0
GARYC24

Surf Access Denied message

By GARYC24, in The Bonfire

Recommended Posts

Zipp0    1

Zipp0
Quote

How technically minded are you?

I can tell you exactly how to get by any limitation your company puts on you through an encrypted, but legal, channel and they won't be able to detect anything.



Tell me! Are you going to say TOR?

Feel free to use my proxy -

http://www.radicaloverthrow.com

Also Google Language tools can be used as a proxy -

http://www.google.com/translate?langpair=en|en&u=www.forbiddensite.com

(replace 'forbiddensite.com with the site you want.) Those damn IT people need more work if all they do is spy on employees.

--------------------------
Chuck Norris doesn't do push-ups, he pushes the Earth down.

Share this post

Link to post
Share on other sites

unformed    0

unformed
No, I'd say set up an SSH server and a proxy on a home computer, and use SSH tunneling to go through the server , through the proxy to wherever you want to go.

Because the traffic looks like SSH it can be a completely legitimate use, and they can't detect communication. Change the DNS server to a public server and there's no record of what you're doing at all.
This ad space for sale.

Share this post

Link to post
Share on other sites

Johnsisland    0

Johnsisland
Quote

Change the DNS server to a public server and there's no record of what you're doing at all.



You can change DNS without admin privileges? Geezzz, I have to test that one, and figure out a way to lock that setting down.:D:D:D:D:D

J

P.S. And of course, don't forget IT can spy on you by watching your desktop as you work.:ph34r::ph34r:
Arch? I can arch just fine with my back to the ground.

Share this post

Link to post
Share on other sites

Fast    0

Fast
Quote

How technically minded are you?

I can tell you exactly how to get by any limitation your company puts on you through an encrypted, but legal, channel and they won't be able to detect anything.



If you think that wont bother your IT department you are wrong or your IT department sucks. A high amount of encrypted traffic going out from one of my client machines would be a big problem to me. None of my users have any legitamate use for SSH.

It may be "Legal" but it is most certainly against the AUP. If it isn't, it will be when they find out about it, and you are STILL risking your job.

Also, using any of the "anonymous" proxy sites to get around your web content filtering system is going to get you in trouble eventually.

I don't know why people seem to think that it is ever ok to break policies. I am not saying I haven't or don't. I just don't bother trying to hide it. Either my boss will or will not tolerate what I do with my time at work.

For what it is worth, properly configured group policy for a domain will restrict 99% of users from any access to the network configuration pages and proxy settings in IE and if you are using the Frontmotion MSI for firefox autodeployment you can use group policy now to configure that as well.
~D
Where troubles melt like lemon drops Away above the chimney tops That's where you'll find me.
Swooping is taking one last poke at the bear before escaping it's cave - davelepka

Share this post

Link to post
Share on other sites

unformed    0

unformed
Quote

If you think that wont bother your IT department you are wrong or your IT department sucks. A high amount of encrypted traffic going out from one of my client machines would be a big problem to me. None of my users have any legitamate use for SSH.



I never said it won't bother the IP department. That's not my concern however.

Quote

For what it is worth, properly configured group policy for a domain will restrict 99% of users from any access to the network configuration pages and proxy settings in IE and if you are using the Frontmotion MSI for firefox autodeployment you can use group policy now to configure that as well.



The work I do I need access to the internet. Whatever lock you put in, can be gotten around, unless you whitelist ip addresses.

Quote

I don't know why people seem to think that it is ever ok to break policies. I am not saying I haven't or don't. I just don't bother trying to hide it. Either my boss will or will not tolerate what I do with my time at work.



I do good work. I'll get more work done, and of better quality, in an hour than most people will get done all day. Every boss I've had has known within a few weeks of me starting as well.

If they have a problem with what I'm doing, they can fire me. I have no problem with that. I'll just as happily and just as quickly find another job or some other way to make money.

That said, I don't condone breaking policies for people that can't back up what they're doing.
This ad space for sale.

Share this post

Link to post
Share on other sites

Zipp0    1

Zipp0
Quote

No, I'd say set up an SSH server and a proxy on a home computer, and use SSH tunneling to go through the server , through the proxy to wherever you want to go.

