Re: remote access getting round a firewall.

From: Charles Newman (charlesnewman1@attbi.com)
Date: 05/26/02 

From: "Charles Newman" <charlesnewman1@attbi.com>
Date: Sat, 25 May 2002 23:45:33 GMT

"Leythos" <void@nowhere.com> wrote in message
news:MPG.1759d5a1fb6cb2e198980b@news-server.columbus.rr.com...
> In article <%3NH8.7885$Of.87109690@news-text.cableinet.net>,
> rob.ellison@bigfoot.com says...
> > hi i was wondering if anyone knows of a remote access program that is
either
> > stand alone (like VNC) or web based (like MS terminal services activeX
> > client) that can be used over standard ports, like port 80 or 8080 or
> > something like that to get round a firewall.
> > basicly i want to access my pc at home, but a firewall is in the way
that
> > only lets connections to standard ports out - this may be down to ftp
and
> > http ports only now.
> > as i dont have adminastrative privilages on this remote computer, i need
the
> > solution to not need installing.
> > MS terminal services web client would be perfect but you cannot change
the
> > port it connects on.
> > any comments would be very usefull
> > thanks,
>
> Rob, it sure sounds like you are violating your corporate network
> policy. If the open ports 80 and 443, then they only want you browsing
> the internet for work purposes - and connecting to your home system has
> nothing to do with WORK.

     That depends. Maybe this guy brings work home with him
at times, and wants to send the files he needs to his home
computer system. Sending files to your home computer, to
do work from home, could be considered a work purpose.
Floppy disks are too unreliable, and companys are not going
to put Zip Disks in every computer, at $100 a pop, so being
able to send work to your home computer, if you need to work
at home is the only real way.

>
> In my wan, I would easily detect that you are connecting to a NON-
> COMPANY based IP (meaning something like comcast or RR) and hunt you
> down and terminate your connection - then turn your logs over to your
> department head and let him deal with you.

      Not if your connection is hidden with an open socks or HTTP
proxy you wont. You will know that a person went to the proxy,
but where they went BEYOND that proxy you would not know.
         I used to run a public proxy on my cable
connection, before they changed the rules to disallow it. Because
it was on ports 1100 and 8901, you are not likely to be able
to detect it. If anyone from your network ever tried to connect,
via my public proxy, to somewhere else, you would NEVER have
known about it, becuase it was on "non-standard" ports. When
@Home was still around, poorly written rules on servers did allow
public proxy servers to be run on your connection. It was not
until the switchover to ATTBI, that running a public proxy was
dissallowed. And prhobitions not withstanding, they also lowered
the outbound speed from 7.7 megabits to 128 kilobits, which
makes running any kind of public proxy not possible if the
rules still allowed it.
      And I DID used to get quite a few hits to my public proxy
that I had, from numerous corporate networks all over the place.

>
> I know, you think this is harsh, but consider how much time you waste at
> work that your employer is paying for. Get a clue, work at work.
>
> Harsh I know, but if you can't install anything and the down allow
> connections outbound, then you should not be trying to subvert the

     As far as installing stuff, I would tell him to bring his own laptop
and plug it into the network with all the software he needs. All he
has to do is to change the network settings to be able to interface
with the network. On top of that, he can carry his work to and
from work on his laptop, and just copy the updated files to his
storage space on the. If he travels a lot for work, and needs to
to have access to his files, it is a MUST. He can download
what he needs into his laptop before he leaves, and then copy
the updated files back into his work account when he returns.

> intent.
>
> Mark
>
> --
> --
> Leythos999@columbus.rr.com
> (Remove 999 to reply to me)

Relevant Pages

  • Re: remote access getting round a firewall.
    ... >> http ports only now. ... connection, before they changed the rules to disallow it. ... If anyone from your network ever tried to connect, ... public proxy servers to be run on your connection. ...
    (comp.security.firewalls)
  • Re: Blocking Kazza
    ... Once the connection times out, you firewall will be hit 2 more>> times for good measure. ... > Why bother our self proclaimed 'very experienced user' with details> about network protocols? ... > The use of -d in the INPUT chain is senseless, since the destination of> the INPUT chain is always the machine itself. ... >> Just block everything and only open the ports that are needed. ...
    (comp.security.firewalls)
  • Re: XP Firewall on Modem Connection for PC Anywhere?
    ... PCanywhere can be placed into a secure connection as ... because inbound ports using NMRDS or PCAW on the host ... network and can compromise machines on the network. ...
    (comp.security.firewalls)
  • Re: SonicWall Firewall Log Messages
    ... I sniffed the connection attempts coming in. ... etc (the designated eMule ports). ... >> the peer network via caching or something. ...
    (comp.security.firewalls)
  • RE: Problems with Permissions
    ... And SBS server is only take ... the role of an internal server. ... they are all configured to connected to internal network. ... g. Run the Configure Email and Internet Connection Wizard on SBS server. ...
    (microsoft.public.windows.server.sbs)