Re: Bypassing firewall

["Saravana Ram" <Ram () POP Jaring My>]

From: "Robert Graham" <robert_david_graham () yahoo com>

> You don't really need two Linux boxes. Assuming you have a standard packet
> filtering firewall that allows only outbound TCP connections to port 80, a
user
> could setup a SOCKS server at home (assume cable-modem/DSL) listening on
port
> 80 rather than the standard 1080. Any socksable client then can allow the
user
> any activity through his/her home machine. For example, run SocksCap from
NEC
> configured to use the home machine as the SOCKS server. Most client apps
can
> now work invisibly through this setup.

This would not work though if the firewall examined the http packets for
kosher data. Reverse proxies, application layer proxies, statefull
inspection firewalls, and anything else employing similar descriptions would
prevent such things. Robert's example of running socks on port 80 will work
if the "firewall" were no more than a packet filter or [perhaps] a NAT box.

In the case that the firewall requires packets running through port 80
conform to the http protocol, a tunnel would have to be set up. I'm sure
many methods exist to tunnel connections through popular protocols like
telnet, http, and https. I know personally of one Linux application that
allows you to tunnel securely through https, so there should be less
fanciful methods out there.