Jump to content

School firewall


Weiii
 Share

Recommended Posts

lol, okay i wanna kinda be nice coz he did say 1 thing right...

go home, set up a server box, on this server box dont use Windows download a copy of Linux or BSD, i like FC3 (fedora Core) on this server set up apache, enable it to sue CGI, PHP, and MySQL (just for the hell of it), once ur done troll the internets for a copy of the 'CGI MySpace Proxy', set this up on ur server.

goto skool type in ur IP address for home, the u are able to spam the Hak5 forums from skool to ur hearts content... (dont spam i may be blamed...)

This is were i will stop helping u for ur n00b questions, if u can understand and set all this up then u are worthy ^_^. (remember kids, porn is for home and not for ur skool administrater to find on ur USB Flash Drive...)

Link to comment
Share on other sites

Hey, hey, hey, hey... smoke weed everyday, and like... that burning wall will totally be doused.

But if you want to do it, try tunneling out via SSH. Its not going to be used by many people your age, so its less likely to be blocked. If you make it work, keep your mouth shut and don't take the piss with your increased access level. If your caught doing anything that breaches your schools AUP then they will hand your ass to you on a silver plater.

Link to comment
Share on other sites

pretty much everything is blocked at my school, including ssh

only ports open are 80 and 443

80 is web filtered

443 is not filtered!

so I setup a php proxy that has an ssl certificate, got a ddns system going and boom, my popularity at school went up

or maybe I just surf porn in the library

the next step will be an ssl vpn since I miss using rdp

Link to comment
Share on other sites

A simpler solution....hang around with the IT guys and with time you may get access to their 'un-blocked' proxy. I have :)

Not only will u have unblocked internet but a valuable IT resource if u need any help.

Im not sure what other school IT guys are like...mine are cool :P

Link to comment
Share on other sites

lol, okay i wanna kinda be nice coz he did say 1 thing right...

go home, set up a server box, on this server box dont use Windows download a copy of Linux or BSD, i like FC3 (fedora Core) on this server set up apache, enable it to sue CGI, PHP, and MySQL (just for the hell of it), once ur done troll the internets for a copy of the 'CGI MySpace Proxy', set this up on ur server.

goto skool type in ur IP address for home, the u are able to spam the Hak5 forums from skool to ur hearts content... (dont spam i may be blamed...)

This is were i will stop helping u for ur n00b questions, if u can understand and set all this up then u are worthy ^_^. (remember kids, porn is for home and not for ur skool administrater to find on ur USB Flash Drive...)

lol but FC3 *cough* Ubuntu Server 6.06 LTS is WAY WAY better and CGI Myspace Proxy not good PHPproxy PWNS :D One more thing you may want to get a dyndns

Link to comment
Share on other sites

phpproxy is indeed very easy to setup and fast to run, however if you need greater usability cgiproxy is far superior, it will work with almost any website. there are a great number of websites that phpproxy will not work with.

ssl vpn I believe is the way to go

Link to comment
Share on other sites

Two things to do are set up an SSH Tunnel from home to school using putty or you can use a portable browser on your memory stick. My school is so stupid, the use a proxy to filter, I put firefox portable on my memorystick and away i go. BE CAREFUL THOUGH! Luckily my teachers are nice so they said Cool, can you show me (teachers get blocked too!). If it breches your schools Computer Agreement BE CAREFUL or DONT DO IT!

Firefox Portable

Thunder bird Portable

Miranda IM Portable

Opera Portable

Link to comment
Share on other sites

Well, I guess I get to represent the other side of things here. I am one of the Tech guys for not just one school, but an entire school district. That's 6 schools, the VoTech, the main office, and the Technology lab (where we have trainings and all setup). I thank all of you for showing me the different ways that the kids might get through what we have setup (no worries from anyone on here, unless you happen to live somewhere in Central Mississippi).

From what I've read, that is what some kids try normally. Right now, we are using a Clark Box (filtering system based on CentOS) as well as WebSense to filter the entire district's content, and we block a lot of stuff... except for https traffic, as someone else noted about another school. This is a real problem, because the school district has to be SIPA compliant, which means we have to filter everything (even ourselves) or we get in government trouble. It auto filters port 80, but we can't seem to figure out how to filter 443 traffic just yet, and simply blocking it would render certain services unusable.

Of course, I agree with a lot of you on here, a lot of the times, we are way to strict on what all we block. Some of this comes from the higher ups, and some of it is just stuff we don't feel is educational. We have several requests each week from teachers who want x site unblocked, and we have to go unblock it, or try to explain to them why it can't be unblocked, or at least shouldn't.

Though, there are times when I unblock my IP to get to some pages I need to see. The real thing I worry about, mainly because it is almost unbeatable unless we disable USB ports all together, is Torpark, or OperaTor.

As a side note, if anyone on here can make suggestions as to how to filter that port 443 stuff, please let me know. I know, the main purpose of this thread (and albeit forums) is to get around people like me, but like I said, we have to implement this. Not to mention we also have to protect some of the "unintelligent kids" from themselves, to keep them from giving out real name and other such info on the internet. I'd rather just have the kids educated on not doing such blatently obvious things, but I can't make policies, only implement what I'm told to.

Link to comment
Share on other sites

While I don't know how to do this, I can tell you what needs to be done:

Your proxy server has to intercept SSL certificates and replace them with it's own on the fly. Now, the proxy server still has to maintain the connection with the web site that gave it the SSL certificate, so that when a request comes back with it's own certificate the connection is still there. Now, this raises the problem that your server needs a 'valid' SSL certificate other wise every time some one visits a web site using a SSL connection they will get a untrusted certificate warning. Well, what you can do is tell IE, Firefox and pretty much any web browser that you are a trusted SSL certificate provider, there for no more warning.

Link to comment
Share on other sites

JST PRES F5 15 TIMEZ THEN U WIL BE UBER 1337 'ND U WULD HAV HAX3D UR SCHOOL

shut the hell up. some people are trying to learn you narcissistic bitch

stfu you only posted to gain a higher post count.

If he really wanted to learn he should have searched and found this thread http://www.hak5.org/forums/viewtopic.php?t=4388

so next time think before you tell someone to "shut the hell up" :roll:

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...