9 replies to this topic

[SAGA]

I have a Linux box, I use a proxy server to connect to the internet!

Is there any way so that i can connect directly connect to the gateway and access the internet ?

[mirrorshades]

You haven't given enough information for a useful answer. Based on what you've asked, the best answer I could give would be this: it depends. :)

Basically, your OS doesn't really have much to do with it -- it's more of a function of how the network you're attached to is configured.

[Ohm]

A "gateway" usually refers to something on the same layer 3 segment (the same IP network) that will forward your traffic to the appropriate network to get to its destination. If, however, your gateway can't get to the Internet and you have to use a proxy server, you can't just configure that proxy server as your "gateway" and have it work.

This is what I think you're asking. I can't tell though, post more info!

[SAGA]

Hi, here is my network diagram.. If my proxy server can connect to the gateway and access the internet, why cant i spoof the ip of proxy server and access the internet?

Network diagram

[Dirk Chestnut]

Hi, here is my network diagram.. If my proxy server can connect to the gateway and access the internet, why cant i spoof the ip of proxy server and access the internet?
...

First of all, network pathing as shown in the the diagram doesn't suggests that your computer's traffic is routed through the "library proxy" to access the internet. I would bet that another piece of hardware on that diagram is the culprit of a spotty internet connection.

Secondly, if you are spoofing the IP of the proxy server, this question is very important - "Am I on the same subnet of as the proxy?". If no, then you're going to have trouble spoofing the proxie's IP address AND getting any traffic back after making a request out of your network. On their return trip, any packets addressed to the "proxy" (including ones you yourself spoofed) are going to be routed back to the PROXY (that's the return address). If your computer isn't in that path from Internet to Proxy (and I doubt it is), your computer will never receive them.

Here's a warning that goes in hand with this point - if the "proxy" has a large number of ACK packets coming back to it that don't correspond with any it itself sent, you run a **HUGE** risk of quickly tipping off any network monitoring software that may be in place. I'm no IDS expert, but I've got to imagine one of the most basic attacks one would watch for is such activity.

[SAGA]

okay, i am not going to spoof the ip of the proxy server, what if i install the squid software on my machine and approach the gateway? if a proxy server can access the internet then why can't i? (is there any security mechanism available to connect to a gateway or some thing?)
i am little bit confused

[Dirk Chestnut]

what if i install the squid software on my machine and approach the gateway?

No no no, and a little bit of more no. Generically speaking, the whole point of a proxy server is to obscure the original client's IP address/location. If you install a proxy service on your local box, and then direct the same machine to use it, you don't really accomplish much, because requests STILL go out with that original IP.

if a proxy server can access the internet then why can't i? (is there any security mechanism available to connect to a gateway or some thing?)

I have no idea. Truth be told, no one here is probably going to be able to answer this question either, at least not with the amount of details you have given or know. There are too many factors involved. If the internet connection in your "dorm" fails, but at the same time the library appears online, then it's likely a piece of hardware between your computer and the Internet that's faulting (maybe just temporarily overloaded? This happens often in such environments). The key to knowing this is, when your connection goes down, does everyone else's in the building go down as well? If yes, it's probably a hardware issue.



If I might offer a suggestion for your current enthusiasm in the matter - why not redirect this time spent on "How do I circumvent this?" to, "Why isn't this working?". You could actually learn a great deal from doing standard network troubleshooting, and it's a type of activity that isn't likely to piss off (or even raise suspicions of) the admins of your network.

Also, your real issue is "I can't connect to the Internet" which you are turning into "I can't find an alternate path to the Internet". From a problem solving standpoint, what you were trying to do is temporarily get around an issue. Why not try to solve the root of it? If you figure it out, and present it correctly to your "school's" (<--- a guess) network folks, they might be appreciative of the outside help and actually act on your findings for a more permanent resolution to your main issue.

[M0ralGray]

It appears this network has been setup fairly well. I control network access within my company about the same way. Even the cheapest Sonicwalls can detect and drop IP spoofs and port scans so trying either of those will with no doubt send up a red flag. Also some are set to cache ARP requests and detect changes. The model listed in your diagram is capable of doing this.

If you're dead set on getting around the proxy tunneling might be the only option. That is provided unused ports aren't blocked at the gateway.


Edit for clairity on proxy routing:

if a proxy server can access the internet then why can't i?

"Accessing the internet" is kinda vague here. Are you sure that all requests from all ports are going through the proxy? Or just http(port 80)? It's likely that the network admin set the Sonicwall or Layer 3 Switch to pass only http requests from the proxy server's IP address. All other requests for http would be directed to the proxy server, which would then filter/log/whatever the requests and then send them back to the switch(which will allow them to pass through since they are coming from the proxy's IP address) and then out to the internet. If the proxy server goes down the all http requests are "lost" which would stop your internet access.

Edited by M0ralGray, 12 September 2008 - 10:51 AM.

[SAGA]

why not redirect this time spent on "How do I circumvent this?" to, "Why isn't this working?". You could actually learn a great deal from doing standard network troubleshooting, and it's a type of activity that isn't likely to piss off (or even raise suspicions of) the admins of your network.

yeah, you are right...i nmaped the proxy server and find out the squid service is not running (port 8080 is not open which we use in browser)...And also i found that some one is 'crashing' the squid service and essentially black holing the whole communication........................

Thanks for your suggestion, will you please tell me where can i find some knowledge base about setting a whole network (like installing and configuring squid-proxy servers and L3 switches)

[SAGA]

"Accessing the internet" is kinda vague here. Are you sure that all requests from all ports are going through the proxy? Or just http(port 80)? It's likely that the network admin set the Sonicwall or Layer 3 Switch to pass only http requests from the proxy server's IP address. All other requests for http would be directed to the proxy server, which would then filter/log/whatever the requests and then send them back to the switch(which will allow them to pass through since they are coming from the proxy's IP address) and then out to the internet. If the proxy server goes down the all http requests are "lost" which would stop your internet access.

No, all protocols http.https,ftp are configured to go through proxy server(just guessing how can i find out that?)......we have two level of filtering/log one at the proxy server and other at the sonicwall..........

i want to know how a gateway or sonicwall identifies...These are the machines configured to act as a proxy server? Because we have more than one proxy servers?