I found a similar thread, with a similar name, from back in 2005 that doesn't answer my question, so here it goes:

I have servers running on my home network that I want to be able to access from college, but our school evidently blocks traffic on certain port numbers on it's LAN (i.e. SSH, other obscure ports).

I'd like to be able to connect to my home LAN mostly to be able to connect to some IP webcams and to access my file server, but the only port I've successfully connect to is 80, and I'm not about to forward that port to anything for obvious reasons.

I'm wondering if there is a program or utility that I can use to figure this out. Would nmap do the trick?

Why don't you ask your IT people what ports they allow?

And I'll point out the obvious, that running a network sniffer on a college LAN isn't a good thing, and could land you in serious trouble. The best way to do this, would be to explain what you want to do to one of the IT folks, and see what they suggest. Could be they deal with this all the time, and would be happy to help you.

Okay, I'll try that. But for the sake of discussion, I'd still like to hear from anyone who has discovered a way to do this. After all, I'm majoring in information systems security.

What TB0ne tried to point out is that you're operating inside a network that you don't own or control. Your network: your rules, their network: their rules. Besides circumventing access restrictions is not a LQ topic.


That really doesn't matter but OK, so let's see:
0) What network recon have you done so far? What type of firewall(s) do they use? Do they use a proxy or proxies?
1) Asserting they are not total BOFHs using "-j TARPIT", what flags would the TCP header of the first returning packet minimally contain starting the handshake? How would you confirm that looking at the ISN? What type of packet would you expect if you don't manage to start a handshake?
2) The port you've successfully connect to is TCP/80. List the ways in which you can restrict access to that port.

That's true, but I'm not trying to circumvent access restrictions. If I were trying to pass traffic on ports that had been blocked, that would be circumventing access restrictions. I'm trying to use ports that are not blocked i.e. not access restrictions. I can't use those ports if I don't know what they are. If I find that port 40000 is open, then I'll remap my home port forwarding to make my home LAN compatible with the campus LAN.


The only recon I've done thus far is locating JetDirect enabled networked printers at the request of my Intro to Linux instructor because he couldn't for the life of him figure out the IPs of the printers we were trying to connect to for lab that night, and he refused to use CUPS. (We were on Fedora 14, so CUPS was the logical choice)

Zeiko isn't a BOFH. He's a nice guy. What you're describing, my classes haven't got to that point yet. I'm not claiming to be some "super duper leet haxor zomg", nor am I even asking for help "hacking" from LQ, I'm just trying to learn how to back up my assignments in more than one place (the hdd access i mentioned earlier), and access my ip webcams to make sure my house hasn't been broken into again. I'm using SSH to do a lot of this, running Mint on my laptop at school, and Ubuntu Server on my hardware at home, so I guess that qualifies it as a Linux question.


Why on Earth would I want to block port 80?

Maybe I can see how this question got misinterpreted, but how dare you imply I'm up to no good. How dare you, sir!

Because, given your College only has a few IP ranges traffic could be allowed from, it simply would limit exposure. Basically step one.

I think this thread has gone off track - I take the blame for not being clear enough. I don't want to block port 80 at school, and I don't want to change the way port 80 is set up on my home LAN. It's already in use hosting a web server, and I will keep it for that purpose, while my other services communicate on two other ports.

If you're suggesting that I just work on using port 80 for everything, well, yeah, sure, I could do that, but that would defeat the purpose of this entire discussion, and is not something I want to do.

Set your home firewall to log everything, do a full port scan from college, grep for college IP in firewall log, spot the ports that get hit.

1 members found this post helpful.

Yes, I'm sure Zeiko will like that ;-p

Thank you for the honest and direct answer. This method seems like it would work, although it will be time consuming. I'm a little embarrassed that I didn't think of it myself.


I have to be on campus for a meeting at 5:30, and then after that, I'll just walk into Z's office, and ask him.

I recall now that the school does use a proxy to manage internet connections. Last I checked, traffic appeared to be coming from Dallas, Texas, but the campus is in Ohio.

Well I got my answer from Z that the school blocks everything except 80, but he liked the nmap idea (probably because i talked to him first) I'll not talk about whether or not this would have gotten me in any trouble, or gotten some one else in any trouble, or been against any policy, etc. etc. Instead I'll just say that I can appreciate everyone trying to give sage advice on what to do and what not to do on a school network, but +100,000 internets to descendant_command for answering the question directly, and i'll mark this as [solved].