O
O
organizer7762021-10-15 14:50:36
Windows
organizer776, 2021-10-15 14:50:36

How can I listen to a port on a running program?

How can I listen on a port on a running program?
The situation is this, there is a server that looks at the Internet (organization sites), but, from time to time, I see hacking attempts via rdp, etc. I want to make a port listener, which will become something like a gasket in the middle.

There is such a program as process explorer and it sees the current connections to a specific process, but I don’t know how it works.
Based on the knowledge of java, I assume something like connecting to streams, but I could be wrong in the implementation.

Why is this needed? Automation of protection without installing third-party software (this is a headache for the organization).

Answer the question

In order to leave comments, you need to log in

5 answer(s)
S
Sergey Gornostaev, 2021-10-15
@sergey-gornostaev

Why all these difficulties, if you can simply install and configure fail2ban or an intrusion detection system if you need heavy artillery. The headache is to write your own solution in the presence of ready-made and time-tested ones.

D
Drno, 2021-10-15
@Drno

Do you have an organization's website on Winserver? who looks in the Internet? I sympathize then))
In general, only the required port is opened for entry, the rest is closed. and don't care, let them break.
Usually this is done at the gateway...

A
Armenian Radio, 2021-10-15
@gbg

You will need to configure WinPCAP, which is an NDIS driver built into the Windows networking stack.
Alternatively, you can try to inject a self-made ws2_32.dll into the process
. Both require extensive system programming experience in C/C++ under the window, as well as reading a ton of MSDN pages in English.

R
rPman, 2021-10-15
@rPman

suggestions about WinPCAP, NDIS driver, ws2_32.dll, etc.

It's OK. Difficulties force development.
you were given twice a hint that this direction of the solution is inadequately difficult compared to the goal.
The correct solution is to put a firewall (adequacy here should suggest * nix * OS or ready-made pieces of iron with the necessary functionality) between the Internet and the target server with the application, this firewall will listen to connections and make a decision.
Any version of this solution will be cheaper in terms of cost and time than research in the field of 'how to deal with the fact that microsoft nagovnokodili messed up the network subsystem and standards'
ps microsoft has tools for logging access via rdp, can start with them?

P
pfg21, 2021-10-15
@pfg21

requested type of software - traffic analyzer.
One of the main options for Windows wireshark
is to set up filtering by port and write the stream of packets to disk, then take your time to parse, identify left-handedness and find the conditions for cutting them through the firewall.
I hope the firewall in Windows is able to filter streams according to protocols.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question