Easily loose through the firewall (Anen)
Today, the LAN is used to access the Internet is already the main networking mode of various companies, universities and government agencies, which saves IP addresses and convenient management and control. Usually, the network management will set various firewalls at the exit of the LAN. In this way, the security of the LAN is guaranteed, and on the other hand, it can control access to the local area network. It can also limit the user's use permission, and it is not convenient to contact the outside world. For example, for the poor students in the company and the poor students in the LAN in the company, the most hateful thing is more hated to close the most ports in order to prevent everyone from lazy, only limited services, such as WWW, POP3 , SMTP, etc. This is not a lot of tools, such as QQ, CTERM, FTP, etc., you and the external connection will be very inconvenient, there is mm and can't talk, there is BBS, there is a wonderful song, there is a wonderful song, the biggest pain in the world. Mo is this ... What should I do? Don't worry, this article teaches you a few tricks, easily loose through the firewall, and uses a variety of tools! Ok, let's take a look at the original understanding of these tricks and the actual statement. Plan explanation:
protocol
Protocol is a set of rules and conventions that send information on the network. These rules control the content, format, timing, order, and errors between network devices, and popular saying is the communication language of different network programs. Our common QQ uses the UDP protocol, ICQ uses TCP protocols, and the E-mail program uses POP3 and SMTP protocols, and SOCKs in common protocols is a more complex protocol. Port
Port (port) can be considered as an export of computer and external communication. The ports in the hardware domain are also also known as interfaces, such as USB ports, serial ports, etc .; ports in software are generally referring to communication protocol ports that are connected to connection services and connection services in the network, which is an abstract software structure, including some data. Structure and I / O (Basic Input Output) buffer. The port number is actually a bit and a file descriptor, and a resource of the system, but its allocation mode has a fixed mode. There are several basic allocation: the first is global allocation, which is a centralized allocation method, which is unified according to the user needs according to the user needs, and will be published in the public, and different assignments according to the agreement. The port number, which causes many services to be fixed on a port of a certain protocol, such as the 21 port of TCP is occupied by the FTP service; the second is local allocation, also known as dynamic connection, that is, the process requires access to the transport layer service, The local operating system makes an application, the operating system returns a local unique port number, and the process is connected to the port again through the appropriate system call. The port may be divided into three categories:
1. Well Known Ports: From 0 to 1023, they are closely bound to some services. Usually, the communication of these ports clearly shows the protocol of some service, such as the 80-port actually HTTP communication.
2. Register Port (Registered Ports): From 1024 to 49151, they are loosely bound to some services. That is to say, many services are bound to these ports, which are also used in many other purposes, such as many systems processed dynamic ports from 1024.
3. Dynamics and "/" or private ports (Dynamic and / or Private Ports): from 49152 to 65535. In theory, these ports should not be assigned to services. In fact, the machine usually distributes dynamic ports from 1024, but there are also exceptions: Sun's RPC port begins with 32768. The proxy server proxy server (Proxy) is a transfer station of network information, which is an HTTP proxy server. When we use the web browser to directly link other Internet sites and get the network information, you need to send the request signal to get an answer, and then the other party will transfer the information back. The proxy server is a server between the browser and the web server. After it has it, the browser is not directly to the web server to retrieve the web page but to send a request to the proxy server. The Request signal will be sent to the proxy server. Remove the information required by the browser and transfer it to you by the proxy server. And most of the proxy servers have a buffer function, it seems to be a big Cache that is constantly packaged in its native memory, if the data requested by the browser already exists on its local memory. It is the latest, then it does not re-resend data from the web server, and directly transmits the data on the memory to the user's browser, which can significantly improve the browsing speed and efficiency. In addition to this, there is a SOCKS proxy server, which is similar to the principle. Firewall
Firewall is a system (or a set of systems) that enhances the security of the internal network of the organization. The firewall system determines which internal services can be accessed by external access, which people can access internal specific services, and which external resources can be accessed by internal personnel. To make a firewall valid, all access and outgoing information must pass the firewall, accept it. The firewall must only allow the authorized data to pass, and the firewall must also be able to avoid penetration. But unfortunately, once the firewall system is broken or rounded by an attacker, it cannot provide any protection.
