Getting around a firewall.

[SlingBlade]

I messed up and posted this in the Hardware forum. So I'm moving it here Here is the thread:

http://forums.anandtech.com/messageview.cfm?catid=27&threadid=566449&STARTPAGE=1

So here is what my question was

Hey, I'm behind a firewall that has the ports certain games use blocked. I don't have access t othe firewall of course. I was wondering if there is any ways around that? Can I change what ports the game uses. or try other things?

Some people answered saying you could use tunneling with HTTPort or maybe Virtual Private Networking. The guy who suggested VPN (CyberZero) said he is still working on this solution. Any suggestions?

 

[Nightfall]

To be honest with you, there is no easy solution around the firewall unless you have access to it.

 

[SlingBlade]

Well I have nothing better to do, so I don't care how difficult it is. I can't get access to the firewall so this is my only option.

 

[spidey07]

how do you get around it? a firewall has a set of rules that allow or disallow traffic based on IP addresses, application ports, or other application information such as real audio.

you get around it by tunnel or proxy your protocol to make the firewall think it is passing legit applications.

I have to say this because it is very true "bypassing your companies' or universities' network security measures can get you fired/suspended whatever. if they are good they'll catch you very soon" (our systems would immediately log you, send an alert and deny your IP address within about 5 minutes) You are using a PRIVATE network, it is their network to control.

Maybe submit a written request to open up these ports? shot in the dark but who knows?

 

[calpha]

I can't think of any way around a firewall without access to it. VPN is the only possibility.

I've hosted Star Trek EF @ home before and set it up on a different port, and used my Freesco Router. Guess you could do the same if you could figure out what ports were allowed.

Although, to get my ST.EF Server to run I had to explicitly forward the port I used to the IP Address of the game server, so maybe this won't work for you.

 

[RagManX]

I normally ignore these posts, since I deal with computer security and have no desire to make another security administrator's life harder. However, let me give you a bit of information here, so you'll understand what you are up against.

Depending on the firewall, you could have a setup where only traffic dedicated for certain ports on the outside systems will be allowed through. Or, you could have a setup in which the firewall actually inspects some of the traffic, verifies that it looks like a reasonable type of traffic for the port it is flowing on, and passes it through (not really practical, given that everything can be tunnelled over every other traffic type, but some firewalls attempt to do this). I'll assume you are just dealing with a firewall that blocks or allows based on port.

Now, suppose you want to play Tribes, which I believe uses port 27001 and some small range above that. Your firewall only allows port 80 traffic from internal machines, port 25 traffic from your mail server, port 53 traffic from the internal DNS, and other similar, specific restrictions. You want to connect to a Tribes server on port 27001, but your firewall doesn't have that open. At this point, your choices are few. You can hack your way into the firewall and change the ruleset (requires some knowledge of the firewall and ways to attack it). Or, you could set up an external proxy system on an external machine that you control, set it to accept traffic on a port allowed through your firewall (say, port 80) and translate it to the correct port for the Tribes server and pass it along, and then take the return traffic, slap it back into a connection back to you on whatever port you initiated from, and pass it back to you. Or, you could try to get the server administrator of the game machine you want to use to set up a VPN server that will allow you to connect, set up a VPN client on your machine to connect to that VPN server, and then try to convince your firewall administrator to allow VPN traffic through the firewall. Or, you could get the game server administrator to change his server to accept connections on a port that you are allowed to connect out through (but given that others won't likely be able to connect then since they won't expect the server on that port, you're not likely to make this happen).

You can probably come up with similar ways at this point, but they'll all be similar to the above. So, which do you want to do? That's all there is to it.

RagManX

 

[SlingBlade]

Well, I don't have the money to invest in my own server outside the firewall. Furthermore I am positive I won't get caught using other methods, because I am not dealing with an advanced system or administrator here. It is just a Netgear RT314, so this isn't rocket science, I just don't know firewalls and networking very well

 

[gogeeta13]

Hmm

I am thinking mommy and daddy said no more killing games for you, little boy. But you have a thirst for blood and killing games, and must defy the parents, to play your Q3 or CS or etc.

Am I right?

well, since it is a rt314, try telneting it, and see if the default pword works

 

[Wik]

Or try the web browser access page by typing in the IP in your address bar.

default is http://192.168.0.1 Name: admin Password: 1234

 

[SlingBlade]

I'll make a deal with you. I won't talk to you like you're a kid if you'll give me the same courtesy I'm 20 thank you. I am living at home and going to college. Unfortunantly my parents think video games are evil. They are a bit... conservative to say the least. I think by the time I am 20 I can make those decisions for myself. I even offered to pay for the internet and power so they wouldn't be able to say "our stuff our rules". No go, they wouldn't let me pay for it. I respect my parents decisions on most things, but this is one thing I am tired of taking. I think anyone who has had controling parents who have their heart in the right place can understand the situation I'm in. If not, just don't help

 

[SlingBlade]

Oh, and about the defualt password thing... it's not that easy. It just isn't rocket science

 

[gogeeta13]

ROFL, I was close, just off on the age a little.

Well, I would say you are SOL. Short of pinging the thing till god knows what happens, I am ot really sure..

 

[jobberd]

isn't it technically possible to connect to another computer over an accepted port, and have that computer run some sort of server software that simply forwarded all of your packets to the game server you wanted to get to? IIRC, this is what a bouncer for IRC does.

edit: oops, RagmanX already answered my question

 

[fargus]

Have you thought about getting a phone line of your own?

