Unoffical empeg BBS

Quick Links: Empeg FAQ | RioCar.Org | Hijack | BigDisk Builder | jEmplode | emphatic
Repairs: Repairs

Topic Options
#136236 - 21/01/2003 13:19 Packet Shapers..... Work around?
lopan
old hand

Registered: 28/01/2002
Posts: 970
Loc: Manassas VA
So a friend of mine wanted me to find a way around a packet shaper on his local network. I can only guess what kind of trouble he's looking to get in, but I told him to my knowledge there was no work around. I'm assuming he wants to use Kazaa or Morpheus.

Does any one know of any known workarounds to bypass a packet shaper? This person has no administrative access to routing and/or network equipment, he can access the internet to download anything he needs.
_________________________
Brett 60Gb MK2a with Led's

Top
#136237 - 21/01/2003 13:41 Re: Packet Shapers..... Work around? [Re: lopan]
tfabris
carpal tunnel

Registered: 20/12/1999
Posts: 31604
Loc: Seattle, WA
I once had an idea for something like this, several years ago. The idea was...

You would maintain a specially-coded server somewhere on the public internet that worked like a proxy: It took in HTTPS packets and rerouted them.

Then you'd have a piece of proxy client software on someone's PC that's behind a restrictive firewall. It "wraps" all your local packets inside a benign-looking HTTPS packet that has no trouble slipping through the restrictive firewall. The packet goes out to this specially-coded server, which then unwraps the packets and routes them to where they were supposed to go in the first place. And it does the same in reverse.

It would delay the packets qute a bit, so it wouldn't be useful for online gaming behind a firewall, but it could be cool for anonymity behind a corporate firewall, and getting through its restrictions. You could do anything with it that would otherwise be blocked by the firewall. Streaming audio/video, IRC, bidirectional FTP, whatever.

Until your company got wind of the server's IP and blocked it. I never figured an easy way around that one unless it involved some kind of constantly-shifting anonymous-server system like the filesharing networks.

I wanted to implement this and make a million off of the idea. Never got around to it. Did anyone else ever come up with the same idea and implement it in the meantime?
_________________________
Tony Fabris

Top
#136238 - 21/01/2003 13:44 Re: Packet Shapers..... Work around? [Re: tfabris]
tonyc
carpal tunnel

Registered: 27/06/1999
Posts: 7058
Loc: Pittsburgh, PA
This little guy might be one of the pieces of the puzzle...

http://www.snurgle.org/~griffon/ssh-https-tunnel

Edit: And another...

ftp://ftp.nlc.net.au/pub/unix/tn-gw-nav/index.html

I guess the second is more relevant if you've got a telnet proxy to get out of the local network. We've got one here. A telnet proxy is a little easier to work through than a HTTP(S) proxy.


Edited by yn0t_ (21/01/2003 13:51)
_________________________
- Tony C
my empeg stuff

Top
#136239 - 21/01/2003 14:15 Re: Packet Shapers..... Work around? [Re: tonyc]
lopan
old hand

Registered: 28/01/2002
Posts: 970
Loc: Manassas VA
Did I mention my friend is not the most technical guy on the planet?
_________________________
Brett 60Gb MK2a with Led's

Top
#136240 - 21/01/2003 17:13 Re: Packet Shapers..... Work around? [Re: tfabris]
tman
carpal tunnel

Registered: 24/12/2001
Posts: 5528
You can run PPP over SSH if you really felt the need. It would be a homebrew VPN solution really. You can set the port to whatever you felt like.

- Trevor

Top
#136241 - 21/01/2003 17:56 Re: Packet Shapers..... Work around? [Re: tman]
Biscuitsjam
enthusiast

Registered: 22/01/2002
Posts: 355
I sure hope at least one of you is semi-technical: PPP, SSH, VPN, HTTP, FTP, IP, packets, ports, IRC, etc. etc.

The scary thing is, I can actually understand what these people are talking about.

Top
#136242 - 21/01/2003 18:17 Re: Packet Shapers..... Work around? [Re: lopan]
tman
carpal tunnel

Registered: 24/12/2001
Posts: 5528
Depending on how closely the network admin monitor things, your friend can get caught. And since they've put the packet shapers in for a reason then their response may not be that favourable for your friend.
Trying to encapsulate the traffic won't prevent it being detected. All it needs is a single admin to wonder why there is an incredible amount of traffic going to and fro via SSL or whatever.

Sorry to be pessimistic but if I caught somebody trying this after I told them not to I wouldn't NOT be happy

- Trevor


Top
#136243 - 21/01/2003 19:05 Re: Packet Shapers..... Work around? [Re: tman]
Biscuitsjam
enthusiast

Registered: 22/01/2002
Posts: 355
Your friend may not understand it, but there is a reason that kazaa is banned on most networks. On a normal network, most users might browse the web sporadically causing short bursts of traffic over a second or so that only use up a fraction of the bandwidth. Kazaa, on the other hand, is going to use the maximum upload/download available if you let it. Rather than fitting hundreds, maybe even 1000 users on your internet connection, you can fit ONE user. The other people are probably going to start failing to pull up web pages (20-50% time out).

I used to maintain a network in my fraternity house. We had 20 people sharing one ADSL line (1554/256 kbps). I had a heck of a time convincing people that Kazaa, etc. would seriously hurt the other users on the connection. People would get seriously pissed at me when I would cut off their connection. Then, the next day, they would get pissed when they couldn't even read their email because somebody else was using Kazaa.

Still, I managed to keep things largely under control without burning any bridges. Since I moved out, the network works only sporadically. They want me to upgrade the network with a router that has more advanced functionality (time-based filters, packet shaping, etc). I haven't figured out what to get yet, but I think it is kind of funny.

