Port redirection is a specific case of trust exploitation. Essentially, this is a tunneling type of attack. In this case, an attacker uses a compromised host to relay traffic passed through an open port on a firewall or in a router's ACLs that would normally be denied. This is shown in Figure 7-2.
Figure 7-2. Port Redirection Attack
Consider a firewall with three interfacesinternal, external, and a DMZ interface, as shown in Figure 7-1. The hosts on the external interface (those that are in the Internet) can reach the hosts in the DMZ but not those on the internal LAN. The hosts on the internal LAN can reach hosts both in the DMZ and on the outside. The hosts in the DMZ can reach hosts on the outside and hosts on the internal LAN.A host on the DMZ that is compromised by an attacker may be able to redirect connections directly to the internal LAN. In the example shown in Figure 7-1, an attacker compromises the web server in step 1, and in step 2 sets up a redirection program that takes incoming connections on port 80 and sends the traffic to the Telnet port on a host in the internal network. The attacker then simply connects to the web port on the DMZ host and is automatically connected to the Telnet port on the host in the internal LAN, as shown in step 3. Neither of these connections violates the firewall policy; however, the attacker has achieved a direct connection to the internal network. Examples of software that can provide this capability are Netcat (
لطفا منتظر باشید ...
