The other day I was trying to figure out how much I can do with accessing only one port without tripping IDS before that machine. Hiding a service or two services in one port. Lets take an example, it would make more sense.
You have a server with only port 80 open. How can I rig the server so it would continue to serve web data as normal on port 80 to regular clients, but at the same time allow special access or services through the same port
A way this can be accomplished is by using a port multiplexer. I searched around for this idea and the only thing I can ran across was a 1988 RFC1078, that kind of does what I want, but not really. My thought on designing a port multiplexer is have it work like a NAT, except instead of IP address translation, it would do service translation.
This would work like this. First need to have the webserver process (apache/IIS) listen on some other port (lets say 81). Now have the Port Mux program listen on port 80. Now how it works from the time a user tries to connect to the server. The second service would be listening on port 10000 for this example.
Client requests connection to port 80 Port MUX creates connection with client Client sends packet PortMUX inspects packet _ if packet has specialheader _ _ _ router all traffic to port 10000 _ else _ _ _ route all traffic to port 81
So when a connection comes in, PortMUX will make the connection and accept the first packet and if it has a special string, it not it will forward the traffic from that connection to the web server. If it is a special character, the connection would be to port 10000. Its easy to detect if it’s a HTTP request by looking at the first string in the packet and find “GET” or “POST”. As for the special string, you could put something like “SPAMSPAMSPAM” which is definitely not a HTTP request… and would allow access to the second service.
I will make an implementation of this sometime later and post it, if you have some free time now feel free to make one and test it out.