Skirting my job's firewall - help needed

Archive of the Sojourn3 General Discussion Forum.
Jhorr
Sojourner
Posts: 515
Joined: Sun Feb 25, 2001 6:01 am

Skirting my job's firewall - help needed

Postby Jhorr » Tue Sep 16, 2003 4:20 am

Ok computer geniuses: I can browse the internet from the hospital I work in but can't telnet to the MUD. They have it set up so the connection times out/fails. I'm sure there is a way around this. Telnet proxy maybe (how does this work)? Any ideas?

Thanks!
thanuk
Sojourner
Posts: 1902
Joined: Thu Jun 20, 2002 5:01 am
Contact:

Postby thanuk » Tue Sep 16, 2003 4:43 am

Jhorr group-says ' i have to go its an emergency!'

Leader group-says 'no way dude this is the last fight'

Jhorr group-says 'oh well, im sure its not a serious cranial gunshot wound, lets roll'
Mysrel tells you 'have my babies'
You tell Mysrel 'u want me to be ur baby daddy?'
Mysrel tells you 'daddy? No, I think you have the terminology wrong'
You tell Mysrel 'comeon now we both know i would be the top'
Mysrel tells you 'can be where ever you want to be, yer still getting ****** like a drunken cheerleader'
asamoth
Sojourner
Posts: 129
Joined: Wed Mar 28, 2001 6:01 am

Postby asamoth » Tue Sep 16, 2003 5:11 am

Asuming its not doing packet filtering as well, if it lets port 80 out, you can go to your house, set up a linux box with telnet (preferably ssh instead) on port 80. Then all you have to do is telnet/ssh homeipaddress:80. Once on your linux box at home procede to setup some real client, like tintin, ytin, or tf.

If its doing packetfiltering, you would probably need to set up some sort of java web page that relays requests to the mud (sorta like a redirector). That's probably going to be way slow tho.
Jhorr
Sojourner
Posts: 515
Joined: Sun Feb 25, 2001 6:01 am

Postby Jhorr » Tue Sep 16, 2003 11:28 am

Hrm, can I do it while running Win XP pro on my home computer if I know my PC's IP address?
Sarvis
Sojourner
Posts: 6369
Joined: Fri Jan 26, 2001 6:01 am
Location: Buffalo, NY, USA
Contact:

Postby Sarvis » Tue Sep 16, 2003 11:44 am

I don't think WinXP comes with a telnet server program. You might be able to find one on the internet though, and use that.
<a href="http://www.code-haven.com">Code Haven</a> - For all your programming needs.

I detest what you write, but I would give my life to make it possible for you to continue to write. - Some Guy Who Paraphrased Voltaire
rylan
Sojourner
Posts: 2903
Joined: Fri Jan 26, 2001 6:01 am
Location: Hudson, MA

Postby rylan » Tue Sep 16, 2003 1:18 pm

I think you can use that mcclient thing as a proxy server also.. can have it listen on your home system for port 80 and forward it to sojourn3.org 9999

There any way to find out what is being filtered?
Jhorr
Sojourner
Posts: 515
Joined: Sun Feb 25, 2001 6:01 am

Postby Jhorr » Tue Sep 16, 2003 2:24 pm

So, I have to have a program (telnet server program?) running on my machine at home to do it? I feel so clueless!
Ashiwi
Sojourner
Posts: 4161
Joined: Thu Jun 14, 2001 5:01 am

Postby Ashiwi » Tue Sep 16, 2003 2:25 pm

I'm more clueless than you are, because I don't see how this would keep the connection from automatically timing out.
Lenefir
Sojourner
Posts: 198
Joined: Sat Aug 17, 2002 5:01 am
Contact:

Postby Lenefir » Tue Sep 16, 2003 2:31 pm

Actually, I think Rylan's suggestion might work. So if you download mcclient (http://www.sojourn3.org/mccp.html) if you haven't already, and change the configuration file to be

80 sojourn3.org 9999

and leave it running on your home computer while you're at work, you hopefully should be able to connect by putting <homecomputerip>, port 80 as the address...

