People say IRC, MSN etc. is blocked, however, several companies I've used IRC and MSN as a resource for information (I have many people, "in the know" available on IRC and MSN) as well as a method of chatting/socialising. I've always done it with Putty's SSL proxy feature, with SSH running on 443, which is nearly impossible to block without killing all SSL sites (I say nearly, as some proxy software can deny the "CONNECT" command, however, it's rarely done).
What can a IT admin see on a network?
- Thread starter Raymond Lin
- Start date
Caporegime
- Joined
- 21 Nov 2005
- Posts
- 41,452
- Location
- Cornwall
If they use anything like the hardware we use they'll be able to see everything.
It'll give them your username, your IP, the sites you visited as well as any scripts that were run and pictures/other sites that are linked to, any words that you typed in to search engines or links that you click on and what time you visited each site.
Basically, depending on the hardware and software they use anything and everything could be logged. OcUk certainly wouldn't appear as one link, it would appear as multiple entries even if you just visited the homepage.
Man of Honour
- Joined
- 30 Jun 2005
- Posts
- 9,515
- Location
- London Town!
Actually it's pretty easy to do with any modern deep inspection firewall (that'll be any decent firewall then)
I REALLY wouldn't advise anyone to do this. If you company has an internet policy that states that chat clients are going to be blocked, then you will get in a lot of trouble by getting around it. At the end of the day, its the companies internet connection, if they want you to spend your time chatting then they will let you. By getting around it you could possibly be breaking your contract and I have seen a couple of people get sacked when they thought they were being smart like this.
I admit it is a PITA when companies block stuff when you can ligitimately use it for work, but thats there decision whilst they are paying you, not yours.
Permabanned
- Joined
- 9 Aug 2008
- Posts
- 35,711
100% back you up on this one. Whatever a company say goes. You break the rules disciplinary ction may be taken.
Can you explain how they do this on an SSL connection?
Man of Honour
- Joined
- 30 Jun 2005
- Posts
- 9,515
- Location
- London Town!
Because only payload is encrypted?? Because traffic profiles are vastly different??
Soldato
- Joined
- 18 Oct 2002
- Posts
- 2,714
Actually its stupidly simple and many products do it off the box. The SSL from your client is terminated on the firewall and the firewall establishes a connection to the SSL site directly and proxies the traffic. You can even get around certificate errors by setting up a CA of your own and importing that root cert into your desktops(many products will also function as a limited CA to do this).
I have even heard of people using SSL blades on one side of a network and then sending the unencrypted HTTP traffic through content filtering, proxies, firewalls etc before another SSL card on the other side of the network sends the request back out encrypted to the internet. Never assume that SSL is safe when you dont have total control of either the desktop or network you are using.
About the only secure ways to get stuff out if you so wish would be SSH so long as you check the SSH keystring to ensure you are talking to the SSH server you think you are talking too(again it would be theoretically possible to proxy it) or an IPSEC VPN. Both of which are unlikely to be open on most networks.
As for the level of sophistication of logs it really depends on the systems deployed. Its more than possible to log every url requested and have a fairly good idea with most modern dynamic webpages how long the site was open for. There are a number of products such as websense which categorise websites that will give a rough idea to anyone looking what you have been spending your time looking at without someone trawling through every site you have visited. There are a number of systems that can report back on unusual traffic, large amounts of traffic etc etc. It really depends on your company, but most places so long as your work isnt affected, and your browsing isnt causing other problems such as over utilization or downloading viruses then its unlikely people are going to check too deeply.
Read your staff handbook, it should explain everything there. The company I currently work for has a fairly relaxed approach. Basically, I can't read your e-mails covertly without express permission from a managing partner. However, if I suspect something business affecting going on, I can as long as I document everything.
Sooner rather than later, the documentation will be changed to "we own the E-mail system, so we can access it when we like"
As for web browsing, its left up to the webproxy as to which sites to allow and we have a nice report generated giving us the top ten users.
I could set it up so that I can focus on a particular user if they come to my attention and set up monitoring to see how many blocked site a user has tried to access or whatever, but people here are generally well behaved.
As for MSN et al, you can't even set up a proxy back to your home pc here. There is one pc that sits on the DMZ for downloading patches/large files, even the IT machines don't have full internet access.
Sooner rather than later, the documentation will be changed to "we own the E-mail system, so we can access it when we like"
As for web browsing, its left up to the webproxy as to which sites to allow and we have a nice report generated giving us the top ten users.
I could set it up so that I can focus on a particular user if they come to my attention and set up monitoring to see how many blocked site a user has tried to access or whatever, but people here are generally well behaved.
As for MSN et al, you can't even set up a proxy back to your home pc here. There is one pc that sits on the DMZ for downloading patches/large files, even the IT machines don't have full internet access.
Associate
- Joined
- 3 Oct 2008
- Posts
- 1,890
- Location
- South London
Can Try tunneling out over SSH or something to an external proxy (Easily set up at home for just browsing). If your IT admins arn't as smart as me then they'll only be looking at the common ports i.e 80, 8080, 443.
Failing that you could tunnel out RDP to your home PC the same way and browse from there.
Failing that you could tunnel out RDP to your home PC the same way and browse from there.
Man of Honour
- Joined
- 30 Jun 2005
- Posts
- 9,515
- Location
- London Town!
Can Try tunneling out over SSH or something to an external proxy (Easily set up at home for just browsing). If your IT admins arn't as smart as me then they'll only be looking at the common ports i.e 80, 8080, 443.
Failing that you could actually do what they're paying you for...
Associate
- Joined
- 3 Oct 2008
- Posts
- 1,890
- Location
- South London
Meh what would the world be like if everyone did that?... Boring I tell you.
There is only one way through a L7 filter unmolested (that I know of) but the traffic profile will be unbelievable and will be noticed immediately, although they wont have a damn clue what is going on
...Especially if you also VPN inside that specific method.
BigRedShark has a point though, you should probably save your newly gained 'leet tunneling skillz' for random nameless coffee and fastfood outlets.
//TrX's (questionably) epic one line comeback. [Edit, b******s, now it's two]
Last edited: