GARYC24 3 #1 January 10, 2007 Anyone know all about this. How to get around it, etc! Especially, changing the connections proxies, etc does not work from where am at. Lengthy pm's are welcome. Quote Share this post Link to post Share on other sites
wildcard451 0 #2 January 10, 2007 as everyone will tell you, blah blah blah by circumventing your companies acceptable use policies you are likely endangering your job. They can and do watch what you do in IT. Go at your own risk. Quote Share this post Link to post Share on other sites
GARYC24 3 #3 January 10, 2007 I wonder what took them a year to do it! haha In that case thanks for reply, I'm have to log off now! Gary Calhoun Quote Share this post Link to post Share on other sites
Amazon 7 #4 January 10, 2007 Just go when there are no lifeguarsds.... better surfing when the weather is sucking anyway... bigger waves Quote Share this post Link to post Share on other sites
unformed 0 #5 January 10, 2007 How technically minded are you? I can tell you exactly how to get by any limitation your company puts on you through an encrypted, but legal, channel and they won't be able to detect anything.This ad space for sale. Quote Share this post Link to post Share on other sites
Zipp0 1 #6 January 10, 2007 QuoteHow technically minded are you? I can tell you exactly how to get by any limitation your company puts on you through an encrypted, but legal, channel and they won't be able to detect anything. Tell me! Are you going to say TOR? Feel free to use my proxy - http://www.radicaloverthrow.com Also Google Language tools can be used as a proxy - http://www.google.com/translate?langpair=en|en&u=www.forbiddensite.com (replace 'forbiddensite.com with the site you want.) Those damn IT people need more work if all they do is spy on employees. -------------------------- Chuck Norris doesn't do push-ups, he pushes the Earth down. Quote Share this post Link to post Share on other sites
gonzalesna 0 #7 January 10, 2007 i use http://anonoxy.com/ don't tell the boss!!!Some people refrain from beating a dead horse. Personally, I find a myriad of entertainment value when beating it until it becomes a horse-smoothie. Quote Share this post Link to post Share on other sites
LisaM 0 #8 January 10, 2007 Quotehttp://www.google.com/translate?langpair=en|en&u=www.forbiddensite.com I tried this and still got an access denied from our WebSense. How does this work? ~ Lisa ~ Do you Rigminder? Quote Share this post Link to post Share on other sites
unformed 0 #9 January 10, 2007 No, I'd say set up an SSH server and a proxy on a home computer, and use SSH tunneling to go through the server , through the proxy to wherever you want to go. Because the traffic looks like SSH it can be a completely legitimate use, and they can't detect communication. Change the DNS server to a public server and there's no record of what you're doing at all.This ad space for sale. Quote Share this post Link to post Share on other sites
Johnsisland 0 #10 January 10, 2007 QuoteChange the DNS server to a public server and there's no record of what you're doing at all. You can change DNS without admin privileges? Geezzz, I have to test that one, and figure out a way to lock that setting down. J P.S. And of course, don't forget IT can spy on you by watching your desktop as you work.Arch? I can arch just fine with my back to the ground. Quote Share this post Link to post Share on other sites
Fast 0 #11 January 10, 2007 QuoteHow technically minded are you? I can tell you exactly how to get by any limitation your company puts on you through an encrypted, but legal, channel and they won't be able to detect anything. If you think that wont bother your IT department you are wrong or your IT department sucks. A high amount of encrypted traffic going out from one of my client machines would be a big problem to me. None of my users have any legitamate use for SSH. It may be "Legal" but it is most certainly against the AUP. If it isn't, it will be when they find out about it, and you are STILL risking your job. Also, using any of the "anonymous" proxy sites to get around your web content filtering system is going to get you in trouble eventually. I don't know why people seem to think that it is ever ok to break policies. I am not saying I haven't or don't. I just don't bother trying to hide it. Either my boss will or will not tolerate what I do with my time at work. For what it is worth, properly configured group policy for a domain will restrict 99% of users from any access to the network configuration pages and proxy settings in IE and if you are using the Frontmotion MSI for firefox autodeployment you can use group policy now to configure that as well.~D Where troubles melt like lemon drops Away above the chimney tops That's where you'll find me. Swooping is taking one last poke at the bear before escaping it's cave - davelepka Quote Share this post Link to post Share on other sites
squirrel 0 #12 January 10, 2007 or you could do what i do...work for myself...and i say surfing porn in my office is A-OK! ________________________________ Where is Darwin when you need him? Quote Share this post Link to post Share on other sites
GARYC24 3 #13 January 10, 2007 I found an alternate way to site I use. However, this one may be replaced.. End of request Thanks for all replies, The End. Quote Share this post Link to post Share on other sites
unformed 0 #14 January 10, 2007 QuoteIf you think that wont bother your IT department you are wrong or your IT department sucks. A high amount of encrypted traffic going out from one of my client machines would be a big problem to me. None of my users have any legitamate use for SSH. I never said it won't bother the IP department. That's not my concern however. QuoteFor what it is worth, properly configured group policy for a domain will restrict 99% of users from any access to the network configuration pages and proxy settings in IE and if you are using the Frontmotion MSI for firefox autodeployment you can use group policy now to configure that as well. The work I do I need access to the internet. Whatever lock you put in, can be gotten around, unless you whitelist ip addresses. QuoteI don't know why people seem to think that it is ever ok to break policies. I am not saying I haven't or don't. I just don't bother trying to hide it. Either my boss will or will not tolerate what I do with my time at work. I do good work. I'll get more work done, and of better quality, in an hour than most people will get done all day. Every boss I've had has known within a few weeks of me starting as well. If they have a problem with what I'm doing, they can fire me. I have no problem with that. I'll just as happily and just as quickly find another job or some other way to make money. That said, I don't condone breaking policies for people that can't back up what they're doing.This ad space for sale. Quote Share this post Link to post Share on other sites
