Bluesocket network

[I.odine]

Hey guys

Im not exactly looking for instructions or anything of that sort. I am just curious.

My College hosts a network using Bluesocket, and It is driving me insane! I am on a mac, and from what i can gather MOST programs that use the net are blocked on my mac side, and only function if I use their windows based counterparts via VMware or parallels. Now i dont know all the particulars about bluesocket and how it works, but I would love to see what is possible to work around. I have been doing lots of reading and its seems its one of the network security juggernauts! which has me worried that i am doomed to suffer with intensely moderated bandwidth limitations and blocked ports for everything but basic browsing! I mean it wont even let me connect to the iTunes store! big brother or what! ha. So during my 3 hour break between classes I sit in the Library and try to find was around it, but it all seems futile.

Has anyone had any success or stories about Bluesocket networks? Just curious.

Thanks in advance

Cheers,

][

[PLuNK]

How about just tunnelling your traffic to a external server via SSH?

[I.odine]

How about just tunnelling your traffic to a external server via SSH?

Hey Plunk,

That was my initial idea and one I will definatly be exploring in the near future (my other computer is in dispose at the moment) But seeing as near everything is blocked i dont know how confident i am in the SSH getting through. Has anyone had any success with this? Just heading off to class now! thanks for the suggestion Plunk!

Cheers,

--][--

[Sparda]

Do you have to install software on your computers in order to be on the network?

I ask because the way you describe how it works it seems like application layer control.

[I.odine]

Do you have to install software on your computers in order to be on the network?

I ask because the way you describe how it works it seems like application layer control.

Hey Sparda

thanks for the reply. To answer your question, No - so software is required. Its a sort of starbucks system where upon connecting to the unsecured hotspot your taken to a login page where i provide username and password then have access to webpages after that. I am just on the school network now - and have done some testing. I know MSN of any variety from my mac does not work (i.e installed app, or online clones (meebo, webmessenger etc) I know installed games that access game servers (WoW, WC3) are blocked i.e never connect. iTunes store connect either. Also HotSpotShield does not connect. This is just some testing with things i have available to me.

Cheers,

--][--

[I.odine]

Hey,

Still not having any luck with that tunneling solution - I just dont have an extra computer at home to use as a SSH server. Does anyone know if there is any sort of test SSH server i can tunnel to, to see if its even possible?

Or how about any other ideas?

Thanks guys,

--][--

[lnxr0x]

It's limited in functionality but you could try gopc.net

I use it at work because port 6667 for irc is blocked, but not when I login to gopc (which is an automatic SSH connection)

there's a client and also a java version that runs within the browser (if you run Linux or OSX)

hope this helps :)

[I.odine]

Hey

Thanks for the suggestion - I tried to sign up for a free account but no matter what username i put it, I was told it was invalid so i guess thats out for now.

Besides - is that not just a virtual pc in the browser? for example if i logged into that - then went back to my desktop (mac) would something like msn that was blocked before potentially work? (note msn works using vmware booting into vista and using msn via vista) Not sure if that would solve my problem if was an "in browser only" typing thing.

So no actual free sorta SSH servers to tunnel to for testing eh?

--][--

[blahdeblah]

Bluesockets are simply Linux-based captive gateways. Unauthenticated you are in a particular role, which allows minimal outbound traffic (but at least outbound DNS). You open a browser, your browser sends a DNS request for your home page, gets the correct result, and then issues a HTTP GET for that page. The Bluesocket controller intercepts the requests and answer it as if it was the other endpoint, and returns a HTTP 302 moved to its own login page.

Once authenticated, you are assigned a role. No further connections are intercepted, the role merely governs traffic shaping and firewalling (and an optional redirect to a URL of the admin's choice after successful login). As far as firewalling goes, roles simply contain lines of rules that make up an iptable chain, this chain is applied to your traffic. The administrator of the controller you are behind apparently has chosen to block a bunch of ports and destinations, most likely followed by a catch-all allow any/any rule at the end of the set.

This has absolutely nothing to do with your hardware or OS, Bluesocket controllers work entirely based on TCP/IP and and device that can do TCP/IP can be managed by them.

Your only option is to proxy all the connections it blocks. Same as with any other firewall.

