Getting around a network firewall..

[Gonzoie - Luclin]

OK.. so my job put up this insanely strict firewall.. I cant access Newsgroups/Messageboards, games such as AdventureQuest, FallenSword, and OGame, couldn't access my email until i bitched about it until they took it off the filter.

Bottom line is.. is there anyway to get around a firewall in an office type scenario without letting the Admins know?

[noel]

Set up, or gain access to an external proxy server you can access over an open port (say 80).

You're not a true Veeshanite, so that's all the help you get.

[Aslanna]

I don't know anything about directly going around them but more than likey you can't. Which is why they weret put in place! But if you are still able to SSH out you you can set up a tunnel to your home PC and then use Remote Desktop. Works fine for my use. You just need to find an open port if the usual SSH one (22) is blocked. 443 is usually a good alternative.

http://www.engr.wisc.edu/computing/best ... putty.html is a fairly straightforward guide.

[Winnow]

I also use Remote Desktop. I don't do anything special to set it up besides enter my home PC's IP and use user name/password. You need XP Pro or Vista Business/Ultimate on your home PC to to it that way though. If you don't have that, you can always try RealVNC http://www.realvnc.com/ depending on what ports are open.

If you can't use Remote Desktop for some reason, or don't have a clue what we're talking about, you might be able to use GoToMyPc. I used to use that. It easy to setup but costs some money though as you use GoToMyPC's servers to access your remote PC:

https://www.gotomypc.com/en_US/entry.tm ... goto&_sf=2

nothing needs to be installed at your work and it uses the standard 8080 web browsing port.

There's a free trial so you can see if it would work before you gave them any moola. Don't forget to setup your home PC with teh software before trying it from work of course.

Also, you need decent upload capability from you home PC since it needs to send images of what's happening on your home PC to your work, all encrypted of course. It's pretty snappy with 1Mbps.

[Aslanna]

A lot of places block the port remote desktop uses. Which is what makes the tunnel over SSH a handy solution as you can use just about whatever port you want. It's also nice it you want to do command line operations or transfer files. Plus you don't have to install any applications on your work PC as Putty is just an exe that doesn't need to be installed.

Not to mention using this method everything is encrypted. I don't know if you get that through straight remote desktop.

[Winnow]

Not to mention using this method everything is encrypted. I don't know if you get that through straight remote desktop.

It's not the best, but it's encrypted:

Remote desktop is encrypted, which makes it more secure than many simplistic VNC implementations. However, Remote Desktop is vulnerable to a man-in-the-middle attack because it does not use a certificate to authenticate the server like SSL/SSH does. That means that if you connect to a your system via remote desktop, there is no guarantee that the conversation is not recorded and your passwords are not guaranteed to be safe, even though the session is encrypted.

Encryption

RDP uses RSA Security's RC4 cipher, a stream cipher designed to efficiently encrypt small amounts of data. RC4 is designed for secure communications over networks. Beginning with Windows 2000, administrators can choose to encrypt data using a 56- or 128-bit key.

Bandwidth reduction features

RDP supports various mechanisms to reduce the amount of data transmitted over a network connection. Mechanisms include data compression, persistent caching of bitmaps, and caching of glyphs and fragments in RAM. The persistent bitmap cache can provide a substantial improvement in performance over low-bandwidth connections, especially when running applications that make extensive use of large bitmaps.

Can't copy files but I do make use of the clipboard to copy and paste web data that's blocked at work and other data into Word at work for proper formatting and printing.

Clipboard mapping

Users can delete, copy, and paste text and graphics between applications running on the local computer and those running in a Terminal Services session, and between sessions.

RDP seems to run even better on Vista. While I'm not using Vista at work, I still see my home desktop as it visually appears in Vista without being able to update to the latest client RDP software at work.(wallpaper turne off of course for speed) The one thing I've noticed missing is the pop-up thumbnails of apps minimized to the task bar when hovered over. Not a big deal. It's fast enough to update streaming level II quotes and update charts, view a comic or edit the covers for posting to VV for example.

I like to access my main PC from my laptop at home sometimes to work with files, surf the net with my most up to date browser and access all the apps which aren't on my laptop. For movies, I use the regular gigabit lan to stream them.

[Aslanna]

It's still RDP.. It's just tunneled via SSH. In my opinion, other than the initial setup, there's no reason not to go that way instead of direct RDP. I'm willing to bet if they setup the firewall at Gonzoie's place of work to be 'insanely strict' that the RDP port will be blocked.

[Kelshara]

How about you.. work? What a concept.

