Discussion:
Using a home T-1 line to evade company filtering
(too old to reply)
Speedy Gonzalez
2003-11-18 00:32:30 UTC
Permalink
[Further Followups directed off this newsgroup]


I have been watching the banter between you morons for the past
two months. I work for an E-zine in Australia, and I am an EXPERT
on Internet censorship. There ARE ways to get around company
censorship that are not as drastic, and will not be picked up
by your employers.
People in China, Saudi Arabia, and other censorious regimes
one one of many services to get around censorship in those
countries. Services like Hopster, Triangle Boy, and others
drive the governments of these countries crazy, because they
cannot stop them. These services use ever-changing IP addresses
so they are almost impossible to stop. If you want to bypass
company censorship, use one of these services. You have
probably seen the occasional issue of our E-zine, the Demonizer,
posted here on rare occasion.
Just use one of these services, if you want to bypass the
censorware your company has. I have been watching the banter
between you clowns for the past two months. Cant we just let
this thread die?
@comcast.net.nospam.do.not.spam.me says...
X-No-Archive: Yes
On Mon, 17 Nov 2003 11:25:30 -0800, Charles Newman spoketh
Ah, but you see, they dont have the documentation,
in such a case to back it up. And my idea is not meant to
waste time, but rather to get around some usage policies
that go much too far, particularly not being allowed to
check E-mail on outside mail servers. I see nothing wrong
with using your ISPs E-mail service as your work E-mail.
What you don't understand is that such policies are in place to
protect
the corporate LAN from viruses and other malware. You may think that
they go to far, but for someone who are protecting tens of thousands
of
dollars of hardware and potentially millions of dollars of
information,
this threat is very real. I used to work in publishing. Can you even
image what a virus that would delete all image files would do if it
were
allowed to run for just a few minutes? Can you imaging the amount of
monies lost if we had 24 hours of downtime just when the magazine(s)
were supposed to ship to the printers?
You don't seem to understand that your plan will undermine any and all
security policies put in place to protect corporate assets, and people
taking advantage of this ISP of yours (were it ever to go beyond the
planning stage) would most likely get fired so fast the wouldn't know
what hit them. You're also likely to get sued by every company that
gets
compromised through your service, whether it's a valid complaint or
not.
Legal fees alone will either force you out of business, or the
increasing liability insurance would.
Well, I just hope I do strike it rich someday, so I can
go into politics, and get a law passed restricting what
content an employer may block, restrict, or prohibit.
You have to understand one simple thing - A COMPANY NETWORK BELONGS TO
THE COMPANY!!!!!!
A company can provide any level of service to its employees that it
wants to - there is not promise of internet service just because you are
working for a company that has internet access!
And by your logic, just about every coffee house and
Internet cafe could theoretically be sued. An increasing
number of them have wireless hotspots, which can be
accessed from up to 1.8 miles away with a high-gain
antenna.
An they are in the business of providing LOCAL internet service WITHIN
THEIR FACILITY. Should the standards of Wireless Signal Levels be
exceeded by these businesses they will be fined and shutdown. There is
abound NO chance that a cafe's signal will work inside anyone's building
- esp since they are on the same frequency as other devices.
However, people have been able to tap into such
wireless networks, with just a Pringles atenna. The
antenna increases gain on both send and receive, so you
can talk to an unaltered network access point from quite
a distance away. I saw on TV one guy pinpoint and track
a signal coming from a Starbucks coffee location from
quite a ways away. I think you need to read the various
articles on Pringles can, and other high-gain antennas.
Starbucks had not altered their access point in any way.
This one guy just picked up the signal, and then noted
where it was coming from.
War drivers do this all the time. They use their
homemade high-gain antennas to pick up signals from
wireless access points all the time. If you have any
wireless nodes on your network you manage now,
war drivers could be zeroing in on any ont of them right
now.
What if someone NEVER uses the Ethernet connection
on the company LAN, and, instead, uses a wireless hotspot
from a nearby Internet cafe, and just simply logs into the
