Re: Ping: stingray
- From: "stingray@xxxxxxxxxxxxxxxx" <stingray@xxxxxxxxxxxxxxxx>
- Date: Mon, 13 Feb 2006 10:35:13 +0100
Borked Pseudo Mailed wrote:
stingray@xxxxxxxxxxxxxxxx wrote:
well, you can try to setup for example ftp on some remote box, or ask a
friend, make it listen on port 80. Then you try to ftp from your own box
to that ftp on port 80. If it works then most likely the filtering is only
done on ports and not on the contents/protocols.
This would be a very poor test at best. FTP typically requires two ports
to function, and would very likely fail in this scenario, giving false
results if simple port filtering is being used. FTP is absolutely the
worst suggestion you could have made as far as protocols go.
A better test would be to have someone set up a telnet or other type of
daemon to listen on port 80, then using raw telnet to test it. Or even
using any of the various free HTTP proxies to do similar "tunneling"
tests. Or, have someone set up a lightweight web server like thttpd on a
port you believe is blocked, and try to browse to that (an even better
test in my opinion).
FWIW, situations where protocols themselves are filtered are very rare.
It's rather hard to do that sort of "content" filtering reliably. 99.99%
of the time it's nothing more than ports, or ranges of ports that are
blocked. And if you do happen to run into this sort of filtering the "HTTP
to odd ports" test will tell you that's what you're dealing with instantly.
Well, i disagree there, although it's only one of the many things he can
try, this would proof that he can use ftp, depending also on the mode
like passive mode, he would proof 2 things at the same time compared to
your example (no offense ofcourse):
1. ftp works or not (usually http/ftp is allowed with such restricted
services)
2. if ftp works then passive mode, for example,proofs that the client
can connect to a port above 1023 specified by the server randomly to the
client. So this would indicate in most cases that at least any service
listening on ports > 1023 will work. And last but not least, you already
mentioned that 99.9% of the time it's nothing more than ports ;-)
.
- References:
- Ping: stingray
- From: need
- Re: Ping: stingray
- From: Borked Pseudo Mailed
- Ping: stingray
- Prev by Date: Free VPN Acount
- Next by Date: Cotse Loggs Very Suspicious
- Previous by thread: Re: Ping: stingray
- Next by thread: Re: Ping: stingray
- Index(es):
