[nycbug-talk] Draconian firewall issues

jonathan at kc8onw.net jonathan at kc8onw.net
Sat Sep 22 18:03:37 EDT 2007


I'm currently in a situation where I am behind a horribly draconian
firewall that only allows ports 80, 443 and 21 outbound. It also appears
they do layer 7 filtering because my traditional method of using port 21
for SSH instead of FTP fails in a flood of RST packets as soon as a packet
with a non-text payload is sent.

I plan to setup my server to allow HTTP CONNECT over port 443 and ssh that
way but I need to get to my server first...

I've tried browsing the public open proxy server lists but have been
unable to find one I could actually use with ssh rather than regular web
requests.

I've also attempted to use Tor with no luck so far because the primary
Directory servers are actively blocked and I can't get any alternates to
work.  I used the advanced search at http://torstatus.kgprog.com/ to find
directory servers that listen on 80 or 443 and I can telnet to those ports
but Tor never seems to successfully use them.  More information is below.

If someone has suggestions or is willing to set something up for me I
would hopefully only need about 24 hours to get my server setup.  If no
one has any other ideas I can give someone I know with access my root
password and hope they don't mess anything up too badly but I would really
rather not do that.


Thanks for your time,
Jonathan

(Sorry for the horrible wrapping)

[changes from default torrc]
FascistFirewall 1
Dirserver 66.225.36.149:443 023220505A550D6FDF0C20FF7C48E66BA06A49A6
Dirserver 86.15.239.219:80 F4AD 52CD DCF4 1398 8574 9FBD 5866 2BCD 168A 6FF6

[tor output]
H:\Tor.2>tor
Sep 23 01:20:39.921 [notice] Tor v0.2.0.6-alpha (r11277). This is
experimental software. Do not rely on it for strong anonymity. (Running on
Windows 2000 Servic
e Pack 4 [server] {terminal services, single user} {terminal services})
Sep 23 01:20:40.078 [notice] Converting FascistFirewall config option to
new for
mat: "ReachableDirAddresses *:80"
Sep 23 01:20:40.140 [notice] Converting FascistFirewall config option to
new for
mat: "ReachableORAddresses *:443"
Sep 23 01:20:40.203 [warn] You have used DirServer to specify directory
authorit
ies in your configuration.  This is potentially dangerous: it can make you
look
different from all other Tor users, and hurt your anonymity.  Even if
you've spe
cified the same authorities as Tor uses by default, the defaults could
change in
 the future.  Be sure you know what you're doing.
Sep 23 01:20:40.343 [notice] Initialized libevent version 1.3b using
method win3
2. Good.
Sep 23 01:20:40.406 [notice] Opening Socks listener on 127.0.0.1:9050
Sep 23 01:20:41.046 [notice] I learned some more directory information,
but not
enough to build a circuit.
Sep 23 01:20:46.046 [notice] I learned some more directory information,
but not
enough to build a circuit.
^C
H:\Tor.2>tor
Sep 23 01:25:07.671 [notice] Tor v0.2.0.6-alpha (r11277). This is
experimental s
oftware. Do not rely on it for strong anonymity. (Running on Windows 2000
Service Pack 4 [server] {terminal services, single user} {terminal
services})
Sep 23 01:25:07.750 [notice] Converting FascistFirewall config option to
new format: "ReachableDirAddresses *:80"
Sep 23 01:25:07.750 [notice] Converting FascistFirewall config option to
new format: "ReachableORAddresses *:443"
Sep 23 01:25:07.750 [warn] You have used DirServer to specify directory
authorities in your configuration.  This is potentially dangerous: it can
make you look different from all other Tor users, and hurt your anonymity.
 Even if you've specified the same authorities as Tor uses by default, the
defaults could change in the future.  Be sure you know what you're doing.
Sep 23 01:25:07.781 [notice] Initialized libevent version 1.3b using
method win32. Good.
Sep 23 01:25:07.828 [notice] Opening Socks listener on 127.0.0.1:9050
Sep 23 01:25:08.453 [notice] I learned some more directory information,
but not enough to build a circuit.
Sep 23 01:25:10.281 [notice] I learned some more directory information,
but not enough to build a circuit.
Sep 23 01:26:11.625 [notice] I learned some more directory information,
but not enough to build a circuit.
Sep 23 01:27:12.765 [notice] I learned some more directory information,
but not enough to build a circuit.
Sep 23 01:28:13.250 [notice] I learned some more directory information,
but not enough to build a circuit.
Sep 23 01:29:14.703 [notice] I learned some more directory information,
but not enough to build a circuit.
Sep 23 01:30:15.984 [notice] I learned some more directory information,
but not enough to build a circuit.






More information about the talk mailing list