There may be many restrictions on LAN Internet users, such as websites, games, MSN, and port restrictions, which are usually restricted by software on the proxy server, for example, the most talked ISA Server 2004, or the hardware firewall is used for filtering. The following describes how to break through the restrictions:
1. Some websites cannot be accessed, and online games (such as the Internet) cannot be played. These restrictions generally restrict the IP addresses to be accessed.
This type of restriction can be easily broken through. You can use a common HTTP proxy or SOCKS proxy. Now it is easy to find an HTTP proxy on the Internet. You can easily access the target website by adding an HTTP proxy to IE.
2. Some protocols are restricted, such as the failure of FTP, and the restriction on the server IP addresses of some online games, which do not support common HTTP proxies.
In this case, you can use SOCKS proxy and Sockscap32 software to add the software to SOCKSCAP32 and access it through SOCKS proxy. General programs can break through the restrictions. For some games, you can consider the Permeo Security Driver software. If SOCKS is restricted, use socks2http instead of HTTP.
3. restriction based on packet filtering or some keywords are forbidden. This type of restriction is strong. It is usually filtered by the proxy server or the hardware firewall. For example, we use ISA Server 2004 to disable MSN and perform packet filtering. Such restrictions are hard to break through, and ordinary agents cannot break through them.
Because of the packet filtering, this type of restriction can filter out keywords, so you need to use an encrypted proxy. That is to say, the data stream of the HTTP or SOCKS proxy in the middle is encrypted, such as stepping stone, SSSO, and FLAT, as long as the proxy is encrypted, it can be broken through. With these software and then with Sockscap32, MSN can be used. This type of restriction does not work.
4. Port-based restrictions restrict certain ports. The most extreme condition is that only port 80 can be accessed, so you can only view the webpage, even OUTLOOK receiving and FTP restrictions. Of course, the principle of breakthrough is the same for limiting several special ports.
This restriction can be broken through the following methods:
1. Find the common HTTP port proxy, 12.34.56.78: 80. For example, with socks2http, replace the HTTP proxy with the SOCKS proxy, and then use SocksCap32 to easily break through. The proxy used in such breakthrough measures is not encrypted. Tongtong software also has this function.
2. Use FLAT software and SocksCap32, but the FLAT proxy should be port 80. Of course it doesn't matter if it is not port 80, because FLAT also supports access through common HTTP proxy, if it is not port 80, you need to add an HTTP proxy with port 80. This kind of breakthrough method uses proxy encryption, and the network management does not know what the data is in the middle. The proxy stepping stone can also be done, but the proxy still needs port 80. For port 80 restrictions, some port conversion techniques can be used to break through the restrictions.
5. The preceding restrictions are comprehensive, such as IP address restrictions and restricted keywords, such as MSN mails and port restrictions.
Generally, the second method in the fourth case can completely break through the restrictions. As long as Internet access is permitted, all restrictions can be broken.
6. Another scenario is that you cannot access the Internet at all. You are not authorized to access the Internet or use an IP address or bind the IP address to the MAC address.
Two methods:
1. You should have good friends in the company. You can find a machine that can access the Internet and use a channel to install a small software to solve the problem, FLAT should be okay. If there is a key, no one else can access it, and you can define a port by yourself .. Other software that supports this method can also. I conducted a test, as shown in the following figure: In a LAN environment, a proxy server is used to access the Internet, some IP addresses are limited, and the other IP addresses are not allowed to access the Internet, limits on hardware firewalls or proxy servers. I think it's useless to bind a MAC address to an IP address.
Set a machine that can access the Internet in the LAN, set the IP address of my machine to a machine that cannot access the Internet, and then install the FLAT server program for the machine that can access the Internet, which is more than 500 K, the local machine uses the FLAT client and uses SOCKSCAP32 to add some software, such as IE, to test the connection. The speed is very fast, and the data transmission is still encrypted, which is very good.
2. Do a good job with the network administrator. Everything can be done. The network administrator has all the permissions and can leave no restrictions on your IP address, provided that you do not need to bother the network administrator, do not affect the normal operation of the LAN. This is the best solution.
In addition, there is another way to penetrate the firewall in the LAN, that is, to use HTTPTUNNEL. To use this software, the server needs to cooperate and run the httptunnel server. This method is very effective for LAN port restrictions.
The hidden channel technology is to use some software to encapsulate the protocols not allowed by the firewall in an authorized feasible protocol, so as to pass the firewall, the port conversion technology also converts an unsupported port to a port that is allowed to pass through, thus breaking through the firewall restrictions. This type of technology is now available in some software, and HACKER often uses this type of technology.
The English word HTTPTunnel and Tunnel indicates a Tunnel. Generally, HTTPTunnel is called an HTTP channel. Its principle is to disguise data as HTTP data to pass through the firewall, in fact, a two-way virtual data connection is created in the HTTP request to penetrate the firewall. To put it simply, a conversion program is set up on both sides of the firewall to encapsulate the packets that were originally sent or accepted into the format of HTTP requests and cheat the firewall, therefore, it does not need other proxy servers to directly penetrate the firewall. At the beginning, HTTPTunnel only had the Unix version. Now someone has transplanted it to the Window platform. It contains two programs, htc and hts. htc is the client, and hts is the server side. Now let's take a look at how I use them. For example, if the IP address of the FTP server is 192.168.1.231 and the IP address of my local server is 192.168.1.226, I cannot connect to the FTP server because of the firewall. Now the process of using HTTPTunnel is as follows:
Step 1: Start the HTTPTunnel client on my machine (192.168.1.226. Start the MS-DOS's command line method, and then execute the htc-F 8888 192.168.1.231: 80 command, where htc is the client program, the-f parameter indicates that will be from 192.168.1.231: all data of port 80 is forwarded to port 8888 of the local machine. This port can be selected as long as the local machine is not occupied.
Then we use Netstat to check the current port opened on the local machine and find that port 8888 is listening.
Step 2: Start the HTTPTunnel server on the other machine and execute the command
"Hts-f localhost: 21 80", this command means to transfer all data sent from port 21 of the local machine through port 80, and open port 80 as the listening port, check the machine with Neststat and you will find that port 80 is listening now.
Step 3: use FTP to connect to port 8888 of the local machine on my machine. Now the machine is connected to the other machine.
But what do people see is 127.0.0.1 instead of 192.168.1.231? Because I am now connecting to port 8888 of the local machine, the firewall will certainly not respond, because I did not send packets out, of course, the LAN firewall does not know. After connecting to port 8888 of the Local Machine, both the control information and data information of FTP data packets are disguised as HTTP data packets by htc and sent to the firewall, it is equivalent to spoofing the firewall.
It should be noted that the use of this trick requires the cooperation of other machines, that is, to start an hts on his machine and put the services provided by him, for example, redirect FTP to the port 80 allowed by the firewall to bypass the firewall! Someone may ask, if the other machine has the WWW Service itself, that is to say, its port 80 is listening, will this conflict? The advantage of HTTPTunnel is that even if port 80 is open in the past, there will be no problems with such use. Normal Web access still follows the old path, and the redirection tunnel service will be unobstructed! -