Wednesday, April 18, 2007

A Highly Fortified Virgin

I have discovered that my wireless provider Virgin Mobile (USA), runs a pretty tight networking ship. Which is to say, it's difficult to get arbitrary packets from the mobile handset (Audiovox 8915) to the internet at large. First of all, direct socket connections to the outside internet are blocked. This conclusion is based on using MidpSSH to connect to various ports and failing.

Virgin appears to be running a proxy which intercepts only HTTP traffic and forwards it onward (but only for ports 80, 8080 and 443). Note that this does not mean that arbitrary socket traffic can be sent over port 80, just HTTP traffic. That's still could be interesting since MidpSSH is able to communicate through an HTTP proxy server.

Finally, Virgin seems to have some kind of denial-of-service detector which prevents too many accesses to the same host over a short period of time. Since MidpSSH is an interactive application, it ends up making lots of brief connections to the server in proxy mode. After about five connections in series, the proxy returns a "Network Gremlins" message, which messes up the SSH negotiation process.

In short, there appears to be no way to pass arbitrary data through the Virgin Mobile proxy. That's kind of a bummer, and not so cool.

UPDATE: (20 Apr) by snooping the phone's file system, I discovered the IP address of Virgin's proxy server that the handset talks to when web surfing. It turns out it's just a standard Apache HTTP proxy server running on port 80! I was able to telnet to it using MidpSSH and request random web pages from the Internet. While this doesn't solve the problem, the fact that there's a standard proxy there suggests that one could use the proxy CONNECT command to open a persistent socket connection, at least to port 443, which is what CONNECT was intended for. And it works! I was able to connect to an SSH server. But... after about 10-15 seconds, the socket is closed. I can only assume that Virgin's firewall limits the lifetime of TCP sessions to prevent global firewall resources from being tied up. Sigh, another dead end.
Posted by at
Labels: ,

2 comments:

thinking...thinking...thinking said...

Nice try.

May 7, 2007 at 1:03:00 AM EDT
Anonymous said...

Same thing seems to happen on Virgin Mobile UK with a Sony-Ericsson K750i. I jumped ship and switched to O2, then got the settings for "O2 Mobile Web" from them. Now my cute little Ericsson's email functions work, as do Google Maps/Mail and Opera Mobile.

November 11, 2007 at 7:17:00 AM EST

Post a Comment

Subscribe to: Post Comments (Atom)