company network via VPN, or whatever remote access
the company implements? I dont think a company could
really take much of an issue with you loggin in via VPN,
and using that to do your work.
You don't really believe that the company is going to let you sit in
their office, connect to an external connection, VPN back into the
office, and then let you access the LAN and internet at the same time do
you? Most of the VPN clients restrict access such that the user can ONLY
access the LAN and not the internet while the VPN is active!
And how are they going to control what you do on
an outside ISP. If I run a VPN client and then start,
say RealPlayer, Windows is not going to stop me from
starting RealPlayer or any other program I have installed
on my computer.
As long as you are doing your work, I see no trouble
with allowing an employee to connect to an ISP outside
the company, be it wiress, or over a phone line, and
then logging in to the company network via VPN.
The point is that YOU ARE NOT DOING YOUR WORK when you are playing
around on the web! You clearly state that you believe that people should
be able to chat/browse while at work, which is NOT something they are
paying you for.
My point is, and will continue to be, that are are
legitimate reasons to use an outside ISP. I STILL say
there is nothing wrong with using your ISP's E-mail
service as your work E-mail as long as you are doing
your work.
Leythos
2003-11-18 04:11:43 UTC
Permalink
In article <***@nym.alias.net>,
***@nym.alias.net says...
[snip]
Post by Speedy Gonzalez
Just use one of these services, if you want to bypass the
censorware your company has. I have been watching the banter
between you clowns for the past two months. Cant we just let
this thread die?
And if there is nothing that the employee needs from the internet - as
is the case in most companies, you can block all external access. You
can provide them with email without letting them have access to the
internet.
--
--
***@rrohio.com
(Remove 999 to reply to me)
Charles Newman
2003-11-20 03:49:12 UTC
Permalink
Post by Leythos
[snip]
Post by Speedy Gonzalez
Just use one of these services, if you want to bypass the
censorware your company has. I have been watching the banter
between you clowns for the past two months. Cant we just let
this thread die?
And if there is nothing that the employee needs from the internet - as
is the case in most companies, you can block all external access. You
can provide them with email without letting them have access to the
internet.
Then someone could use a cell phone, and dial out
that way. There are cell phone adapters for laptop
computers. Just get a plan with something like 5000
minutes a month, and then dial out through your
cell phone. That is something they would have a hard
time stopping.
Speedy Gonzalez
2003-11-20 09:43:49 UTC
Permalink
Post by Leythos
[snip]
Post by Speedy Gonzalez
Just use one of these services, if you want to bypass the
censorware your company has. I have been watching the banter
between you clowns for the past two months. Cant we just let
this thread die?
And if there is nothing that the employee needs from the internet - as
is the case in most companies, you can block all external access. You
can provide them with email without letting them have access to the
internet.
Ah, but you still have port 110 open. Someone could rig up
something on their home computer, using port 110, and then
go via port 110 on their home machine to get out onto the Net.
I write for my E-zine, in Tasmania, because I am reagarded
as an EXPERT in Internet censorship. I hold a degree in
Information Systems, so I know of where I speak. I am one who
lives, breathes, and eats computers. If you open a port for
someone to get E-mail, you give them a way to get to the
Internet. As long as ANY port remains open, someone, if they
have the patience, WILL find a way to get out onto the
Internet.
We Tamsmanians are quite resourceful. Cyberdroog mentioned
key-logging software, but if I were working in his shop, I
would probably be able to disable that in a matter of minutes,
and he would draw a BLANK, when he tried to figure out what
I was up to. Its simply a matter of disconnecting the machine
from the network, and then hacking into the administrator
account on that machine, without anything showing up on
the network logs. And once the key-logger software was
disposed of, Cyberdroog would NEVER know what I did.
Leythos
2003-11-20 12:20:06 UTC
Permalink
Post by Speedy Gonzalez
Post by Leythos
[snip]
Post by Speedy Gonzalez
Just use one of these services, if you want to bypass the
censorware your company has. I have been watching the banter
between you clowns for the past two months. Cant we just let
this thread die?
And if there is nothing that the employee needs from the internet - as
is the case in most companies, you can block all external access. You
can provide them with email without letting them have access to the
internet.
Ah, but you still have port 110 open. Someone could rig up
something on their home computer, using port 110, and then
go via port 110 on their home machine to get out onto the Net.
In a COMPANY you have your own email server and you don't have to give
ANYONE access to ports outbound. In fact, you can send/recv email and
newsgroups without the users having ANY outbound access at all. All the
need is access to the email/usenet server inside the company to do their
work!
Post by Speedy Gonzalez
I write for my E-zine, in Tasmania, because I am reagarded
as an EXPERT in Internet censorship. I hold a degree in
Information Systems, so I know of where I speak. I am one who
My wife has a degree in CS and a couple other certs. Degree's and certs
only mean that you can learn to take tests in most cases - don't confuse
the subject here. I run an IT company, hire many people, design WAN/LAN
systems, code applications in 15+ languages, etc... I have yet to see
anything from you that indicates you know anything about networks,
security, or much else about computer systems.
Post by Speedy Gonzalez
lives, breathes, and eats computers. If you open a port for
someone to get E-mail, you give them a way to get to the
Internet. As long as ANY port remains open, someone, if they
have the patience, WILL find a way to get out onto the
Internet.
You can allow users to get email (POP3) without allowing them access to
the open internet - lets take this simple example of a disfunctional
company that hosts it email using POP3 on an ISP's server: So, the
firewall admin sets a rule to allow all users access (only ports 25/110)
to the IP of the POP3 server. That means that they CAN'T GET ANYWHERE
ELSE!
Post by Speedy Gonzalez
We Tamsmanians are quite resourceful. Cyberdroog mentioned
key-logging software, but if I were working in his shop, I
would probably be able to disable that in a matter of minutes,
and he would draw a BLANK, when he tried to figure out what
I was up to. Its simply a matter of disconnecting the machine
You, not considering where you are from, are quite full of it. I have
yet to see where you could get through a properly configured firewall
and even better where you could get by unnoticed at all.
Post by Speedy Gonzalez
from the network, and then hacking into the administrator
account on that machine, without anything showing up on
the network logs. And once the key-logger software was
disposed of, Cyberdroog would NEVER know what I did.
And once the reporting software found the key-logger software was
disabled you would be fired - loosing your job after one day.
--
--
***@rrohio.com
(Remove 999 to reply to me)
CyberDroog
2003-11-20 19:45:22 UTC
Permalink
Post by Speedy Gonzalez
Ah, but you still have port 110 open. Someone could rig up
something on their home computer, using port 110, and then
go via port 110 on their home machine to get out onto the Net.
This is laughable. Port 110 is only open on the e-mail *server*. The
user's connection is via the *local* network. The user sends e-mail to the
*local* server, which then routes the message to the net. Only the e-mail
server can access the net in this case. The user has NO connection to the
net whatsoever.
Post by Speedy Gonzalez
I write for my E-zine, in Tasmania, because I am reagarded
as an EXPERT in Internet censorship. I hold a degree in
Information Systems, so I know of where I speak. I am one who
lives, breathes, and eats computers. If you open a port for
someone to get E-mail, you give them a way to get to the
Internet. As long as ANY port remains open, someone, if they
have the patience, WILL find a way to get out onto the
Internet.
Nice attempt at creating a powerful online persona. But you are obviously
an idiot. You don't even understand the most rudimentary aspects of how a
LAN and WAN functions.
Post by Speedy Gonzalez
We Tamsmanians are quite resourceful. Cyberdroog mentioned
key-logging software, but if I were working in his shop, I
would probably be able to disable that in a matter of minutes,
and he would draw a BLANK, when he tried to figure out what
I was up to. Its simply a matter of disconnecting the machine
from the network, and then hacking into the administrator
account on that machine, without anything showing up on
the network logs. And once the key-logger software was
disposed of, Cyberdroog would NEVER know what I did.
Your own words indicate that you don't know enough to hack your way out of
a wet paper bag. There are no doubt many extremely clever Tasmanians. But
you aren't one of them.


---
DISCRIMINATE, v.i. To note the particulars in which one person or thing is, if
possible, more objectionable than another.

- Ambrose Bierce

CyberDroog
2003-11-18 04:18:01 UTC
Permalink
Post by Speedy Gonzalez
I have been watching the banter between you morons for the past
two months. I work for an E-zine in Australia, and I am an EXPERT
on Internet censorship. There ARE ways to get around company
censorship that are not as drastic, and will not be picked up
by your employers.
People in China, Saudi Arabia, and other censorious regimes
one one of many services to get around censorship in those
countries. Services like Hopster, Triangle Boy, and others
drive the governments of these countries crazy, because they
cannot stop them. These services use ever-changing IP addresses
so they are almost impossible to stop. If you want to bypass
company censorship, use one of these services. You have
probably seen the occasional issue of our E-zine, the Demonizer,
posted here on rare occasion.
Just use one of these services, if you want to bypass the
censorware your company has. I have been watching the banter
between you clowns for the past two months. Cant we just let
this thread die?
Expert? Apparently you have something to learn about TCP/IP traffic
analysis. If data is going through the company's wires, it can ALWAYS be
monitored.

And before you say "Encryption!", please realize that unusual encrypted
traffic is still just data packets, and it's a dead give away. Such a user
will have a key-stroke recorder on their system before they know it.

Users who go to extremes always do something to tip others off anyway.
It's like they *want* to be caught and fired.

You can't compare companies to countries. No country has the resources to
monitor all internet usage. It's vast and takes place using private
systems. Companies DO have the resources, and it's their equipment.

---
REFORM, v. A thing that mostly satisfies reformers opposed to reformation.

- Ambrose Bierce
Charles Newman
2003-11-20 03:32:24 UTC
Permalink
Post by CyberDroog
Post by Speedy Gonzalez
I have been watching the banter between you morons for the past
two months. I work for an E-zine in Australia, and I am an EXPERT
on Internet censorship. There ARE ways to get around company
censorship that are not as drastic, and will not be picked up
by your employers.
People in China, Saudi Arabia, and other censorious regimes
one one of many services to get around censorship in those
countries. Services like Hopster, Triangle Boy, and others
drive the governments of these countries crazy, because they
cannot stop them. These services use ever-changing IP addresses
so they are almost impossible to stop. If you want to bypass
company censorship, use one of these services. You have
probably seen the occasional issue of our E-zine, the Demonizer,
posted here on rare occasion.
Just use one of these services, if you want to bypass the
censorware your company has. I have been watching the banter
between you clowns for the past two months. Cant we just let
this thread die?
Expert? Apparently you have something to learn about TCP/IP traffic
analysis. If data is going through the company's wires, it can ALWAYS be
monitored.
And before you say "Encryption!", please realize that unusual encrypted
traffic is still just data packets, and it's a dead give away. Such a user
will have a key-stroke recorder on their system before they know it.
Key-Stroke recorders can be detected and removed.
There are numerous programs on the market that will
detect and remove spyware at start-up, and they do sell
quite well

....next question please
Post by CyberDroog
Users who go to extremes always do something to tip others off anyway.
It's like they *want* to be caught and fired.
You can't compare companies to countries. No country has the resources to
monitor all internet usage. It's vast and takes place using private
systems. Companies DO have the resources, and it's their equipment.
---
REFORM, v. A thing that mostly satisfies reformers opposed to reformation.
- Ambrose Bierce
Charles Newman
2003-11-20 00:11:44 UTC
Permalink
X-No-Archive: Yes

In one chat room, I ran into the woman who was the
original subject of this thread, and she was looking for her
Aussie friend she was chatting with. It turns out she has
been watching this thread for the past two months.
She has changed the way she does it. She put one
of those BIIIGGG high-gain antennas on her roof at home.
Its one of these that increases the effective radiated power
(ERP) to rediculous levels. This is one of these rooftop
antennas that give enough gain to increse the ERP to
over 300 watts. If you look arouind, you can find one
of these antennas.
She just then uses a smaller antenna a work, that is
a lot less conspicuous than a Pringles antenna, and can be
kept out of her site. Apparently there are some wireless
access points and wirless cards that can be plugged into
a USB port. She just plugs that into a USB port on her
workstation, re-boots the computer, and then uses
her AOL account to get out to the chat room. There are
smaller antennas that while they dont have quite as much
gain as a Pringles antenna, they are small enough to be
hidden from view. But with her high-gain rooftop antenna
at home,. she can ger away with using a smaller antenna.
It is quite inconspicuous, and neither the IT department at
the network she works at, nor her supervisors, have any
clue what she is up to. Her Internet access goes by way
of her AOL account, and IT is never the wiser.
So the lesson to learn from her is to simply place a
high-gain rooftop antenna on your roof, point it towards
your workplace, then you can get away with using a
smaller and less noticeable antenna at work. If you keep
the antenna out of sight, nobody will know what you are
up to. And before you say anything about keyloggers, she
has that figured out too. She installed a program on her
workstation that searches for and destroys any keyloggers
that the boss puts on there. So when they go to pull up
what she has done, they draw a blank. She has got the
IT department all figured out.
She is looking for the guy she was chatting with, but
he is apparently laying low on that chat room right now.
Its the same guy who whigned here a few weeks ago
about being in an online fight. Since that time, he has
apparently got into one too many online fights, and he is
laying low for a while. I have seen him on briefly at times,
but not in any of the main rooms, and not for very long
periods of time, which is why she cannot find him.