Of course, if your home computer runs a firewall it requires you to open port 80, and that you don't have ms iis or some other programum using that port. And hopefully your work firewall allows anything to go through port 80...
"Being God isn't easy. If you do too much, people get dependent on you; and if you do nothing, they lose hope. You have to use a light touch [...]. When you do things right, people won't be sure you have done anything at all"
--Futurama
Lenefir
Sojourner
Posts: 198
Joined: Sat Aug 17, 2002 5:01 am
Contact:

Postby Lenefir » Tue Sep 16, 2003 2:33 pm

*doh*

They put in a timeout? Missed that part... :(

But you could always give Rylan's idea a try... Depends on what makes the connection time out...
"Being God isn't easy. If you do too much, people get dependent on you; and if you do nothing, they lose hope. You have to use a light touch [...]. When you do things right, people won't be sure you have done anything at all"

--Futurama
Sarvis
Sojourner
Posts: 6369
Joined: Fri Jan 26, 2001 6:01 am
Location: Buffalo, NY, USA
Contact:

Postby Sarvis » Tue Sep 16, 2003 2:36 pm

Rylan:

Where would one find this mcclient thing? It sounds like just the thing..


Jhorr:

Yep, you would telnet into your machine then run telnet from there to telnet into the MUD.

However, this mcclient thing sounds like it might be a better idea.

Ashiwi:

We're kind of making an assumption here. It's likely that his workplace has a firewall in place that blocks all packets from using non-standard ports such such as 9999. Might even block telnet (port 80) as well. This means his telnet client sends out an initial connection packet, and never hears back... thus getting a timeout.

There could be other problems too, but this seems likely.

The idea here would be to set up a telnet server (or just a packet forwarding program) on his machine, and have it listen on a port which is _not_ blocked by his employers.
<a href="http://www.code-haven.com">Code Haven</a> - For all your programming needs.

I detest what you write, but I would give my life to make it possible for you to continue to write. - Some Guy Who Paraphrased Voltaire
Jhorr
Sojourner
Posts: 515
Joined: Sun Feb 25, 2001 6:01 am

Postby Jhorr » Tue Sep 16, 2003 2:37 pm

No time out. When I try to connect from work it just says Could not open a connection...Connect failed.
Marthammor
Staff Member - Areas
Posts: 834
Joined: Tue Jul 15, 2003 9:00 am
Location: On a Rocky Tor Overlooking a Storm-Ridden Landscape
Contact:

Postby Marthammor » Tue Sep 16, 2003 3:31 pm

If you get the client from MS to use the remote desktop feature of your winxp box at home, you might be able to use that.
Basicly you would be using your computer just like you normally would. Dunno if the port would be allowed through your work's firewall though.
Dalar
Sojourner
Posts: 4905
Joined: Sun Feb 25, 2001 6:01 am

Postby Dalar » Tue Sep 16, 2003 3:46 pm

ever try http-tunneling at work?
It will be fixed in Toril 2.0.
Aremat group-says 'tanks i highly suggest investing 20 silver in training weapons from cm to cut down on the losing scales to shield'
Jhorr
Sojourner
Posts: 515
Joined: Sun Feb 25, 2001 6:01 am

Postby Jhorr » Tue Sep 16, 2003 4:48 pm

Apparently the following ports are open on the host at work:

23, 135, 139, 445, 1029, 1057, 1478, 2701, 2702, 5679, 8081

Are the ports used for specific tasks?

By using the option in Zmud to connect through a proxy server (port 8081), I got the following message:


Connected to host sojourn3.org

HTTP/1.0 500 Server Error
Proxy-agent: Netscape-Proxy/3.53
Date: Tue, 16 Sep 2003 16:17:02 GMT
Content-type: text/html
Content-length: 302

<HTML><HEAD><TITLE>Server Error</TITLE></HEAD>
<BODY><H1>Server Error</H1>
The proxy has encountered an internal error which prevents it from
fulfilling your request. The most likely cause is a misconfiguration.
Please ask the administrator to look for messages in the proxy's error log.


