get into the private campus server

Ok.... heres how it goes, I set up an ftp server from behind the
school's LAN. This works all fine and well anywhere on campus, you know
in a computer lab we are all able to get back to the server which is in
the dorm (same Class B range of ips) but on a different subnet... I
have a friend who wants to access the FTP from his house (off campus)
and take advantage of the wicked upload speeds that schools network
provides. We have it set up for SFTP, FTP and SSL but naturally cannot
access any of this when we are off the schools ip network. The cisco
router that i am behind.... and this is only as i understand it-hides
the ips from any outbound incoming connection.

Here is what we have tried. Using all different ports as in 25 and 80
in an attempt to get through an smtp or http opened port but i highly
doubt they would leave these ports open for the dorm's internet because
per say they wouldn't want us hosting an ftp server.... or something
like that. All pings sent to the dorm sever come back perfectly so if
anything is "hidden" its a relative term.

My thoughts. I have told the people that want to get to the sever from
outside the schools network that they were just sol, but if pings are
coming back then there must be some way it could work. I also have a
phone line thats free of charge to me so i wonder if it is possible to
have someone dial in and establish a connection to the off campus
computer (ie the campus computer would effectively connect with the off
campus pc and then allow the off campus pc to do all the talking)

I am a 4th semester UNIX Computer Networking Systems and all of this
would be no problem if i could break into that router closet downstairs
or hold the student online services lady hostage for the routers
password, obviously these options are kinda last resort. If you have
any thoughts as to how we could make this work fell free.... nay feel
obligated to drop a line.

Sorry let me reword hat second paragraph a bit, i was thinking that if
the server initiated the connection then it (the server) might allow
the off campus pc through the cisco router. Also fyi all firewalls on
the server are off (the cisco router still has whatever firewalls it
had before up)

I am tempted to just give out the ip and let everyone try their luck in
hacking into it. but people tell me this is considered poor network
admin practice.





thealphamale05 wrote:
> Ok.... heres how it goes, I set up an ftp server from behind the
> school's LAN. This works all fine and well anywhere on campus, you know
> in a computer lab we are all able to get back to the server which is in
> the dorm (same Class B range of ips) but on a different subnet... I
> have a friend who wants to access the FTP from his house (off campus)
> and take advantage of the wicked upload speeds that schools network
> provides. We have it set up for SFTP, FTP and SSL but naturally cannot
> access any of this when we are off the schools ip network. The cisco
> router that i am behind.... and this is only as i understand it-hides
> the ips from any outbound incoming connection.
>
> Here is what we have tried. Using all different ports as in 25 and 80
> in an attempt to get through an smtp or http opened port but i highly
> doubt they would leave these ports open for the dorm's internet because
> per say they wouldn't want us hosting an ftp server.... or something
> like that. All pings sent to the dorm sever come back perfectly so if
> anything is "hidden" its a relative term.
>
> My thoughts. I have told the people that want to get to the sever from
> outside the schools network that they were just sol, but if pings are
> coming back then there must be some way it could work. I also have a
> phone line thats free of charge to me so i wonder if it is possible to
> have someone dial in and establish a connection to the off campus
> computer (ie the campus computer would effectively connect with the off
> campus pc and then allow the off campus pc to do all the talking)
>
> I am a 4th semester UNIX Computer Networking Systems and all of this
> would be no problem if i could break into that router closet downstairs
> or hold the student online services lady hostage for the routers
> password, obviously these options are kinda last resort. If you have
> any thoughts as to how we could make this work fell free.... nay feel
> obligated to drop a line.

On Sat, 04 Nov 2006 22:33:45 -0800, thealphamale05 rearranged some
electrons to form:


>
> I am a 4th semester UNIX Computer Networking Systems and all of this
> would be no problem if i could break into that router closet downstairs

You would then be a FORMER 4th semester UNIX Conputer Networking Systems
student. I doubt if the University of Texas would like it very much, nor
would the Austin Police Department, as the school would likely turn you
over to them.

Good luck.

