Port Forwarding

What is Port Forwarding and what are it's uses and benefits ??

Port forwarding is used to communicate certain services between two networks which are generally separated with a router. In our example, when we want to use a RAT, your slaves try to connect to your public IP address (your “internet” ip). This is the address of your router. In order to connect your slaves from your router to your local machine, the router needs to know where to send this traffic. This is where port forwarding kicks in.

Let’s say your public IP is. 12.34.56.78 and your local IP is 192.168.1.10 . Your RAT uses, for example, port 100. You have set up no-ip to connect to your public IP address. Your slaves

will thus try to connect to example.no- ip.com:100 which will be translated to 12.34.56.78 :100 (in which 100 is. the port). When your router receives this traffic, you want the router to send this traffic to your local IP address so you can connect the slaves to your RAT client. The only thing your router “knows” is the port. The router will then look in the port table to see which local IP address is associated with port 100. If you have set up port

forwarding correctly, your router will look up port 100 and see this traffic needs to be routed to 192.168.1.10 (your local IP address). I’ve found a drawing to explain it a bit clearer:

Why Do I need to setup a Port Forwarding ??

1. Access to your router : You will need to have access to your router to configure the port you want to forward to your IP address. You can access the configuration page of your router by typing the router’s IP address in the address bar of your browser. If you do not know this address, you can find it by opening a command prompt window (start -> all programs -> accessories -> command prompt), typing “ipconfig” (without quotes) and

pressing enter. The default gateway address is the address of your router.

When you go to this address in your browser, you will probably be asked for a username and a password. When you do not know this, you can try the routers default password. Simply look in the routers manual or download your routers manual from the manufacturers website. Alternatively, you can google your default login or go to http://www.routerpasswords.com/.

2. A Static IP: In order to keep your IP address the same as the one in the port forwarding table, you need a static IP address. Most home networks use DHCP, this is a protocol to automatically assign an IP address from a certain address range to a NIC (network card) when the computer boots up. It is possible that when you reboot your pc your router will assign a different IP address to your NIC then you had before, but the port will still be forwarded to your old IP address. Obviously you need to keep the same IP address all the time. First, you have to pick the IP address you are going to assign to your NIC. This has to be an address which is not in use, so you cannot pick an address which is in the DHCP address pool (the addresses automatically assigned to other machines in the network). You can find this address range somewhere in the configuration page of your router. I’ve made a screenshot of my router’s DHCP configuration:

As you can see, my starting ip address of the DHCP pool is 192.168.1.31 and there are 50 addresses in the pool. This means I cannot use all the addresses between 192.168.1.31 and 192.168.1.81 . Note that this may look different on your router. Other addresses I cannot use are other used static IP addresses on the network like 192.168.1.1 which is used by my router. As you can also see, I have a subnet mask of 255.255.255.0 . You will most likely have the same. The subnet mask determines the number of IP addresses in your network. A subnet mask of 255.255.255.0 means all the addresses between 192.168.1.1 and 192.168.1.255 are valid network addresses on your network. Beware: one other address which is already in use is 192.168.1.255 . This is not used by a machine, this is the broadcast address. With this address you contact all the other addresses on the network. This is for example used for messages which contain information about a network change. You’ll never need to use this address yourself, this is all done by services. In my example, 192.168.1.10 is a free address which I’m going to use for my PC. Note that it is possible to have a different IP range on your network, for example 192.168.0.X or 10.0.0.X. Just take the same steps as I’ve done but with your IP range.

Setting up Port Forwarding: In order to set up port forwarding there are 2 things we need to do. First we need to assign the static IP address you just chose to your network adapter. In my case this is 192.168.1.10 . You also need your subnet mask and your default gateway. You can also find this through the ipconfig command. In order to configure your network adapter you need to go to control panel

->network and sharing center. In the left pane click “Change adapter settings”. Right click the adapter you are using and click properties. You will get this: Right click “Internet Protocol Version 4 (TCP/IPv4)” and click properties. Now fill in the addresses you have found. For DNS server use the same address as your default gateway.

When you’re done click OK. Now we have configured a static IP address we need to forward our port to this address. You need to go to the router configuration page to do this. This is different for every router, so if you cannot find this yourself you could google “port forwarding <insert routertype here>”.

In my router, a Draytek Vigor 2130, it’s under “NAT -> Open Port”.

I’ve configured it using my port and local IP … Use TCP+UDP; different rats use different. protocols for different types of transfers, use them both to be sure.

Once you have opened this port to your local IP you’re ready to test your port. You can use a website like canyouseeme.org . Note that you will need to listen on the port with an application (like your RAT) to get a response. If you’re not listening on your port you will probably get a false negative.