I block everything at work.

[Winnow]

How about you.. work? What a concept.

I block everything at work.

You can't stop the signal!

[Aslanna]

How about you.. work? What a concept.

I block everything at work.

Yeah.. Because there's no thing like... lunch? Or breaks? What a concept.

[Kelshara]

You get infected by crap just as easily on your lunch break. You can use your computer as much as you want at work (lunch or no lunch) but there is absolutely no way I would allow crap like newsgroups.

[Aslanna]

Which is why we Remote Desktop to our home computers and do 'crap' like newsgroups from that PC. I don't really see the point of either of your posts.

[Winnow]

You get infected by crap just as easily on your lunch break. You can use your computer as much as you want at work (lunch or no lunch) but there is absolutely no way I would allow crap like newsgroups.

Let me know how those viruses and spyware jump from RDP into the network and you'll have a point.

When I work on newsgroups, it's via RDP, ...and Newsgroups are about the safest place to download shit anyway but the only thing that would get "infected" would be my home PC.

I'd encourage surfing via RDP from work (if people are allowed to surf) if I was an IT person.

[Siji]

Aslanna showed me the way of RD a long time ago, but my personal preference has been to improve on it by using BitVise's WinSSHd server and its tunnelier client. Tunnelier is free, WinSSHD isn't. Just has more features and easier to use keys and such. I love the FTP type client that's included in it since my ISP blocks all attempts at running an ftp server. Perfect for getting some MP3s to my work PC to listen to whlie workin'.

[noel]

Let me know how those viruses and spyware jump from RDP into the network and you'll have a point.

I assure you, it's possible.

[Winnow]

Let me know how those viruses and spyware jump from RDP into the network and you'll have a point.

I assure you, it's possible.

Unless you're talking about some sort of cuting and pasting of data. I'd like to know more than "it's possible" out of curiosity.

[Aabidano]

Bottom line is.. is there anyway to get around a firewall in an office type scenario without letting the Admins know?

My 2 cents, don't be amazed when you get fired for violating the companies acceptable use policy, and possibly sued for damages if you're the cause of an incident of any sort.

If you're using Windows and it's showing on your screen it can be monitored, an ongoing stream of encrypted traffic to _a_ non-business location (RDP, SSH, whatever) is pretty much a dead giveaway.

[noel]

Let me know how those viruses and spyware jump from RDP into the network and you'll have a point.

I assure you, it's possible.

Unless you're talking about some sort of cuting and pasting of data. I'd like to know more than "it's possible" out of curiosity.

It's pretty simple really. When you use RDP, you're opening a two-way pipe from two endpoints. If one of the endpoints is compromised and monitoring open connections, it IS possible for that open pipe to be exploited.

I realize that it's 100% impossible that your home PC could ever become compromised, but for the less savvy user who either thinks they know what they're doing, or has no clue what they're doing and is posting on a message board to find out how to bypass their company's firewall... yes, it's possible for RDP to be exploited.

My company is now part of Bell Labs. I've been learning lately that a lot of things I thought were secure are not, and a lot of things that I thought were not possible are. Specifically within the realm of network and PC security.

Bear in mind, I'm not making fun of your ability to keep your PC clean. I'm sure you know how, and I'm sure you're very diligent about keeping it clean. That said, I think anyone *could* be infected, especially if they were being targetted. Targetted attacks are becoming more common of late and they're fucking scary.

[Aabidano]

...

Send me a PM you non PM accepter

[noel]

If you're using Windows and it's showing on your screen it can be monitored, an ongoing stream of encrypted traffic to _a_ non-business location (RDP, SSH, whatever) is pretty much a dead giveaway.

Yeah this is the part that cracks me up. If your IT department is amateur hour, I'm sure you can do this all day long and no one will notice.

If however, you work for one of my more savvy customers, and their IPS saw any of the above you mentioned from a USER, the IT staff will likely get an alert, an SNMP trap, an email, and the user would probably be auto-quarantined to a VLAN with no access to anything, except maybe if they're lucky a remediation server where the user will be directed to a webpage asking that they call the IT department.

When you move into the realm of high-end financial or DoD networks, I assure you, you won't be doing ANY of that... assuming you like your job, your career or your security clearance.

[Aslanna]

When you move into the realm of high-end financial or DoD networks, I assure you, you won't be doing ANY of that... assuming you like your job, your career or your security clearance.

Anyone who went around security in those instances is a complete moron who deserves to be fired.

