Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.
March 15, 2004
Download Fpipe2_1.zip.
The FPipe readme file contains:
------------------------------------------------------------------------------FPipe v2.1 - Port redirector.Copyright 2000 (c) by Foundstone, Inc.http://www.foundstone.com------------------------------------------------------------------------------FPipe is a source port forwarder/redirector. It can create a TCP or UDP streamwith a source port of your choice. This is useful for getting past firewallsthat allow traffic with source ports of say 23, to connect with internalservers.Usually a client has a random, high numbered source port, which the firewallpicks off in its filter. However, the firewall might let Telnet trafficthrough. FPipe can force the stream to always use a specific source port, inthis case the Telnet source port. By doing this, the firewall 'sees' thestream as an allowed service and let's the stream through.FPipe basically works by indirection. Start FPipe with a listening serverport, a remote destination port (the port you are trying to reach insidethe firewall) and the (optional) local source port number you want. WhenFPipe starts it will wait for a client to connect on its listening port.When a listening connection is made a new connection to the destinationmachine and port with the specified local source port will be made - creatingthe needed stream. When the full connection has been established, FPipeforwards all the data received on its inbound connection to the remotedestination port beyond the firewall.FPipe can run on the local host of the application that you are trying to useto get inside the firewall, or it can listen on a 3rd server somewhere else.Say you want to telnet to an internal HTTP server that you just compromisedwith MDAC. A netcat shell is waiting on that HTTP server, but you can'ttelnet because the firewall blocks it off. Start FPipe with the destinationof the netcat listener, a listening port and a source port that the firewallwill let through. Telnet to FPipe and you will be forwarded to the NetCatshell. Telnet and FPipe can exist on the same server, or on different servers.------------------------------------------------------------------------------*** IMPORTANT ***Users should be aware of the fact that if they use the -s option to specifyan outbound connection source port number and the outbound connection becomesclosed, they MAY not be able to re-establish a connection to the remotemachine (FPipe will claim that the address is already in use) until theTCP TIME_WAIT and CLOSE_WAIT periods have elapsed. This time period can rangeanywhere from 30 seconds to 4 minutes or more depending on which OS andversion you are using. This timeout is a feature of the TCP protocol and isnot a limitation of FPipe itself.The reason this occurs is because FPipe tries to establish a new connectionto the remote machine using the same local IP/port and remote IP/portcombination as in the previous session and the new connection cannot be madeuntil the TCP stack has decided that the previous connection has completelyfinished up.------------------------------------------------------------------------------Connection illustration-----------------------The connection terminology used in the program and in the followingdocumentation can be shown in the form of the following diagram.Local Machine FPipe server Remote machine Inbound Outbound connection connection------------------------------------------------------------------------------This is the usage line as reported by typing "FPipe", "FPipe -h" or"FPipe -?".FPipe v2.1 - TCP/UDP port redirector.Copyright 2000 (c) by Foundstone, Inc.http://www.foundstone.comFPipe [-hvu?] [-lrs ] [-i IP] IP -?/-h - shows this help text -c - maximum allowed simultaneous TCP connections. Default is 32 -i - listening interface IP address -l - listening port number -r - remote port number -s - outbound source port number -u - UDP mode -v - verbose modeDetailed option descriptions-----------------------------h or -?Shows the usage of the program as in the above text.-cSpecifies the maximum number of simultaneous TCP connections that the programcan handle. The default number is 32. If you are planning on using FPipefor forwarding HTTP requests it might be advisable to raise this number.-iSpecifies the IP interface that the program will listen on. If this option isnot used FPipe will listen on whatever interface the operating systemdetermines is most suitable.-lSpecifies the FPipe listening server port number. This is the port numberthat listens for connections on the FPipe machine.-rSpecifies the remote port number. This is the port number on the remotemachine that will be connected to.-sSpecifies the outbound connection local source port number. This is theport number that data sent from the FPipe server machine will come fromwhen sent to the remote machine.-uSets the program to run in UDP mode. FPipe will forward all UDP data sentto and received from either side of the FPipe server (the machine on whichFPipe is running). Since UDP is a connectionless protocol the -c option ismeaningless with this option.