Because the traffic looks like SSH it can be a completely legitimate use, and they can't detect communication. Change the DNS server to a public server and there's no record of what you're doing at all.



I have ssh access to my web server. I guess I would have to ssh in and use lynx? Or could I set up an Xwindows client? I am far from a linux expert, but know enough to keep my website running and basic admin stuff..... Anyway, please explain.

I am just curious. I have no restrictions on my internet here at work, besides the normal "don't look at porn" rule.

EDIT TO ADD - I just checked. I CAN ssh in and then use lynx, but that text interface is super boring. I does boost the geek factor though.

--------------------------
Chuck Norris doesn't do push-ups, he pushes the Earth down.

Share this post

Link to post
Share on other sites

unformed    0

unformed
No no no... You don't need to use lynx.

You set up a tunnel, and then browse the net normally.

First you need to run a proxy on your server. I think there's something called tinyproxy which can be compiled and run with user priveleges on your linux account.

So, you install that in your personal directory (on the *nix machine) and configure it to use, say port 8080.

Then you connect ssh to tunnel your local port 8080 (on your office computer) to the address "localhost:8080" on the server (which would a connection to the local proxy). -- The only purpose of tunnelling through ssh is to encrypt the data and hide the fact that you're using a proxy...because there is no legitimate reason to use a proxy, there can be legitimate reasons to use ssh.

so now, your ssh connection is listening on 8080 on your office computer and forwarding all of the data through the ssh tunnel to port 8080 on the server (which is the proxy). So, you just configure Firefox or IE to use a proxy at localhost:8080 (the connection on the tunnel) and everything works like normal.

I wonder if that made any sense....
This ad space for sale.

Share this post

Link to post
Share on other sites

Zipp0    1

Zipp0
Yes, it mostly made sense.

Is it OK to run it as root, or would that be dumb? My instincts tell me it would be dumb....

Also, we do have a firewall here, but that will not matter, right? Will the http be going through the ssh port, even though I am using the local 8080 port?

Like this:

local:8080 --> ssh 22 --> proxyserver:8080

Or am I way off?

--------------------------
Chuck Norris doesn't do push-ups, he pushes the Earth down.

Share this post

Link to post
Share on other sites

unformed    0

unformed
You could run it as root, although I know you don't need to. When I was doing this a couple years, I did on my school shell account, so I didn't have root access. My personal opinion is not to give anything access it doesn't need, and so would run it on a user account. I don't like going into root unless I'm doing maintenance. It prevents mistakes from screwing up the entire system.

For the connection thing you got it perfectly...the only data leaving your office computer would be through the ssh connection and the only data entering your server would be through the ssh connection. (of course, raw http would be going out of your server as its doing the proxy work).
This ad space for sale.

Share this post

Link to post
Share on other sites

Zipp0    1

Zipp0
Thanks. I've wondered how to set up tunneling for a while.

I saw that you mentioned DNS earlier. So I guess the DNS would still be handled by the office network unless it could be changed? So you would need to enter the IP address into the browser rather than the domain name to maintain stealth?

--------------------------
Chuck Norris doesn't do push-ups, he pushes the Earth down.

Share this post

Link to post
Share on other sites

unformed    0

unformed
Quote

Thanks. I've wondered how to set up tunneling for a while.

I saw that you mentioned DNS earlier. So I guess the DNS would still be handled by the office network unless it could be changed? So you would need to enter the IP address into the browser rather than the domain name to maintain stealth?



Well, the reason I said about the DNS thing is that a couple months ago, the IT department decided to block myspace. Well, instead of actually blocking it, all they did was tell the local nameserver to send a different ip.

I thought something was just broken with the ip cache so i changed the dns server (in windows networking settings) to a public server and it worked. it could break some things, however, if the local lan has specific ips set for internal some other things could break.

i really wouldn't worry about the it department looking at dns records, but if you're paranoid....that's how to get around it.

technically, you could tunnel dns lookups through the shell as well.....
This ad space for sale.

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
0
Go To Topic Listing