive View Post
Why on Earth would I want to block port 80?
Because, given your College only has a few IP ranges traffic could be allowed from, it simply would limit exposure. Basically step one.
 
Old 02-12-2013, 02:22 PM   #7
NozeDive
LQ Newbie
 
Registered: Nov 2012
Distribution: Backtrack mostly, but also Ubuntu, Mint, Fedora/RHEL
Posts: 11

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by unSpawn View Post
Because, given your College only has a few IP ranges traffic could be allowed from, it simply would limit exposure. Basically step one.
I think this thread has gone off track - I take the blame for not being clear enough. I don't want to block port 80 at school, and I don't want to change the way port 80 is set up on my home LAN. It's already in use hosting a web server, and I will keep it for that purpose, while my other services communicate on two other ports.

If you're suggesting that I just work on using port 80 for everything, well, yeah, sure, I could do that, but that would defeat the purpose of this entire discussion, and is not something I want to do.
 
Old 02-12-2013, 02:46 PM   #8
descendant_command
Member
 
Registered: Mar 2012
Posts: 682

Rep: Reputation: 133Reputation: 133
Set your home firewall to log everything, do a full port scan from college, grep for college IP in firewall log, spot the ports that get hit.
 
1 members found this post helpful.
Old 02-12-2013, 02:55 PM   #9
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,534
Blog Entries: 51

Rep: Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604
Yes, I'm sure Zeiko will like that ;-p
 
Old 02-12-2013, 03:48 PM   #10
NozeDive
LQ Newbie
 
Registered: Nov 2012
Distribution: Backtrack mostly, but also Ubuntu, Mint, Fedora/RHEL
Posts: 11

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by descendant_command View Post
Set your home firewall to log everything, do a full port scan from college, grep for college IP in firewall log, spot the ports that get hit.
Thank you for the honest and direct answer. This method seems like it would work, although it will be time consuming. I'm a little embarrassed that I didn't think of it myself.


Quote:
Originally Posted by unSpawn View Post
Yes, I'm sure Zeiko will like that ;-p
I have to be on campus for a meeting at 5:30, and then after that, I'll just walk into Z's office, and ask him.

I recall now that the school does use a proxy to manage internet connections. Last I checked, traffic appeared to be coming from Dallas, Texas, but the campus is in Ohio.
 
Old 02-12-2013, 06:30 PM   #11
NozeDive
LQ Newbie
 
Registered: Nov 2012
Distribution: Backtrack mostly, but also Ubuntu, Mint, Fedora/RHEL
Posts: 11

Original Poster
Rep: Reputation: Disabled
Well I got my answer from Z that the school blocks everything except 80, but he liked the nmap idea (probably because i talked to him first) I'll not talk about whether or not this would have gotten me in any trouble, or gotten some one else in any trouble, or been against any policy, etc. etc. Instead I'll just say that I can appreciate everyone trying to give sage advice on what to do and what not to do on a school network, but +100,000 internets to descendant_command for answering the question directly, and i'll mark this as [solved].
 
  


Reply

Tags
firewall, network, proxy, ssh, webcam


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
can't connect to listening port (reverse tunnel\port forwarding) YS* Linux - Networking 0 05-16-2011 01:48 PM
Reverse Tunneling / Reverse port forwarding in SSH dynamics Linux - Networking 3 11-23-2009 10:31 AM
Nessus scan and no port scan possible? memo007 Linux - Security 1 09-08-2008 06:21 PM
best port scanner To scan open port in a network tanveer Linux - Security 8 01-21-2007 08:19 PM
Reverse Firewall Port Scan wwnexc Linux - Networking 2 12-02-2005 08:52 AM


All times are GMT -5. The time now is 04:15 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration