[noCensorship] Re: : help me get thru isp proxy(i need help)
- From: wayne <wayne@xxxxxxxxxxxxx>
- To: nocensorship@xxxxxxxxxxxxx
- Date: 15 Jan 2004 20:07:00 -0000
> From: raed safarini <drsafarini@xxxxxxxxx>
> Subject: [noCensorship] Re: : help me get thru isp proxy(i need help)
> To: nocensorship@xxxxxxxxxxxxx
>
> dear wayne,
> sorry to be late for reply .
That's ok, but can't you (please) put your replies into the right
place in the message instead of at the top? I'm sure you can see
the advantages of doing that. :-)
For my own info - the following stuff concerns Yemen...
[...]
> thats all dear,
> i hope to hear from u soon
> bye
> wayne <wayne@xxxxxxxxxxxxx> wrote:
>
> >> From: raed safarini=20
> >> Subject: [noCensorship] : help me get thru isp proxy(i need help)
> >> To: nocensorship@xxxxxxxxxxxxx
>
> I've reordered your reply to keep the logic flow correct.
> I've also requoted it properly.
> Please don't remove anything in your reply.
>
> When you said web sites were blocked, do you mean you get some kind=20
> of 'access denied' page, or just no response?
> > most of the time it came no responce it say"the page
> > cannot be displayed" sometimes it come "access denid"
> > thats does not mean i lost connection,connection is runing ,but i cant se
> > e the specific page.
> >> wayne wrote:
> >> We haven't had much information from there.
> >> The only thing I have in the PT data is that your address range was
> >> 195.94.4.0/21.
> >> Some questions:
> >> 1) You have no proxy configured into your web browser?
> >>> > first i dont have proxy configerd in web browser
> Ok, so that means a transparent proxy or just direct port 80
> access.
>
> >> 2) What IP address do you see when you go into a command window
> >> and type:
> >> ipconfig
> >> ?
>
> >>> > 2nd after i did ipconfig,this what appers
> >>> > 0 ethernet adapter:
> >>> > ip address.................169.254.25.30
> >>> > subnet mask..............255.255.0.0
> >>> > 1 ethernet adapter
> >>> > ip address ................205.160.111.xxx
> >>> > subnet mask..............255.255.255.0
> >>> > default gateway.............205.160.111.xxx
>
>
> That's your address - you're in a Sprint subnet, it seems.
> Thanks for the information - I've updated the proxyTools firewall
> database.
>
>
> >> 3) What IP address do you see when you go to:
> >> http://www.ub2b.com/ShowIP
> >> ? Reload that page a few times to see if you get any different
> >> answers.
>
>
> >>> > 3RD after i went to www.up2p.com it came to me this
> >>> > your address is 65.162.184.6
> >>> > and thats even after reloding several times.
>
>
> That's interesting. It shows that your accesses to web
> sites seem to come from 65.162.184.6 (another Sprint subnet).
>
>
> >> 4) Do you see any funny characters when you do this
> >> (start in a command window):
> >> telnet login.icq.com 8000
> >> ? Does it connect, or do you just get a timeout message?
> 2nd quetion,for telnet login.icq.com 8000 , it took 20 secondes the it sa
> y"chould not open connection to host on port8000, A socket operation was
> attempted to an unreachable network."
OK, a timeout. The message is weird though.
> >> 5) Same as 4, but using port 80 instead of 8000
>
> Did it take some time to produce that error, or was it
> quick (a second or so)? Did it not say 'timeout'?
> In fact, this *must* connect, or your browser would not work
> at all. Oh, wait ... try this and tell me whether it connects,
> how long, etc ...
> 6)
> telnet www.panix.com 80
>
> Same questions as (5). Did it connect, did it take long to=20
> connect; did it mention timeout?
>> for ,telnet www.panix.com 80, it connects and very fast in 1 second
>
> 7) Try (4) using some more ports (3128, 8080, 110, 25, ...), just
> to let us know how much blocking there is.
> > i tryed in no (4) order in other nubers as 8080,3128...)
> > it came to me same answer as in in port 8000
>
> I can't guess how it's set up until I confirm the replies to 4
> and 5. I can't eliminate commStrat 0 for you yet.
>
> The test 3 results show that your access is not direct though
> (transparent proxy, or NAT, or both). Since you said sites are
> blocked to your web browser, that means there is a
> transparent proxy somewhere; it is (or leads to) a proxy whose
> outside address is 65.162.184.6.
> I checked, and there *is* a proxy service there (on port 80).
> I checked that proxy, but it forbids all my accesses. I guess it
> only allows requests from your subnets.
>
> So now you need to do more tests to see if commStrat 1 is usable
> You might not see your characters as you type, but just keep
> going. You might not connect on both of these; if that happens
> don't continue.
> 8) In a command window again:
> telnet 65.162.184.6 80
> GET http://www.panix.com/ HTTP/1.0
>
>
> (note that last line is a blank one - hit 'Enter' twice after the
> GET line)
> Try to catch the first few lines in the response and tell me what
> they say. Tell me if you get a whole bunch of stuff in the
> response.
> first line says:
> " HTTP/1.0 Bad Request
> Connection:close
> Content-length:960"
> there are then lot of lines starting with word error
Hmm ... either you typed it wrongly (try again), or you need a
line like this following the GET line:
Host: www.panix.com
But we know there is a proxy there, not a NAT.
So your web accesses are done by a transparent proxy.
That means that when you're looking at proxy lists to try,
you can never choose one listening on port 80. Also you can't
choose any on the blocked ports (8080, 3128, 8000, 110, 25,
...). It looks to me like *all* ports are blocked, but you
could continue to try more ports in test (7) above. Choose ports
which are listed in the proxy lists. If you find one open, use
the proxy on that port in your browser (and look for other
proxies on that port because ones from lists are often alreay
dead).
> 9)
> telnet 65.162.184.6 80
> CONNECT www.panix.com:443 HTTP/1.0
> Again, there's a blank line needed at the end.
> Catch the first few lines and tell me what they say.
> Do you see 'HTTP/1.0 200 OK' anywhere at the beginning?
> answer to9) first lines say
> " HTTP/1.0 200 connection established
> Proxy-agent: CacheFlow-proxy/1.0"
> it took 2 seconds
That's good. You can use CONNECT to port 443 through that proxy.
If you could find a non-censoring proxy in some list somewhere
on port 443, you could use HTTPort, or localProxy.
> 10)
> telnet 65.162.184.6 80
> CONNECT login.icq.com:8080 HTTP/1.0
>
>
> Again, there's a blank line needed at the end.
> Catch the first few lines and tell me what they say.
> Do you see 'HTTP/1.0 200 OK' anywhere at the beginning?
> > it did not show any thing even after waiting for 90 seconds
> > ,just blank
Damn. That proxy won't be much use after all. We should really
do this test for other CONNECT ports (80, 3128, 8000, ...) but
it looks like a waste of time.
> (8) and (9) should pass (if you connect at all); if (10) fails,
> there is still commStrat 2, so don't give up hope.
>
>
> If you don't connect at all on 8,9,10, then it probably means there
> are some further firewall blocks in place. Almost anything is
> possible to Sprint, but you would just move on to commStrat 2
> in that case. Unfortunately, it's not that great. It can be real
> fast, but it may fail completely depending on whether the web site
> you want to browse accepts it at all.
I can see a way to get you out that would cost you $US10 per month.
Is that out of the question?
It would provide you with a tunnel to New York, from where
everything is uncensored. It would also provide you with a way
to use any kind of client which can use a Socks proxy, and any
client which can use a single tcp/ip connection - in or out.
Basically, it would allow everything, except some things like
internet phone, netMeeting, etc.
This technique would also encrypt everything past your ISP, so
you could feel entirely safe about anything you do.
Otherwise, you have to forget commStrat 0 (any kind of direct
connection to an external proxy or bouncer) and probably
commStrat 1 too (any kind of CONNECT tunnel).
So, unfortunately we're looking at commStrat 2 now.
This commStrat involves running a proxy on your own computer
which changes the URLs requested by your browser.
It's not reliable, but when it works (depends on the web site
as much as your transparent proxy), it's fast.
You can do this using some old software I know of (Alstone
proxy, 3DUnfrozen), or with my localProxy. Some tests first
though:
11) Check to see if these work by hand in your browser address
field:
a) http://www.sex.com/s.html
You would get an access denied page, I guess.
b) http://209.81.7.93/s.html
That's the IP address of www.sex.com. See if it blocks that too.
c) http://www.sEx.com/s.html
d) http://0321.0121.07.0135/s.html
Octal encoding of IP address of www.sex.com
e) http://3511748445/s.html
32 bit number encoding of IP address for www.sex.com
f and g) There are hex and binary encodings possible, but I'll
leave them as an exercize for you :-)
a-g above are the hardest types of blocked sites to get to using
commStrat 2, because the host can only be modifed in a few ways.
Often the proxies know all of those.
Others (where only the URL path, and not the host itself, is
blocked by the proxy) are easier. Unless one of the above
tests works though, it's better that we try some
other approach, I think.
--
Turing email: wayne at nym.alias.nest
(remove the obvious extra 's')
http://proxytools.sourceforge.net/
===8>============== noCensorship community ===============
List's webpage: //www.freelists.org/webpage/nocensorship
List's archive: //www.freelists.org/archives/nocensorship
To unsubscribe: nocensorship-request@xxxxxxxxxxxxx with 'unsubscribe' in the
SUBJECT field.
Moderator's email: nocensorship-moderators@xxxxxxxxxxxxx
===8>============== noCensorship community ===============
Other related posts:
