Working around ISP's network blocking policy

[Julian Hsiao]

I first posted this message to comp.networks, but got no response.
I'll try my luck here. If it can't be done, then I'll have to get
Internet connectivity elsewhere. However, if this were the case, is
it possible to configure WinXP Pro such that only traffic going to
ev1.net goes to the secondary link, while the rest still goes through
my school? It'd be even better if load balancing can be done on top
of that...

(e-mail address removed) (Julian Hsiao) wrote in message

My school's ISP, fast.net, is blocking connections to all hosts
managed by another ISP, ev1.net, who happen to host several sites that
I visit frequently. I've been working around this problem by using
ssh's dynamic port forwarding, and an outside machine forward my
traffic when necessary. However, it's very inconvenient to toggle my
application's proxy settings constantly, and if the app doesn't
support SOCKS (and doesn't like SocksCap), then I'm SOL.

I'm wondering if there's a better solution to this, preferably a
software one that'll work with WinXP Pro. The machine that's
forwarding my traffic is running FreeBSD, but I don't have superuser
privilege.

Thanks in advance.

Julian Hsiao
evil_live_ten_tod_erosinayn_ta_akodam

 

[Jim Macklin]

Why is the ISP blocking the other? Could it be that site
has a ton of viruses and worms or is used by spammers and
they have blocked it as a security measure?
Perhaps the school and not the ISP has blocked it, ask your
administrator.


| I first posted this message to comp.networks, but got no
response.
| I'll try my luck here. If it can't be done, then I'll
have to get
| Internet connectivity elsewhere. However, if this were
the case, is
| it possible to configure WinXP Pro such that only traffic
going to
| ev1.net goes to the secondary link, while the rest still
goes through
| my school? It'd be even better if load balancing can be
done on top
| of that...
|
| (e-mail address removed) (Julian Hsiao) wrote in message
| |
| > My school's ISP, fast.net, is blocking connections to
all hosts
| > managed by another ISP, ev1.net, who happen to host
several sites that
| > I visit frequently. I've been working around this
problem by using
| > ssh's dynamic port forwarding, and an outside machine
forward my
| > traffic when necessary. However, it's very inconvenient
to toggle my
| > application's proxy settings constantly, and if the app
doesn't
| > support SOCKS (and doesn't like SocksCap), then I'm SOL.
| >
| > I'm wondering if there's a better solution to this,
preferably a
| > software one that'll work with WinXP Pro. The machine
that's
| > forwarding my traffic is running FreeBSD, but I don't
have superuser
| > privilege.
| >
| > Thanks in advance.
|
| Julian Hsiao
| evil_live_ten_tod_erosinayn_ta_akodam

 

[Steve Nielsen]

You need to consult with your system admins.

Steve

 

[Julian Hsiao]

Why is the ISP blocking the other? Could it be that site
has a ton of viruses and worms or is used by spammers and
they have blocked it as a security measure?

I've already e-mailed both ISP about this. Ev1.net responded that
they're not blocking fast.net. Fast.net asked me to check a few RBLs
(as an aside, why should *I* check the lists for them?). When that
turned up no hits, fast.net simply stopped responding to my e-mail.

Perhaps the school and not the ISP has blocked it, ask your
administrator.

They were the first I approached. They told me that they didn't
instate any restrictions.

I've been trying to resolve this for a month, and nothing's changed.
I either get "Sorry, couldn't help you: it's not us" or the silent
treatment. Therefore, I'm convinced that working around the system is
the only way.

Julian Hsiao
evil_live_ten_tod_erosinayn_ta_akodam

 

[Jim Macklin]

Open IE/tools/internet options... look in the security tab
page for any security settings that block cookies. Some web
sites won't load if you block their cookie [I think that may
be a good site to avoid].
Also check on the privacy tab/ websites because some sites
may be blocked there.

