Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
The last weeks I hve not been able to access the Internet with my linux-pc's on the countys network. At the gateway there is a web filter. IWSVA - InterScan Web Security Virtual Appliance from TrendMicro. Behind the GW there is a MS Firewall-1 (r75). Directly behind this firewall I can access the internet in a normal way, and everything seems to work ok.
At the municipality town hall there is second MS Firewall-1 r75, and behind this one no PC's running Linux is able to access internet. Mac and Windows have no problems.
There is no use of proxy in the network.
With my Linux PC I can open HTTPS pages (also tested with wget)
HTTP pages are getting time out (the same when I use wget)
SSH and SCP is possible to remote hosts
FTP is not possible from Linux
I can ping, trace, tcptraceroute the entire network.
Mail is working normal
I do not believe that this MS Gold partner is doing this intentionally, but the result is that no PC running Linux can access the internet at the countys schools, libraries, public areas with wifi, sports halls, town halls, and so on...
If the connection fails at least you can run tcpdump to see if the traffic is actually being blocked.
I vaguely remember years ago there used to be a MS Proxy client, not sure if it still exists but it may be worth checking that there's nothing similar installed on the Windows pc's.
I can access all webpages that run on servers on the inside of the GW and IWSVA
Unless you're the administrator of that network, there's not much you can do, aside from putting in a request to get things diagnosed/changed. The user-agent switcher is the only thing you could try, and it's not working, so there must be some other sort of identification/authentication being used that's on the Windows boxes, and not on the Linux side.
There MAY be ways around things, but per LQ rules, circumventing data security policies/protocols isn't something that's done here. I realize you may be asking for totally legitimate reasons, but we've got now way of KNOWING that for sure.
Especially, have you tried the "Mask" option in Opera?
Quote:
Originally Posted by Durham
Yes, I have tried to change the user agent.
Which browsers, & what -- exactly, please -- did you change it to? Did you lift a user agent string right out of IE, including claiming to be "Winders"?
Do you have access to logs on the gateway or IWSVA ?
No, I dont have access to the logs from IWSVA
Quote:
Originally Posted by TB0ne
Unless you're the administrator of that network, there's not much you can do, aside from putting in a request to get things diagnosed/changed. The user-agent switcher is the only thing you could try, and it's not working, so there must be some other sort of identification/authentication being used that's on the Windows boxes, and not on the Linux side.
I have used Wireshark to compare the dump form the inside and the outside. When I'm on the inside, I see the 3 first packets of the session.
1. DNS query
2. DNS respons
3. HTTP [SYN]
...but no HTTP [SYN, ACK]
Quote:
Originally Posted by TB0ne
There MAY be ways around things, but per LQ rules, circumventing data security policies/protocols isn't something that's done here. I realize you may be asking for totally legitimate reasons, but we've got now way of KNOWING that for sure.
It is no problem to get around this when I can use SSH, but this is not the way to do it...
Quote:
Originally Posted by kbp
Try starting httpd on a Linux box behind the gateway and test the connection to it from a Linux box at the town hall
If the connection fails at least you can run tcpdump to see if the traffic is actually being blocked.
I vaguely remember years ago there used to be a MS Proxy client, not sure if it still exists but it may be worth checking that there's nothing similar installed on the Windows pc's.
This seems interesting, but I didn't understand all of it. Could you try to explain a bit more?
I have talked to the ISP, and I believe them when they tell me that they do not understand why this is happening. They are trying to solve the problem, but I dont think they know where to look...
I have found a tiny difference in the third packet of the http-session.
The one with [Stream index: 1] completes the whole HTTP-session.
The SATNET stream ientifier option provides a way for the 16-bit SATNET stream identifier to be carried through networks that do not support the stream concept. The stream id is regarded as an obsolete part of tcp.
I don't know if your choice of words is confusing anyone else, do really mean "packet" not "package"? If so, you can edit your last post to fix the confusion.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.