problems on a restricted network...

Questions about cabled networking
Forum rules
Before you post please read how to get help
Post Reply
NiksaVel
Level 5
Level 5
Posts: 771
Joined: Wed Feb 28, 2007 4:06 am
Location: Croatia
Contact:

problems on a restricted network...

Post by NiksaVel » Tue May 08, 2007 9:01 am

Hey guys,

I've finally started working and what a wonderful surprise it is that I have a 3mbs internet connection in my office :) since my shifts are 24hrs it comes really handy.

Now... the problem :) it seems VERY restricted - no messangers, no IRC, a crapload of pages return a generic McAfee msg that I've tried to access a restricted page (criminal activities/hacking)... heh... of course I had to access them to start cracking on the admin password on the office computer... LOL :) I am sure all the system admins are starting to get mad here :) still... the administrator password was blank... took me two hours before I remambered to try it :) LOL!

Anyhow... I have access to the internet and can load up programs, but I still cant download anything... I thought to download a movie or something via torrent and it's completely restricted on a dozen ports I tried out... is there a way around it so I can use torrents normally???


thanks for the help!
Windows is extremely fast after a fresh install. If you want to make it stay that way: - don't use it.
-Clem

User avatar
Boo
Level 7
Level 7
Posts: 1634
Joined: Mon Mar 26, 2007 7:48 am

Post by Boo » Tue May 08, 2007 9:42 am

normally the sneaky admins have a proxy setup for them selves that bypasses all those nasty things you were talking about.
you just have to find out what it is and use it in stead of your normal proxy.

hehe

:D
Image
Now where was i going? Oh yes, crazy!

NiksaVel
Level 5
Level 5
Posts: 771
Joined: Wed Feb 28, 2007 4:06 am
Location: Croatia
Contact:

Post by NiksaVel » Tue May 08, 2007 9:44 am

damn those admins!!! Cant a man have some fun while on work?? :twisted:
Windows is extremely fast after a fresh install. If you want to make it stay that way: - don't use it.
-Clem

NiksaVel
Level 5
Level 5
Posts: 771
Joined: Wed Feb 28, 2007 4:06 am
Location: Croatia
Contact:

Post by NiksaVel » Tue May 08, 2007 9:45 am

I've also noticed that with http download (was doenloading feisty for testing) it was downloading at 1.5 kps and than after some 15 minutes went up to 700kps... can anyone explain this to me?

Correction: It seems to be more related to size... it seems the speed increases exactly after I cross the 1mb od download... :?
Windows is extremely fast after a fresh install. If you want to make it stay that way: - don't use it.
-Clem

scorp123
Level 8
Level 8
Posts: 2277
Joined: Sat Dec 02, 2006 4:19 pm
Location: Switzerland

Post by scorp123 » Tue May 08, 2007 11:42 am

NiksaVel wrote: I've also noticed that with http download (was doenloading feisty for testing) it was downloading at 1.5 kps and than after some 15 minutes went up to 700kps... can anyone explain this to me?
Can be normal, depending on your internet connection type and if there are proxy servers in between. To me it sounds as if you got some DSL-type (xDSL? ADSL?) type connection with a proxy in between, either from your ISP, from your office ... or even both! When you initiate a download, then this is what happens: First the download will start slowly because the proxy is still busy getting the file first, then once the proxy has all of it the download rate will all of a sudden improve and increase because now you're talking to the proxy, and not to the remote web-site anymore. And of course: If the remote site is too busy then the download rate might also be very slow at first.
NiksaVel wrote: Correction: It seems to be more related to size... it seems the speed increases exactly after I cross the 1mb od download... :?
Might be proxy-related ... e.g. the proxy won't bother to buffer files if they are smaller than 1 MB and only picks up the stuff you download if it crosses the 1 MB limit. I've done such setups myself for customers who didn't want their proxy servers cluttered with small files that don't really need to be cached by a proxy.

NiksaVel
Level 5
Level 5
Posts: 771
Joined: Wed Feb 28, 2007 4:06 am
Location: Croatia
Contact:

Post by NiksaVel » Tue May 08, 2007 11:50 am

thanks for the info scorp... now if I would only find some way around their setup and get torrents working :?
Windows is extremely fast after a fresh install. If you want to make it stay that way: - don't use it.
-Clem

scorp123
Level 8
Level 8
Posts: 2277
Joined: Sat Dec 02, 2006 4:19 pm
Location: Switzerland

Re: problems on a restricted network...