Zipp0 1 #15 January 10, 2007 QuoteNo, I'd say set up an SSH server and a proxy on a home computer, and use SSH tunneling to go through the server , through the proxy to wherever you want to go. Because the traffic looks like SSH it can be a completely legitimate use, and they can't detect communication. Change the DNS server to a public server and there's no record of what you're doing at all. I have ssh access to my web server. I guess I would have to ssh in and use lynx? Or could I set up an Xwindows client? I am far from a linux expert, but know enough to keep my website running and basic admin stuff..... Anyway, please explain. I am just curious. I have no restrictions on my internet here at work, besides the normal "don't look at porn" rule. EDIT TO ADD - I just checked. I CAN ssh in and then use lynx, but that text interface is super boring. I does boost the geek factor though. -------------------------- Chuck Norris doesn't do push-ups, he pushes the Earth down. Quote Share this post Link to post Share on other sites
unformed 0 #16 January 10, 2007 No no no... You don't need to use lynx. You set up a tunnel, and then browse the net normally. First you need to run a proxy on your server. I think there's something called tinyproxy which can be compiled and run with user priveleges on your linux account. So, you install that in your personal directory (on the *nix machine) and configure it to use, say port 8080. Then you connect ssh to tunnel your local port 8080 (on your office computer) to the address "localhost:8080" on the server (which would a connection to the local proxy). -- The only purpose of tunnelling through ssh is to encrypt the data and hide the fact that you're using a proxy...because there is no legitimate reason to use a proxy, there can be legitimate reasons to use ssh. so now, your ssh connection is listening on 8080 on your office computer and forwarding all of the data through the ssh tunnel to port 8080 on the server (which is the proxy). So, you just configure Firefox or IE to use a proxy at localhost:8080 (the connection on the tunnel) and everything works like normal. I wonder if that made any sense....This ad space for sale. Quote Share this post Link to post Share on other sites
Zipp0 1 #17 January 10, 2007 Yes, it mostly made sense. Is it OK to run it as root, or would that be dumb? My instincts tell me it would be dumb.... Also, we do have a firewall here, but that will not matter, right? Will the http be going through the ssh port, even though I am using the local 8080 port? Like this: local:8080 --> ssh 22 --> proxyserver:8080 Or am I way off? -------------------------- Chuck Norris doesn't do push-ups, he pushes the Earth down. Quote Share this post Link to post Share on other sites
unformed 0 #18 January 10, 2007 You could run it as root, although I know you don't need to. When I was doing this a couple years, I did on my school shell account, so I didn't have root access. My personal opinion is not to give anything access it doesn't need, and so would run it on a user account. I don't like going into root unless I'm doing maintenance. It prevents mistakes from screwing up the entire system. For the connection thing you got it perfectly...the only data leaving your office computer would be through the ssh connection and the only data entering your server would be through the ssh connection. (of course, raw http would be going out of your server as its doing the proxy work).This ad space for sale. Quote Share this post Link to post Share on other sites
Zipp0 1 #19 January 10, 2007 Thanks. I've wondered how to set up tunneling for a while. I saw that you mentioned DNS earlier. So I guess the DNS would still be handled by the office network unless it could be changed? So you would need to enter the IP address into the browser rather than the domain name to maintain stealth? -------------------------- Chuck Norris doesn't do push-ups, he pushes the Earth down. Quote Share this post Link to post Share on other sites
unformed 0 #20 January 10, 2007 QuoteThanks. I've wondered how to set up tunneling for a while. I saw that you mentioned DNS earlier. So I guess the DNS would still be handled by the office network unless it could be changed? So you would need to enter the IP address into the browser rather than the domain name to maintain stealth? Well, the reason I said about the DNS thing is that a couple months ago, the IT department decided to block myspace. Well, instead of actually blocking it, all they did was tell the local nameserver to send a different ip. I thought something was just broken with the ip cache so i changed the dns server (in windows networking settings) to a public server and it worked. it could break some things, however, if the local lan has specific ips set for internal some other things could break. i really wouldn't worry about the it department looking at dns records, but if you're paranoid....that's how to get around it. technically, you could tunnel dns lookups through the shell as well.....This ad space for sale. Quote Share this post Link to post Share on other sites
PhreeZone 14 #21 January 11, 2007 Right up to the point that he uses an application internally that requires a FQDN and it is unable to resolve the IP and it quits working. Yesterday is history And tomorrow is a mystery Parachutemanuals.com Quote Share this post Link to post Share on other sites