Personally I'm not that worried about it where I work. RDP for the most part seems to not take that much bandwidth especially while minimized, where I have it most of the time, where it doesn't even make my LAN icon in the system tray flash.

I'm not saying it's right or wrong. He was asking for ways around so I provided one. It's up to him if it's worth the risk or not.

Bottom line is.. is there anyway to get around a firewall in an office type scenario without letting the Admins know?

Bottom line is... Admins can pretty much find out anything if they desire to do so.

[Winnow]

It's pretty simple really. When you use RDP, you're opening a two-way pipe from two endpoints. If one of the endpoints is compromised and monitoring open connections, it IS possible for that open pipe to be exploited.

So you're saying my home PC would need to be hacked and then the hacker would use the open pipe somehow to hack the business servers?

I'm more curious if this is an easy hack some high school kid can do or if we need Kevin Mitnick on the job for the hack.

Non DoD/financial companies are more concerned with day to day spyware and viruses users pick up on porn sites, etc than an actual hacker. The bulk of their time seems to be fixing user's computers that screw them up surfing the net. RDP pretty much takes care of that problem.

[noel]

You asked if it was possible. I understand the relevance of degree of difficulty, but the point is that it's possible.

[Winnow]

You asked if it was possible. I understand the relevance of degree of difficulty, but the point is that it's possible.

Degree of difficulty would matter quite a bit in this case. One of the IT guys at work recommended I use RDP when I was probing him for open ports while trying to get VNC up and running.

I was just curious if you had any real world examples of RDP being hacked.

[Aabidano]

So you're saying my home PC would need to be hacked and then the hacker would use the open pipe somehow to hack the business servers?

I'm more curious if this is an easy hack some high school kid can do or if we need Kevin Mitnick on the job for the hack.

The recent MS vulnerabilities could have done it quite easily from what I can see, all they needed was a visit to a hostile\compromised website. You wouldn't have know it happened for a few days either, easily long enough for other non-obvious things to be buried on your system. Could it impact both ends? I won't say yes but it wouldn't surprise me in the least if it could be used in that fashion.

It only takes one smart person to invent the hack, then you've got a legion of script kiddies implementing it.

[noel]

You asked if it was possible. I understand the relevance of degree of difficulty, but the point is that it's possible.

Degree of difficulty would matter quite a bit in this case. One of the IT guys at work recommended I use RDP when I was probing him for open ports while trying to get VNC up and running.

I was just curious if you had any real world examples of RDP being hacked.

I do not have any real world examples that I can share with you.

If your IT guy said do it, then have a great time. I'm not debating whether it's right or wrong. Degree of difficulty doesn't matter because it's not a question of whether it's easy or hard, it's a question of whether it's possible or impossible. It's possible.

[Winnow]

Degree of difficulty doesn't matter because it's not a question of whether it's easy or hard, it's a question of whether it's possible or impossible. It's possible.

I disagree. Degree of difficulty does matter. If it didn't matter, every employee would have to use one of the Get Smart cones of silence whenever they spoke as it's possible someone could overhear them otherwise.

[Aslanna]

Wish they would. Tired of listening to personal calls or people having conferences over speakerphone at their desk.

[Aabidano]

I disagree. Degree of difficulty does matter.

RDP isn't SSHv2 or IPSec using AES encryption, both of those approach impossible to break realtime when properly implemented. Same with SSL for that matter.

RDP is a fast, lightweight protocol, not necessarily a secure one from the little I've read on it. Everyone I know that uses as part of a business tunnels it inside something else. If someone were to target you, they will get your data. If you've got the server running on a public network, I guarantee people have already identified it. Does it matter? Dunno but I wouldn't do it.

The attacks they talk about below would be doable on some cable plants I've seen, but wouldn't impact most DSL systems.

http://www.securiteam.com/windowsntfocu ... 0KG0G.html

[Aslanna]

Even if your office has the RDP port open I wouldn't recommend running it directly. Tunneling is a must! Also a little easier to disguise due to not using port 3389. If you're going direct I'd recommend at least changing the port. This is easily accomplished in the registy.

To change the RDP operating port:

Use a registry editing tool to navigate to the following key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\TerminalServer\WinStations\RDP-Tcp

Insert or change a value with the following details:
Data Type:DWORD
Value Name:PortNumber
Value:The number of the port you wish the RDP service to operate on, e.g. 12345
Restart your computer for the changes to take effect.
Note: It is best to avoid any ports that are commonly used by other protocols.

Note this stops Remote Assistance from working properly.

(Also note I'm no security expert. Just going on a few things I read. Extra precaution is always a good thing.)