Post by scorp123 » Tue May 08, 2007 11:53 am

NiksaVel wrote:I thought to download a movie or something via torrent and it's completely restricted on a dozen ports I tried out... is there a way around it so I can use torrents normally???
:twisted: Here is what I do:

I connect via SSH to my computer at home and if I want to download something I fire up VNC and have Azureus run inside of that session. So my computer at home downloads all the stuff I want while I am at work ... :wink:

After some time I check again, and when everything is finished I transfer the stuff via SSH to one of my work computers ... ahem ... of course, just for "evaluation purposes" :wink: :twisted:

Or if I don't have enough time because it could happen that I indeed have to do some work when I am in the office (LOL!) I can go home with a smile knowing that by the time I get home all my download will have finished ... :wink:

Of course, with SSH you have to know what you do ... e.g. I use firewalls and access filters just to make sure that only specific IP addresses under my own control can connect to my home machine :wink:

NiksaVel
Level 5
Level 5
Posts: 771
Joined: Wed Feb 28, 2007 4:06 am
Location: Croatia
Contact:

Post by NiksaVel » Tue May 08, 2007 12:06 pm

heh... I used to do pretty much the same thing while I was still at the university... had a p2 with fluxbuntu hidden behind a large closet :lol: :lol: controlled it exclusively via VNC from home and just came to pick up the large HDD and bring it home to burn stuff to DVDs from time to time while no-one was looking hehehe achhh the good old times :lol: :lol: :lol:


the prob in this picture is that I don't have flatrate at home... I have a lowly 5gb monthly limit, and everything above that I pay at 3euro per gig...


I have to get flat soon :evil:


at least http works so I downloaded ubuntu and kubuntu feisty in both i386 and amd64 as well as openSUSE :))) hehe bet they didn't have so much traffic from the medical center since it was built ... :lol: :lol:
Windows is extremely fast after a fresh install. If you want to make it stay that way: - don't use it.
-Clem

scorp123
Level 8
Level 8
Posts: 2277
Joined: Sat Dec 02, 2006 4:19 pm
Location: Switzerland

Post by scorp123 » Tue May 08, 2007 1:20 pm

NiksaVel wrote: bet they didn't have so much traffic from the medical center since it was built ...
How good is their IT staff? Do they have any admins worth this title? Because ... if not or if their admins are not that knowledgable or basically don't care what you do for as long as you don't destroy anything, then you could do lots of interesting things ... :twisted:

1.) You'd have to find out: Do they have a proxy server? If yes: What type: SOCKS or HTTP or even both? (we have both types here ... :twisted: ) If so, what's the IP and/or hostname and what's the port (you can find it out yourself if needed .... )? What OS is running on that proxy (that's something you could easily find out yourself too if you need to ...) ...

Purpose: Most protocols can be pushed across a HTTP proxy server. :wink: Some others need a SOCKS proxy. Regardless of this: If you have a proxy somewhere somehow and the admins don't watch it too closely chances are you can more or less do what you want for as long as you divert all traffic over the proxy :D Azureus for example can work behind a proxy ... :wink:

2.) Make a list of stuff you want to run across that network and make notes about the TCP and UDP port numbers if needed. Look this stuff up. E.g. in the case of BitTorrent it's easily possible to use non-standard TCP ports and it will still work (e.g. I use stuff like TCP 53401 ... ). Take a look inside this file which you should be able to find in any UNIX-like OS (yes, in Linux too!): /etc/services

These are the TCP/IP service definitions. Ideally you should learn them by heart. :wink: Make sure you find yourself an unused port somewhere somehow beyond 1024 .... Any port below 1024 belongs to root and cannot be used by normal non-priviledged users. Most firewalls and Intrusion-Detection Systems (= IDS) will keep an eye on anything "suspicious" that tries to run on one of those ports. Also all the well-known ports P2P software usually runs on (6334, 6881, 6446, etc.) are taboo as most IDS will block this stuff right away ... And we don't want to alert the admins, right? :wink:

Purpose: Once you know which port you want to use you could try if you can push this across the proxy and test if you can access your machine on the inside from the outside ... :twisted:

Example: Start two Azureus sessions: One at home, one in the office, and then access the same torrent. Check if you can see each other! Ideally you should create a torrent yourself (or have a friend do it for you) or pick one which is unlikely to get any foreign traffic. With this you could test the functionality of Azureus without doing anything "critical" ... before jumping on real torrents :wink:

