Discussion:
ncat tunnelling
Darren Martyn
2013-02-04 15:55:43 UTC
Permalink
Hello list,
So, I spent the last while experimenting with ncat, finding it a
suitable replacement for the original netcat. However I was wondering if
it is possible to do something rather unusual.

Lets say Host A, my internet facing server, has SSH open on port 22/TCP

Host B is behind NAT, and a firewall which only allows 53/UDP. Any UDP
packets will do.

Now, on the server side - Host A, I basically want to setup ncat as a
listener on 53/UDP, acting as a bidirectional pipe between 22/TCP and
53/UDP.

On the client side - Host B, I want to bind a listener to 1337/TCP,
acting as a proxy that sends all traffic bidirectionally over UDP to
host A (on 53/UDP).

The reasons for this should be fairly obvious, and I have been using DNS
tunnels up to now. However a "faster" solution is a UDP tunnel, and I
was wondering someone could advise me as to the correct way to get this
working with ncat.

Apologies if this is to the wrong list, I figured it would be best to
ask the people who develop the software :)

I have tried using | and > to pipe data, but failed miserably BTW. We
can also assume both hosts use the latest SVN versions of ncat.

Best regards,
Darren
David Fifield
2013-02-04 19:20:50 UTC
Permalink
Post by Darren Martyn
So, I spent the last while experimenting with ncat, finding it a
suitable replacement for the original netcat. However I was wondering if
it is possible to do something rather unusual.
Lets say Host A, my internet facing server, has SSH open on port 22/TCP
Host B is behind NAT, and a firewall which only allows 53/UDP. Any UDP
packets will do.
Now, on the server side - Host A, I basically want to setup ncat as a
listener on 53/UDP, acting as a bidirectional pipe between 22/TCP and
53/UDP.
On the client side - Host B, I want to bind a listener to 1337/TCP,
acting as a proxy that sends all traffic bidirectionally over UDP to
host A (on 53/UDP).
The reasons for this should be fairly obvious, and I have been using DNS
tunnels up to now. However a "faster" solution is a UDP tunnel, and I
was wondering someone could advise me as to the correct way to get this
working with ncat.
Apologies if this is to the wrong list, I figured it would be best to
ask the people who develop the software :)
I have tried using | and > to pipe data, but failed miserably BTW. We
can also assume both hosts use the latest SVN versions of ncat.
Please show us the commands you are trying to use. Typically you do
something like this with the --sh-exec option.
ncat -l --udp 53 --sh-exec "ncat localhost 22"
ncat -l -k 1337 --sh-exec "ncat --udp hosta 53"
I think you're going to run into trouble though, as the UDP listener has
no idea when a stream begins or ends. Different simultaneous
connections, even different connections separated in time, are going to
get confused, unless you find a way to do some kind of a timeout.

David Fifield

Loading...