Solved

HTTP, FTP, REMOTE, or VNC through a Http Proxy?

Posted on 2004-10-26
1,058 Views
Last Modified: 2013-11-29
We have thirty computers running in our school, all running on WindowsXp pro machines which are all networked together. Our network is firewalled and site-checked. I found out that by manually inputting a http proxy (hostname: borderman04 port: 8080) in aim, putty, and some other utilities, it will work through the firewall. Is there a way I can use that trick to setup a http, winvnc, remote desktop, or ftp server that can get past the firewall? I do alot of work at home and would like to save my work and still work off our server computer, which runs windows xp pro. Currently, only computers within the network can access the shared files and http server on the computer. I'm willing to install whatever it takes to do so. Could anyone help? Thanks. I'm asking points to be refunded too if this isn't possible. Thanks
0
Question by:Duktapeshadow
    15 Comments
     
    LVL 6

    Expert Comment

    by:Ferrosti
    Sorry, I am not willing to help you drilling holes into your schools firewall.
    Anyways, the fact that you can connect from inside the school to outside locations does not mean that it might work the other way around. Therefor ports will have to be forwarded to the desired servers, which is not set up by default.

    This is not possible.
    0
     
    LVL 9

    Expert Comment

    by:TannerMan
    Man,  you first need to research for hacking forums. This is not the place for gaining assistance to hack a private network's perimeter security. I am in hopes the school's network admins are way ahead of you, and sounds like they are !!!!!!!!!!!
    0
     
    LVL 4

    Expert Comment

    by:tmcguiness
    Sure... you could run anything you wanted to... until you get caught. You know that sort of activity is punishable by a jail term. No kidding. Even if you have the best of intentions. If you really have a legitimate reason to do this, ask the school's administration. Seems like  they'd have remote access or VPN availibility. Or if you have authorized physical access, why don't you just use a usb key or something? You can get a GB on one of those bad boys, if you tried to download that, hmmm you do the math, but I'm guessing it would take few minutes.

    I'm assuming that you have the best of intentions, but your actions are misguided. You should never even attempt to gain unauthorized access to a computer network. It may just seem like a challenge to some people, but it is something to be taken very seriously. Something you might think is simple and cool could really blow up in your face. Say you broke into the computer that had the recipe for oreo cookies and all you wanted to do was make oreos at home. You would think at worst you would be in trouble for copying the recipe and the fact that you made some cookies that you would have otherwise bought. Prosecutors have a funny way of doing math though. It is far more likely that you would be charged with a serious felony because the value of that recipe to the company includes all of the research and development and goodwill that the oreo name has. You may very well be looking at being charged with damages of 100's of millions of dollars.

    Just don't do something you shouldn't do.
    0
     
    LVL 4

    Expert Comment

    by:syn_ack_fin
    It can definately be done. Here is what you do:

    1) Go to your direct supervisor, turn in your request to be allowed to work from home.
    2) If approved, he will contact the school admin to allow access in.
    3) Once the admin decides how access will be provided (he may already have a means), he will contact you with the information.
    4) Access your system through the methodology described by the admin.

    If it isn't approved, be thankful. Enjoy your time off of work. Work to live, don't live to work.
    0
     

    Author Comment

    by:Duktapeshadow
    this isn't a security issue with us. We develop the highschool newspaper and stay after til about 6 o'clock each day. as well as have used over 80 cd's for our at home work. our computers have IT people constantly coming to fix heat-checks issued by me because they're junk basically. Ive asked them about the issue and they said that if we can find a way, then do it. They can't disable the firewall because the normal students in the school can do other things when it's down.
    0
     

    Author Comment

    by:Duktapeshadow
    I'm just wondering if theres a way to setup a ftp or http server on the computer IN OUR ROOM which is networked. only we use it as a server using a http proxy.
    0
     
    LVL 4

    Expert Comment

    by:tmcguiness
    Your network administrator should be able to configure the firewall for you to access your machines according to your school's security policy. If you don't have a security policy, you need one.
    0
     
    LVL 9

    Expert Comment

    by:TannerMan
    Duktaeshadow,

    then it can't be done. If firewall has it blocked, and they will not set rules to allow on you or select machines the inbound/outbound access you NEED, then it will not be happening. That is the whole point of the firewall.
    0
     