3.) Test Hamachi. I am not really a fan of closed source solutions, but I have to give them the credit that their little VPN proggie indeed works in most cases even in very restricted networks :twisted: ... And best thing is: It works both ways and across platforms (Linux < > Windows) :twisted:
The fact that it's closed source sucks though, but OK:
http://www.hamachi.cc

If any of these actions get you fired .... I told you so :twisted: Don't blame me, OK? :wink:

NiksaVel
Level 5
Level 5
Posts: 771
Joined: Wed Feb 28, 2007 4:06 am
Location: Croatia
Contact:

Post by NiksaVel » Tue May 08, 2007 1:41 pm

If any of these actions get you fired .... I told you so Twisted Evil Don't blame me, OK? Wink
lol... well since I've been here for only two shifts and plan to stay a little while longer, I'll first try to sniff out who's running things from the other side of the proxy :P

Than I'll go on messing up their stuff... :)


thanks for the great info though scorp!!! I love this forums and all the stuff I learn here :lol: :lol: :lol:
Windows is extremely fast after a fresh install. If you want to make it stay that way: - don't use it.
-Clem

NiksaVel
Level 5
Level 5
Posts: 771
Joined: Wed Feb 28, 2007 4:06 am
Location: Croatia
Contact:

Post by NiksaVel » Tue May 08, 2007 1:46 pm

on another note... I've tried to use the computer that was here to set up an ad hoc wireless with MS internet connection sharing but failed... I managed to get into their local administrator account and install the drivers and utilities for my spare usb wifi adapter and used the XP software bridge between the LAN (internet, DHCP) and the wifi...

Laptop connected to the ad hoc networked and was assigned the IP in the same range as the LAN on the desktop computer - leading me to believe that it was working (at least DHCP), but no internet... :/ don't really understand why - if I connect the laptop directly via wire it connects okay - so it's not some kind of mac filtering or computer name thing..


Also... the desktop is connected to a MS domain and uses a "roaming"? user - no local data... so I thought I needed to connect to their domain to get internet - but mint worked out of the box - just plugged in the wire...

strange? Or I just don't know enough about what I'm doing? :D
Windows is extremely fast after a fresh install. If you want to make it stay that way: - don't use it.
-Clem

scorp123
Level 8
Level 8
Posts: 2277
Joined: Sat Dec 02, 2006 4:19 pm
Location: Switzerland

Post by scorp123 » Tue May 08, 2007 1:47 pm

Do you know nmap? My favourite tool :twisted: ... The one and only thing you really need if you are on a restricted network. With nmap you can sniff out all the interesting TCP ports on all the machines ... Heck, you can tell nmap to sniff out your entire network range if you want to :D ... and then give you a detailed report about each machine in your subnet 8) I do that here from time to time and very often I find things such as UT2004 game servers and such :shock: ... Being in the office is soooo much fun :twisted:

So even if the admins won't tell you where the proxy server is ... nmap will find it :D

http://insecure.org/nmap/

nmap should be available via the repos I think? :wink:

scorp123
Level 8
Level 8
Posts: 2277
Joined: Sat Dec 02, 2006 4:19 pm
Location: Switzerland

Post by scorp123 » Tue May 08, 2007 1:53 pm

NiksaVel wrote:Also... the desktop is connected to a MS domain and uses a "roaming"? user - no local data... so I thought I needed to connect to their domain to get internet - but mint worked out of the box - just plugged in the wire...
Nope, that's all OK. This MS "domain" thing is a total misnomer. Very often people confuse it with other things. What they mean with this "domain" BS is that every user with a valid account can login on every Windows machine which is a domain member. All your files get then mounted on the machine you're logged in to. It's basically an emulation of what you can do with UNIX (e.g. "yellow pages", "NIS", roaming user accounts, auto-mounted /home directories via NFS, and so on).

But this has nothing to do with TCP/IP and getting an IP address :D Chances are that you have a DHCP server somewhere somehow? So as long as your system talks DHCP it will be able to connect to the rest of the network TCP/IP-wise .... As for the MS-specific rest: "jebi ga" :D (cannot be translated :D )

NiksaVel
Level 5
Level 5
Posts: 771
Joined: Wed Feb 28, 2007 4:06 am
Location: Croatia
Contact:

Post by NiksaVel » Tue May 08, 2007 2:37 pm

hehe :D
Windows is extremely fast after a fresh install. If you want to make it stay that way: - don't use it.
-Clem

Post Reply

Return to “Ethernet”