Jump to content


Photo
- - - - -

Getting Around School/Corporate Firewalls with Hamachi


  • Please log in to reply
4 replies to this topic

#1 Kasterborus

Kasterborus

    Will I break 10 posts?

  • Members
  • 6 posts
  • Country:
  • Gender:Male

Posted 09 September 2009 - 06:53 AM

This was something I did for a friend a while back, not sure how widespread this will work, but it worked for them and still has not been blocked, said school now has many students using this. I know at least 4 people who are running servers and they are telling me that they have a few people connected in daily.

Actually, I was prepared to write up a whole article on how to do this. 1 Word: Hamachi

Okay, well, if you want more information.

How Schools Block Websites:

This in effect is quite simple, when you access a schools wireless network using your own laptop, you are placed into a Virtual Local A rea Network within the school's IT System, this system runs through a DNS Server or, a Proxy Server, I've seen both setups, which filters the strings that your PC is searching for.

When it detects that your PC is searching for, let's say http://www.4chan.org/ ( I have yet to find a school that hasn't banned 4Chan) the DNS Server will redirect the request for a webpage to either nothing (Browser returns a 404 message) or to a custom page saying "Access Denied - You have been blocked"

How to get around this:

Set up the Hamachi Client at home, on a computer that will be always on and connected to the internet, or at a friends place, it doesn't really matter. Set it up so that both TCP and UDP are using Port 80 (Settings->Preferences->Status->Detailed Configuration) Then set yourself up a server as per-normal. (I assume I don't have to mention you have to install Hamachi first...)

Now, go to your laptop that you take to school (Assuming your school lets you use your own lappie, if they give you one chances are you can't install anything on it so you've just wasted your time) and install Hamachi.

Change the ports on your Laptop to port 80.

Connect to your server

Go to Start->Run, Type in "cmd"

In teh command prompt type: "ipconfig / flushdns"

Thsi will flush your DNS resolver cache, now, make sure that your laptop can see the server and connect with it, ping should do that, so ping the address of the Server, not the Internet Address of your router or the internal network address, but the 5.x.x.x/8 address that your server will have in its console.

In action:

Now, the way that DNS works is that if your school has the filter in, what will happen is that your PC will ask the school "Do you know the IP of http://www.4Chan.org/?"

School will reply

"No, bugger off"

This is where most people have problems, but wait, your PC has another network, so instead, it will ask the Other Computers on the network:

"Do any of you know the IP of http://www.4chan.org/" and one of them, because it is outside the schools firewall, will say "Yes, it is x.x.x.x" and your Web browser will then navigate to the IP Address, which is not blocked, and load the website.

That is the thing, you can only block a website by name, not IP, as you can never be sure the same IP will be visited again and again, after all, Google has a few thousand IP Addresses, so if you wanted to block Google by IP, you would need to enter a few thousand addresses into a database,. Much easier to enter a string of "www.google.com"

Why this should work:
Hamachi, in its normal flavor uses the following ports:

Server
TCP 12975, 32976 outbound
failover to SSL (443 TCP)

Client
UDP random (default), inbound/outbound
failover to relay, UDP 17771 outbound

Now, any good Network Admin thinking about security would have these blocked, but what we have done is told Hamachi to use Port 80 for inbound and outbound traffic, thus meaning that it sends all the data through a port normally only used for HTTP traffic which is the exact same traffic that the firewall would be letting through so the internet will work.

I hope this helps you all.

(Should work behind a corporate firewall, but how many companies let employees use their own laptops?)

This will also work for your friends who would like to connect to your server, if you let them that is. Remember, when setting up the server, pick a password!!

Hamachi can be downloaded from: https:/ /secure.logmein.com/products/hamachi/download
.asp


Anyone see how this could be tweaked to be more effective? Or at least to put in some simple failsafes to make this harder to foil?