The implementation of the firewall includes "package filtering router" and "application layer gateway". Package filtering the router can filter the protocol (ICMP, UDP, TCP, etc.), only allowing specific protocols to pass; application layer gateway is the proxy server we often say, it can provide more stringent security strategies than routers, we usually limit various restrictions It is achieved in the application layer. First trick: SOCKS agent
Generally speaking, BOSS is to prevent internal employees from being lazy, often close common entertainment tools, such as the UDP4000 port used by QQ, but often does not close the 1080 port of SOCKS. This way if you want to use the things itself supports the SOCKS agent, then do it, use the agent directly OK.
SOCKS is a circuit-level gateway, which is developed in 1990, which has been an open standard in Internet RFC. SOCKS runs on the TCP layer of the protocol stack, and its common port is 1080. Unlike Winsock, Socks does not require applications to follow specific operating system platforms, such as WINSOCK, follow WINDOWS. The SOCKS agent is different from the application layer agent. The HTTP layer agent is different. The SOCKS agent simply transmits the packet without having to care about what application protocol (such as FTP, HTTP, and NNTP requests), so the SOCKS proxy server is fast than the application layer proxy server. Many, just because the SOCKS proxy server has such a function. We can connect Internet. It is often used to have two versions of SOCKS4 and SOCKS5, where the SOCKS4 agent only supports TCP protocols, and the SOCKS5 agent supports TCP and UDP protocols, and supports various authentication mechanisms, server-side domain name resolution, etc. Simply said that SOCKS4 can dry SOCKS5 can do it, it can't, if QQ can only use the SOCKS5 agent, and FTP can use SOCKS4 and SOCKS5, because QQ data transmission mechanism is UDP, and the data transmission mechanism for FTP It is TCP. The SOCKS protocol is a almost universal agent agreement. Although it cannot understand the internal structure of the data they forward, it can be faithfully forward the packet, and complete the functionality that the protocol has been completed. It is different from your common HTTP proxy that the HTTP agent is performed by the HTTP protocol, and the HTTP proxy server software understands the internal structure of the communication package, and the communication is also modified and converted during the forwarding process. Let's see how I use the SOCKS agent to penetrate the firewall.
Let's take a look at how we use the SOCKS agent in QQ. First click on the icon of the QQ taskbar, then select the system parameters, then select Network Settings, select the "SOCKS5 Proxy Server", and fill in the SOCKS proxy address and port number you are using (Figure 1), You can test to see if this SOCKS5 agent is available. After confirming, your QQ is online through 61.136.132.138:1080, all your packets are now sent to this proxy server, then forward, so that you can bypass the port of UDP4000, pass through Firewall's cage. We can also use another QQ that can see IP to see the IP of QQ in QQ (Figure 2), the displayed IP is 61.136.132.138. This is another additional function, hidden your true IP, chatting with strangers without stealth, he seeing the IP address of the SOCKS proxy server.
Let's take a look at how to get through the firewall to use the FTP tool ABSOLUTEFTP (Figure 3) to download things from the Internet. AbsoluteFTP is a powerful FTP download tool that supports Socks4 and Socks5 agents, and the full Chinese interface, if your LAN is blocked 21 ports, you can use this software plus SOCKS agent to bypass firewalls when using FTP downloads. Implement FTP function. FTP can be used in both SOCKS4, or the SOCKS5 agent, without using the SOCKS5 agent.
The firewall in the global configuration is selected in the option setting of the Absolute FTP (Figure 4), and then you can choose whether to use SOCKS4 or the SOCKS5 agent, if you need authentication, then fill in the username required for the SOCKS proxy server and port and identity authentication. Password, so you can use FTP through the firewall. Second: Socks2HTTP works in conjunction with SOCKSCAP32, if the network management only opens 80 port, close the SOCKS commonly used port, or the software you want itself does not support the Socks agent, such as foxmail, or you can't find available SOCKS agent (online available SOCKS agent is much smaller than the number of HTTP proxy), then the first trick is not good, what should I do? Please see the second trick: Socks2HTTP cooperate with Sockscap32, the result of using it is as long as you have an available HTTP agent, you can use a variety of software to directly bypass the firewall, regardless of whether it supports the SOCKS agent, we It is divided into two situations.
