Basic tunnelling through a filter
Results 1 to 4 of 4

Thread: Basic tunnelling through a filter

  1. #1
    Senior Member
    Join Date
    Nov 2003
    Posts
    107

    Basic tunnelling through a filter

    This isn't really a full fledged tutorial, I'm just writing it to give some general insight. The original purpose of this article was to talk to the network staff at my school about getting around the filter. You see, the filter system we have is at the county's access point to the rest of the internet. It's our gateway to everywhere. Of course, when you try to access a page that is on the blocked list, it gives you a detailed page telling you that you were denied access and the company that makes the filter. After some quick research, I figured out exactly what filter we used, how it was configured, and how they installed it. Go figure.

    Either way, I found out that it only blocked access to a specific list of sites (including antionline, but not packetstorm, collusion, or any other ones I have listed on my site's links page). If the site name isn't in the list, then you're allowed access. There's no content filter, it's just based on the name. How absurd.

    Well, here's some basic theory on tunnelling out through the filter:
    Tunnelling is a common practice and involves 4 main parts: the computer you're at, your proxy/filter, a box at home, and the website you want to get to. The general idea is that you access an unblocked site and use it to view normally blocked material. The simplest way to is set up a port forwarder type of program at home.

    First, before you leave for school/work, connect to your ISP and make sure the connection won't idle-out. Then, kick off the port forwarder. Its job is to forward all http (port 80) requests to its ISP which in turn resolves the name, finds the content and returns it. Then, your forwarder forwards this returned data back to the place the request came from. Port forwarders aren't terribly hard to make or obtain, but that's for a different tutorial altogether. For ease of use, I would suggest setting one up to not act as a proxy, but to have it forward the file the incoming request is trying to access.

    After your box at home is set up, make sure that you know its external ip address or have some unblocked place that it will regularly send its ip to. Then, when you're at the place you're tunnelling out of, you'll send an http request from the browser like: http://ip.of.your.home.box/place.you.want.to.go. You'll connect out to your home box, it'll process the request, forward it, and then relay the page data back. This way, you're accessing an unblocked page which then requests another page, but it's outside of the filter's control.

    Again, this article is just for some general concepts. I hope to add on to it when I have a specific example I can use. Hopefully wherever you work has a better filtering system than just checking url's, but if it doesn't, perhaps you should talk to the security staff about upgrading.
    Is there a sum of an inifinite geometric series? Well, that all depends on what you consider a negligible amount.

  2. #2
    Member
    Join Date
    Feb 2004
    Posts
    36
    We have a really nice warning page that pops up on the screen when you have tried to access something not exactly "business" related. I have figured out that it is name and content based. Certain websites are blocked (joecartoon.com - go figure!) as well as content (subject, website, etc.) I am not interested in trying to go to blocked sites, although accessing joecartoon.com with a t1 line(?) instead of dialup would be nice Too afraid of the "no tolerance" policy. we have had a few get fired by forwarding "questionable" material through email.
    I have also figured out that websites are logged by either number of times logged in or by length of time logged into a particular site. If deemed too many times or too long time spent on the site, BAM!! they ban the site. Found this out personally.
    But, your process got me to think. (key up newbie music).... could you do the same thing with PCanywhere? Our server here at work blocks IP addresses directly. But could you contect with PCanywhere and gain access to your home computer and then control the ISP, website,e tc from there? Just a thought as I am not very knowledgable in the remote access field....

  3. #3
    Banned
    Join Date
    Feb 2004
    Posts
    20

    Lightbulb pcAnywhere test

    We also use pcAnywhere at work. I'd like to try that idea out. The only problem I might have is that my computer is behind a router, but I can set my home box as a DMZ host I guess. Damn... I'll need to put pcAnywhere on my own computer will I not? Anybody know if pcAnywhere will work with linux? Also, can a windows box with pcAnywhere connect to a linux box? I'll see what I can find out, but if anyone has ideas/suggestions please let me know (email me, pm me or just put a post on here).

    I'll keep y'all posted

    [shadow]agent.idle[/shadow]

  4. #4
    Junior Member
    Join Date
    Nov 2002
    Posts
    1
    Yes there is something called CGI-PROXY.
    http://www.jmarshall.com/tools/cgiproxy/

    set it up @ home (With Perl)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •