February 28th, 2004, 06:12 AM
Basic tunnelling through a filter
This isn't really a full fledged tutorial, I'm just writing it to give some general insight. The original purpose of this article was to talk to the network staff at my school about getting around the filter. You see, the filter system we have is at the county's access point to the rest of the internet. It's our gateway to everywhere. Of course, when you try to access a page that is on the blocked list, it gives you a detailed page telling you that you were denied access and the company that makes the filter. After some quick research, I figured out exactly what filter we used, how it was configured, and how they installed it. Go figure.
Either way, I found out that it only blocked access to a specific list of sites (including antionline, but not packetstorm, collusion, or any other ones I have listed on my site's links page). If the site name isn't in the list, then you're allowed access. There's no content filter, it's just based on the name. How absurd.
Well, here's some basic theory on tunnelling out through the filter:
Tunnelling is a common practice and involves 4 main parts: the computer you're at, your proxy/filter, a box at home, and the website you want to get to. The general idea is that you access an unblocked site and use it to view normally blocked material. The simplest way to is set up a port forwarder type of program at home.
First, before you leave for school/work, connect to your ISP and make sure the connection won't idle-out. Then, kick off the port forwarder. Its job is to forward all http (port 80) requests to its ISP which in turn resolves the name, finds the content and returns it. Then, your forwarder forwards this returned data back to the place the request came from. Port forwarders aren't terribly hard to make or obtain, but that's for a different tutorial altogether. For ease of use, I would suggest setting one up to not act as a proxy, but to have it forward the file the incoming request is trying to access.
After your box at home is set up, make sure that you know its external ip address or have some unblocked place that it will regularly send its ip to. Then, when you're at the place you're tunnelling out of, you'll send an http request from the browser like: http://ip.of.your.home.box/place.you.want.to.go. You'll connect out to your home box, it'll process the request, forward it, and then relay the page data back. This way, you're accessing an unblocked page which then requests another page, but it's outside of the filter's control.
Again, this article is just for some general concepts. I hope to add on to it when I have a specific example I can use. Hopefully wherever you work has a better filtering system than just checking url's, but if it doesn't, perhaps you should talk to the security staff about upgrading.
Is there a sum of an inifinite geometric series? Well, that all depends on what you consider a negligible amount.
February 28th, 2004, 06:51 AM
We have a really nice warning page that pops up on the screen when you have tried to access something not exactly "business" related. I have figured out that it is name and content based. Certain websites are blocked (joecartoon.com - go figure!) as well as content (subject, website, etc.) I am not interested in trying to go to blocked sites, although accessing joecartoon.com with a t1 line(?) instead of dialup would be nice Too afraid of the "no tolerance" policy. we have had a few get fired by forwarding "questionable" material through email.
I have also figured out that websites are logged by either number of times logged in or by length of time logged into a particular site. If deemed too many times or too long time spent on the site, BAM!! they ban the site. Found this out personally.
But, your process got me to think. (key up newbie music).... could you do the same thing with PCanywhere? Our server here at work blocks IP addresses directly. But could you contect with PCanywhere and gain access to your home computer and then control the ISP, website,e tc from there? Just a thought as I am not very knowledgable in the remote access field....
February 29th, 2004, 04:47 AM
February 29th, 2004, 11:32 PM
Yes there is something called CGI-PROXY.
set it up @ home (With Perl)