    Author Comment

    by:Duktapeshadow
    i know what a firewall is, im just wondering if there's a way to tunnel past using the http proxy. its been done before, the ap's have it done to use email outside of school. Is there a http server which works iwth a http proxy? or ftp? or a tunnel of some sort. It can be done. Never say never.
    0
     
    LVL 9

    Assisted Solution

    by:TannerMan
    If you know what a firewall is then why are you asking for a way to bypass the firewall. Your question mentions the things you have DONE, and they are all outbound calls. ALso from your question, your wanting to have SERVERS behind this firewall published on the internet by bypassing the firewall (INBOUND clients connecting to your server). NOPE, can't be done as long as the firewall admin's are doing their job.

    There are all kinds of client side apps that will work by inputting the proxy server name/IP and port to use. If these are not failing for you it is because the firewall is setup to allow ports 80/443 (web) 21 (ftp) 25/110 (mail) and the list goes on. Your question "appears" that you want users on the web to access YOUR server via the campus firewall. You need to understand what a Proxy is.......it acts on YOUR behalf to communicate to the internet, so you DON"T have to and expose your machine. The key there is NOT TO EXPOSE YOUR MACHINE. Your machine will not be allowed to serve port 80/443 requests to internet clients unless the firewall is set to do so.

    If all this is so legit, then why are you NOT speaking with the administrator's of that network and discuss your legit needs and possible solutions.There is a lot of energy being spent here that you could solve my just sitting down with them or on the phone.
    0
     
    LVL 1

    Accepted Solution

    by:
    oo this is an easy one.
    You can "tunnel" as stated before. In our campus, the technogically experienced have ways to get around the rules. There's nothing saying we can't so.. hey. We've signed something stating that we had to obide by those rules or be punished, nowhere it says we cant tunnel. We've looked into this from our own IT tech.

    You can try Socks2Http
    http://www.totalrc.net/s2h/index.jsp

    OR

    You can try Hopster, which costs money
    http://butterseite.antville.org/stories/542247

    I love em both. We run a http server like that and the other students still are restricted. :) Everyone that needs to be is happy. :-D  Hope that helps.
    0
     
    LVL 9

    Expert Comment

    by:TannerMan
    These do not allow SERVER based inbound connecions. These are CLIENT socks tunneling, not to publish your web/ftp server to the internet.
    He can already do this by using his proxy access.
    Glad you accepted his answer Duktapeshadow.
    0
     

    Author Comment

    by:Duktapeshadow
    Thanks everyone, everything seems to be working okay so far.
    0
     
    LVL 4

    Expert Comment

    by:tmcguiness
    I'd be looking for some new IT people if they tell you to go ahead and use it if you can figure out a way through the firewall. They should want to know about this vulnerability and fix it. It sounds like they probably don't have a clue what is happening on the network. When that is the case, it is almost a sure bet that something not good is happening.

    I'm not sure what regulations apply to you, but if you were in the private sector covered by sarbanes-oxley, in the DoD covered by DITSCAP, or the executive branch covered by NIACAP, you'd be looking for trouble.  If you lose some identities because of something like this, I bet your school will be famous... probably an article in the Washington Post and the the San Jose Mercury.

    Just a little friendly advice... close the hole, get a secure way into the network. If IT doesn't want to do it, go higher up the food chain and let people know that their buttocks are being run up a flagpole because IT isn't doing security the right way.
    0
     

    Author Comment

    by:Duktapeshadow
    thanks for the info everyone. ive decided to go ahead and ask this lady that came in when we ordered a new printer. she was the leading director of the IT's. AND WHAT DO YOU KNOW! She gave me an admin account, limited though that could get what i wanted. thx alot for the advice, by the way, its a small community school in New Mexico.
    0

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    What’s a web proxy server? A proxy server is a server that goes between clients and web servers, used in corporate to enforce corporate browsing policy and ensure security. Proxy servers are commonly used in three modes. A)    Forward proxy …
    Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
    After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

    913 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    17 Experts available now in Live!

    Get 1:1 Help Now