Solved

How does Remote Assistance access a computer behind a router's firewall without any firewall configuration?

Posted on 2004-09-30
7
385 Views
Last Modified: 2010-04-10
Following on from this question: http://www.experts-exchange.com/Networking/Q_21114583.html

How is that without doing any port forwarding a computer on the internet is able to access a supposedly secure xp machine sitting behind a firewall with nothing but the windows xp software to authenticate the access request from the remote assisting computer?

How does this work under the hood?
0
Comment
Question by:micknorman11
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
7 Comments
 
LVL 20

Expert Comment

by:DVation191
ID: 12189629
Remote assistance uses Terminal Services technology, allowing a helper to assist you via a remote Terminal Services session. Remote Assistance uses a simple, secure process in establishing a connection between you and a helper. The request is encrypted in a public key and sent using XML. As long as your router is letting the Remote Desktop ports through, remote assistance will work.

http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/rmassist.mspx
0
 
LVL 20

Expert Comment

by:DVation191
ID: 12189643
Additional Notes:

Configuring Port 3389 to Enable Remote Assistance
Remote Assistance runs over the top of Terminal Services technology, which means it needs to use the same port already used by Terminal Services: port 3389.

Note: If the person who is being helped is behind a firewall, NAT, or ICS, Remote Assistance will still function as long as the person being helped initiates the session via Windows Messenger. However, as stated above, Remote Assistance will not work in cases when the outbound traffic from port 3389 is blocked.

Using Remote Assistance in a Home Network
If you are using Personal Firewall or NAT in a home environment, you can use Remote Assistance without any special configurations. However, if you have a corporate-like firewall in a home environment, the same restrictions apply: you would need to open Port 3389 in order to use Remote Assistance.
0
 

Author Comment

by:micknorman11
ID: 12189651
I neglected to mention that the remote assistance was working before I got the router configured to support remote desktop (ie enabled the port forwarding)
0
Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

 
LVL 20

Expert Comment

by:DVation191
ID: 12189730
Most consumer-grade routers do not have the firewall enabled by default. Even if they do, they may not be blocking those ports. If you get port-scanned from the outside, you can see which ports you have open and which are closed...
Shields Up!
http://www.grc.com/x/ne.dll?rh1dkyd2
0
 

Author Comment

by:micknorman11
ID: 12189782
Hrm ... I'll go check out the router asap. I thought the firewall was on, but I could have overlooked it. Best double check.

I was just reading another EE question and discovered MAC filtering doesn't prevent sniffing wireless routers either - ACK!

There's at least one change I'll be making on the router - enable WEP.

I've been told 802.11b is piece of cake to bust into anyway ... I'll have to look further into that.

Back in a couple of days ... tks for the input so far :)
0
 
LVL 20

Expert Comment

by:DVation191
ID: 12189828
yea from a linux box, even WEP is no match...
=)
0
 
LVL 3

Accepted Solution

by:
ccceqo2 earned 500 total points
ID: 12198205
What I understand is:
You were using a router performing NAT, the standard setup to let multiple PCs share an internet connection.
You had no port forwarding configured on this router.
But you still managed to remote assist one of the PCs behind this router.

And you want to know how this could work?

Normally, when the requester has port forwarding enabled, anyone could send a TCP request to their IP address and their router would forward it through to the requester. When the port is blocked, the requester has to send out the TCP request, because this is their only way of establishing a connection with hosts outside their local network.

There could be two ways to do this, one if the person providing assistance had THEIR router/firewall configured to allow incoming port 3389 traffic to reach them, and the other if the person providing assistance did not ie. both users were blocked off from incoming requests.

1) If the assister has THEIR firewall configured, the software accepts the request and then looks for the incoming request from the requester. Once the assister has accepted this request, a link is established between the two PCs. This is a clever hack to allow TCP requests to be established in the opposite direction to normal and is used by all sorts of software like ICQ, and file sharing programs.

2) If neither have their firewalls configured, then another external host with its firewall properly configured will be required to assist. The requester sends TCP requests to this third party, and when the assister accepts the request, they too send TCP requests to the third party. When the third party host sees the matching incoming requests, it accepts them both and "joins" them by relaying traffic from one TCP session to the other. The third party host will need to handle all traffic involved in the remote session. This hack is also used to allow programs like ICQ to run chat session between users who are all behind firewalls.

I hope you understand this overview of what is going on. To understand all the details you need to study how the TCP/IP protocol stack is designed and how it operates.
0

Featured Post

Online Training Solution

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
A 2007 NCSA Cyber Security survey revealed that a mere 4% of the population has a full understanding of firewalls. As business owner, you should be part of that 4% that has a full understanding.
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question