November 28th, 2001 04:20 PM
Definition of a Wingate
A definition I've heard from a few people is:
"WinGate is a proxy server firewall software package that allows you to share a single (or multiple) Internet connections with an entire computer network. The Internet connection shared by WinGate can be of nearly any type, including dial up modem, ISDN, xDSL, cable modem, satellite connection, or even dedicated T1 circuits."
Wingate is similar to a proxy server. It connects different computer through port 23 onto a server, which is called a wingate. In fact, it's just a telnet connection. The Wingate will let anyone on the network access the Internet or connect through it to other sites. Due to poorly configured wingates and Administrator's incompetence, there's a lot of wingates that will let anyone on the Internet connect through them, instead of limiting access to people from the local network. Opening the way for anything from an IP spoof on ICQ or irc to full scale abuse. Such wingates are called "Open Wingates" and usually last from anywhere from a few days to maybe a few months until an Administrator either discovers it or gets complaints about some "mysterious" users doing something they shouldn't be. Most likely in that case it's someone connecting over the Internet.
The only benefit for administrators is the ability to put multiple users through the same connection. The problems with it clearly outweigh the benefits. If anyone is going to set up their own wingate, I'd suggest strongly that you know what you are doing and make sure that is configured securely so that only those that are meant to use it, are the ones using it. Another more secure WinGate-like software is SyGate.
From previous experience working with Wingates both as a Network Administrator and a "remote" user I can tell you that the logs on most wingates are cleared usually every 48 hours. Most businesses and ISP's (especially the big ones) just don't have the need or the resources to log every single thing that happens on their wingate servers.
If anyone would like to correct me or post comments please reply to this post, thanks.
November 28th, 2001 04:32 PM
I've heard stuff about WinGate also..
A home user running WinGate can be 'exploited' as a proxy server by remote users, as it allows for them to connect on the default port..
I haven't verified this, (I'll look for the info I read on it tommorow, I'm going to bed soon) but I'm pretty certain it is true..
www.astalavista.com has a list of WinGate proxies which are available.. whether the owner knows it or not, I don't know...
\"Isn\'t sanity just a one trick pony anyway? I mean, all you get is one trick. Rational Thinking.
But when you\'re good and crazy, hehe, the skies the limit!!\"
November 28th, 2001 04:38 PM
How To Find Wingates
The best way is word of mouth. Failing that, the 2nd best way is to use a wingate scanner. You can scan whole subnets for wingates. A note: IP's in third world countries, the Middle East (except Israel), Africa, and on the @home network all have one thing in common: They all have wingates that are poorly configured and there are usually a few open wingates on their networks. Try scanning them 1st and foremost. Through Unix, the best way is: trial and error. telnet to the wingate through port 23, then leave the user name and password blank and if you get in, you've found one. You might also want to try username and/or password as: wingate. The best windows (32 bit) scanner I have used is: wGateScan v2.2
It is available on many different websites. I got it from this site, it has some other useful stuff on it too: http://www.hotmanscave.com/
To use it, all you have to do is to enter a range of IP address or a hostname. It will telnet to each host in the range through port 23 and will send a message saying "wingate" or something. If the host accepts this message then bingo ! You've found one and it keeps a list of all working open wingates, which you can save to a file or delete as needed.
Hope this helps. Latr,