Showing posts with label Networking. Show all posts
Showing posts with label Networking. Show all posts

20 June 2013

How to break the Firewalls reliably

We have been listening about firewalls from long time. All the organizations are almost using firewalls to control the traffic of their employees. So when you are working in an organization mostly you will be behind a firewall. All the traffic that goes from your computer will be monitored and controlled. So how do we break this firewalls to have a free access to internet? Is there a way to do it?

The answer is yes. There is a reliable way to break the firewalls. The technique is called "HTTP Tunneling".

What is HTTP Tunneling?

 It is wrapping other protocols in HTTP protocol. Any protocol can be wrapped inside the HTTP Protocol. So wrapping other protocols inside HTTP Protocol and sending them to bypass the firewalls is called HTTP Tunneling.

How This Can Be Done?

 The client (It could be anything) sends a HTTP request(wrapping another protocol inside it) to the HTTP Tunneling server. When client makes a request to the HTTP Tunneling server client first establishes connection to the firewall (assuming it as proxy server), then proxy server establishes connection on behalf of the client to the HTTP Tunneling server, then HTTP Tunneling server takes the request rips off the HTTP headers and sends the original protocol to the remote host (The host that we finally want to reach) by establishing a connection, then remote host responds and sends response to the HTTP Tunneling server and it wraps the response inside HTTP Protocol and sends HTTP response to the client. Then the HTTP response reaches the firewall and it sends the response to the client. The client extracts the data from the HTTP response and uses it.

The following picture shows how it works:-



No organization blocks HTTP protocol and its ports. They cannot block all and allow few sites. They block few sites and allow the rest so we can reliably break the firewall but if you are caught in the organizations doing this they will consider it a serious offence. No firewall can stop this.

The only thing we need to know is HTTP Protocol and the protocol that we wrap inside. If you know the specs of this that is good enough to do it on your own. If you don't know anything about protocols then use ready made software available on net.

You can get HTTP Tunneling clients and servers for free of cost on the net or if you are a programmer you can build one very easily. 
Posted by at No comments:
Labels: ,

HUB, SWITCH and ROUTER


 HUB: - 

 This is the least intelligent device on the network. It copies the packet arrived on one port to all of its other ports except the port that it came from. So there is no difference in broadcasting and a normal packet.

If computers are connected in bus topography and if that line is connected to hub, all the computers on that bus reads the packet which is placed by hub at the same time which mean the packet travels to the end of the bus replicating a copy to each node on the bus.

SWITCH:- 

 A switch does essentially what a hub does but more efficiently. By paying attention to the traffic that comes across it, it can "learn" where particular addresses are. For example, if it sees traffic from machine A coming in on port 2, it now knows that machine A is connected to that port and that traffic to machine A needs to only be sent to that port and not any of the others. The switch now records the IP or MAC in its table.

If any multicast packet or a packet (MAC or IP) which is not known to it arrives on the port it replicates that packet to all its ports except the port that the packet arrived from.

 The net result of using a switch over a hub is that most of the network traffic only goes where it needs to rather than to every port. On busy networks this can make the network significantly faster.

ROUTER: -  

 These are the most intelligent and complex devices on the network. It routes the packet according to the routing table recorded in it. It also may add additional headers to the packet for efficient routing.

When ever it routes the multicast packet to another network it reduces the packets TTL by one. When the TTL becomes 0 the packet will no more be forwarded by the router. It drops the packet. 
Posted by at No comments:
Labels:

23 May 2013

What is IRC?

The expansion of IRC is "Internet Relay Chat". It is a protocol built for chatting. It is mainly designed for group communications in discussion forums which are called as channels. This protocol was created by  "Jarkko Oikarinen" in  August 1988. IRC is a open protocol that uses TCP, optionally TLS. An IRC server can connect to other IRC servers to expand the IRC network. Users can connect to IRC servers using IRC clients.
Posted by at No comments:
Labels: , ,

14 May 2013

How To Create A SSL ServerSocket On Android

On Android to create a Successful SSL Server Socket First you need to create a keystore using "keytool" that comes with jdk. We need to run this tool with the option of  "storetype BKS". BKS stands for Bouncy Castle. Androids default keystore type is BKS. But the jdk that comes from oracle site does not have this security provider. So first we need to download the jar which has this provider files. This can be downloaded from  http://repo2.maven.org/maven2/org/bouncycastle/bcprov-ext-jdk15on/1.46/bcprov-ext-jdk15on-1.46.jar 

After downloading this jar file place this jar file in "jre/lib/ext". After placing the jar file you need to modify the  "java.security" file under "jre/lib/security" folder. Open the "java.security" file and add the following entry without quotes "security.provider.7=org.bouncycastle.jce.provider.BouncyCastleProvider". 

After all this now we need to generate a keystore using keytool. To generate the keystore run the following command without quotes. 
"keytool -genkey -keystore ServerKeystore -storetype BKS -provider org.bouncycastle.jce.provider.BouncyCastleProvider".
If you run the above command then it generates an error saying that "java.security.InvalidKeyException:illegal Key Size".  To avoid this, download "jce policy files" from oracle site. For suppose if you are using jdk6 then you can download the "jcp policy files" from http://www.oracle.com/technetwork/java/javase/downloads/jce-6-download-429243.html 

After downloading this zip file extract the contents into a directory and copy the "local_policy.jar" and "US_export_policy.jar" from the extracted directory and paste them in "jre/lib/security" folder(these files already may exist but you need to replace them). 

After all this open the command prompt and run the keytool as stated above. This generates the keystore which can be used in Android. Copy this keystore file into one of your project directory. 

After all the above the following is the code to successfully create a SSLServerSocket.

try{                
      String keyStoreType = KeyStore.getDefaultType();
      KeyStore keyStore = KeyStore.getInstance(keyStoreType);
      keyStore.load(Dummy.class.getResourceAsStream("ServerKeystore"), "12345".toCharArray());                

      String keyalg=KeyManagerFactory.getDefaultAlgorithm();
      KeyManagerFactory kmf=KeyManagerFactory.getInstance(keyalg);
      kmf.init(keyStore, "dhar9654".toCharArray());

      SSLContext context = SSLContext.getInstance("TLS");
      context.init(MainActivity.kmf.getKeyManagers(), null, null);          
      SSLServerSocket ss=(SSLServerSocket)context.getServerSocketFactory().createServerSocket(Constants.CHAT_SERVER_PORT);

  }catch(Exception e){
     e.printStackTrace();
   }   


Hope this helps.  I have struggled a lot to find this. So thought to document.
Posted by at No comments:
Labels: , , ,
Location: Ponnur, Andhra Pradesh, India
Subscribe to: Posts (Atom)