Software, technology, sysadmin war stories, and more. Feed
Monday, May 13, 2013

Abusing the one open port on a network to get things done

Have you ever read about a trick and then thought it was ridiculous because you're too dignified to use something that dirty? Have you then found yourself in a situation where you have to go back to that trick and use it anyway, because you really are that desperate? When it comes to technology, you don't get to keep your hands clean for very long.

Not too long ago, I found myself in a quasi-coworking place where you get office space, a markerboard and all of that stuff. It's the sort of thing where you can bring a client and hash out a big project. They provide the bathrooms and drinking fountain and all of this.

One thing they supposedly had was wireless Internet. I assumed it would work, but hadn't actually tested it. While waiting on my client to arrive, I tried using it. I found that it would just sit there and spin forever before finally yielding something ridiculous like "5 0 0 S e r v e r e r r o r". Yes, it actually stretched the letters out like that.

I knew it had to be one of these dumb "walled garden" things, and really just wanted it to get out of my way. All I needed was enough connectivity to fling my VPN packets to my tunnel host. Usually that means starting up a sacrificial browser session and clicking through their annoying page to get unfettered access.

This time, it wasn't happening. All I got was that stupid error page. One thing I noticed during all of this was that I was actually able to resolve hostnames. Not only that, but I could bounce queries off specific servers. Apparently UDP port 53 would get through. I confirmed this by logging into my tunneling host and using tcpdump to watch for traffic. Sure enough, I could emit some stuff on my laptop and see it back on my host.

As for how I got on my tunneling host, well, that was also a stretch. I barely had a cell signal in this weird office place, and was just able to ssh from my phone and kick off tcpdump. It's the sort of thing I only use when absolutely necessary since it's such a pain: the tiny keys, limited terminal space, and horrible packet loss leading to laggy sessions.

It was just enough connectivity to let me add an iptables rule. This is where it gets really dirty. I basically did this:

iptables -t nat -I PREROUTING -s external.ip.of.office.network -p udp -j REDIRECT --to-ports port_of_tunnel_server_daemon

Basically, I took *ALL* UDP from that office and shoved it into the program which runs the VPN/tunnel. That way, if I'm able to find so much as a single port which will pass traffic unmolested, I can get on. It just so happens that port 53 works... some of the time, at least.

It was just enough of a pipe to let me do things like git sync operations. Trying to look at web pages was asking too much of this laggy, lossy connection. It was shades of my 4800 bps cellular modem hack, only far worse.

When I say it's possible to be in the middle of Silicon Valley and have miserable Internet access, I mean it. If I end up working at this site again, I'm going to have to buy my own little cellular hotspot and find a place with decent cell reception. There's just no way around it.

Tunneling over port 53. What a horrible hack.