Sign in to follow this  
Followers 0
chevalier3as

Bypassing firewall with SSH

8 posts in this topic

Hi,

I've been trying (on my small lab) to bypass the firewall filters that blocks torrent traffic trough an SSH session to an unfiltered PC.

After configuring a session with putty, with tunnelling possibilities on port 50000, and configuring utorrent to use SOCKS4 proxy localhost:50000.

I launched netstat -b on cmd (yes it's windows !!) I got the following:

Connexions actives

Proto Adresse locale Adresse distante √Čtat
TCP 127.0.0.1:1031 PC:1032 ESTABLISHED
[tagsrv.exe]
TCP 127.0.0.1:1032 PC:1031 ESTABLISHED
[tagsrv.exe]
TCP 127.0.0.1:1037 PC:27015 ESTABLISHED
[iTunesHelper.exe]
TCP 127.0.0.1:1110 PC:10406 FIN_WAIT_2
AVP
[System]
TCP 127.0.0.1:1110 PC:10409 ESTABLISHED
AVP
[System]
TCP 127.0.0.1:1110 PC:10410 ESTABLISHED
AVP
[System]
TCP 127.0.0.1:9531 PC:9532 ESTABLISHED
[firefox.exe]
TCP 127.0.0.1:9532 PC:9531 ESTABLISHED
[firefox.exe]
TCP 127.0.0.1:9533 PC:9534 ESTABLISHED
[firefox.exe]
TCP 127.0.0.1:9534 PC:9533 ESTABLISHED
[firefox.exe]
TCP 127.0.0.1:10406 PC:nfsd-status CLOSE_WAIT
[msfeedssync.exe]
TCP 127.0.0.1:10409 PC:nfsd-status ESTABLISHED
[msfeedssync.exe]
TCP 127.0.0.1:10410 PC:nfsd-status ESTABLISHED
[msfeedssync.exe]
TCP 127.0.0.1:27015 PC:1037 ESTABLISHED
[AppleMobileDeviceService.exe]
TCP *.*.46.185:9504 anaconda:ssh ESTABLISHED
[PUTTY.EXE]
TCP *.*.46.185:10408 portail:http CLOSE_WAIT
AVP
[System]
TCP *.*.46.185:10413 proxy:hosts2-ns ESTABLISHED
AVP
[System]
TCP *.*.46.185:10414 proxy:hosts2-ns ESTABLISHED
AVP
[System]

I don't see utorrent connecting to localhost:50000!!

Does anyones have any idea what's the problem, or more useful hints to try debug the problem ?!

Edited by chevalier3as
0

Share this post


Link to post
Share on other sites

I always use these settings:

post-4947-1243254154_thumb.pngpost-4947-1243254164_thumb.png

It works for everything except DHT.

0

Share this post


Link to post
Share on other sites

One thing you're going to have problems with is people connecting back to you. To get any real good speeds on torrents, people need to be able to connect to you.

It'll be easier to run the torrent on your SSH box, then transfer the files to your machine with SSH itself.

0

Share this post


Link to post
Share on other sites

My tunnel is limited to 400kb/s and I always get that speed, perhaps if I need higher speed I can put a *nix torrent client on my SSH box to let that download torrents. But for now it all seems to work nicely :).

0

Share this post


Link to post
Share on other sites

OK, it just seems like a backwards way of doing it. Also, the SSH box can be on all the time, and you can check it on it from anywhere. Especially if you get a torrent client with a web interface.

0

Share this post


Link to post
Share on other sites

Good point Ohm! except when the SSH box isn't yours, I wanted to apply the principle to see if bypassing the firewall works, and now I can use it by connecting friends SSH box.

However, I wonder if the people who downloads from me will see my IP address or the SSH box IP ? and does any one know how does ISPs detect torrent traffic?

0

Share this post


Link to post
Share on other sites

One immediate problem I see is that you're going to halve your throughput doing this. The box is transmitting twice the data (once to and from itself to the torrent cloud, and once to and from you) so you can only move half as much data in the same period of time. If you have SSH access to the box, just run bittorrent-curses, bittorrent-console, or some other CLI torrent client and use SCP to move the file to your workstation when it's done.

However, I wonder if the people who downloads from me will see my IP address or the SSH box IP ? and does any one know how does ISPs detect torrent traffic?

If you've got it configured to proxy properly, the downloaders would see the SSH server's ip because they would be connecting to it, then it would be proxying their packets back to you over the SSH tunnel.

An ISP can detect torrent traffic just by looking at packets. When the packets aren't obfuscated by some form of encryption (Oh, say, an SSH tunnel) then they can easily be identified just by examining the packets themselves. There are other ways to identify traffic based on statistical analysis, but this would be the easiest for an ISP which is willing to read your traffic.

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0