You may be running some spyware or anti-virus program that
is blocking the site.


| "Jim Macklin" <p51mustang[threeX12]@xxxhotmail.calm>
wrote:
|
| > Why is the ISP blocking the other? Could it be that
site
| > has a ton of viruses and worms or is used by spammers
and
| > they have blocked it as a security measure?
|
| I've already e-mailed both ISP about this. Ev1.net
responded that
| they're not blocking fast.net. Fast.net asked me to check
a few RBLs
| (as an aside, why should *I* check the lists for them?).
When that
| turned up no hits, fast.net simply stopped responding to
my e-mail.
|
| > Perhaps the school and not the ISP has blocked it, ask
your
| > administrator.
|
| They were the first I approached. They told me that they
didn't
| instate any restrictions.
|
| I've been trying to resolve this for a month, and
nothing's changed.
| I either get "Sorry, couldn't help you: it's not us" or
the silent
| treatment. Therefore, I'm convinced that working around
the system is
| the only way.
|
| Julian Hsiao
| evil_live_ten_tod_erosinayn_ta_akodam

 

[Julian Hsiao]

Open IE/tools/internet options... look in the security tab
page for any security settings that block cookies. Some web
sites won't load if you block their cookie [I think that may
be a good site to avoid].
Also check on the privacy tab/ websites because some sites
may be blocked there.

It's not a browser issue, because:

1. Not just web traffic, but *all* traffic's blocked. From my POV
it's as if ev1.net doesn't exist.

2. As I said in my original post, I could work around the problem
using a SOCKS proxy (although it's really a SSH tunnel).

3. Every computer on campus has this problem. Again the school said
they didn't do anything, therefore it must be the ISP.

You may be running some spyware or anti-virus program that
is blocking the site.

Trust me, I'm quite paranoid about it myself ^_^. I configured NAV to
update and scan daily; I run Ad-Aware & Spybot on a regular basis; I
don't use IE / OE.

Julian Hsiao
evil_live_ten_tod_erosinayn_ta_akodam

 

[Julian Hsiao]

You need to consult with your system admins.

As I replied in another post, I already had, and they won't or can't
help me. Believe me, I wouldn't be thinking of paying $50 a month for
cable modem when the school's providing 6 Mbps to students for free,
unless I'm convinced that there's no other way.

Julian Hsiao
evil_live_ten_tod_erosinayn_ta_akodam

 

[Jim Macklin]

SpyBot and AdAware can block sites, check the settings on
those programs. It may be the ISP, I can't say or help with
that. It could be the campus server.

The school could be lying or ignorant as could the ISP.


| "Jim Macklin" <p51mustang[threeX12]@xxxhotmail.calm>
wrote:
|
| > Open IE/tools/internet options... look in the security
tab
| > page for any security settings that block cookies. Some
web
| > sites won't load if you block their cookie [I think that
may
| > be a good site to avoid].
| > Also check on the privacy tab/ websites because some
sites
| > may be blocked there.
|
| It's not a browser issue, because:
|
| 1. Not just web traffic, but *all* traffic's blocked.
From my POV
| it's as if ev1.net doesn't exist.
|
| 2. As I said in my original post, I could work around the
problem
| using a SOCKS proxy (although it's really a SSH tunnel).
|
| 3. Every computer on campus has this problem. Again the
school said
| they didn't do anything, therefore it must be the ISP.
|
| > You may be running some spyware or anti-virus program
that
| > is blocking the site.
|
| Trust me, I'm quite paranoid about it myself ^_^. I
configured NAV to
| update and scan daily; I run Ad-Aware & Spybot on a
regular basis; I
| don't use IE / OE.
|
| Julian Hsiao
| evil_live_ten_tod_erosinayn_ta_akodam

 

[Jim Macklin]

Many schools and ISPs are now blocking P2P and other file
swapping sites (I don't know what sites you're trying to
get) because they could be liable for millions if their
services are used for transfers.
Try running tracert on the sites and see where they are
blocked.



| Steve Nielsen <[email protected]>
wrote:
|
| > You need to consult with your system admins.
|
| As I replied in another post, I already had, and they
won't or can't
| help me. Believe me, I wouldn't be thinking of paying $50
a month for
| cable modem when the school's providing 6 Mbps to students
for free,
| unless I'm convinced that there's no other way.
|
| Julian Hsiao
| evil_live_ten_tod_erosinayn_ta_akodam

 

[Michael Nittmann]

As I replied in another post, I already had, and they won't or can't
help me. Believe me, I wouldn't be thinking of paying $50 a month for
cable modem when the school's providing 6 Mbps to students for free,
unless I'm convinced that there's no other way.

so what sites do you want to go?
if you can't name them here, then you should not circumvent your
school's plicy either, I would say.
What is it that you can't do with dialup or cable from home?

