Trying to Host a Minecraft Server behind Company firewall.

[Sparky9292]

I want to host a Minecraft Server. The problem is that my home upload speed blows (80KB/sec), so not many people could join.

My company has 7MB/sec upload, so that's a great place for a Minecraft server. The problem is that I can't open any ports in the company's firewall.

I noticed that Teamviewer/GotoMyPC and similar software work just great and get past the firewall no problem.

Is there a way to somehow get people to use my home machine as a proxy to connect to the Minecraft server at my company? Maybe some way with SSH?

Thanks in advance!

 

[RalfTheDog]

I want to host a Minecraft Server. The problem is that my home upload speed blows (80KB/sec), so not many people could join.

My company has 7MB/sec upload, so that's a great place for a Minecraft server. The problem is that I can't open any ports in the company's firewall.

I noticed that Teamviewer/GotoMyPC and similar software work just great and get past the firewall no problem.

Is there a way to somehow get people to use my home machine as a proxy to connect to the Minecraft server at my company? Maybe some way with SSH?

Thanks in advance!

Using company internet to run a game server?

Sparky, this is your boss speaking, You are fired!

PS. If you were to proxy all your traffic through your home computer to the business server, it would be slower than running it directly off of your home server.

Most companies don't like random software running on their networks. Unless you own the company or are looking for another job, I would think about other solutions.

 

[Sparky9292]

Using company internet to run a game server?

PS. If you were to proxy all your traffic through your home computer to the business server, it would be slower than running it directly off of your home server.

No, the home computer will only serve to connect the machines to the actual server.

What I need to do is called a Reverse SSH Tunnel.

 

[koolraap]

lecture

It doesn't sound like a very good idea -- however we don't know your circumstances. Small company where you work for the owner and they guy next to you is the owner's son, no problems. Large company... don't do it. If you do work for a large company I offer this sagely advice:

If you're smart enough to do this yourself, then you're smart enough not do it at all.

If you do want to continue down this route, try find out what sort of intrusion detection/monitoring and logging goes on where you work.

(sorry to sound like a parent. I work in the IT dept, and people do amazing dumb things sometimes. "Hello Fred? Would you mind stopping your bittorrent server immediately? Yes, the one running on your machine. You don't know how it got there? I see. Do you think you can remove it and any media files yourself or should I do that from here?"

The other classic mistake is to write something stupid in a work email/IM/txt. If it's electronic assume it's logged.)

 

[marsmissions]

This is what I would do if I hated my job....

 

[Sparky9292]

It doesn't sound like a very good idea -- however we don't know your circumstances. Small company where you work for the owner and they guy next to you is the owner's son, no problems. Large company... don't do it. If you do work for a large company I offer this sagely advice:

If you're smart enough to do this yourself, then you're smart enough not do it at all.

If you do want to continue down this route, try find out what sort of intrusion detection/monitoring and logging goes on where you work.

(sorry to sound like a parent. I work in the IT dept, and people do amazing dumb things sometimes. "Hello Fred? Would you mind stopping your bittorrent server immediately? Yes, the one running on your machine. You don't know how it got there? I see. Do you think you can remove it and any media files yourself or should I do that from here?"

The other classic mistake is to write something stupid in a work email/IM/txt. If it's electronic assume it's logged.)

Yeah but you can't stop me from SSH Tunneling. You'd have to stop all encrypted traffic and it would stop everyone from visiting HTTPS sites.

 

[dXTC]

Yeah but you can't stop me from SSH Tunneling. You'd have to stop all encrypted traffic and it would stop everyone from visiting HTTPS sites.

Don't underestimate your company's IT department. Any worthy network traffic monitor should be able to isolate an unusually heavy-traffic SSH tunnel to a single server, sometimes even a single process. Network/server engineers can then check in the logs which user started the process for documentation purposes, and then kill the process, perhaps going so far as to disable SSH tunnels to that specific server, leaving other secure routes intact.

In short, it's still a very bad idea, and is most likely prohibited in a corporate IT policy your company most likely had you sign. Find another way to get your Mine on.

 

[Consultant]

No matter what speed your company's connection is, you are still limited by the SLOW home upload speed of (80KB/sec)

 

[belvdr]

No, the home computer will only serve to connect the machines to the actual server.

What I need to do is called a Reverse SSH Tunnel.

It's still piping all the traffic through your home system. Plus if your home system is then VPN'ed into work, you're double-encrypting the traffic and slowing it down even more.

This is not a solution.

 

[pismobrat]

Can't hold back.

As an IT Admin I love people like OP. I love putting technology in place to crush their attempts to do silly things like this. Between a fully deployed gatway with IDS, DPI with a host of other NAT/Routing Policies with Application Level Control and features all the way to my Aruba wireless system with WIDS and DPI, crushing attempts like this is so easy.

Yes I am one of those IT Admins who logs everything but I do provide enough flexibility for the staff who need to do their jobs. But when I have had staff trying to do stupid things on the network I've gotten them fired for not adhearing to company policy and I enjoy that.

 

[ezramoore]

To do this in a corporate environment, and to think that you won't draw the ire of the IT staff and be discovered isn't stupid, it is completely ignorant.

Doing things like this on network which is actively managed by one group of people means there is no doubt you will be discovered.

Give it up.

Pay for better internet at home.

 

[Mattie Num Nums]

You will get caught so fast. Info Security peeps get reports daily on BW and usage and when they see some weird port hosting crazy incoming and outgoing connections they will track you down and fire you. Don't do something like this. Not only can you get fired but sued because of the potential security mess you can cause.

No matter what speed your company's connection is, you are still limited by the SLOW home upload speed of (80KB/sec)

The corporate pipe though would allow more people to use the server though.

 

[belvdr]

The corporate pipe though would allow more people to use the server though.

That would be incorrect. If everyone is using SSH tunneling to go through his home machine, then they are limited by the slowest link (his speed at home). For example, if A is the friend, B is the OP's home computer, and C is the OP's work computer, then a tunneled connection wouldn't suddenly go from A -> C. It goes A -- (encrypted) --> B -- (encrypted again over VPN) --> C. Then the return packet is just the opposite.

Also, I don't know of many information security guys who are worried about bandwidth. At least, none of the companies I visited were concerned. That was the network admin's job. And given they would be limited by the home machine's bandwidth, it likely wouldn't raise any alarms from a bandwidth perspective.

Now, if the employer have scanners (port and/or application like SCCM) on the network, those would likely reveal either the unauthorized program or port on the work machine. Either way, it's a dumb idea.

 

[MacDann]

Can't hold back.

As an IT Admin I love people like OP. I love putting technology in place to crush their attempts to do silly things like this. Between a fully deployed gatway with IDS, DPI with a host of other NAT/Routing Policies with Application Level Control and features all the way to my Aruba wireless system with WIDS and DPI, crushing attempts like this is so easy.

Yes I am one of those IT Admins who logs everything but I do provide enough flexibility for the staff who need to do their jobs. But when I have had staff trying to do stupid things on the network I've gotten them fired for not adhearing to company policy and I enjoy that.

As a network security professional, I too enjoy folks like this. It gives me motivation for doing my job.

Not to say I enjoy being punitive, but the gall that some people have, which can often appear as out and out stupidity, just makes it fun to ferret this stuff out. (I am not implying that you are stupid - just that some people I have encountered in my work do things that to many of us would appear to be patently obvious, and therefore, stupid.)

If your organization is running any sort of IPS or IDS, they'll catch you in short order.

Sure, I can't see the contents of SSH traffic, but you can bet I can monitor the volume and source/destination. These parameters are enough to cause my IPS to give me a tap on the shoulder so I can look at what's happening in more detail, or even better, start locking things down.

Unless you're the boss's son or you have the blessing of the management, I would highly discourage you from attempting this. You will get busted.

MacDann

 

[belvdr]

Sure, I can't see the contents of SSH traffic

You'd see this for sure, as the SSH packets were decrypted at his home PC, encrypted across the Internet, and then decrypted at the VPN endpoint. Makes it even easier to catch.

 

[jtara]

Yeah but you can't stop me from SSH Tunneling. You'd have to stop all encrypted traffic and it would stop everyone from visiting HTTPS sites.

Wrong.

SSH != HTTPS

They're both encrypted, but encrypted differently, entirely different protocols, different (default) ports, etc.

Sounds like you know JUST enough to get yourself in trouble. LOL.

 

[Detrius]

This thread is full of win.

 

[blacka4]

you are an idiot. you will loose your job over this.

 

[Les Kern]

what the hell is wrong with you?

 

[GoCubsGo]

I'm totally going to follow the OP. The next thread will be: lost my job because my IT department SUCKS.

 

[pismobrat]

Ok guys lets wrap this up. This thread is starting to turn into a bleed.


Admin - Please close this thread.

 

[ericrwalker]

you are an idiot. you will loose your job over this.

That's tight.

 

[Consultant]

I'm totally going to follow the OP. The next thread will be: lost my job because my IT department SUCKS.

It looks like the MR scolding saved his job, this time.