Firewall Wizards mailing list archives
Re: Bypassing firewall
From: "Saravana Ram" <Ram () POP Jaring My>
Date: Wed, 26 Jan 2000 20:55:31 +0800
From: "Robert Graham" <robert_david_graham () yahoo com>
You don't really need two Linux boxes. Assuming you have a standard packet filtering firewall that allows only outbound TCP connections to port 80, a
user
could setup a SOCKS server at home (assume cable-modem/DSL) listening on
port
80 rather than the standard 1080. Any socksable client then can allow the
user
any activity through his/her home machine. For example, run SocksCap from
NEC
configured to use the home machine as the SOCKS server. Most client apps
can
now work invisibly through this setup.
This would not work though if the firewall examined the http packets for kosher data. Reverse proxies, application layer proxies, statefull inspection firewalls, and anything else employing similar descriptions would prevent such things. Robert's example of running socks on port 80 will work if the "firewall" were no more than a packet filter or [perhaps] a NAT box. In the case that the firewall requires packets running through port 80 conform to the http protocol, a tunnel would have to be set up. I'm sure many methods exist to tunnel connections through popular protocols like telnet, http, and https. I know personally of one Linux application that allows you to tunnel securely through https, so there should be less fanciful methods out there.
Current thread:
- Bypassing firewall Mailing Lists (Jan 24)
- Re: [firewall-wizards] Bypassing firewall Magosanyi Arpad (Jan 25)
- Re: Bypassing firewall daN. (Jan 26)
- Re: Bypassing firewall Cliff Rayman (Jan 27)
- Re: Bypassing firewall Aaron D. Turner (Jan 27)
- Re: Bypassing firewall Bennett Todd (Jan 28)
- <Possible follow-ups>
- RE: Bypassing firewall jussi . jaakonaho (Jan 25)
- Re: Bypassing firewall Robert Graham (Jan 25)
- Re: Bypassing firewall Saravana Ram (Jan 28)
- RE: Bypassing firewall Riley, Steven (Jan 26)
- RE: Bypassing firewall Kaptain (Jan 28)
- RE: Bypassing firewall Robert Purdy (Jan 31)
- RE: Bypassing firewall Kaptain (Jan 28)
- Re:Bypassing firewall TDyson (Jan 28)
- Re: Bypassing firewall Steven M. Bellovin (Jan 31)