-vVerbose mode. Additional information will be shown if you set the programto verbose mode.IPSpecifies the remote host IP address.------------------------------------------------------------------------------To best illustrate the use of FPipe here is an example.Example #1:fpipe -l 53 -s 53 -r 80 192.168.1.101This would set the program to listen for connections on port 53 andwhen a local connection is detected a further connection will bemade to port 80 of the remote machine at 192.168.1.101 with thesource port for that outbound connection being set to 53 also.Data sent to and from the connected machines will be passed through.==============================================================================FOUNDSTONE, INC.Terms of Use1. Acceptance of Terms1.1.Read these Foundstone, Inc. ("Foundstone") Terms of Use ("Terms")carefully before you ("You") accept these Terms by: (a) selecting the"Accept" button at the end of the Terms, or (b) downloading any of theFoundstone tools ("Tools") located on this web site. If You do notagree to all of these Terms, select the "Decline" button at the end ofthe Terms, or do not download any of the Tools.1.2.The Terms are entered into by and between Foundstone and You. Foundstone provides the Tools to You strictly subject to the Terms.2. Restrictions on Use2.1.You may not modify, reverse engineer, make derivative works of,distribute, transmit or sell any of the Tools without the expresswritten consent of Foundstone. 2.2.The Tools may not be used by You or any other party for any purposethat violates any local, state, federal or foreign law. You understandthat breaking into any network or computer system not owned by You maybe illegal.3. No Express or Implied Warranty3.1.THE TOOLS ARE PROVIDED TO YOU "AS IS." FOUNDSTONE MAKES NOWARRANTIES OR REPRESENTATIONS, EXPRESS OR IMPLIED, ABOUT THEEFFECTIVENESS, COMPLETENESS OR FITNESS OF THE TOOLS, INCLUDING, BUT NOTLIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR APARTICULAR PURPOSE.4. Limitation of Liability4.1.YOU AGREE THAT FOUNDSTONE WILL NOT BE LIABLE FOR ANY DIRECT,INDIRECT, INCIDENTAL, CONSEQUENTIAL OR PUNITIVE DAMAGES ARISING OUT OFYOUR USE OF, OR INABILITY TO USE, THE TOOLS, INCLUDING WITHOUTLIMITATION ANY DAMAGE TO, OR VIRUSES OR "TROJAN HORSES" THAT MAY INFECTOR INVADE, YOUR COMPUTER EQUIPMENT OR OTHER PROPERTY, EVEN IF FOUNDSTONEIS EXPRESSLY ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.4.2.YOU AGREE TO HOLD FOUNDSTONE HARMLESS FROM, AND YOU COVENANT NOT TOSUE FOUNDSTONE FOR, ANY CLAIMS BASED OR YOUR USE OF, OR YOUR INABILITYTO USE, THE TOOLS.5. Indemnification5.1.You agree to indemnify and hold Foundstone and its subsidiaries,affiliates, officers, agents, and employees harmless from any claim ordemand, including attorney's fees, made by any third party due to orarising out of Your use of the Tools, breach of the Terms, or violationof the rights of another.6. Intellectual Property Rights6.1.The Tools and all names, marks, brands, logos, designs, trade dressand other designations Foundstone uses in connection with the Tools areproprietary to Foundstone and are protected by applicable intellectualproperty laws, including, but not limited to copyrights and trademarks. Accordingly, You may not modify, reverse engineer, make derivative worksof, distribute, transmit or sell any of the Tools, nor may You remove oralter any of Foundstone's trademarks from the Tools or co-brand any ofthe Tools, without the express written consent of Foundstone.7. Miscellaneous7.1.California law and controlling United States federal law govern anyaction related to the Terms. No choice of law rules of any jurisdictionapply. You and Foundstone agree to submit to the personal and exclusivejurisdiction of the California state court located in Santa Ana,California and the United States District Court for the Central Districtof California.7.2.The Terms constitute the entire agreement between You andFoundstone and govern Your use of the Tools, superseding any prioragreements between You and Foundstone (including, but not limited to,prior versions of the Terms).7.3.Foundstone controls and operates this website from variouslocations in the United States of America and makes no representationthat these Tools are appropriate or available for use in otherlocations. If you use this website from locations outside the UnitedStates of America, You are responsible for compliance with applicablelocal laws, including, but not limited to, the export and importregulations of other countries.7.4.These Terms and this website could include inaccuracies ortypographical errors. Foundstone may make improvements and/or changesto the Terms or the website at any time without notice.7.5.The failure of Foundstone to enforce or exercise any right orprovision of the Terms does not constitute a waiver of such right orprovision.7.6.In the event any provision of this Agreement is held to beunenforceable in any respect, such unenforceability shall not affect anyother provision of this Agreement, provided that the expected economicbenefits of this Agreement are not denied to either party.
You May Also Like