1. The firewall closes the SOCKS port, but the software you want to use supports the SOCKS agent
In this case, you can use Socks2HTTP to get it. SOCKS2HTTP (http://www.totalrc.net/) is a proxy protocol conversion software that converts the request for SOCKS5 into an HTTP request, then this package in the HTTP packet can request the same as normal HTTP requests. Through the firewall, this is equivalent to using a remote HTTP agent to simulate a lightweight SOCKS proxy server locally so you can use this local agent server like a remote SOCKS proxy server, saying that like the first trick in QQ in QQ Use the local SOCKS5 agent. The latest version of Socks2HTTP is version 0.92, and there is already a Chinese version on the Internet. After downloading, you can complete the installation. SOCKS2HTTP has little user interface, and only one icon is displayed only after the system taskbar notification area (shown in Figure 5). Right-click on the icon, Socks2HTTP will pop up a popup menu, select "Configuration" to call up the SOCKS2HTTP configuration window (Figure 6), in which you choose to use the HTTP proxy service, then fill in the HTTP you found Proxy server IP address and port number, several other items are used by default, then click OK. We use the "netstat -a -n" command to see the port of this unit (as shown in Figure 7), it will find that the unit has a 1080 port. This port is the http2socks simulated SOCKS agent running on this machine. Server listening port, now you have a local SOCKS5 proxy server.
Next we look at how to set the proxy server in software that supports the SOCKS interface of QQ. Look at the picture below, add the SOCKS5 server address to 127.0.0.1, port 1080, hurry to test it. 2. The firewall closes the SOCKS port and the software you want does not support the SOCKS agent.
This is slightly troublesome, requiring another software SOCKSCAP32 to support the firewall. Sockscap32 is developed by NEC (http://www.socks.nec.com), which makes all Winsock applications can be tools for SOCKS agents, and CAP means that there is a hat, as the name suggests, sockscap32 is a system call for Winsock. Turka has a "hat" so that all Winsock calls generated in the SocksCap environment will be intercepted by Sockscap, and then these requests will automatically convert to a request to a specific SOCKS agent, and you don't support the SOCKS agent application. used. Sockscap32 supports SOCKS4 and SOCKS5 agents. Briefly, Sockscap's function is to convert Winsocks's call to SOCKS calls, so that those software that do not support SOCKS interfaces such as Telnet tools CTERM (often known for BBS, water gain, water gun essential!), Outlook, Foxmail, etc. also have a SOCKS interface! All of these software requires calling the Winsock interface when establishing a connection with the web server, which is converted to SOCKS calls through Sockscap, and you can use the SOCKS agent. That is very interesting, Sockscap converts the SOCKS agent into an HTTP agent, and Socks2HTTP can convert HTTP proxy into a SOCKS agent. We can swim in the world. Why is it in combination? Because Sockscap is uses a Socks agent, and the Socks agent is too small, and SOCKS4 and SOCKS5 are returned, and SOCKS4 can only do TCP protocol proxy. How can I solve it? There is a way, there is SOCKS2HTTP to solve it. HTTP Proxy online is, as long as there is an HTTP agent, there is a SOCKS agent. Because Socks2HTTP is to simulate the HTTP agent into a SOCKS agent. If you re-cooperate with the SOCKS2HTTP just mentioned, you can wear the firewall to use the software that itself without the SOCKS interface. Let's explain this process! Now there is already a Hanhua version of Sockscap (http://www.ttdown.com/softview.asp?soft=3021), follow the prompts to be installed, the main interface (Figure 9) is the console of Sockscap.
In order to better understand, I divide this process into a few steps:
Step 1: First configure your SOCKS2HTTP as in the first part, fill in the available HTTP proxy, start, then you have a local SOCKS proxy server 127.0.0.1, port is 1080, now you can use this SOCKS agent Configure your sockscap.
Step 2: Run SOCKSCAP, if you are running, the system will automatically prompt you to enter the setup interface, if not the first time, you can select the file → set into the setup interface, as shown in Figure 10.
Step 3: Fill in the local SOCKS agent 127.0.0.0.1 of Socks2HTTP simulation in the setup interface of Sockscap, the port is 1080, "SOCKS version 5 (5)" → "is determined by the remote determines all names, the rest Part, for example, the setting of the direct connection is for some internal URLs that can be directly connected without the SOCKS agent, the log part can set whether the log is generated, and the log feature can help diagnose the connection failure. We can use the other parts directly with the default settings. Step 4: Establish "Application Items". The application identification item is a new shortcut in Sockscap. This shortcut pointing to the tool you want, starting this tool in Sockscap is equivalent to "give" the SOCKS interface capability of this tool. There are two ways to build this shortcut:
1. Use the mouse to drag the CTERM shortcut to SOCKSCAP, release the mouse, will pop up the menu, select the "Application Item" system automatically establish a good identity item (see Figure 11), click OK .