Trying the other ports didn't work at all....
Jhorr
Sojourner
Posts: 515
Joined: Sun Feb 25, 2001 6:01 am

Postby Jhorr » Tue Sep 16, 2003 4:58 pm

Actually, when I tried to use Zmud via connecting through a public proxy with port 23, I got:

Connected to host sojourn3.org
rp07ocna.th.temple.edu/10.128.133.149 is not authorized to use the telnet proxy
Jhorr
Sojourner
Posts: 515
Joined: Sun Feb 25, 2001 6:01 am

Postby Jhorr » Tue Sep 16, 2003 5:05 pm

Before the inevitable happens, please allow me:

Dalar says 'pwned'. ;)
rylan
Sojourner
Posts: 2903
Joined: Fri Jan 26, 2001 6:01 am
Location: Hudson, MA

Postby rylan » Tue Sep 16, 2003 5:27 pm

Hrm, almost sounds like they're packet filtering telnet traffic. That would suck :(

Anyway, the client I'm talking about is actually the compression one thats on the sojourn homepage http://www.sojourn3.org/mccp.html

You set up the client on an external system, such as your home PC. Change the config file as Lenefir mentioned. Then have zmud connect to your come comp IP at port 80. That port is normal http webpage stuff. You could also try port 23, since that is the standard telnet port. Just remember to change the config file on your home comp to listen to whatever port you have zmud try to connect to.
Lenefir
Sojourner
Posts: 198
Joined: Sat Aug 17, 2002 5:01 am
Contact:

Postby Lenefir » Tue Sep 16, 2003 7:58 pm

Quick search in the big blob called internet... (Wouldn't surprise me if everything except port 23 is wrong, so take it for what it's worth...)

Code: Select all

telnet           23/tcp   # Telnet
epmap           135/tcp   # DCE endpoint resolution
netbios-ssn     139/tcp   # NETBIOS Session Service
microsoft-ds    445/tcp   # Microsoft-DS
icq            1029/tcp   # ICQ Instant Messenger
startron       1057/tcp   # STARTRON
ms-sna-base    1478/tcp   # ms-sna-base   
sms-rcinfo     2701/tcp   # SMS RCINFO
sms-xfer       2702/tcp   # SMS XFER
dccm           5679/tcp   # Direct Cable Connect Manager
tproxy         8081/tcp   # Transparent Proxy
  (could probably web proxy?)
"Being God isn't easy. If you do too much, people get dependent on you; and if you do nothing, they lose hope. You have to use a light touch [...]. When you do things right, people won't be sure you have done anything at all"

--Futurama
Wobb
Sojourner
Posts: 389
Joined: Mon Oct 29, 2001 6:01 am
Contact:

Postby Wobb » Tue Sep 16, 2003 8:55 pm

OK Jwhore, oops..hehe

you have 3 options.

1. Buy your sysadmin/firewall person a shirt that says "I don't work here" from www.thinkgeek.com and then ask him to open port 9999. Then you can just download zmud at work and mud right from work.

2. run terminal services client or rdesktop from your home computer and set it to allow connections over port 23. (sounds like port 23 is open for outbound for your work). Then you connect to your home computer. I haven't used this method, so personally I don't recommend, I really recommend option 3.

3. See if your sysadmin will open port 22 for outbound. (its for SSH which is like telnet but its more secure, telnet transports everything in clear text, so Dalar could see your password if he knew where to sniff. But if you use SSH he can sniff your ***) If he wont open 22, fine just use port 23. Install linux on a home computer. (easier than you might think) and run either telnet (if port 23 remains the only choice) services or run SSH services (if port 22 opens up) Or if you really wanted to, you could run an ssh daemon on a different port (I.E. one of the ones that is open on your work's firewall).