--
David M

Thanks for your vast insight Davie, The last paragraph about committing
B and E as well as holding a senior citizen were "last resort" or i
guess you could say just jokes.

Thanks again Dave, btw check this out
http://www.ehow.com/how_8538_be-funny.html
they might be able to help you remove that fairly sizable obstruction
from your rectum.


keep the ideas coming, and don't worry i am not at UT, at my college
the response time for campus police is directly proportional to the
Dunkin Doughnuts available inventory.





David M wrote:
> On Sat, 04 Nov 2006 22:33:45 -0800, thealphamale05 rearranged some
> electrons to form:
>
>
> >
> > I am a 4th semester UNIX Computer Networking Systems and all of this
> > would be no problem if i could break into that router closet downstairs
>
> You would then be a FORMER 4th semester UNIX Conputer Networking Systems
> student. I doubt if the University of Texas would like it very much, nor
> would the Austin Police Department, as the school would likely turn you
> over to them.
>
> Good luck.
>
> --
> David M

In comp.os.linux.networking thealphamale05 <(E-Mail Removed)>:

[ coming around firewall/router acl in some campus network ]

> I am a 4th semester UNIX Computer Networking Systems and all of this
> would be no problem if i could break into that router closet downstairs
> or hold the student online services lady hostage for the routers
> password, obviously these options are kinda last resort. If you have
> any thoughts as to how we could make this work fell free.... nay feel
> obligated to drop a line.

Unsure if this is a new sport to ask us how to circumvent
restrictions setup in some network you don't own or control at
all?

It is for sure against the TOS of your university and likely to
get you fired no matter how you get around restrictions, even if
it shouldn't matter since it seems you didn't learned much about
"UNIX Computer Networking Systems" anyway...

--
Michael Heiming (X-PGP-Sig > GPG-Key ID: EDD27B94)
mail: echo (E-Mail Removed) | perl -pe 'y/a-z/n-za-m/'
#bofh excuse 277: Your Flux Capacitor has gone bad.

I only said that i am 4th semester Unix major (student) so that people
wouldent post tips like disable the firewall or try a different port
etc.
I already told the kids what are off campus they are probably just sol
but i thought that perhaps someone on google would have some advice or
throw some thoughts around the group.




Michael Heiming wrote:
> In comp.os.linux.networking thealphamale05 <(E-Mail Removed)>:

> [ coming around firewall/router acl in some campus network ]
>
> > I am a 4th semester UNIX Computer Networking Systems and all of this
> > would be no problem if i could break into that router closet downstairs
> > or hold the student online services lady hostage for the routers
> > password, obviously these options are kinda last resort. If you have
> > any thoughts as to how we could make this work fell free.... nay feel
> > obligated to drop a line.
>
> Unsure if this is a new sport to ask us how to circumvent
> restrictions setup in some network you don't own or control at
> all?
>
> It is for sure against the TOS of your university and likely to
> get you fired no matter how you get around restrictions, even if
> it shouldn't matter since it seems you didn't learned much about
> "UNIX Computer Networking Systems" anyway...
>
> --
> Michael Heiming (X-PGP-Sig > GPG-Key ID: EDD27B94)
> mail: echo (E-Mail Removed) | perl -pe 'y/a-z/n-za-m/'
> #bofh excuse 277: Your Flux Capacitor has gone bad.

[ top posting fixed ]

In comp.os.linux.networking thealphamale05 <(E-Mail Removed)>:
> Michael Heiming wrote:
>> In comp.os.linux.networking thealphamale05 <(E-Mail Removed)>:

>> [ coming around firewall/router acl in some campus network ]

>> > I am a 4th semester UNIX Computer Networking Systems and all of this
>> > would be no problem if i could break into that router closet downstairs
[..]

>> It is for sure against the TOS of your university and likely to
>> get you fired no matter how you get around restrictions, even if
>> it shouldn't matter since it seems you didn't learned much about
>> "UNIX Computer Networking Systems" anyway...

> I only said that i am 4th semester Unix major (student) so that people
> wouldent post tips like disable the firewall or try a different port
> etc.