2. You can also click "New" to fill in the corresponding content in the pop-up dialog box, click OK.
Step 5: Run the program. Double-click the new CTERM shortcut in the Sockscap Console, you can use it directly. For example, I want to connect BBS.Mit.edu (Figure 12), before I can't access foreign websites in education network, and network management Telnet 23 port, I can't connect to this BBS, now I can use Socks2HTTP and Sockscap, not only can go abroad, but also use Telnet service to connect to the MIT's BBS, penetrate the firewall! Other tools, for example, FTP, Outlook, etc., are also used. It is particularly worth mentioning that I can use Outlook to collect Hotmail, if there is no such approach, for these poor people in education network (no national authority), I can only use HTTP proxy on Hotmail's website, use WWW method is closed. Now there is this well, which is equivalent to equipped Outlook with a SOCKS interface, and directly will be included in Outlook. Third stroke: httptunel
The above two tricks may be enough, but the premise of the above tricks is that you have to have an HTTP agent, from all the packets sent here, all the packets passing through the agent and then reach its purpose. Land, this will bring two questions:
First: Speed problem, more than one sends data from A to C arrive C, if there is no firewall, data is sent directly from A to C; now you must bypass the firewall, you must first send data from A, make It is able to bypass the firewall, then send it to the agent B, B, and then uncheck these data to C, and the data from C is also the same process. In this way, it is not considered to pack these data, and the time to take it takes the time. Single is a big circle around C around, and the speed must be a discount, so it is generally not as fast as the direct connection.
Second: Excessive depends on the stability problem caused by the agent, the agent found on the Internet is definitely not very stable, many of the cases that are easy to lose, and the service is interrupted. In fact, we don't have to transfer it through the agent. For example, your buddy has opened FTP in the dormitory, then he put the wonderful movie, you have to look, but your local area network management closed 21 FTP port, so you didn't What should I do if Down? With httptunnel, Tunnel This English word means a tunnel, usually HTTPTunnel is called HTTP dark road, its principle is to pass the data in the form of an HTTP to pass through the firewall, in fact, in the HTTP request created a bidirectional Virtual data connection to penetrate the firewall. To be simple, it is to say that a conversion program is set up on both sides of the firewall, and the packets that the original need to send or accepted into the format of the HTTP request to defraud the firewall, so it does not require another proxy server and directly through the firewall. HTTPTunnel just starts only UNIX version, now someone has transplanted it on the Window platform, which includes two programs, HTC and HTS, where HTC is the client, and how do we now see how I now look at how I? Use them. For example, the IP of the machine that opened the FTP is 192.168.1.231, my local machine IP is 192.168.1.226, now I have locally unable to connect to the FTP because the reasons of the firewall, now use Httptunnel's process as follows: Step: In me The HTTPTunnel client is activated on the machine (192.168.1.226). Start MS-DOS command line mode, then execute as shown in Figure 13 command, where HTC is a client program, and the -f parameter represents all of the data from 192.168.1.231:80 to the 8888 port of this machine, this port can be selected casually As long as the unit is not occupied.
Then we look at the port that is now open with NetStat, found that the 8888 port is listened (Figure 14).
Step 2: Start the server side of the HTTPTunnel on the other machine, and execute the command "hts -f localhost: 21 80", this command means that all the data sent out of the unit 21 port is transferred through the 80-port, and Open 80 ports as the listening port, then use NestStat to see his machine, you will find that the 80-port is now listening (as shown in Figure 15). Step 3: Use FTP to connect to the 8888 port of this machine (Figure 16) on my machine (Figure 16), now there is no machine, see Movie is not (Figure 17), hey, hurry to download it!
However, how is people see about 127.0.0.1 instead of 192.168.1.231? Because I am now connecting to the 8888 port of this machine, the firewall will definitely not react, because I didn't go to the outer bag, of course, the firewall of the LAN did not know. Now, after the 8888 port of this unit, the FTP packet is not controlled by the control information or data information, and it is attached to the HTTP packet by HTC, and in the firewall, this is normal data, which is equivalent to deceiving firewalls. .
