[port 21]

I have a problem, there is some in house software used by a colleuge, it connects to the companies network via sockets, the problem is, it keeps randomly assigning a port to connect by. There is no way in the software to specify a port for the software to use. The ports are between 1028 and 5800 (or similar), opening all these ports would be catastrophic and would negate the need for a firewall, so opening them all is out of the question.

I understand sockets and what theyre used for, but is there any way of funneling that process's request to use these ports into a single request to use a single specified port, so an exception can be made for that single port?

Cheers. ;)

[fr0natz]

Without a hook of sorts, I cant think of anything.

Theres a few reasons I can think of though:
either in the software they left out the port field so winsock is randomly assigning ports (If I remember right winsock would use a random port if not assigned one specifically when coded).
or theyre manually choosing a random port within that range, beats me why.

Sorry not much help.. :<

[Gerard]

Do you have the source or is it compiled. I'm assuming you can get the source code as it's in house software?

This post has been edited by Gerard: 09 February 2010 - 01:02 AM

[port 21]

fr0, thats exactly my thoughts.

It is compiled. I can probably get it, but im not sure theyd be happy about me sharing it online. And pissing anyone off in a company ive only been part of for a matter of days isnt exactly the best start. =P


I was just wondering if there was software that could act as a go between, between the application and the network, eg: it takes outgoing requests and funnels it through a specified port, and that port can be added as an exception in the firewall.
Although come to think of it, that would probably not be possible.

This post has been edited by port 21: 09 February 2010 - 10:20 PM

[memnoch]

I still haven't understood the situation, tbh. Is the program listening for incoming connections, or establishing a connection to a service? On what side of the firewall is the application supposed to run? Will the program be running from always the same IP or from different ones, from your IP range or from "outside"?

Anyway, if the situation is as I think it is, you're looking for something like fpipe [1], you could use it as a simple proxy, but this is not really in compliance with any security policy I could think of (instead, I CAN think of quite a few admins who would rip your head of for this ^^).
You don't need to publish the source code here, as long at is available to you (or to a developer with your company). If it is using BSD sockets API, for example, they could bind() the socket to a specific source port before connect()-ing. I'll leave the API-specific details to your programmers, you get my point :-)

[1] http://www.foundston...ddesc/fpipe.htm

[Anonymous User]

Understanding this at a very beginner level...

Is there a way you could capture the packets after they get to the network but before they get to your computer and forward them to a port of your choosing? Kind of like being your own MiTM… Or is that just the most retarded thing anyone has ever said????

[memnoch]

That's basically what fpipe is doing.

[port 21]

Anon, thats exactly what i want to do, and memnoch's link pretty much is exactly what im after. I'll suggest it, (and give credit where credit is due :) of course).

The software would be going on just one users laptop, its not like its going to be rolled out across the company, so it should be okay.
Although for security's sake, task manager is disabled on the laptop so they cant fuck about with it, assuming the app runs in the background, if not some tweaking might have to take place, but its definately a start. Thanks memnoch :).

[Anonymous User]

Damn it, sorry to post what had already been said I didn't really know what I was talking about and I didn't bother to view your link mem.

[port 21]

Anonymous User, on 10 February 2010 - 10:39 PM, said:

Damn it, sorry to post what had already been said I didn't really know what I was talking about and I didn't bother to view your link mem.

No worries at all.

Turns out the user will be using wifi permanantly whilst working for the company, and the AP supports port forwarding and mapping, so i'll see if i can sort it out by going down that route first, then its fpipe :).

Thanks for everyones help. :)

This post has been edited by port 21: 11 February 2010 - 08:10 AM