Without adding *any* data plan to an account, are there any open ports (e.g. 25) through which one could set up a ssh tunnel? If there were, it seems you could ssh or set up OpenVPN or something.
Well it would depend on the operator as to which ports they open for subscribers, I'm not sure about the technical intricacies of billing for data but most operators by default sign you up to a "pay as you use" plan if you don't have a data bundle so seeing as tunneling consumes data you would be charged for it by the Kb regardless of what port you are using.
Sorry, I am asking about T-Mobile in the USA.
Related
Hello everyone,
I am looking into the idea of being able to run an SSH or VNC server on the Windows Mobile, specifically our Rhodium, platform over cellular (3G). I know for a fact Tmobile can assign a 'route-able' IP address to a phone here in the USA (this has been tested). I can ping this IP address from any computer on the internet (albeit with some substantial latency). Perhaps there is a way to use the Tmobile allowed "pinging your device" to tunnel SSH or VNC traffic.
I would like to figure out a way to reach an SSH or VNC server on my phone using this method. We would need to somehow "open" an inbound port to the phone (this would function like basic port forwarding).
All of this works perfectly over WiFi, of course, but the goal is to get this working over cellular 3G (in particular, Tmobile). I see this as a technical challenge we can overcome as a group.
Does anyone have any ideas on this?
Folks, someone must have some ideas on this!
Here's a few links I came across:
http://kar1107.blogspot.com/2006/03/running-servers-on-cell-phones.html
http://digg.com/software/Run_a_web_server_from_your_phone
it isnt possible they close all ports except if you use port 80 on your phone for the server then you can run vnc server mobile
Antonius123,
So you're saying I can run a vnc server on port 80 on Tmobile? I have tried to run a web server on port 80 with no success.
Which mobile VNC server allows you to set the listening port?
its a program that is in alpha mode.
you can get your ip adress from your mobile phone trough php it is sending the real ip and not the fake.
But you must be aware that ip changes every time you get tro a difrent tower (gsm tower).
create a php page on a webserver with this code
PHP:
<?php
echo $_SERVER['REMOTE_ADDR'];
?>
Thanks for your reply, but I have additional questions.
I am able to get my real IP address from the phone by using VxUtil. This application tells me my IP address. Remember, I am able to have Tmobile assign me a 'route-able' IP address.
What is this program you speak of, which is in "alpha mode"?
The PHP code you provided, as I understand it, will simply give me my IP address, which VxUtil is able to do.
Were you able to somehow successfully access your device using the cellular connection? Which VNC software did you use, or did you use a different protocol?
It's interesting to note that when I check connectivity to my phone by doing "telnet IP_ADDRESS_HERE 80" I do not get a failure, the screen does hang as expected (Telnet can be used to see if ports are open without having a Telnet service running on my phone).
Can anyone please provide input?
I know how to do this in Windows and Linux, but not really sure how to go about it on Android...4.0.4 to be exact.
What I'm trying to accomplish is to have both active, with the 3G/4G handling internet-based activities and the Wifi handling local network access.
Why? Basically my home internet is horrible however I have some services/shares on my LAN that I want to access on my phone. And I can't switch between them, not an option. Because many times I'm wanting to take a picture from my file server (Accessed over Wifi) and then upload it to Flickr (Accessed over 3G/4G).
In Windows it's setting the gateway metric, and I would set the connection with the internet with the lower metric while the LAN-only connection gets a higher one.
I'm not aware of any way to do this on any Android - I would imagine it requires a heavily modded ROM.
You could of course tether a Windows or Linux computer on your network to the Android and implement gateway metrics from that end, in order to copy photos from the LAN server to the Internet via cellular.
cmstlist said:
I'm not aware of any way to do this on any Android - I would imagine it requires a heavily modded ROM.
You could of course tether a Windows or Linux computer on your network to the Android and implement gateway metrics from that end, in order to copy photos from the LAN server to the Internet via cellular.
Click to expand...
Click to collapse
I'm agreeing with him ^
|
Ask Cyanogen, if he could do such a thing, afterall, he has been hacking/modding Android since it's inital release. If anyone can help you, it's him... Sorry dude.
While I've never tried it, you might want to try setting up a DHCP reservation on your LAN that DOES NOT provide a gateway. This should allow Internet access using your egress connection while still allowing local LAN access-at least this is how it works for most computers that are multihomed.
For anyone interested in data security the ability to encrypt network traffic is obviously important-- especially in light of the myriad of recent well publicized reports of private and government electronic snooping. It is also relevant to mention that to date no one has come close to cracking "TwoFish" encryption which can be used by SSH. With this in mind, consider the following tutorial which describes a method for encrypting all 3g, 4g, and Wi-Fi data, thus beefing up phone and personal data security.
Setting up a global SSH Tunnel on Android phones
This tutorial assumes the reader possesses a fully configured SSH server and rooted phone. In lieu of a server, (eg., the reader only has only a Windows-based operating system), research into CYGWIN is recommended. I use CYGWIN to run my SSH server and I have found that it is the most robust option for Windows users; however, setting this up on Windows can be a daunting task.
Setting up global SSH Tunnel on Android
1. Download 2 apps from the Google Playstore: ConnectBot and ProxyDroid
2. Install ConnectBot and ProxyDroid on your phone.
3. In ConnectBot set up Port forwards for your SSH connection. For "Type" field use "Dynamic (SOCKS)." For “Source Port” use 56001 or any local port not being used. The reasoning behind using port 56001 is this: System Ports (0-1023), User Ports (1024-49151), and the Dynamic and/or Private Ports (49152-65535)
4. Open ProxyDroid and configure as follows:
Host: 127.0.0.1
Port: 56001 (or the port you chose to use in step 3)
Proxy Type: SOCKS5
Global Proxy: Check the box
The above procedure accomplishes several things. First, ConnectBot remotely connects to your SSH server. Next, the ConnectBot connection forwards to the local port 56001. ProxyDroid then redirects all network traffic through the localhost on port 56001. Once you are connected through ConnectBot and ProxyDroid is activated all of your data will be tunneled through the encrypted ConnectBot session. This is an excellent way to set up a global proxy because it does not require manual configuration of any applications to connect through the proxy. You can test the functionality of the connection by opening up your phone browser and performing the Google search: What is my IP. If the proxy is functional you will see the WAN IP of the network of your SSH server. Additional and more thorough testing can be done with packet sniffers such as WireShark.
An application called "SSH Tunnel" is an alternative to accomplishing the above. However, I find ConnectBot and ProxyDroid is more elegant and gives better control-- not to mention being more sophisticated/chic. When correctly performed the ConnectBot and ProxyDroid method encrypts all 3g, 4g and Wi-Fi data on your phone. This is obviously useful for phone access of sensitive materials especially using unfamiliar or alien network connections. With the current proliferation of identity theft via electronic snooping on mobile devices I do not advocate using cellular phones for any banking or electronic transactions without setting up a robust and reliable encrypted connection.
I would also add that you need to run connectbot first then run ProxyDroid. If you do it in reverse Connectbot will have problems connecting.
Dr.Tautology said:
For anyone interested in data security the ability to encrypt network traffic is obviously important-- especially in light of the myriad of recent well publicized reports of private and government electronic snooping. It is also relevant to mention that to date no one has come close to cracking "TwoFish" encryption which can be used by SSH. With this in mind, consider the following tutorial which describes a method for encrypting all 3g, 4g, and Wi-Fi data, thus beefing up phone and personal data security.
Setting up a global SSH Tunnel on Android phones
This tutorial assumes the reader possesses a fully configured SSH server and rooted phone. In lieu of a server, (eg., the reader only has only a Windows-based operating system), research into CYGWIN is recommended. I use CYGWIN to run my SSH server and I have found that it is the most robust option for Windows users; however, setting this up on Windows can be a daunting task.
Setting up global SSH Tunnel on Android
1. Download 2 apps from the Google Playstore: ConnectBot and ProxyDroid
2. Install ConnectBot and ProxyDroid on your phone.
3. In ConnectBot set up Port forwards for your SSH connection. For "Type" field use "Dynamic (SOCKS)." For “Source Port” use 56001 or any local port not being used. The reasoning behind using port 56001 is this: System Ports (0-1023), User Ports (1024-49151), and the Dynamic and/or Private Ports (49152-65535)
4. Open ProxyDroid and configure as follows:
Host: 127.0.0.1
Port: 56001 (or the port you chose to use in step 3)
Proxy Type: SOCKS5
Global Proxy: Check the box
The above procedure accomplishes several things. First, ConnectBot remotely connects to your SSH server. Next, the ConnectBot connection forwards to the local port 56001. ProxyDroid then redirects all network traffic through the localhost on port 56001. Once you are connected through ConnectBot and ProxyDroid is activated all of your data will be tunneled through the encrypted ConnectBot session. This is an excellent way to set up a global proxy because it does not require manual configuration of any applications to connect through the proxy. You can test the functionality of the connection by opening up your phone browser and performing the Google search: What is my IP. If the proxy is functional you will see the WAN IP of the network of your SSH server. Additional and more thorough testing can be done with packet sniffers such as WireShark.
An application called "SSH Tunnel" is an alternative to accomplishing the above. However, I find ConnectBot and ProxyDroid is more elegant and gives better control-- not to mention being more sophisticated/chic. When correctly performed the ConnectBot and ProxyDroid method encrypts all 3g, 4g and Wi-Fi data on your phone. This is obviously useful for phone access of sensitive materials especially using unfamiliar or alien network connections. With the current proliferation of identity theft via electronic snooping on mobile devices I do not advocate using cellular phones for any banking or electronic transactions without setting up a robust and reliable encrypted connection.
Click to expand...
Click to collapse
I know that this is an old thread but is there any way to ssh-tunnel wifi traffic only ? Especially "untrusted wifi" traffic only?
Thanks
how to set up connect bot? please can you provide the information in detail?
Okay so I was using this setup of connect-bot and proxy-droid on kit kat. It was working great. I upgraded my phone to lollipop and connectbot would not port forward (the port data would be crossed out after connecting)
I decided to replace connectbot with ssh tunnel in this config
https://play.google.com/store/apps/details?id=org.sshtunnel
it did not work with global proxy in ssh-tunnel so I used proxy-droid like the OP did and it worked.
so basically substituting connect-bot with ssh-tunnel from the OP
setup:
root required
instead of connect-bot configure ssh-tunnel
host= ip address of ssh server
port= 22
user=ssh username
password=ssh passworrd
check use socks proxy box
set proxy port to 56001
do not check global proxy
now configure Proxy droid same as mentioned by OP
Open ProxyDroid and configure as follows:
Host: 127.0.0.1
Port: 56001
Proxy Type: SOCKS5
Global Proxy: Check the box
this should work great for devices absent of vpn files but have root access
launch and connect ssh-tunnel the proxy-droid. then use a browser to connect to local lan.
I have tested using a rasberry pi running ssh and in sshd_config allowed root access and maybe also tcp forwarding.
I have also tested on dd-wrt 3.0beta with tcp forwarding checked. (ssh is mostly broken/disabled in v2.4)
is there any other option instead of proxy droid ...because proxydroid is not working on Youwave..
Could an app like SSH Tunnel be used without ProxyDroid? I noticed that with ProxyDroid I was able to cloak my IP address at an IP reveal website, but couldn't do so without it. Unfortunately ProxyDroid requires root, which my current phone does not have. What good would SSH Tunnel be without ProxyDroid?
Not solve the problem, when ConnectBot connects first, and I enable SocksDroid second. ConnectBot will drop the SSH connection.
It's tool late, but the problem solved:
On SocksDroid, need select: Per-App proxy and select BypassMode, and add org.connectbot (NOT only ConnectBot) to the App List. With this settings, ConnectBot ALWAYS bypass the proxy.
Tesetd, working satble.
So no to long ago I decided I would check the my phone's ip address and came across some questionable stuff. Here's my question:
1) How is it that my phone's ip address can change from being registered to tmobil on a 100.x.x.x address to sporadically being registered on DoD 30.x.x.x address?
2) How can it still happen even after I installed android firewall?
Conditions are always the same. I don't download any shady anything's. I pay for my rhapsody account and that's as far as my file sharing goes. I never have my WiFi enabled.
Any ideas or let me know what info you'd need to better access the situation. Thanks.
Without knowing what the allocated ip address really was, there it's really no way of knowing who the current owner of the block is, many blocks are relocated and may no longer be with who they used to be with, especially ipv4 blocks.
Not sure what android firewall would have to due with what the remote ip you are being allocated to with your dhcp network connection.
You should have no real control over what your network connection is given when you connect, other than possible controlling ipv6 vs ipv4.
krelvinaz said:
Without knowing what the allocated ip address really was, there it's really no way of knowing who the current owner of the block is, many blocks are relocated and may no longer be with who they used to be with, especially ipv4 blocks.
Not sure what android firewall would have to due with what the remote ip you are being allocated to with your dhcp network connection.
You should have no real control over what your network connection is given when you connect, other than possible controlling ipv6 vs ipv4.
Click to expand...
Click to collapse
So does this help? the firewall lets me know that even though I have set it up to refuse the block of addresses in which in resides, they're still connection to my phone.
Not sure I'm understanding you anyway. You telling me they temporarily relocate my up because they re no longer with.... yet after a few minutes , sometimes hours, I'm right back to the same ip?
What he was saying I believe is that the IPv4 allocations have been changing do to the available IP address blocks running thin. Companies were encouraged to give up IP blocks that they weren't actually using. In simple terms, a company might have originally owned a block of 100,000 IPs but never actually used more than 50,000. So they gave back a block of 50,000 so another company(s) could use them instead.
I don't believe the IP address' are static on a carrier. I'm not sure but each time you connect to the carrier network (no signal or airplane mode) you could be giving a fresh IP address. Also that is certainly the case if you are on a WiFi network. Unless you phone was set up as a static connection, you would likely receive a new lease on an IP address.
Found this which sounds similar to what you are seeing.
https://blog.wireshark.org/2010/04/t-mobile-clever-or-insane/
chipworkz said:
Found this which sounds similar to what you are seeing.
https://blog.wireshark.org/2010/04/t-mobile-clever-or-insane/
Click to expand...
Click to collapse
Exactly. Internal allocate IP's are normally Natt'd and not actuall the IP you show up on the Internet as.
When you connect to your provider for Network (not using WiFi), the provider (most likely T-Mobile) will allocate an IP to you via DHCP. That IP is what your phone uses to talk to the provider. It most likely is NOT what you look like when you hit the Internet though, that will most likely be a different IP because TMobile is most likely not providing you with an Internet routable IP.
So, right now, I turned off WiFi and I got the IP 100.143.28.84. When my phone touches the Internet though, it shows up as 206.29.182.169.
So at that point in time, my phone is using 100.143.28.84 to get to T-Mobile's network and the Internet sees my phone as 206.29.182.169. the outside IP is in TMobiles published block. And why the internal IP is also, it really doesn't matter what it is because that is not what your phone looks like when it gets to the Internet.
It is possible in your area there are different networks available internally that are given to you when you connect depending on where you physically are and what towers you are closest to. At some times you get the 100.x network and you might even get the same IP as before because of a lease of that IP to your device, but then you move to a slightly different area which is handing out 30.x addresses. All perfectly normal. and the internal IP's really don't matter much.
You can use a search of Whats My IP to see what the Internet thinks your IP is when you get there.
With some providers (Verizon for example) if you are using ipv6, you will always get a non-routable IP, meaning that if you figure out your Internet IP, an outside connection may not get back to you unless your device initiated the connection, but if you use ipv4, they gave you a temp IP that would end up with a routable IP back. You could then use that to connect to your phone using something like VNC or other service. Now days, that is much more likely not the case unless you are paying for that special IP service. I don't know if Tmobile offers that type of service, but Verizon did at least a year or two ago.
In anycase, you firewall shouldn't matter unless you don't want to access your providers network.
In lamens terms I think he's talking about an internel subnet mask
chipworkz said:
Found this which sounds similar to what you are seeing.
https://blog.wireshark.org/2010/04/t-mobile-clever-or-insane/
Click to expand...
Click to collapse
That was a very interesting article. If the author's theory is correct, T-mobile was playing some cute and dangerous IP games in 2010.
I want to prevent my carrier from knowing that I am using CM11's native Hotspot or Tethering features. I know that they can look at the TTL of packets or analyze the traffic (Windows Update, Steam) to detect this. I have a subscription to a VPN service, Private Internet Access, which has an app on Android. If I enable the VPN mode of this app, will all the Hotspot traffic be routed through it, completely invisible to the carrier?
Searching showed me some conflicting answers on this, with some people saying to run it on the tethered device, and others saying to run it on the phone. I am thinking running VPN on phone, as the packets should appear to originate from the phone, rather than something 1 hop behind it.
kcattakcaz said:
I want to prevent my carrier from knowing that I am using CM11's native Hotspot or Tethering features. I know that they can look at the TTL of packets or analyze the traffic (Windows Update, Steam) to detect this. I have a subscription to a VPN service, Private Internet Access, which has an app on Android. If I enable the VPN mode of this app, will all the Hotspot traffic be routed through it, completely invisible to the carrier?
Searching showed me some conflicting answers on this, with some people saying to run it on the tethered device, and others saying to run it on the phone. I am thinking running VPN on phone, as the packets should appear to originate from the phone, rather than something 1 hop behind it.
Click to expand...
Click to collapse
To the best of my knowledge, they could easily know that you are connecting to the VPN tunnel as it utilizes a certain ports. However if it's correctly set up and utilize a secure protocol, all your traffic will get through the VPN and your ISP won't be able to decipher your online activities and your connection type or make sense of your internet traffic.
In other words, you may be using the VPN to connect to websites A, B, and C and send all sorts of interesting information to those websites; or send email; or whatever. Your ISP can see none of that. All they can see is encrypted data that they can't decrypt. So they know you're using a VPN, but they don't know what you're using it for.
Hope it could help.