[Gllug] OT: Announcement
Jon Masters
jonathan at jonmasters.org
Sat Sep 1 00:31:09 UTC 2001
On 01 Sep 2001 00:04:10 +0000, Ian Norton wrote:
> essex have a fairly tight thing, they are old school bsd people
> running stuff (afaik), they have a sizable contingent of linux
> worksatations in labs
At my University I am very impressed overall with the staff in my
department but I really don't like the generic Computing Services and
unfortunately, the generic services run all campus connectivity and the
student hall data network in conjunction with NTL...although it will be
a lot better next year than last year, I envy those in hall next year :)
> udp 53 doesnt go out, there is an internal dns linked to a mac static,
> dhcp server, you have to reg your card with them,
This is what many places try to do...and fail at miserably.
> all web access is via proxy or ssh,
At least they have the sense to allow ssh in/out. The proxy probably
accepts CONNECTs and secure connections so you can run a reasonable
quality encapsulated tunnel direct to an offsite machine if you like.
jcm>> Do they stop everything leaving the firewall? It probably depends
jcm>> upon the ICMP packet type that you are sending out, you know.
>
> nope , no ping :-)
Yes but the point is ICMP != ping :) You need to experiment with various
different ICMP types before you make the blanket statement that there is
no way to do this.
> they just didnt think to try it before writing the app :-P
There is existing code out there to do this :)
jcm>> Having said all this, they probably still let standard http
jcm>> traffic out via a cache and you can of course use GNU httptunnel
jcm>> to encapsulate this too.
> seemed almost (but not quite) as round the houses as icmp encaps :-)
It certainly is. btw, have you tried checking all 65535x2 possible ports
for sending/receiving data - it may very well be that they've blocked
certain ranges and don't block high numbered ports or something.
Two other things I have seen implementations of are IPoverNews/Mail and
IP over DNS - although I don't recommend it as really viable generally.
Just so I have said it, some places really really do not like you doing
this kind of thing and then make wild claims of it being against JaNET
rules/regs and so forth - so be careful and anything I say here is not
to be taken as a suggestion for you to break any rules you may be under.
--jcm
--
Gllug mailing list - Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug
More information about the GLLUG
mailing list