Page 2 of 2 FirstFirst 12
Results 11 to 19 of 19

Thread: Bypass Corporate LAN/Firewall for Internet Connection

  1. #11

    Default

    Sorry for some of my unclear posts, but I'm a bit confused myself

    To rephrase it another way: how is it possible that when I connect to a company router, that I can get an IP address and use a DoS shell to ping external IP addresses (web addresses) but not be able to access the internet on my web browser? For web access a Automatic Proxy Configuration URL normally has to be entered into the web browser.
    The link budget is not a problem, we intend on splitting the bill...

  2. #12
    Senior Member Thorn's Avatar
    Join Date
    Jan 2010
    Location
    The Green Dome
    Posts
    1,509

    Default

    Quote Originally Posted by radioraiders View Post
    Sorry for some of my unclear posts, but I'm a bit confused myself

    To rephrase it another way: how is it possible that when I connect to a company router, that I can get an IP address and use a DoS shell to ping external IP addresses (web addresses) but not be able to access the internet on my web browser? For web access a Automatic Proxy Configuration URL normally has to be entered into the web browser.
    How is it possible? An educated guess is that you aren't obtaining the correct Proxy Server information. DNS may also be effected, depending on how the AD or other services are set up.

    One thing to try would be to get an IP of a popular site such as Google or Microsoft and enter the IP into the browser. e.g. Instead of entering http://www.google.com, in the browser's address bar, try entering this: http://74.125.45.103. That might tell you if the issue is with DNS or the proxy server.
    Thorn
    Stop the TSA now! Boycott the airlines.

  3. #13

    Default

    Quote Originally Posted by Thorn View Post
    How is it possible? An educated guess is that you aren't obtaining the correct Proxy Server information. DNS may also be effected, depending on how the AD or other services are set up.
    I've tried every possible proxy setup in FireFox with no luck: using auto detect, no proxy and then the same "Auto proxy config" I use on my company LAN, and none work

    Quote Originally Posted by Thorn View Post
    One thing to try would be to get an IP of a popular site such as Google or Microsoft and enter the IP into the browser. e.g. Instead of entering http://www.google.com, in the browser's address bar, try entering this: http://74.125.45.103. That might tell you if the issue is with DNS or the proxy server.
    I'll try it tomorrow, but when I ping from DoS I did "ping google.com" (not the actual IP address) and the ping was successful, so I don't think it's a DNS issue, but who knows. I'm very confused right now. I need to do more researching about how connecting with a DoS shell and a web browser differ so I can understand the difference why one can work when the other can't...
    The link budget is not a problem, we intend on splitting the bill...

  4. #14
    Senior Member Thorn's Avatar
    Join Date
    Jan 2010
    Location
    The Green Dome
    Posts
    1,509

    Default

    Quote Originally Posted by radioraiders View Post
    I've tried every possible proxy setup in FireFox with no luck: using auto detect, no proxy and then the same "Auto proxy config" I use on my company LAN, and none work


    I'll try it tomorrow, but when I ping from DoS I did "ping google.com" (not the actual IP address) and the ping was successful, so I don't think it's a DNS issue, but who knows. I'm very confused right now. I need to do more researching about how connecting with a DoS shell and a web browser differ so I can understand the difference why one can work when the other can't...
    Then it's probably a proxy server.

    As an aside, it isn't DOS and it certainly isn't DoS. it's a command line shell. Even if it were a shell to the Disk Operating System (which it technically is not any more) it would be "DOS". "DoS" usually means "Denial of Service" which is an attack type.
    Thorn
    Stop the TSA now! Boycott the airlines.

  5. #15
    Member
    Join Date
    Aug 2007
    Posts
    468

    Default

    The default way Micro$uckz have their network setup you have to be authorised via AD to access the proxy server.

    Disclaimer: I am saying this from personally experience of setting up a few laptops for contractors working out of Micro$uckz EU HQ.

  6. #16
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by BOFH139 View Post
    The default way Micro$uckz have their network setup you have to be authorised via AD to access the proxy server.

    Disclaimer: I am saying this from personally experience of setting up a few laptops for contractors working out of Micro$uckz EU HQ.
    So, you're saying that the OP was never actually at MS's headquarters to know if he could get to the inturtubes without authentication.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  7. #17
    Very good friend of the forum Virchanza's Avatar
    Join Date
    Jan 2010
    Posts
    863

    Default

    I'll try it tomorrow, but when I ping from DoS I did "ping google.com" (not the actual IP address) and the ping was successful, so I don't think it's a DNS issue, but who knows.
    When you ping google.com, the following happens:
    1) DNS look-up of google.com
    2) ICMP packet sent from your PC to the default gateway's MAC
    3) Response comes from the default gateway to your PC

    Now if you wanted to load the Google webpage, then only different would be that you'd have a TCP packet instead of ICMP, so my first guess is that there's a firewall blocking blocking TCP.

    I'm very confused right now. I need to do more researching about how connecting with a DoS shell and a web browser differ so I can understand the difference why one can work when the other can't...
    Are you talking about a DOS commandline? E.g. you click Start, then Run, type in "cmd" and hit Return? That black box that says "C:\>"? Well if so, the "ping" commmand is very straight forward, it doesn't deal with proxy servers, it sends an ICMP packet directly to the target machine on the internet. A web browser, however, can be configured to work in one of two ways, it can send packets directly to the internet, or it can send packets to a proxy server.

    Given that "ping" succeeds on your computer, that means you have a direct route to the internet, you don't need a proxy server. However, it might be possible that the router discards TCP packets, and that you have to go through a proxy server to send and receive TCP.

    First thing I'd do in your position is open up Wireshark, nothing escapes Wireshark
    Ask questions on the open forums, that way everybody benefits from the solution, and everybody can be corrected when they make mistakes. Don't send me private messages asking questions that should be asked on the open forums, I won't respond. I decline all "Friend Requests".

  8. #18
    Very good friend of the forum hhmatt's Avatar
    Join Date
    Jan 2010
    Posts
    660

    Default

    Have you heard of traceroute? I would check that before using wireshark.

  9. #19

    Default

    Quote Originally Posted by Thorn View Post
    Then it's probably a proxy server.

    As an aside, it isn't DOS and it certainly isn't DoS. it's a command line shell. Even if it were a shell to the Disk Operating System (which it technically is not any more) it would be "DOS". "DoS" usually means "Denial of Service" which is an attack type.
    Right sorry for the confusion, I did mean DOS shell. Don't know why I made the "o" small next time I'll say CMD shell to avoid confusion

    Quote Originally Posted by streaker69 View Post
    So, you're saying that the OP was never actually at MS's headquarters to know if he could get to the inturtubes without authentication.
    I was never in MS offices, but other large corporate HQ's. I just didn't want to name any names, so chose a random company as an example (ie: MS)

    Quote Originally Posted by Virchanza View Post
    When you ping google.com, the following happens:
    1) DNS look-up of google.com
    2) ICMP packet sent from your PC to the default gateway's MAC
    3) Response comes from the default gateway to your PC

    Now if you wanted to load the Google webpage, then only different would be that you'd have a TCP packet instead of ICMP, so my first guess is that there's a firewall blocking blocking TCP
    .....
    First thing I'd do in your position is open up Wireshark, nothing escapes Wireshark
    Thanks for the info. This could be why the ping works, and why I need to connect my web-browser via a proxy server even when inside the LAN.
    To add to that I read:
    Unlike the TCP protocol layer and the UDP protocol layer, ICMP does not have a port number. This is because ICMP is directly hosted by the IP layer.
    http://support.microsoft.com/kb/179442

    I think something like this PingTunnel is what is needed to connect externally when TCP/UDP is blocked, but ICMP is allowed:
    http://www.cs.uit.no/%7Edaniels/PingTunnel/

    Quote Originally Posted by hhmatt81 View Post
    Have you heard of traceroute? I would check that before using wireshark.
    I did a traceroute in the CMD shell. It showed the path from google to my DHCP server. But that's not very useful, as it doesn't tell me much more about the behavior of the router than what a ping would do (ie: only that it's accessable). I've never used Wireshark, but this could be a good time to learn
    The link budget is not a problem, we intend on splitting the bill...

Page 2 of 2 FirstFirst 12

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •