Breaking out of a Network

The place where I work, and most others, limit outgoing connections to a number of ports for security reasons, and often force the use of proxy servers and other privacy invading tools. Luckily I’m in the IT department so have access to a number of outgoing ‘privileged’ ports already that I can use to run my own securely tunneled proxy server and such…

There’s a great deal of port scanners for finding ways in, but none that I am aware of for helping you get out. Last night before I fell asleep I came up with a two part test on how to do so. It’s fairly simple and can be done as fast (dangerous) or slow (safe) as you want.

The first thing you need to do is setup a firewall on a computer outside the network, say your home computer (ha!) or another computer you have access too. This firewall will log all connection attempts (and drop them) to every port from your workplace. At least for me all my outgoing connections are established from the same gateway, but some corporations may have you bounce around a bit. Either way it should be as simple as an ip or netblock to watch.

Once you have the firewall logging attempts from your workplace you goto work. You take with you a port scanner, any kind really. Then, you scan your firewalled computer that is on the outside. There are 65535 ports to scan, so unless you want the security guys at your desk in five minutes I suggest at least doing this over a few days, or even a month, slowly scanning each port as not to show up on the radar.

Once the scan is completed you can check your logs. Any and every hit from your workplaces ip address(es) are open outgoing ports. You’ve just found your way out. You can now tunnel any traffic out (and back in) from that port.

Now depending on how much traffic you push through a given port, how it looks, how close ‘they’ monitor, and how odd the traffic seems from that port all contributes to how safe this is for you to do.