Firewall bypass techniques in source code_问答_开发者

Firewall bypass techniques in source code

开发者 https://www.devze.com 2023-02-11 00:07 出处：网络

I am planning to write a software, kind of p2p that needs to bypass the firewall. I know there are many ways of bypassing firewalls using many third party tools, as from my google searches. However I

I am planning to write a software, kind of p2p that needs to bypass the firewall. I know there are many ways of bypassing firewalls using many third party tools, as from my google searches. However I could not get much results on how to write a p2p software that can go b开发者_StackOverflow中文版eyond firewall to connect to the nodes.

So my question is to know algorithms or techniques that I can use in my source code to bypass firewalls - both the NAT firewalls and the software/personal firewalls as well.

Kindly help me understand how to do this with your suggestions or past experiences.

Thanks

First, you should use uPnP and Internet Gateway Device Protocol if it is available to forward ports in the firewall. If it is not available, use TCP hole punching techniques.

IIRC, one technique that tends to work well is running everything over plain old HTTP on port 80. This works because most firewalls will let through HTTP traffic to allow web browsing.

The catches are that it's not a terribly efficient approach compared to something specialised for p2p, and it's not guaranteed to work because there are some firewalls that are smart enough to detect when HTTP is being abused in this way. Some also will restrict access to port 80 specifically to prevent this kind of thing.

Firewalls tend to allow outgoing traffic but block incoming traffic unless there is a pre-existing session. For TCP this is easy, once the connection is established, the firewall will allow connection in both directions.

For UDP this is a bit more tricky since there is no concept of a session. Protocols like UDP based DNS are request response protocols so once a request is sent by the client, a response is expected from the server. The firewall will register the request on a given port and allow a response to come back in a short time later.

So one trick is that if one is expecting UDP traffic is to sent a small amount of garbage data. This will be ignored by the server but hopefully will open the firewall to allow incoming traffic.