Bitcoin Forum
December 16, 2024, 06:23:23 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Bypassing DPI censorship with Win7 but no admin rights  (Read 2898 times)
jago25_98 (OP)
Hero Member
*****
Offline Offline

Activity: 900
Merit: 1000


Crypto Geek


View Profile WWW
October 21, 2012, 08:23:22 PM
 #1

 Never say die!

These are the things I've tried:

1) Connecting to a SSTP server. SSTP is allowed through the firewall on port 443 but although it worked on another machine there is some sort of strange certificate problem on the one I was hoping to use. I think an old cert I installed is confusing it but I don't have the rights to delete it. I'd have to pay for a SSTP server since I don't have access to a Windows server. I only have ssh accounts and a Beaglebone at home.

2) ssh tunnel to ports 8080,443 or whatever. All seem to be blocked. Must be deep packet inspection.

3) OpenVPN. PPTP.
Both blocked by Sonicwall deep packet inspection.

4) VNC. I think this might be allowed outgoing since VNC is installed on the machine but the connection is too slow for it (satellite).

5) Just asking admin... hmm... no. We have 2 machines for the boat and that should be enough for all 40 of us I expect would be the response. Once I ask I'd be under the microscope. So I have to keep sharing those 2 machines for checking private email that is blocked on my workstation.

6) DNS tunneling. It worked on my personal machine (thanks forum members) but requires admin rights to have that tun0 device.

7) https based website tunnels like ninjacloak. I haven't found on that isn't blocked. I don't know how to setup my own.

I could plug another machine in but I prefer not to introduce a dirty machine to the network long term. I have a clean linux install I could use but only temporarily. I don't want to be seen doing this. I could also plug in an access point but again I'd rather not if possible.

Cool One thing I could do is put a WiFi access point to allow use to more than 2 computers. The only thing then is that everyone would be on it and with no bandwidth management (CBQ/HTB/Prio) would put the connection to a crawl.

9) Satellite internet. Too slow with an omnidirectional antenna.

10) USB carrier pigeon. Can't get it through customs (upload only: they only return home!)

It's not a major problem. But I feel annoyed to be defeated by filtering. We've sometimes got 2 weeks of sitting around on a boat with very little to do transiting somewhere and only 2 computers for the whole boat. I guess option 8 should be the best bet but I don't want to be defeated by it, it's a challenge, you know? There's got to be a way.

I wondered about having a (passworded to avoid overuse) personal webserver running at home that reads and redisplays the URL you want a it's own https address. I can't code that myself though unfortunately, as useful as that would be.

Bitcoiner since the early days. Crypto YouTube Channel: Trading Nomads | Analyst | News Reporter | Bitcoin Hodler | Support Freedom of Speech!
01BTC10
VIP
Hero Member
*
Offline Offline

Activity: 756
Merit: 503



View Profile
October 21, 2012, 08:31:53 PM
 #2

I would rent a VPS and setup OpenVPN on port 80.

I found this link if you don't have the knowledge to setup your own VPN: http://hostizzle.com/uncategorized/port-80-available/
paraipan
In memoriam
Legendary
*
Offline Offline

Activity: 924
Merit: 1004


Firstbits: 1pirata


View Profile WWW
October 21, 2012, 08:35:56 PM
 #3

Interesting, have you tried obfsproxy yet?
You could set-up the exit point on a VPS and then have the traffic disguised as normal http packets with this tool. Btw, you can hide the wifi AP transmitting of the SSID in the configuration, but it will still be visible to any wifi scanning tools and probably taken as rogue a AP.

BTCitcoin: An Idea Worth Saving - Q&A with bitcoins on rugatu.com - Check my rep
jago25_98 (OP)
Hero Member
*****
Offline Offline

Activity: 900
Merit: 1000


Crypto Geek


View Profile WWW
October 21, 2012, 08:49:27 PM
 #4

 I think OpenVPN might be blocked by deep packet inspection. Still, I'll try it anyway with the Beaglebone & Angstrom.

 Ah, here's a problem I found today. My 3G internet provider has ran out of IPv4 addresses so I'm behind NAT there. Combined with port forwarding to the Beaglebone I then have the double NAT problem.

 I guess a DMZ wouldn't fix this as DMZ is still NAT. The router the Beaglebone is behind is a BT Voyager; pretty basic but I think it can do bridging... just not sure I want to expose the internal net that way.

paraipan: Thanks for the obfsproxy link! I will set that up on the Beaglebone

Bitcoiner since the early days. Crypto YouTube Channel: Trading Nomads | Analyst | News Reporter | Bitcoin Hodler | Support Freedom of Speech!
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!