My point is, you can seriously harm the corporate network your friend is on and prevent his coworkers from being able to get their work done. More to the point for your friend, if it works successfully, he WILL be noticed and action will be taken.

Just my 2 cents,

-Biscuits

Top
#136244 - 21/01/2003 20:54 Re: Packet Shapers..... Work around? [Re: Biscuitsjam]
lopan
old hand

Registered: 28/01/2002
Posts: 970
Loc: Manassas VA
Oh I'm well aware of what Kazaa does... I tried to discourage him, Kazaa and Morpheus are one of the reasons we (at my place of employment) got a packateer.... One idiot on our network, just one guy single handedly took a T1 and reduced it to around the speed of 14.4 for everyone else on the network.

My friend swore up and down that he'd disable sharing with other users. I suspect when I give him my findings he'll give up.
_________________________
Brett 60Gb MK2a with Led's

Top
#136245 - 21/01/2003 23:02 Re: Packet Shapers..... Work around? [Re: Biscuitsjam]
Biscuitsjam
enthusiast

Registered: 22/01/2002
Posts: 355
Off topic:
I've been doing some research today and I think I'm going to go with the Sonicwall SOHO 3 router for the fraternity house ($650). I hope it will work out OK.

-Biscuits

Top
#136246 - 22/01/2003 07:46 Re: Packet Shapers..... Work around? [Re: Biscuitsjam]
Ezekiel
pooh-bah

Registered: 25/08/2000
Posts: 2413
Loc: NH USA
I've got one, and it works pretty darn well. I did spring extra $$ for the VPN option. No DMZ in hardware but otherwise it's been rock solid & easy to configure (I don't think I've rebooted it yet apart from config changes). I've got it attached to 128k of T1, mostly due to stupid high IP access costs in my locality (no cable modem or DSL options). Otherwise I'd have more pipe. Good luck!

-Zeke
_________________________
WWFSMD?

Top
#136247 - 22/01/2003 08:18 Re: Packet Shapers..... Work around? [Re: Biscuitsjam]
peter
carpal tunnel

Registered: 13/07/2000
Posts: 4180
Loc: Cambridge, England
Kazaa, on the other hand, is going to use the maximum upload/download available if you let it.

The Right Answer here is to have a machine elsewhere (e.g. at home on ADSL) running the P2P client and then use VNC tunnelled over ssh (on port 80 if need be) to drive it from inside the restricted network. That way you can waste your employer's time without wasting their bandwidth

Peter

Top
#136248 - 22/01/2003 15:37 Re: Packet Shapers..... Work around? [Re: peter]
Ezekiel
pooh-bah

Registered: 25/08/2000
Posts: 2413
Loc: NH USA
VNC can be a bit of pig too, if you're not careful about the host & client machine's settings (much greater flexibility on environment if the VNC host is a linux/unix box). I'd set the screen to 256 colors, VGA resolution & only run the p2p client for best results from a Windows VNC host.

-Zeke
_________________________
WWFSMD?

Top
#136249 - 22/01/2003 18:00 Re: Packet Shapers..... Work around? [Re: Ezekiel]
wfaulk
carpal tunnel

Registered: 25/12/2000
Posts: 16706
Loc: Raleigh, NC US
I discovered on a machine a while back that if you set a Windows machine to use the VGA driver (not simply set the resolution to be 640x480), the machine's performance (at least as far as VNC was concerned) was awful. Make sure that you use the correct driver for your video card, but set the resolution to be as low as you can stand.
_________________________
Bitt Faulk

Top
#136250 - 22/01/2003 18:05 Re: Packet Shapers..... Work around? [Re: wfaulk]
tman
carpal tunnel

Registered: 24/12/2001
Posts: 5528
Does VNC on Windows actually start up a seperate session just for VNC or does it control whatever is displayed on the monitor? I've never used the Windows version so I'm not sure. If it just pretends your at the real keyboard then I guess Windows will have to wait for the screen updates to complete. And with the bog standard VGA driver you're not going to get any hardware acceleration at all.

- Trevor

Top
#136251 - 22/01/2003 18:16 Re: Packet Shapers..... Work around? [Re: tman]
wfaulk
carpal tunnel

Registered: 25/12/2000
Posts: 16706
Loc: Raleigh, NC US
I don't know its internals, but I assume that your reasoning is correct; it's the same conclusion I came to. But I just wanted to clarify the point about `VGA' to whoever might take that advice. (And it just rebroadcasts what's already on the screen; it just mirrors the console. It does the same thing on MacOS 9 and previous, too.)

BTW, it seemed like the delay was somehow exponentially increased when viewing it over VNC. Actually, even at the console when someone was connected via VNC.
_________________________
Bitt Faulk

Top
#136252 - 22/01/2003 19:01 Re: Packet Shapers..... Work around? [Re: tman]
Ezekiel
pooh-bah

Registered: 25/08/2000
Posts: 2413
Loc: NH USA
Windows doesn't understand multiple logon sessions (except perhaps XP & terminal server). VNC server for windows serves the current desktop, not a unique session. The Unices can serve multiple independent sessions, with different shells etc... The VNC site is really the best place to look for details, it's got really good documentation.

I've never tried the true VGA driver, but the less info you've got on screen the better/faster the refresh rate will be. The VNC client (at least the Windows one) has some really handy features, like a 'Send Ctrl+Alt+Del' command for unlocking/rebooting/task managing a Win box.

-Zeke
_________________________
WWFSMD?

Top
#136253 - 24/01/2003 09:29 Re: Packet Shapers..... Work around? [Re: peter]
lopan
old hand

Registered: 28/01/2002
Posts: 970
Loc: Manassas VA
Problem there is comcast disables VPN traffic unless you upgrade to their 100 dollar monthly service...
_________________________
Brett 60Gb MK2a with Led's

Top