[I.odine]

Hey blahdeblah

thank you so much for the informative post! i really appreciate it! Certainly clears up a bit of the mystisizm which is this bluesocket network.

So you mentioned proxy all the blocked ports? I i were to setup a proxy on a box at home, and tunnel to it from my school - would i have to input somewhere all the blocked ports? or would i just be able to set my computer to tunnel all traffic to my home box? I guess i am just a little confused by the bit you mentioned about

Your only option is to proxy all the connections it blocks. Same as with any other firewall.

Thanks in advance! your a start.

Cheers,

--][--

Bluesockets are simply Linux-based captive gateways. Unauthenticated you are in a particular role, which allows minimal outbound traffic (but at least outbound DNS). You open a browser, your browser sends a DNS request for your home page, gets the correct result, and then issues a HTTP GET for that page. The Bluesocket controller intercepts the requests and answer it as if it was the other endpoint, and returns a HTTP 302 moved to its own login page.

Once authenticated, you are assigned a role. No further connections are intercepted, the role merely governs traffic shaping and firewalling (and an optional redirect to a URL of the admin's choice after successful login). As far as firewalling goes, roles simply contain lines of rules that make up an iptable chain, this chain is applied to your traffic. The administrator of the controller you are behind apparently has chosen to block a bunch of ports and destinations, most likely followed by a catch-all allow any/any rule at the end of the set.

This has absolutely nothing to do with your hardware or OS, Bluesocket controllers work entirely based on TCP/IP and and device that can do TCP/IP can be managed by them.

Your only option is to proxy all the connections it blocks. Same as with any other firewall.

[blahdeblah]

You would either tunnel all necessary ports (via SSH, for example, tutorials are available via google) or more easily with a VPN. VPN into home and you'll be good to go.

[SIMS]

great info

my school is use http://nocat.net/ which from the sounds of Bluesocket; they are the same

is there any way to "bypass" the "HTTP 302 moved to its own login page"

Bluesockets are simply Linux-based captive gateways. Unauthenticated you are in a particular role, which allows minimal outbound traffic (but at least outbound DNS). You open a browser, your browser sends a DNS request for your home page, gets the correct result, and then issues a HTTP GET for that page. The Bluesocket controller intercepts the requests and answer it as if it was the other endpoint, and returns a HTTP 302 moved to its own login page.

it may be me, but less than 225 seconds i have to log back in

what do you think is going on?

[Sparda]

is there any way to "bypass" the "HTTP 302 moved to its own login page"

You could try and steal some one elses session.

[SIMS]

You could try and steal some one elses session.

awesome

but how (i am a noob)

[I.odine]

there are many tutorials and info for arp attacks and getting session info. If you want more info please make your own thread and dont hijack mine.

awesome

but how (i am a noob)

I am still waiting for my other computer to get here so i can setup the proxy server, but will post more once i get that all setup.

Thanks for all the help thus far guys, immensely appreciated.

--][--

[m1d63t]

there are many tutorials and info for arp attacks and getting session info. If you want more info please make your own thread and dont hijack mine.

I am still waiting for my other computer to get here so i can setup the proxy server, but will post more once i get that all setup.

Thanks for all the help thus far guys, immensely appreciated.

--][--

Has there been any new information on the bluesocket? Somehow devry is supposedly blocking Linux based computers from accessing the network. It also scans for things such as p2p apps and a lack of anti virus programs being installed. I would like to first switch my OS finger print and then also make it think that a windows anti virus program is not only installed but up to date on definitions. Has anybody tried to go this far to get around a bluesocket?

[dwjp90]

Has there been any new information on the bluesocket? Somehow devry is supposedly blocking Linux based computers from accessing the network. It also scans for things such as p2p apps and a lack of anti virus programs being installed. I would like to first switch my OS finger print and then also make it think that a windows anti virus program is not only installed but up to date on definitions. Has anybody tried to go this far to get around a bluesocket?

yea, macs, linuxs and 1/2 the windows comps cant connect. DeVry fucked up bad. Not to mention that the bandwith is ushally 100Kb for ~300 users

[m1d63t]

Sorry to bump an old post but I want to find a vulnerability in these devices just for the fact that they are just another tool to limit choice and efficiency whilst at school. It is now a personal vendetta...