【 Weak current College 】 how to break through the LAN for Internet restrictions---Power By 【 China power house network 】

You may now on LAN Internet user restrictions, such as some of the Web site cannot be, cannot play some games, not on MSN, port restrictions, and so on, generally through a proxy server software, such as up to now on the ISA Server 2004, or by hardware firewall filtering. The following how to break through the limitations that need to be conducted by limitations: first, the mere description of the restrictions will not be able to access certain Web sites, online games (such as the greenback) can not play, such restrictions are generally limited to access by IP address. For this type of restriction is very easy to break, with ordinary HTTP proxy, or a SOCKS proxy is also acceptable.　　Now online to find the HTTP proxy is still very easy to grasp a lot.　　IE added HTTP proxy you can easily access the destination Web site. Second, restrictions on certain agreements such as cannot have FTP, there is a limit of some of the network game server-IP address, but these games do not support normal HTTP proxy. This situation can use SOCKS proxy, combined with the Sockscap32 software, software plus the SOCKSCAP32, through SOCKS proxy access. General program can break through the limits.　　For some games, you can consider this software Driver Permeo Security. If SOCKS is restricted, then you can use socks2http, not even the HTTP also limits. Third, based on the packet filtering restrict or prohibit certain keywords. Such restrictions are relatively strong, usually through a proxy server or hardware firewall to do filtering.　　For example: through ISA Server 2004 ban on MSN, do packet filtering. Such restrictions harder to break through, common agent is unable to break through the limits. Such restrictions as do packet filtering can filter out keywords, so you want to use encryption agent, meaning Middle HTTP or SOCKS proxy stream encrypted, such as a springboard to SSSO, FLAT, and so on, as long as the agent encrypted can break, use the software with the Sockscap32, MSN can. Such restrictions do not work.　　4. port-based restrictions limiting certain ports, the most extreme case is the limit of only 80 ports can access, you can only look at the page, and even OUTLOOK mail, FTP is restricted. Of course, for some special port restrictions, breakthrough principles. This limit can be exceeded by the following means, 1, find common HTTP80 port proxy, 12.34.56.78: 80, as such, with the HTTP proxy socks2http, charging for a SOCKS proxy, and then with the SocksCap32, it is easy to break. Such breakthrough approach to the middle of the proxy is not encrypted. -Pass all software also has this feature. 2, with similar software to meet the SocksCap32 FLAT, but the FLAT agency best is port 80, port 80 is certainly not doesn't matter, because the FLAT also supported through normal HTTP proxy access, not the port 80, you need to add a port 80 for HTTP proxy. Such breakthrough approach walk of agent encryption, network management is not aware of the data center. Agent springboard can do, but the proxy still to port 80.　　For purely 80 port restrictions, you can also use a number of technical breakthroughs in port translation. You can refer to my post below. 5. the above limitations of such restricted IP or restricted keywords, such as letters, there are restrictions on port MSN.　　Usually the fourth case, the second way you can completely break through the limits. As long as you also allow the Internet, HA HA, all limit can be exceeded. Six, another scenario is that you don't have access to the Internet didn't give you access to the Internet or IP, or IP and MAC address binding. Two approaches: 1, your company should have good friends, buddies, iron sister are all rows, looking for a machine that can connect to the Internet through a channel, a small software can solve the problem, there should be, FLAT key, others have not, and you can define ports. Other can support this way agent software can be. I did a test, as follows: local area network environment, have a proxy server on the Internet, qualified to give a portion of the IP Internet permissions, while another part of the IP does not have access to the Internet in a hardware firewall or a proxy server to do.　　I think even do MAC address and IP bindings are not used, so you can break this limit. In the LAN settings one machine can connect to the Internet, and then make my machine's IP is set to not have access to the Internet, and then give that one can connect to the Internet machine mounted FLAT server-side program, only 500 K, native client through the FLAT, with some SOCKSCAP32 plus software such as Internet access through IE, test, speed, and transmit data or encrypted, very good.　　Step 1: in my machine (192.168.1.226) start HTTPTunnel client.　　Start the MS-DOS command line, and then do one of the htc-F 8888 192.168.1.231: 80 commands that htc is the client program, the-f parameter represents 80 from 192.168.1.231: forward all of the data to the native of port, the port 8888 to check all that apply, as long as the machine is not occupied. Then we use Netstat look native now open ports, port 8888 found is already listening. Step 2: start at offset machine HTTPTunnel in server-side, and execute the command "localhost: hts-f 21 80", this means that the native 21 ports to all of the data through port 80, and open relay port 80As a listening port, then use Neststat look at his machine, you will find port 80 now also in the listening state. Step 3: in my machine with FTP connections native of port 8888, now connected to the other side of the machine, hurry up to download! however, people can see what is 127.0.0.1 instead of 192.168.1.231 address?　　because I'm connected to a native of port 8888, the firewall will not, because I didn't have to outsourcing, of course, LAN firewall does not know. Now connections native of port 8888, FTP packets regardless of the control of information or data information, is htc disguised as HTTP packets and then made in the past, firewall, this is normal data, equivalent to deceive a firewall. It is important to note that this trick of using other machines, that is to say to his machine starts a hts, he provides services such as FTP, redirect to the firewall allow 80 port, which can bypass the firewall! certainly someone may ask, if the other side of the machine itself has the WWW service, which means that he is listening on port 80, so will the benefits of conflict? HTTPTunnel lies in the fact that, even if his machine before port 80 open, so use it does not appear on any issue, the normal Web Access still walk the path of the old redirect tunnel service is free!