Only said this because if you did, you wouldn't probably have
asked at all.

> I already told the kids what are off campus they are probably just sol
> but i thought that perhaps someone on google would have some advice or
> throw some thoughts around the group.

On google? This is *NOT* some groups.google group but a public
Usenet newsgroup!

--
Michael Heiming (X-PGP-Sig > GPG-Key ID: EDD27B94)
mail: echo (E-Mail Removed) | perl -pe 'y/a-z/n-za-m/'
#bofh excuse 84: Someone is standing on the ethernet cable,
causing a kink in the cable

On Sun, 05 Nov 2006 08:44:41 -0800, thealphamale05 rearranged some
electrons to form:


>
>
> David M wrote:
>> On Sat, 04 Nov 2006 22:33:45 -0800, thealphamale05 rearranged some
>> electrons to form:
>>
>>
>> >
>> > I am a 4th semester UNIX Computer Networking Systems and all of this
>> > would be no problem if i could break into that router closet downstairs
>>
>> You would then be a FORMER 4th semester UNIX Conputer Networking Systems
>> student. I doubt if the University of Texas would like it very much, nor
>> would the Austin Police Department, as the school would likely turn you
>> over to them.
>>
>> Good luck.
>>
>> --
>> David M

[top posting repaired]

> Thanks for your vast insight Davie,

You're welcome.
Good luck with that "UNIX Computer Networking Systems" major,
I didn't know Austin Community College gave out BUCNS degrees.

Maybe you should stick to watching the bats under the bridge.


--
David M

Ya acc thay dont do no uNix, but idont go to the acc

On Nov 6, 3:24 am, David M <NOS...@nospam.com> wrote:
> On Sun, 05 Nov 2006 08:44:41 -0800, thealphamale05 rearranged some
> electrons to form:
>
>
>
>
>
> > David M wrote:
> >> On Sat, 04 Nov 2006 22:33:45 -0800, thealphamale05 rearranged some
> >> electrons to form:
>
> >> > I am a 4th semester UNIX Computer Networking Systems and all of this
> >> > would be no problem if i could break into that router closet downstairs
>
> >> You would then be a FORMER 4th semester UNIX Conputer Networking Systems
> >> student. I doubt if the University of Texas would like it very much, nor
> >> would the Austin Police Department, as the school would likely turn you
> >> over to them.
>
> >> Good luck.
>
> >> --
> >> David M[top posting repaired]
>
> > Thanks for your vast insight Davie,You're welcome.
> Good luck with that "UNIX Computer Networking Systems" major,
> I didn't know Austin Community College gave out BUCNS degrees.
>
> Maybe you should stick to watching the bats under the bridge.
>
> --
> David M

Have your on-campus server act as an ssh client, connecting out to a
cooperating ssh server. Once the ssh connection is established, you can
tunnel any TCP traffic you like over it, in either direction. To maintain
the connection over the long term, you can use e.g. autossh.

This is a well-known technique that I've used successfully for years. You
can work out the details for yourself.

Of course if you then use that tunnel to move massive amounts of traffic
across the campus firewall, then the admins will quickly catch on. Or, if
you're not careful and the outside ssh server gets compromised, then the
attackers will have a free ride into the campus network, and after they come
in and wreck a few servers, the admins will trace the compromise to you and
show up at your dorm room at 2 AM to take your computer away, right as
you're in the middle of jacking off. Awkward, no? But see, the ssh tunnel
circumvents all of their network controls and allows pretty much any traffic
in or out, and you can bet that when they find out about it they'll be
really pissed. Remember that they know about the technique, but have
probably decided that the risk doesn't justify blocking all outbound ssh
traffic. So now they'll kick you off of the network for sure, maybe out of
the college, take your computer away and good luck getting it back, and
maybe do something overreactive like cutting off all ssh access to the
outside, while explaining to everyone who complains that it's because you
compromised their network.

Have fun.
Andrew.

--
To reply by email, change "deadspam.com" to "alumni.utexas.net"