This may be a simple enough answer but I'm hoping someone with the knowledge can answer.
We are using SonicWall firewall for SSLVPN and using firewall rules restricting access to RDP for SSLVPN users only, all other traffic to the RDP service is rejected.
I want to know if this RDP service and port are visible externally outside of the VPN. So if someone were to for example do a scan using Nmap or Shodan would it be visible?
I would go off the VPN/office network and just run an nmap scan to confirm this. You could spin up an EC2 instance or test it from home using nmap -sT -sU -p 3389 <IP>. That nmap scan is checking UDP (-sU) and TCP CONNECT (-sT) on port (-p) 3389. In my experience, it's best to audit your firewall rules yourself using proven tools. You can do this with netcat/nc as well, you don't actually need nmap.
You could connect to another network and test or use an online service like https://www.yougetsignal.com/tools/open-ports/ to see what ports are open.
Related
I hope someone can point me in the right direction.
I have a Windows Server 2012R2 running Bitvise SSH server, for the sake of simplicity it has only one ethernet card. SSH listens to 192.168.1.115 port 22.
When the server is connected to the internet with VPN (NordVPN client > I cannot edit config) the SSH connection is no longer working. I believe this is very normal as the VPN changes the gateway and routes all, including SSH, packages through it.
I was hoping it is possible to simply edit the routing table or similar so that all SSH packages on 192.168.1.115 port 22 are routed to the original gateway (the gateway before VPN is connected so to speak) and that all other are routed via the VPN gateway.
Alas, I have no idea how to start with this split tunneling. Maybe there are tools or other solution for this? I have search high and low but did not find an easy answer.
Looking really forward to your expertise. Thank you.
With best regards,
ShadowHunter
I have a client who is remote. I need to debug some weird problem that none of my other clients are having. Before I try and set up a conference with this client, I would like to know if there is some way of remotely debugging our application.
I see that there are remote debugging tools available for Visual Studio, but from what I've read, I need to be on the same subnet. As the person is remote, this is not a possibility. Also, as I'd like to keep our connection secure, I would need to connect up some sort of encrypted tunnel (this is where I'm a little fuzzy as my networking skills are mostly theoretical).
As I understand it, an encrypted tunnel is a bridge to another (different) subnet. This is to ensure that those computers on the other side won't interfere with the local subnet computers.
So, because the client's computer is on a different subnet, I think that this is not possible. Or is it? Should there not be a way of making the client's computer show up as a virtual computer on my subnet, by forwarding packets from one subnet to another? I would think that this is theoretically possible, but I'm not exactly sure how I would go about this.
Also, at the moment, my current way that we connect to clients is through GoToMeeting, but I don't think that it supports tunneling. If not, then I may need some way of generating a tunnel, so I was also thinking of maybe using some SSH programme like PuTTY.
As I have said before, my knowledge of networking is quite theoretical, so if the tools that I am suggesting are not the correct ones, please correct me. (I'm a programmer, damm it! Not a network engineer!)
Both computers are Windows boxes. Windows 10 (client) and Windows 8.1 (development).
If you can connect to an ssh server in the remote network, you can (subject to configuration on the server) create a tunnel such that you connect to a socket on your local pic and the connection appears from the server to an endpoint on the remote network.
You'll want to investigate the -L command of OpenSSH, which combined with the PuTTY docs, should help explain what's required.
By default, the endpoint would be a port on the ssh server, but it could be a port on a different host that the remote server can connect to.
I'm not familiar with the current state of Windows SSH servers, but even if there isn't a system server to hand, you should be able to have on run 'on demand' - if you run it on a non-privileged port and by the user you want to connect in as, it shouldn't even need Admin privileges.
I'm not familiar with GoToMeeting, but the one thing with SSH tunnelling it that IT depts should be familiar with SSH. If trying that, focus on getting a working connection in, then setting up the tunnel, then connecting through it as separate steps.
Once you have an SSH connection, then it doesn't need to do something itself, and you can then investigate connecting while specifying the port forwarding, but will will need to get the basic connection working correctly first.
I'm being in a tough spot, having created 2 different virtual machines on Azure, with windows server 2012 R2 OS. I'm trying to host a game server for a game, which requires ports 7777 and 27015 opened.
What I did is simple, I went into the panel, set-up endpoints for 7777, 27015, for UDP and TCP, and added exceptions to firewall as well for incoming/outcoming 7777, 27015 TCP and UDP.
canyouseeme.org still apparently can't find my service and shows me the ports are not opened. It shows my remote connection port is opened though. What am I doing wrong? Is there anything more that I need to know?
Image showing forwarded ports
If you opened the ports on your Firewall and on the Endpoints screen you are probably fine to game. The problem is probably with the utility that you're testing with and not the ports themselves.
I logged onto an Azure VM that I know I can remotely connect to, tested an open port that I know is open with that website, and it said it did not find it. Maybe that site is using Ping, which gets stuck in Azure's load balancer. To test connectivity, try using PSPing. This will let you test connections to specific ports. https://technet.microsoft.com/en-us/sysinternals/bb896649
Is there any possibility to check if specific port on remote Windows machine (for example 3389 for RDP) is already in use? Localy I could use netstat, but I want to check this remotely. Can I do this with Telnet? Or something?
EDIT: I tried PortQry (proposed by user3365848: http://www.gfi.com/blog/scan-open-ports-in-windows-a-quick-guide/), but this give me only information if system is LISTENING on 3389 port, but not if someone have active RDP session. Or maybe I'm doing something wrong?
I need to check if remote host is Windows or Unix/Linux.
I can't assume that it has web server configured.
All I can do is to try to connect to several TCP or UDP services.
Which TCP services (TCP port numbers) usually will be opened on Windows and not on Unix/Linux and vise versa?
The other way is to try to ssh to it, and if it fails assume that it Windows host. The problem is, that I need this in order to choose the remote access method ssh or something Windows friendly like psexec.
You can read the output of nmap to detect which OS a remote host is running. It has a whole module dedicated to this. Here is a guide to using it.
Why not just try to connect one way, and if that fails, connect the other way, and if neither work, tell the user?
If that's all you're trying to do, there's no need to actually check the OS.
This is not an easy thing to answer with any degree of certainty as there are very few ports that will always be open on one OS but not on another.
You could try some/all of the following
80 http obviously
22,23 Telnet and SSH (Not usually open on windows, one at least usually open on *nix)
135 Used by WMI so often open on windows
1443 (Possibly SQL Server)
691 Used by MS Exchange routing
3389 MS Remote Desktop
I would suggest that scanning ranges of ports may lead you into trouble particularly if these are not your machines. You may find your IP address logged as a possible source of "Port Scanners"
There are some fairly extensive lists of ports available on the web. e.g. http://keir.net/portlist.html