Getting around blocked ports at Wireless hotspots

Here is my problem.
I am a contract computer programmer. One of the good things about my
job is that I can pretty much work from anywhere I can get an internet
connection. The problem is that I often need to use ports that most
people don't and which therefore are blocked from many wireless
hotspots.

The most common one is port number 1433 for connecting to Database
servers. The servers are not mine but my clients so I cannot change
the port number on the server end.

Basically this is my idea to solve the problem

1. Leave a computer online at my house that would forward my request
from the hotspot onto the server.
2. I would then change the requests that I am making to the server from
the wireless hotspot to actually make the requests to my home PC on a
port that is not blocked at the hotspot. Say port 80.
3. The computer at home would forward all requests on the designated
port number onto the server on port number 1433 It would then return
all responses from the server back to me on the hotspot.

For step 3 above I would like to find a utility program that I could
set up to do this. I also could write a program in java that I could
run on home pc to do this but I would rather not if there is already
something out there.

Any suggestions on programs that would do this?
Can this be done? Any ideas on problems I would run into trying to
program this?

On 6 Sep 2006 09:12:03 -0700 (E-Mail Removed) wrote:

| Here is my problem.
| I am a contract computer programmer. One of the good things about my
| job is that I can pretty much work from anywhere I can get an internet
| connection. The problem is that I often need to use ports that most
| people don't and which therefore are blocked from many wireless
| hotspots.
|
| The most common one is port number 1433 for connecting to Database
| servers. The servers are not mine but my clients so I cannot change
| the port number on the server end.

This one is blocked for a good reason. There are insecure databases
that listen on this port all over the internet. This attracts lots
of would-be crackers that perform massive probes looking for insecure
ports. Your wireless hot-spot would be saturated by one of these
crackers that found they could do their deed there. The hot-spot
would not be serving it's real intended purpose. So blocking this
port makes crackers move along to somewhere else.


| Basically this is my idea to solve the problem
|
| 1. Leave a computer online at my house that would forward my request
| from the hotspot onto the server.
| 2. I would then change the requests that I am making to the server from
| the wireless hotspot to actually make the requests to my home PC on a
| port that is not blocked at the hotspot. Say port 80.
| 3. The computer at home would forward all requests on the designated
| port number onto the server on port number 1433 It would then return
| all responses from the server back to me on the hotspot.

Some providers block port 1433 (and many others) coming inbound at their
border, to help protect their customers that are security idiots, and to
keep down the cracking traffic on their network. Be sure yours does not
or else you'll have to establish this special gateway inside the network
that hosts the database.


| For step 3 above I would like to find a utility program that I could
| set up to do this. I also could write a program in java that I could
| run on home pc to do this but I would rather not if there is already
| something out there.

I wrote a program called tcprelay that does this. You'll need a UNIX
compatible system to run it. BSD or Linux would be ideal. Maybe you
could get it to run in Windows with Cygwin, or run Linux inside Windows
with coLinux (I've never tried any of the Windows options).

Another alternative is a program called stunnel. If you can layer your
client connections in TLS/SSL, stunnel decrypts the traffic and passes
on the data stream.

You'd get the most out of TLS/SSL encryption if you host stunnel inside
the network running the database.


| Any suggestions on programs that would do this?
| Can this be done? Any ideas on problems I would run into trying to
| program this?
|

My tcprelay program is included as a demo program inside LIBH, a library
for C programmers, to demonstrate a part of that library that makes it
easier to create a daemon in C. http://libh.slashusr.org/

The tcprelay program is started at a command line or in a shell script
by giving it the port number to listen on, and the host and port to
connect to. It has no security.

