Break through restrictions on user access in LAN

There may be many restrictions on LAN Internet users, such as websites, games, MSN, and port restrictions, which are usually restricted by software on the proxy server, for example, the most talked ISA Server 2004, or the hardware firewall is used for filtering. The following describes how to break through the restrictions:

I. restrict some websites

It cannot be accessed, and online games (such as the Internet) cannot be played. This type of restriction generally limits the IP addresses to be accessed.
This type of restriction can be easily broken through. You can use a common HTTP proxy or SOCKS proxy. Now it is easy to find an HTTP proxy on the Internet. You can easily access the target website by adding an HTTP proxy to IE.

Ii. Some protocols are restricted

For example, if FTP is unavailable, the IP addresses of some online games are limited, and these games do not support common HTTP proxies.

In this case, you can use SOCKS proxy and Sockscap32 software to add the software to SOCKSCAP32 and access it through SOCKS proxy. General programs can break through the restrictions. For some games, you can consider the Permeo Security Driver software. If SOCKS is restricted, use socks2http instead of HTTP.

Iii. packet-based filtering restrictions

Or some keywords are forbidden. This type of restriction is strong. It is usually filtered by the proxy server or the hardware firewall. For example, we use ISA Server 2004 to disable MSN and perform packet filtering. Such restrictions are hard to break through, and ordinary agents cannot break through them.

Because of the packet filtering, this type of restriction can filter out keywords, so you need to use an encrypted proxy. That is to say, the data stream of the HTTP or SOCKS proxy in the middle is encrypted, such as stepping stone, SSSO, and FLAT, as long as the proxy is encrypted, it can be broken through. With these software and then with Sockscap32, MSN can be used. This type of restriction does not work.

Iv. Port-based restrictions

Some ports are restricted. The most extreme condition is that only port 80 can be accessed, so you can only view the webpage, and even receive emails from OUTLOOK and FTP. Of course, the principle of breakthrough is the same for limiting several special ports.

This restriction can be broken through the following methods: 1. Find the proxy of the common HTTP80 port, 12.34.56.78: 80. For example, with socks2http, replace the HTTP proxy with the SOCKS proxy, then, with SocksCap32, it is easy to break through. The proxy used in such breakthrough measures is not encrypted. Tongtong software also has this function. 2. Use FLAT software and SocksCap32, but the FLAT proxy should be port 80. Of course it doesn't matter if it is not port 80, because FLAT also supports access through common HTTP proxy, if it is not port 80, you need to add an HTTP proxy with port 80. This kind of breakthrough method uses proxy encryption, and the network management does not know what the data is in the middle. The proxy stepping stone can also be done, but the proxy still needs port 80. For port 80 restrictions, some port conversion techniques can be used to break through the restrictions. Refer to my post below.

V. Integration of the above restrictions

For example, if there is a restriction on IP addresses, There are also restrictions on keywords, such as sealing MSN, There are also restrictions on ports. Generally, the second method in the fourth case can completely break through the restrictions. As long as Internet access is permitted, all restrictions can be broken.
　　
6. You cannot access the Internet at all.

You are not granted the Internet access permission or IP address, or you have bound the IP address to the MAC address. Two methods:

1. You should have good friends in the company. You can find a machine that can access the Internet and use a channel to install a small software to solve the problem, FLAT should be okay. If there is a key, no one else can access it, and you can define a port by yourself .. Other software that supports this method can also. I conducted a test, as shown in the following figure: In a LAN environment, a proxy server is used to access the Internet, some IP addresses are limited, and the other IP addresses are not allowed to access the Internet, limits on hardware firewalls or proxy servers. I think it's useless to bind a MAC address to an IP address.

Set a machine that can access the Internet in the LAN, set the IP address of my machine to a machine that cannot access the Internet, and then install the FLAT server program for the machine that can access the Internet, which is more than 500 K, the local machine uses the FLAT client and uses SOCKSCAP32 to add some software, such as IE, to test the connection. The speed is very fast, and the data transmission is still encrypted, which is very good.

Step 1: Start the HTTPTunnel client on my machine (192.168.1.226. Start the MS-DOS's command line method, and then execute the htc-F 8888 192.168.1.231: 80 command, where htc is the client program, the-f parameter indicates that will be from 192.168.1.231: all data of port 80 is forwarded to port 8888 of the local machine. This port can be selected as long as the local machine is not occupied.

Then we use Netstat to check the current port opened on the local machine and find that port 8888 is listening.

Step 2: Start the HTTPTunnel server on the other machine and execute the command
"Hts-f localhost: 21 80", this command means to transfer all data sent from port 21 of the local machine through port 80, and open port 80 as the listening port, check the machine with Neststat and you will find that port 80 is listening now.
　　
Step 3: use FTP to connect to port 8888 of the local machine on my machine. Now it is connected to the other machine. Download it now!

But what do people see is 127.0.0.1 instead of 192.168.1.231? Because I am now connecting to port 8888 of the local machine, the firewall will certainly not respond, because I did not send packets out, of course, the LAN firewall does not know. After connecting to port 8888 of the Local Machine, both the control information and data information of FTP data packets are disguised as HTTP data packets by htc and sent to the firewall, it is equivalent to spoofing the firewall.

It should be noted that the use of this trick requires the cooperation of other machines, that is, to start an hts on his machine and put the services provided by him, for example, redirect FTP to the port 80 allowed by the firewall to bypass the firewall! Someone may ask, if the other machine has the WWW Service itself, that is to say, its port 80 is listening, will this conflict? The advantage of HTTPTunnel is that even if port 80 is open in the past, there will be no problems with such use. Normal Web access still follows the old path, and the redirection tunnel service will be unobstructed!