Jump to content
Saran999

About breaking through locked down networks

Recommended Posts

I've seen a request today from someone that was trying to break free from a controlled, locked down network. I've given a short answer, but IMHO the topic must be a explained a bit better.

 

The short answer was:

1. Shell account

2. SSH

3. SOCKS proxy

 

So, you set-up a shell account on your home machine, or wherever online you may feel fit, and then you manage to SSH-Tunnel all your network request through a SOCKS proxy sitting on the remote machine. As the SOCKS will translate the requests from the permitted received socket ports, to the ones you want to reach 'outside' (imagine that you have built a private and closed network between your work machine, and your shell account), you will be able to circumvent any port-blocking mechanism put in place.

 

Very simple to say, but a bit complex to manage, and there are 'side' effects too.

Let's talk about it in very simple terms.

A locked down network it's something that have a firewall with only few allowed 'ports' on it. Then, as normally the port number 80 (used for HTTP) is left open, there will be something that will filter allowed websites, blocking non-work related websites. "Non-work related" is a definition taken arbitrarily by the NW admin and the CIO (Chief Information Officer, if exist or even CSIO or CSO Chief Security Information Off, Chief Security Off), basing their decisions on company policies.

 

This is valid for private companies, and Campus as well.

 

Before to start this discussion, you at least must understand that any connection you make on the internet, and on any network, is based on 4 factors: Protocol, Port, IP address remote and your own. This is, very basically, the definition of a socket. You need a socket to connect to any server you want to ask services from. 

 

So, to lockdown a nw I must block or filter one or two or all of those factors to force you only to activities that I wish you will be focused on. I can block ports, I can block IP addresses but I cannot block TCP or UPD protocols without blocking the entire nw, so we will focus on those protocols and the left open ports.

 

BUT, before proceeding further you MUST understand one little thing.

Whatever you do on a network will be monitored and logged. So, even if you are smart enough to set-up a shell account with a SOCKS on it, all your traffic will be seen and you will be prosecuted for this. So, at the end, not complying with company policy in a controlled network is always a bad idea.

And even if your traffic is totally compliant (no rule broken and no blocked ports requests) and encrypted, then you may be monitored simply because the 'volume' of your traffic, and with a sniffer, I can see every packet you've send in its details, and you are fired :( as you cannot justify the volume of encrypted packets sent to your home/external machine (that still have a fixed IP address).

At the end, the solution may exists from a technical pov, but rely on a poor controlling nw admin or a friendly one, and always rely on your skill of social engineering :D

 

That said, let me hear about what you think about this topic.

May this interest you if explained down a bit more?

  • Like 1

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×