--
|---------------------------------------/----------------------------------|
| Phil Howard KA9WGN (ka9wgn.ham.org) / Do not send to the address below |
| first name lower case at ipal.net / spamtrap-2006-09-06-(E-Mail Removed) |
|------------------------------------/-------------------------------------|

On 6 Sep 2006 09:12:03 -0700, (E-Mail Removed) wrote:

>1. Leave a computer online at my house that would forward my request
>from the hotspot onto the server.
>2. I would then change the requests that I am making to the server from
>the wireless hotspot to actually make the requests to my home PC on a
>port that is not blocked at the hotspot. Say port 80.
>3. The computer at home would forward all requests on the designated
>port number onto the server on port number 1433 It would then return
>all responses from the server back to me on the hotspot.
>
>For step 3 above I would like to find a utility program that I could
>set up to do this. I also could write a program in java that I could
>run on home pc to do this but I would rather not if there is already
>something out there.
>

You could use a simple program as netcat to do this, but it wouldn't
be secure. A better solution is to install a ssh daemon and authorize
port forwarding.
--
echo (E-Mail Removed) | tr "p-za-o" "a-z"

(E-Mail Removed) wrote:
> Here is my problem.
> I am a contract computer programmer. One of the good things about my
> job is that I can pretty much work from anywhere I can get an internet
> connection. The problem is that I often need to use ports that most
> people don't and which therefore are blocked from many wireless
> hotspots.
>
> The most common one is port number 1433 for connecting to Database
> servers. The servers are not mine but my clients so I cannot change
> the port number on the server end.

They block 1433 for a good reason.

Any company that leaves port 1433 (MS SQL server) open to the Internet
really needs a visit from someone who has a clue to tell them why that
is a bad idea.

>
> Basically this is my idea to solve the problem
>
> 1. Leave a computer online at my house that would forward my request
> from the hotspot onto the server.
> 2. I would then change the requests that I am making to the server from
> the wireless hotspot to actually make the requests to my home PC on a
> port that is not blocked at the hotspot. Say port 80.
> 3. The computer at home would forward all requests on the designated
> port number onto the server on port number 1433 It would then return
> all responses from the server back to me on the hotspot.
>
> For step 3 above I would like to find a utility program that I could
> set up to do this. I also could write a program in java that I could
> run on home pc to do this but I would rather not if there is already
> something out there.
>
> Any suggestions on programs that would do this?
> Can this be done? Any ideas on problems I would run into trying to
> program this?
>

> Any suggestions on programs that would do this?
> Can this be done? Any ideas on problems I would run into trying to
> program this?

VPN back to your office or use Remote Desktop to connect to a desktop on
your own box. Then you won't have to worry about what ports are blocked or
if they're secure. The VPN would encode all your traffic back to the office
and you'd connect outward from there. Same thing with RDP just that the app
stays running back at the office.

But has also been pointed out, leaving 1433 open to the internet borders on
suicidal behavior.

I agree, RDP or VNC back to your computer at home, or even a dedicated
server you colocate. If needbe change the default listening port to 80
- cause you know 80 must be open to allow surfing on the Internet.

Bill Kearney wrote:
> > Any suggestions on programs that would do this?
> > Can this be done? Any ideas on problems I would run into trying to
> > program this?
>
> VPN back to your office or use Remote Desktop to connect to a desktop on
> your own box. Then you won't have to worry about what ports are blocked or
> if they're secure. The VPN would encode all your traffic back to the office
> and you'd connect outward from there. Same thing with RDP just that the app
> stays running back at the office.
>
> But has also been pointed out, leaving 1433 open to the internet borders on
> suicidal behavior.

> I agree, RDP or VNC back to your computer at home, or even a dedicated
> server you colocate. If needbe change the default listening port to 80
> - cause you know 80 must be open to allow surfing on the Internet.

And usually so are ports like 8080, 8800 and the 8000-8999 range. I've had
great success configuring inbound services to use those ports. You can
usually reconfigure all sorts of things to use different ports. Not just on
the router using redirection but on the answering servers. Setup ssh with a
different port, RDP, imap, pop and the like. Although I'd *NEVER EVER* use
plain text services like telnet, imap or pop withouth encyption. The single
fastest way to obtain someone else's passwords is to simply sniff the
wireless connections at a coffee shop. Sit there with ethereal running and
just watch for the login sessions. It usually doesn't take more than 10
minutes to collect several. On several occasions when I've been the only
other person in the place with a laptop taken the time to point it out to
the user. They're pretty damned suprised to find out how easily it's done,
sad to say.

-Bill Kearney