-Kasterborus

#2 zraith

zraith

    SUP3R 31337

  • Members
  • 198 posts
  • Location:Southern Indiana

Posted 11 September 2009 - 10:23 AM

Why not just get some portable files, grab an ssh account that supports tunneling, set up putty and Firefox and just encrypt the whole deal. The only packet filtering can throttle you and the only way it can be foiled is if they block encryption completely. If they block all port 22 traffic and you happen to have your own ssh server, just change the ports to something unblocked like 8080. Surely your school wouldn't block SSL.

On the other hand, why in the FUCK is it important to access 4chan during school. IMHO, your at school for a reason, to learn. Unless you have a legitimate need to access stuff that is blocked, there should be no need to do this during school, versus in your own free time. Plus, any legitimate info you'll need shouldn't be a problem if you talk to your sysadmin.

#3 Ohm

Ohm

    I could have written a book with all of these posts

  • Members
  • 3,209 posts
  • Gender:Male
  • Location:Maine, USA

Posted 11 September 2009 - 05:40 PM

This is essentially doing the same thing. Whether you're using a VPN or an SSL tunnel, you're still encrypting your traffic out of the network and making it pop out at your home PC or server.

This is actually pretty easy to block. Even if you use non-standard ports, application-level firewalls look at the traffic and will be able to tell it's a VPN or SSH connection and shut it down. Most high schools don't have their shit together enough to do this though, or don't have the money.

And as always, respect your school's computers. Don't break anything! They're used for something important (education) and are run by underpaid and overworked people. And of course there's the reactionary staff, who could do something as trivial as ban you from the computers, or as drastic as expel you or even bring charges against you.

#4 baby-Hackribs

baby-Hackribs

    SUPR3M3 31337 Mack Daddy P1MP

  • Members
  • 354 posts
  • Location:978

Posted 11 September 2009 - 09:31 PM

(Glad to see not much has changed) /grumble

Heh, funny story about this sort of thing. I know a kid, he pretty much did exactly what you are talking about, installed unapproved software onto a school computer, assisted several other people in doing so and set up an SSH server with tunneling; gave is friends accounts, blah blah blah. The SysAdmin finally looked at the logs one day, noticed over 4gb of traffic going to a residential line. You can pretty much figure out the story from there.

I've tinkered around with networking, I am no expert, but I know enough to tell you:

a) messing around on other people's networks (especially the school's) is stupid and not worth the risk
B) a computer that sends encrypted data to one IP (and a residential line at that), and only that IP, when it didn't do that before will raise eyebrows
c) several computers doing any of the above will prompt immediate action (even one will prolly do that) and probably raise voices

Don't get me wrong, I think SSH and Hamachi are really neat tools, and I think that you could definetly do something useful with them.
Circumventing a firewall at school or at work is silly, you're there to do a job, and it's not worth the risk of getting caught.

#5 Gr4v170N

Gr4v170N

    elite

  • Members
  • 104 posts
  • Country:
  • Gender:Male
  • Location:Nowhere

Posted 11 September 2009 - 09:44 PM

I would have to say whether or not you are in school, it is your time. If you choose to slack off and go onto 4chan when you are in english class or whatever class, that's your call. Keep in mind though it's someones stuff that you're on. If they have rules you should abide, but honestly at my school you could get away with murder on our computers. Some dumb ass found out our principals password when I was a junior or something, and screwed around with her profile. He got some detentions and that was it. Haha we actually had like a drop box that had a folder for all of our teachers and some guys put a game called armadillo run (kind of a cool fun little game) on our tech teachers profile so everyone could play it from whatever account. Once again though, the administration/tech teacher didn't really care. If you do something serious though, that could give your school legal troubles, or if whoever manages your schools network is a dick, (or just a guy who doesn't want to have to put up with you, which isn't necessarily a dick) your ass is grass.

Honestly junior high/highschool was a drag and not that educational and if you don't plan on educating your self past highschool none of these warnings should matter to you, but you should weigh whether or not getting on to 4chan, or even binrev (which I couldn't get on in highschool) is worth expulsion, or even a detention.

Then again, whether or not people here find this childish, its totall your call and I'm not trying to influence you one way or another. Just rambling I suppose.

Knowledge is power, etc.




BinRev is hosted by the great people at Lunarpages!