forum.vdsworld.com

[Rubes_sw]

Is there anyway to bypass a firewall ?

What i mean is

i have a program, and i want to automatically create a rule for eg.

Norton Internet Security, Zone Alarm. So it will auto let my program connect to my tcp/ip server?

Nathan

[LiquidCode]

If there was, I it should not be posted here. A lot of people come here. That is not information that should be available.

[FreezingFire]

I agree LiquidCode - plus, I think the only way for this to work is to make
the user allow the program.

[PGWARE]

Agreed. The point of a firewall is to allow the administrator/user to restrict what software is allowed in and out of the network. You can of course note that the software will attempt such on the license agreement (during install of the software), but I still think your end users may not appreciate the fact that rules to their firewall were modified without their knowledge of the specific rule additions.

[moke]

Nathan,

I agree with the comments about firewall security and the need to
maintain it. When someone asks, "how do I by pass a firewall?" it naturally makes a lot of people nervous.

I'm not sure exactly what your looking to do but maybe you should rephrase the question. Are you looking to have a program that can, at times, be interactive with a remote server, possibly a web server?

moke

[Rubes_sw]

MM, yep i should rephrase my question.

I work for a company, called Aperture and we are the first commercial wireless broadband internet service provider in Northern Ireland, UK. http://www.dundrumbroadband.com

The software and technology used does not have the facility to monitor clients usage on the internet. (By law an ISP must monitor and record users activity on the Internet for material that is a breach of security, unfit, this would include (Child Por....) etc

In other words a government agency could come to us and say, we know someone on your network has downloaded or used such material. And in a cases studie in the states, saw ISP having their equipment removed because they could not show who the client was.

We do not want this to happen. So that is why i created On-Line Manager.

It records every URL, visted by the client into a decrpted file, That the ISP can not even decrypt. (This is so it complys with the DATA Protection Act, but we offer a decryption service in the event that the government agency contacts the isp).

Anyway for this to all work, we have written into our terms and conditions for using our service we will monitor the clients connection.

But anyone who has a firewall installed, they can block the data being sent. This of course means we can not monitor the client.

( I am in discussing with the developer of the Mesh Technology we use www.locustworld.com, about an alternative method of recording without having any software on the clients machine, but this is proving difficult because the method is using unix, tcpdump and i do not know how to decode the packets, that would contain the url, macid, ip etc.

Nathan

*Hope this has made it a bit clearer, i think i have been about this board long enough for people to know that i am genuine. I have numerous registered versions of DLL's and I bought three diffenet versions of VDS5 And my intentions are not underhanded or sneaky, i am just trying to make my job a lot easier.

[Mac]

Hey Nathan,

Could your client software "ping" the server (or download
a tiny file, etc.) every few minutes?

If not successful, it could pop up a warning telling the user
to allow access thru the firewall. If they refuse, you could
disconnect (or reboot).

Just a thought.

Cheers, Mac

[Skit3000]

Nathan, isn't it possible to force people to use a proxy server set up by your company? That way, you could also monitor what people are doing...

[jules]

I think there is a fundamental problem with doing what you're trying to do using software running on the client anyway. Never mind getting the information past a firewall, the problem will be in ensuring that your application is running in the first place.
Many people are extremely sensitive about "spyware" running on their computers, and it won't take long for soemone to work out that this is exactly what your application is. Many people are not happy with the idea that ISPs log their activity, so do you really think they are going to sit back and let this application run, once they find out what it is for?
I think the only way to do this properly is as Skit suggested, by using a proxy server on your side of the firewall.

[FreezingFire]

True - a proxy can't be bypassed if you require the customers to go through it.

[Rubes_sw]

Is there any good VDS Proxy dlls, i could use for this?

I know httpx.dll but it does not have a lot of logging functions etc.

Nathan

[moke]

I can't say this for certain but I believe if the ISP can "trace" upto the public IP they have met their legal obligation. Once past that it becomes a corporate issue. For instance.

Company A has a firewall that is connected to the internet.
Since all users are behind the firewall they appear on the internet w/ a public IP of 111.111.111.111
Should the federal government, at least in the US, approach the ISP with a legal matter the ISP is only required to show logs tracing back to the IP address 111.111.111.111.
Company A would then become responsible to provide information on which of their users was involved in illegal activity.

While a proxy would be better you still have the issue of people using it. If the network administrator is the offender he can easily bypass any proxy, unless the ISP requires and has software to support a very specific connection handshaking. On top of this what would prevent the company in question from deleting the information if it is stored locally.

As I understand it IP logging is how this is accomplished. Where the ISP can monitor the IP addresses and information downloaded and log it to a database.

Don’t get me wrong Nathan. Your tracking tolls sound VERY COOL. From a corporate perspective I think they would be very useful, but on the scale of an ISP I think there may be a few issues.

BTW the missing word " " is -T-R-A-C-E- apparently a bad word today.

moke

[CodeScript]

I think the board automatically removes these words although they may not be used in bad sense.

[FreezingFire]

[moke]

I assumed it was something like that.