Network Scenario | How do they do it? |

Hello again people! Hope everyones been ok while ive been away!

back to the serious stuff…

Ok so lets set a "fictional" network in place.

A network that contains 100 possible thousands of computers used 24/7.

Many ports are blocked, more or less anything that isnt a well known port such as 21 for example.

So lets say that someone on this fictional network wanted to use a service for example a game and could set up a game server which would use a port of their choice. They also know some ports that they have used for other services before and can set the game to run on those.

How would the network administrators go about stopping this from happening?

Ok lets say that a user was to try to change the IP address (which IS possible) to 192.168.0.12. They also set up another computer on the same network with the IP address 192.168.0.13, both having the correct default gateway and subnet mask.

How would the network administrators go about stopping this from happening?

Any enlightenment on the subject would be fantastic, i would just love to understand how they do it!

Thanks all.

Relentless.

You only need a router, and/or a game server if the game demands one.

so just to clarify…you're asking how an admin can prevent certain ports from being opened?

I would think there would be a setting somewhere in the router.

I can show you how to do it, but i'm not toally sure what you want to know?

Are you asking how to stop the people from changing the settings of the network adaptor? or the router specific questions about port forwarding?

If it's the port forwarding, abusing uPNP is likely what you're looking for, as far as network settings, proper privs are essential (windows i don't think you can change them without admin, nix you need root to access ifconfig).

Hope this helped, feel free to msn me about it.

R3l3ntl3ss wrote: -Lots of computers always on. -Most ports are blocked. -Use different port for game server, d00d? -Changing IP address, etc.

How would the network administrators go about stopping this from happening?

It really depends on how vigilant the netadmin or netadmins are. Most netadmins don't seem to give a sh** about doing their job properly… there are exceptions, though.

If a network administrator wants to see what's going on with a great degree of detail, then he / she can automate most of it. A thought on doing it would be multiple switches w/ multiple VLANs to segregate the network into as small groups as possible. Configure SNMP on the switches and do traffic benchmarks for normal activity. Hopefully, the VLANs could have few enough members that a drop-off of two computers (in the case of IP changing, etc.) would be noticed easily. Really, though, there are chances for a number of false positives here. Even still, another good thing about the small groups could be that the netadmin could check for traffic that is not bound for the default gateway; that is, traffic that is going from one internal location to another. Changing IPs doesn't make you invisible… changing default gateways would be the problem with a solution near the gateway, though.

That being said, I would not be worried about the game server idea if I was the admin. You'd have quite a time achieving priv. escalation or anything of the sort… because I'm actually quite decent with GPOs. ;)

If it wasn't me, though… yeah, you'd probably get away with it, as long as you eliminate any RAS tools and make sure to keep it within the bounds of any network hardware. That's the safest way, at least.

And, yes, I am that cocky… the key to being effective is not making a single task difficult but, rather, piling on a series of difficult tasks.

Edit: I think I'll write an article on this very topic: Securing a Windows AD domain through GPOs (and more). Look for it in the next week or so!

Thank you all very much im sorry i wasnt very clear at first but Zeph nailed it on the head. I just wanted to know how it is possible to allow one service to be used on a port such as FTP on 21 and then be able to block use of a game on port 21.

[Fictional network] I tried to run a game server but this wont work, so i tried to change the 2 IP addresses, gateways etc of the 2 machines i wanted to use. When you do change the IP addresses (them being set corretly) the machines cant even ping each other despite being on the same network with the correct IP settings.[/Fictional Network]

Would there be any way to get round this?

Thanks again, this is clever all of it! but there must be a way around! :evil:

Relentless.