Jump to content

Generic TCP Behind Router?


themax90
 Share

Recommended Posts

Well, I have most of TCP sorted out and am currently writing ITS Chat which works quite well on direct connections but for some reason it wont work behind Routers, is there any research that has been done to allow it access without forwarding. I have tried to connect to alot of devels on my project but I can only talk to half because the other half have routers and cannot remember there user/pass to login into the router. For example, AIM works behind routers no matter what, does anyone know how to do this with native TCP and UDP commands of AutoIt?

Link to comment
Share on other sites

When using NAT (enabled on 99% of home routers), it is impossible to make connections to a computer behind the NAT, unless they open a port for communications. If you have a server that is not behind a NAT (or it is statically forwarded), then you can just set it to connect to the server, and it should** not be a problem

Writing AutoIt scripts since

_DateAdd("d", -2, _NowCalcDate())
Link to comment
Share on other sites

AIM most likely works without router configuration because it has no need for listening ports.

Some routers support UPnP (Universal Plug 'n' Play) which can allow software to dynamically open forwarding ports. Azureus embraces this functionality.

In my opinion though, pursuing this idea is rather fruitless. It would only work for routers supporting the functionality which leaves everyone else no better off. It's not hard to forward ports -- anyone not prepared to do so should not be considering running a server.

Link to comment
Share on other sites

Could anyone write a UDF or function that allows this UPnP for some routers, my dad has UPnP but I have not added the code to anything and don't know how, perhaps someone could quickly write something or give me a generic example to work from?

Link to comment
Share on other sites

Create a dyndns account.

Open a port (about 1024) to the computer that will be running the server program.

Set the client program to open a port to the dyndns address, with the port you configured on your router.

It should connect

Writing AutoIt scripts since

_DateAdd("d", -2, _NowCalcDate())
Link to comment
Share on other sites

Then contact the makers of the router(s) and tell them to disable the built-in port-blocking support. Also, you might want to ring up the makers of broadband modems as they have built-in firewall/port-blocking support, too.

Really, think about what you want to do for about .22 seconds. Does it make sense that a router/modem with port-blocking enabled would allow an arbitrary application to open any port it wants to without user authorization? Doesn't that defeat the purpose of having the port-blocking functionality if anything can come along and open it?

Use your brain, please.

Link to comment
Share on other sites

Yes I understand that but is there any way to tell what type of modem or router it is and use Com and Obj support to determine what version, then ask the user for authentication and make a secure connection so it can be done automatically? Is it possible?

Link to comment
Share on other sites

Are you completely retarded or only 99%? Do you think the makers of routers/modems are going to make an "automatic" method so people can circumvent the security measures on the device?

The user has to manually forward the port on all necessary software and hardware firewalls/port-blockers. If they do not understand how to do this with their equipment, then they can not use those ports until they learn to use their equipment.

Link to comment
Share on other sites

Valik don't blast me, please. I was just wondering if there was COM support to test and find the version, then get the User/Admin password and authtication from the user to perform the action where you connect either in COM or Telnet or something, and then edit a file or send a command. I am not a retard Valik, don't blast me for a communication error.

AutoIt Smith

Link to comment
Share on other sites

I'm not "blasting" you for a communication error, I'm "blasting" you for not exercising common sense. If you downloaded an application, would you want to give it access to your routers administrative interface so it could play about? If you were making a router, would you provide a front-door for nefarious activity?

Link to comment
Share on other sites

Thats not what I am talking about, I am talking about downloading an application which has the feature for a ONE TIME operation to forward a port and then close the I/O stream. And yes if it were a copywritten product, that is known by many users, and I didn't know how to forward a router, say AIM on routers that dont have UPnP, then YES I would allow that program admin access to perform a function in which it would ALLOW me to use AIM. Yes, UPnP IS A FRONT DOOR ACCESS. Plus the user would be given a privacy statement, a end-user license agreement, liability statement, and told of a single function that would take place and tell the user about it fully, and then erase the variables from memory. It's not that stupid when you think about it, UPnP does the exact same idea. So stop acting like it's such a bad idea, I think users should have a choice. If a user is too dumb to figure it out, and the router doesn't support UPnP(say perhaps a comcast representive technician installed it) then there should be support for SECURE connections to forward using an I/O stream which only works on computers inside the network. God Valik, just accept my damn idea and opinion, it's not the stupidist thing in the world.

Edited by AutoIt Smith
Link to comment
Share on other sites

Thats not what I am talking about, I am talking about downloading an application which has the feature for a ONE TIME operation to forward a port and then close the I/O stream.

Oh, well, one time, eh? In that case, sure, it's not like anybody can cause any harm in allowing something access to a port once, right?

And yes if it were a copywritten product, that is known by many users, and I didn't know how to forward a router, say AIM on routers that dont have UPnP, then YES I would allow that program admin access to perform a function in which it would ALLOW me to use AIM.

Well, you're an idiot then and I have some ocean-front property in Kansas I would like to sell you. Me? I'd never let a program open a port on its own in such a manner.

Yes, UPnP IS A FRONT DOOR ACCESS.

Its too bad for you, then, that UPnP is considered a security risk and is thus disabled by default on most devices.

Plus the user would be given a privacy statement, a end-user license agreement, liability statement, and told of a single function that would take place and tell the user about it fully, and then erase the variables from memory.

You mean like Sony provided an EULA before installing their root-kit on people's PC, right?

It's not that stupid when you think about it, UPnP does the exact same idea. So stop acting like it's such a bad idea,

Really? I suggest you read more literature, then. UPnP isn't enabled by default on most devices.

I think users should have a choice.

Yes, they have the choice to learn to use their software/hardware or to be ignorant about it.

If a user is too dumb to figure it out, and the router doesn't support UPnP(say perhaps a comcast representive technician installed it) then there should be support for SECURE connections to forward using an I/O stream which only works on computers inside the network.

What a stupid thing to say. I'm glad you're not working for any networking firms or we'd be in for a world of backdoors... or should I call them frontdoors? This is a concept we in-the-know call "security". What you ask for is absurd and compromises... well, everything. What's the point in having features like port-forwarding if it can be by-passed third-rate "networking programmers"?

God Valik, just accept my damn idea and opinion, it's not the stupidist thing in the world.

No, it's not the stupidest, but it's on the list of really stupid things. It falls somewhere just below "posting a cracked decompiler on a forum where it's not appropriate".

As I mentioned previously, UPnP is disabled by default on most devices. In order to enable UPnP, the user must at least know how to access the administrative console for their device. You know what, if I'm Joe-dumbass but I can access the administrative console, chances are, I can probably just use the port-forwarding controls instead of turning UPnP on. That's called a catch-22. That also means you're screwed.

It scares me that you don't even have a basic knowledge of networking yet you tout yourself as some sort of networking guru or some such rubbish. Read some books on basic networking and networking security and stop being dense.

Link to comment
Share on other sites

Valik, I know about networking, and it would not allow back doors. The program would need the USERNAME AND PASSWORD for Administrative access, it's not like they can just open ports at free will. I don't tout myself as a guru, but it's not like I'm in the beginning. It would not open backdoors, Jesus IT'S NOT THAT HARD. http://192.168.1.100:username:passsword Thats a sample router syntax, the function could simply open up that and tell the user what to do. It's not like I'm saying "give the program full access to fuck up someones router", I'm saying allow it to connect Via a browser and tell the user what to do, or use a stream to do it such as http:://192.168.1.100:username:password:forward:port:endip Somethings like this work on certain routers. MY intial question was if there were COM support for sending a stream like this to open a port but I guess running a stream through a browser "opens doors". Don't be so damn negitive, it's not like this is a Black and White subject, there are many other interpretations.

Link to comment
Share on other sites

The program would need the USERNAME AND PASSWORD for Administrative access, it's not like they can just open ports at free will.

I would say that on 75% or more of the devices you wish to access are going to have the user name "admin" and the password will be either blank or "admin".

IT'S NOT THAT HARD. http://192.168.1.100:username:passsword Thats a sample router syntax,

Thats no syntax I've ever seen. As far as I know, the syntax for URLs is <protocol>://[[user][:pass]@]<host>[:port][/path]. Incidentally, that syntax no longer works in IE if memory serves me and in Firefox you are at least prompted whether or not the page should be opened as the specified user.

the function could simply open up that and tell the user what to do.

Or you could be like every other program and document that the user will need to forward the port(s) if they wish to use the product.

It's not like I'm saying "give the program full access to fuck up someones router",

That is exactly what you are saying, however, that may not be what you intend. There is a difference and it is important in this case to distinguish that what you want and what can be done if your desired method were a reality are at opposite ends of the spectrum.

I'm saying allow it to connect Via a browser and tell the user what to do, or use a stream to do it such as http:://192.168.1.100:username:password:forward:port:endip Somethings like this work on certain routers.

Name 5. Incidentally, I believe your use of the term "stream" is wrong through the post.

MY intial question was if there were COM support for sending a stream like this to open a port but I guess running a stream through a browser "opens doors".

Sure, there is a COM object that supports hundreds of products from dozens of vendors.

Don't be so damn negitive,

I'm realistic in this case, not negative.
Link to comment
Share on other sites

As far as I know, the syntax for URLs is <protocol>://[[user][:pass]@]<host>[:port][/path]. Incidentally, that syntax no longer works in IE if memory serves me and in Firefox you are at least prompted whether or not the page should be opened as the specified user.

just to clarify this part, you are indeed correct. however it still works with IE for protocols that support it. such as FTP.

as for the rest of this post... this is all stupid. if you're making some sort of server/client thing then:

a. tell the user what port to open for hosting the server.

b. forget about trying to open ports using programs.

Valik is completly correct here. I know it CAN be done, however i bet the process is difficult, and it would probably have to be coded in a much more difficult language like C++ or C#. it still required the username/password to open the port.

and frankly, from a "user" point of view.. i wouldn't use a program that automatically opened ports in my router. cause frankly, if an app could do that, then it could just as easily open port 21 (FTP) and have a FTP server bundled with it.

and thats why i use 9 character letter + number passwords on my routers.

Link to comment
Share on other sites

a. tell the user what port to open for hosting the server.

Can you all forget the damn server, this is not about the server, all I see is if you want server, THIS IS ABOUT THE CLIENT END USER CONNECTING BEHIND ROUTERS, not the server running behind routers. Please get that right I have corrected that like 3 or 4 times. Sorry for behind rude but jesus, I don't care about the server my problem is the CLIENT connecting to the SERVER, while the CLIENT is BEHIND a router. Like AIM does. Edited by AutoIt Smith
Link to comment
Share on other sites

uhm... maybe i'm missing something here but why would a Client need to open ports?....

you don't see any other programs out there need a port to be opened unless it is a server...

I mean... do you see seperate entries for Internet Explorer, Firefox, Games, random programs.. needing ports open? no...

Edited by Bi0haZarD
Link to comment
Share on other sites

Ok listen, the server is ran on a computer, the client connects to that. The client CANNOT connect to the server behind a router because of port restrictions, so I WANT THE CLIENT to be able to connect to the SERVER where ever it is.

Server ---- Internet ---- Client

Client connects to Server

If $Client = $BehindRouter Then $CannotConnect

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...