Behind a firewall, freedom lost and taken back

Everybody is behind a firewall. This is what “Internet access” means today. I'm sure that this is what makes some people (or, more likely, corporations) happy – no peer to peer connections, no file sharing, no interaction between computers over the Internet. To use the Internet means to browse web pages and check your email, period.

This is what struck me when I moved to a new apartment during my studies abroad. I plugged my laptop into a socket in a wall, and started to check my email and browse web pages. Surprise came, when I tried to log to the server via SSH. ssh_exchange_identification: Connection closed by remote host, said the message. What? My server closed a connection when I tried to log in? After a short research, it appeared to me that I was literally cut out from the Internet, except for WWW browsing and checking email. No listening to multimedia streams, no CVS checkouts, no Internet telephony, no Bittorrent (or any other peer-to-peer software), no on-line gaming, no instant messaging and last but not least – no SSH access to anywhere!

It was supposed to be an apartment with an Internet connection. Being behind a firewall, inaccessible from outside and not being able to use anything but web pages and email – this is not what I would call an Internet connection.

Who has done that to me and why? Short research over the local network showed that I was behind a Microsoft Internet Security and Acceleration (ISA) Server. So some Danish admins decided to reduce the usability of Internet in order to… what? Increase the security? There was one surprise. Skype, currently a hip and cool Internet telephony software, went on-line as usual. With all other applications down, Skype was the only survivor. It turned out that Skype fools the ISA server that it's accessing some secure web pages, while it in fact was sending text messages and voice. Apparently, it was designed to fight such a circumstances.

It didn't take me long to figure out that I can use the same technique to connect via SSH to one of my servers, from which I could access all the others. Few days later I learned on how to establish connections to other servers for chosen services. Next, I created myself a multi-purpose SOCKS proxy and I could instruct many of my applications to use it. This solved most of the problems. One day I decided to buy a webcam, to do videoconferencing with friends and co-workers. I looked at vSkype's website, but it's Windows-only. For videoconferencing, there is Gnomemeeting, which supports h.323 protocol and can connect to Netmeeting and Myphone on Windows and ophoneX on Mac. Unfortunately, h.323 can't connect through SOCKS, so I had to look for another solution. My webcam was still mounted on top of my laptop's display, looking at me sadly. The final breakthrough came with reading the Firewall-Piercing HOWTO. Since then I was able to assign new and shiny public IP address to my laptop, which brought me back to the full membership of the global network. Videoconferencing works perfectly and my webcam is used a lot!

This story proves that trying to cripple users by restricting access to Internet services is not effective and can be overcome. Neither does it increase security. Users are still being attacked by programs they receive in mail attachments and download from web sites. This story also shows, how sad is the reality of today's Internet. What is the user's experience? “Internet” means web pages and e-mail only…


Author: automatthias

You won't believe what a skeptic I am.

One thought on “Behind a firewall, freedom lost and taken back”

Comments are closed.