Usually ISPs don't block sites, because doing so brings also a
liability (they get into a legal corner where they are no longer just
a carrier, but a content provider).
The rbl and similar lists: send an email to the
admin/hostmaster/webmaster of the site you cannot reach.
If it bounces back with an error (...<some name of blocking list
provider> sez ...), then you know the site is on a blocking list. In
that case you need to email somehow that site's admin (whois -h
whois.arin.net <IP of site> gives you contact info for that).

Such things are for sure not responsibilities of ISPs, that's why you
did not get an answer from a networking group (I'd rather not say
under what category your message might be filed there...).

My advice: do it from home; your free school's access is for academic
use only. And if it is your thesis/project/coursework, take it to your
academic advisor. They know how to open doors if there is a policy in
place, or something totally legit is by chance blocked too, through a
rule to block something illegit.

Mike

 

[Julian Hsiao]

so what sites do you want to go?
if you can't name them here, then you should not circumvent your
school's plicy either, I would say.

You're missing my point. I noticed a pattern in hosts that I can't
connect: that they all have ev1.net as their ISP. This is more
informative than saying "I can't connect to mozillazine.org,
texturizer.net, engrish.com, etc."

What is it that you can't do with dialup or cable from home?

I live on campus, but it has come to the point of getting my own
line...

Usually ISPs don't block sites, because doing so brings also a
liability... [snip, RBLs and how to check it]

As I posted before, I've already done this.

Such things are for sure not responsibilities of ISPs, that's why you
did not get an answer from a networking group (I'd rather not say
under what category your message might be filed there...).

Certainly they could have responded with something along the lines of
"ev1.net is blacklisted because the following IPs have been sending
spam," instead of "go check this or that RBL."

My advice: do it from home; your free school's access is for academic
use only. And if it is your thesis/project/coursework, take it to your
academic advisor. They know how to open doors if there is a policy in
place, or something totally legit is by chance blocked too, through a
rule to block something illegit.

Again, as I posted before, the school has nothing to do with this (nor
are they willing to do anything about it). And I've already
entertained the idea of getting my own connectivity; in fact part of
my question in my post ask how (if it can be done) to set up
multihoming.

Julian Hsiao
evil_live_ten_tod_erosinayn_ta_akodam

 

[Michael Nittmann]

Listen:

I try to help you by checking if the sites are actually blackholed, or
just not reachable from your dorm.

If you don't say what site you want to go to, there's pretty much
nothing people can do for you.

I guess it's stuff you won't be able to tell in public, fearing your
mom would learn about it.

Drop it!

If you need to see that stuff, pay yourself.

I commend your admins to block stuff you can't talk about!

Mike

so what sites do you want to go?
if you can't name them here, then you should not circumvent your
school's plicy either, I would say.

You're missing my point. I noticed a pattern in hosts that I can't
connect: that they all have ev1.net as their ISP. This is more
informative than saying "I can't connect to mozillazine.org,
texturizer.net, engrish.com, etc."

What is it that you can't do with dialup or cable from home?

I live on campus, but it has come to the point of getting my own
line...

Usually ISPs don't block sites, because doing so brings also a
liability... [snip, RBLs and how to check it]

As I posted before, I've already done this.

Such things are for sure not responsibilities of ISPs, that's why you
did not get an answer from a networking group (I'd rather not say
under what category your message might be filed there...).

Certainly they could have responded with something along the lines of
"ev1.net is blacklisted because the following IPs have been sending
spam," instead of "go check this or that RBL."

My advice: do it from home; your free school's access is for academic
use only. And if it is your thesis/project/coursework, take it to your
academic advisor. They know how to open doors if there is a policy in
place, or something totally legit is by chance blocked too, through a
rule to block something illegit.

Again, as I posted before, the school has nothing to do with this (nor
are they willing to do anything about it). And I've already
entertained the idea of getting my own connectivity; in fact part of
my question in my post ask how (if it can be done) to set up
multihoming.

Julian Hsiao
evil_live_ten_tod_erosinayn_ta_akodam

 

[Julian Hsiao]

Listen:

I try to help you by checking if the sites are actually blackholed, or
just not reachable from your dorm.

I really appreciate your help. However, I'd appreciate more if you would
read my posts more carefully, as I've already addressed many of your concerns.

If you don't say what site you want to go to, there's pretty much
nothing people can do for you.

Referring to the post you just replied,

(e-mail address removed) (Julian Hsiao) wrote in message

I have listed here 3 sites, which with a quick whois query will show that
they are hosted by ev1.net. Furthermore,

(e-mail address removed) (Julian Hsiao) wrote in message

[snip]
I've been working around this problem by using ssh's dynamic port
forwarding, and an outside machine forward my traffic when necessary.
[snip]

Therefore, I *know* that those sites are only unreachable from my school.

I guess it's stuff you won't be able to tell in public, fearing your
mom would learn about it.

Drop it!

Let's keep this thread civil, alright?

If you need to see that stuff, pay yourself.

Again, referring to two of my previous posts,

(e-mail address removed) (Julian Hsiao) wrote in message

[snip]
And I've already entertained the idea of getting my own connectivity;
in fact part of my question in my post ask how (if it can be done) to
set up multihoming.

(e-mail address removed) (Julian Hsiao) wrote in message

[snip]
If it can't be done, then I'll have to get Internet connectivity
elsewhere. However, if this were the case, is it possible to configure
WinXP Pro such that only traffic going to ev1.net goes to the
secondary link, while the rest still goes through my school? It'd be
even better if load balancing can be done on top of that...

Julian Hsiao
evil_live_ten_tod_erosinayn_ta_akodam

 

[Michael Nittmann]

I really appreciate your help. However, I'd appreciate more if you would
read my posts more carefully, as I've already addressed many of your concerns.

balancing can be done on top of that...

Julian Hsiao
evil_live_ten_tod_erosinayn_ta_akodam

Well, you did not say 'these are the sites', you said 'it is as
saying'.

I looked at all three sites.


Engrish: very probably blocked because of wording on the home page,
and linking to 'adult english', with the for adult sites typical
'enter....leave' splash page.

That one fell into the adult blocker.

The other two sites link in second and third level to 'drug scene
suspicious' sites. Not that the links are, but the wording is
marginal. Text driven content filters will block these sites.

Just to make this clear: none of the sites has any such content. But a
content driven filter will reject them.


Next time:

answer clearly: which sites: needs a list, not 'as if I would say
like', and all this is much shorter.

You should go to your admin, show the sites, and tell that they might
fall under that issue.

Other ways to get help fast:

use traceroute: is the host at all available (I guess yes)

Since you probably sit behind a proxy, you won't be able to do the
next test.
It would work, if it is a 'transparent' proxy, i.e. your browser has
no proxy configured:
(so this only will work if you do not need to configure a proxy in
your browser):

the example site to check if a web connection would work is here
http://helpdesk.pro-html.org

strip the http://, and everything else that could be on a web site
call, likd trailing /page.asp?whatever .

Then do:

telnet helpdesk.pro-html.org 80

The number 80 makes a web connection.

If the site is blocked (but was available in traceroute), you get
nothing, and after a long time it says 'connection refused', or 'timed
out', or else.


If it answers

Trying ....
Connected to .....


and then sits there, you can reach the site with a web connection.

Just type


get


and hit return. You get an error message.

This would mean you have dynamic content filtering in place, so that
the site is well reachable, but the pages that come back are read and
compared against semantics that will be forwarded to you. Such a
transparent proxy will read the pages first, and then give your
browser a 'not available' message.


All sites are perfectly reachable from here. I guess it's content
based filtering.


Mike