If you get linux installed, download tintin or tinyfugue, otherwise you stuck with telnetting to sojourn.

Once you are running one of these services, record your IP address and take it to work. telnet or download putty.exe and telnet or SSH to your home computer running linux. Launch tintin or tinyfugue, or telnet then to sojourn3.org 9999. Because you are connected to home from work, port 23 is open letting you go there. Then from home you can go anywhere.

If you actually opt for option 3, gimme a holler, I'll help you.

Wobb
Lirathal
Sojourner
Posts: 67
Joined: Wed Apr 04, 2001 5:01 am
Contact:

Postby Lirathal » Tue Sep 16, 2003 8:59 pm

Why don't you just terminal Services in to your XP box at home and telnet out from there? pretty simple. They haven't blocked the port by the looks of it

XP calls it "remote desktop"

just download the Terminal Services client from microsoft .. and done

Lira
Nippewuciyole OOC: 'getting some'
Levvirrnaxxum OOC: 'omg i am sucking bad'
Nippewuciyole OOC: 'i'm a hershey's chocolate, omg i need some'

Teflor OOC: 'civility is also the intolerance of things uncivil.'
Teflor OOC: 'hey, when someone is purposefully trying to antagonize you, the only civil thing to do is to tell them to shove it'

Make it stop, Make it stop *cry*
Jhorr
Sojourner
Posts: 515
Joined: Sun Feb 25, 2001 6:01 am

Postby Jhorr » Tue Sep 16, 2003 11:46 pm

Lenefir: I tried to download the remote desktop but during installation at work I got a message saying I didn't have privileges to install it.

The Linux/telnet solution sounds feasible, thanks Wobb. But, how come I have to use Linux? Can't I set up a telnet proxy on port 23 on my Windows box? Maybe with that mcclient program Rylan suggested?
Lenefir
Sojourner
Posts: 198
Joined: Sat Aug 17, 2002 5:01 am
Contact:

Postby Lenefir » Wed Sep 17, 2003 12:13 am

Yes, I think I would try putting

23 sojourn3.org 9999

in the mcclient config file, and try to connect to port 23 on your home computer from work. Sounds like the best option to me... (And I don't really understand sysadmins that put up a heavy firewall, and allows telnet, but not ssh *shrug*)
"Being God isn't easy. If you do too much, people get dependent on you; and if you do nothing, they lose hope. You have to use a light touch [...]. When you do things right, people won't be sure you have done anything at all"

--Futurama
Guest

Postby Guest » Wed Sep 17, 2003 1:25 am

Just quit and get a different job.
That'll teach em to block ports.
Jhorr
Sojourner
Posts: 515
Joined: Sun Feb 25, 2001 6:01 am

Postby Jhorr » Wed Sep 17, 2003 2:04 am

Yeah, who would have thought my first hacking job would be to hack OUT of a firewall? How retarted...
Taleer
Sojourner
Posts: 20
Joined: Wed Apr 17, 2002 5:01 am

(clears throat)

Postby Taleer » Wed Sep 17, 2003 3:03 pm

A scene from the future.

(knock knock)
(jhorer) (looks up from screen) Yes?
(Man in Shirt and Tie) You're fired.

Just wait till you get home. The mud will still be there.
Team Cyric!

Fleeing is for wimps.
Could some one help me find where I left all my corpses?
kiryan
Sojourner
Posts: 7275
Joined: Sat Apr 14, 2001 5:01 am
Location: Los Angeles, CA and Flagstaff, AZ
Contact:

Postby kiryan » Sun Sep 21, 2003 4:09 am

what good would sniffing SSH packets be... they are encrypted pretty strongly

I don't think you can run zmud from remote desktop connection, zmud kicks back an error.

Return to “S3 General Discussion Archive”

Who is online

Users browsing this forum: No registered users and 20 guests