 

[Hoober]

Or living in the dorms?

Do you have a cable connection in your room? Can you get a cable guy in the house without your parents knowing it? If so, I smell cable modem... but then you run into problems of billing and multiple accounts at the same address and a whole slew of other things.

You could try private cable or DSL... or if you have a buddy that lives relatively close buy you could purchase a wireless access point, pipe DSL or cable to it at his house and pray to God you get a good connection over that distance. I know my wireless works a block away, but you're really limited on options here.

 

[SlingBlade]

Well, the reason I am at home is because all the dorms are full and I couldn't get housing this semester. I was told I should be able to get it in the spring though... so not too much longer. Sneaking in the guy to install the phone line or cable isn't really going to work. It would be funny explaining to the cable guy though. "Ok, this is how it works. If I see my mom coming down the road, I'll give a little bird whistle, and when you hear that, grab everything and run out the back door!" Anyways, this is an interesting problem, and I think I'll explore it just out of couriosity. I'm sure there are others like me who would like to get out from behind a firewall but don't have access to the firewall itself. Maybe I can find a way around it

 

[jobberd]

RagManX basically outlined all the technical different options you have. Your only other chance is to reason with your parents, and explain to them that you are a grown man and you have the proper common sense to distinguish right from wrong, yadda yadda yadda

 

[Jal]

Your *MOM* put up a firewall, to stop you from playing on the Internet from home????????????


THATS WHACKED!!!

 

[SlingBlade]

Well I think breaking into it would be cool... but I don't know how :/

 

[spidey07]

run a sniffer and capure all HTTP frames to and from the router. should get the password that way unless it is using SSL.

 

[Tallgeese]

sb:

Your REAL problem isn't with the hardware or the software. It's the WETware that you call your folks.
Unfortunately, if you're under their roof, I agree it's their way or the highway.

So, that means, the highway. Definitely time to move out ASAP.
When you do, open your window, hang your head out, and holler "I PAY THE BILLS AROUND HERE AND I'LL DO AS I DAMN WELL PLEASE!"
You'll feel much better.

Until then, you can either sniff for a password as spidey suggested, or reset the router to factory defaults, according to Netgear Support. Search for Article No: N01764

 

[SlingBlade]

Ya, but any rational person would realize that "the high way" isn't really an option. I don't have any scholorships, and it would simply be imposible for me to make any kind of decent grades at Ga Tech and still work a job enough to pay for my education. I am financially dependent on my parents, just like my kids (should that happen) will be on me. It is a cycle that most everyone fortunant enough goes through, and I certainly will try to be a little more flexable than my parents have. I realize this isn't the end of the world, or an end all be all situation. But if I can play video games despite this absurd belief my parents have, and them not know, I'm all for it Thanks for the suggestion about the sniffer, but I think they may be using telnet to admin instead of the HTTP method. Could you maybe tell me how to sniff only telnet traffic?

 

[Tallgeese]

<< But if I can play video games despite this absurd belief my parents have, and them not know, I'm all for it Thanks for the suggestion about the sniffer, but I think they may be using telnet to admin instead of the HTTP method. Could you maybe tell me how to sniff only telnet traffic? >>

You can set a capture or view filter to capture/show only traffic from ANY -> Router IP @ port 23.
This assumes that the NetGear uses standard telnet port for admin access.
If the RT314 does not use 23 for admin telnet, then substitute whatever port it does use.
If the port is user-configurable, then you may want to start with a filter that sniffs ALL traffic from ANY -> Router IP, and then slice it from there to find your port.

Umm...and all of this assumes your folks aren't savvy enough to notice what you are doing. No idea how knowledgeable your mother is, so you may have to adjust for her own 1337 h@x0r 5k1llz!

Good luck

UPDATE: Thanks to the monkey for correcting my farked ports

 

[n0cmonkey]

<< Ya, but any rational person would realize that "the high way" isn't really an option. I don't have any scholorships, and it would simply be imposible for me to make any kind of decent grades at Ga Tech and still work a job enough to pay for my education. I am financially dependent on my parents, just like my kids (should that happen) will be on me. It is a cycle that most everyone fortunant enough goes through, and I certainly will try to be a little more flexable than my parents have. I realize this isn't the end of the world, or an end all be all situation. But if I can play video games despite this absurd belief my parents have, and them not know, I'm all for it Thanks for the suggestion about the sniffer, but I think they may be using telnet to admin instead of the HTTP method. Could you maybe tell me how to sniff only telnet traffic? >>



If you have time to play some silly game, you have time to work and study.

Anyhow, to sniff telnet traffic (WHICH IS ALMOST NO DIFFERENT THAN HTTP TRAFFIC) "tcpdump -w -i dc0 port 23" assuming you have tcpdump installed (all modern OSes do) and dc0 is the network device. If you do not have tcpdump (ie you are using a non-networking OS), get Ethereal and sniff it using that. Remember, this is a BAD THING, and if your parents find out that you do not accept their rules you should be kicked out. I also have not read the entire thread (I find the idea silly), but have you tried TALKING TO THEM? Just mention how much more important this game is than the security of the home machines. If you can give them logical reasons as to why they should let you play the game, the may change their mind.

 

[spidey07]

<< ie you are using a non-networking OS >>



nice and subtle, however true.