.
Post by Speedy Gonzalez
[Further Followups directed off this newsgroup]
I have been watching the banter between you morons for the past
two months. I work for an E-zine in Australia, and I am an EXPERT
on Internet censorship. There ARE ways to get around company
censorship that are not as drastic, and will not be picked up
by your employers.
People in China, Saudi Arabia, and other censorious regimes
one one of many services to get around censorship in those
countries. Services like Hopster, Triangle Boy, and others
drive the governments of these countries crazy, because they
cannot stop them. These services use ever-changing IP addresses
so they are almost impossible to stop. If you want to bypass
company censorship, use one of these services. You have
probably seen the occasional issue of our E-zine, the Demonizer,
posted here on rare occasion.
Just use one of these services, if you want to bypass the
censorware your company has. I have been watching the banter
between you clowns for the past two months. Cant we just let
this thread die?
@comcast.net.nospam.do.not.spam.me says...
X-No-Archive: Yes
On Mon, 17 Nov 2003 11:25:30 -0800, Charles Newman spoketh
Ah, but you see, they dont have the documentation,
in such a case to back it up. And my idea is not meant to
waste time, but rather to get around some usage policies
that go much too far, particularly not being allowed to
check E-mail on outside mail servers. I see nothing wrong
with using your ISPs E-mail service as your work E-mail.
What you don't understand is that such policies are in place to
protect
the corporate LAN from viruses and other malware. You may think that
they go to far, but for someone who are protecting tens of thousands
of
dollars of hardware and potentially millions of dollars of
information,
this threat is very real. I used to work in publishing. Can you even
image what a virus that would delete all image files would do if it
were
allowed to run for just a few minutes? Can you imaging the amount of
monies lost if we had 24 hours of downtime just when the magazine(s)
were supposed to ship to the printers?
You don't seem to understand that your plan will undermine any and all
security policies put in place to protect corporate assets, and people
taking advantage of this ISP of yours (were it ever to go beyond the
planning stage) would most likely get fired so fast the wouldn't know
what hit them. You're also likely to get sued by every company that
gets
compromised through your service, whether it's a valid complaint or
not.
Legal fees alone will either force you out of business, or the
increasing liability insurance would.
Well, I just hope I do strike it rich someday, so I can
go into politics, and get a law passed restricting what
content an employer may block, restrict, or prohibit.
You have to understand one simple thing - A COMPANY NETWORK BELONGS TO
THE COMPANY!!!!!!
A company can provide any level of service to its employees that it
wants to - there is not promise of internet service just because you are
working for a company that has internet access!
And by your logic, just about every coffee house and
Internet cafe could theoretically be sued. An increasing
number of them have wireless hotspots, which can be
accessed from up to 1.8 miles away with a high-gain
antenna.
An they are in the business of providing LOCAL internet service WITHIN
THEIR FACILITY. Should the standards of Wireless Signal Levels be
exceeded by these businesses they will be fined and shutdown. There is
abound NO chance that a cafe's signal will work inside anyone's building
- esp since they are on the same frequency as other devices.
However, people have been able to tap into such
wireless networks, with just a Pringles atenna. The
antenna increases gain on both send and receive, so you
can talk to an unaltered network access point from quite
a distance away. I saw on TV one guy pinpoint and track
a signal coming from a Starbucks coffee location from
quite a ways away. I think you need to read the various
articles on Pringles can, and other high-gain antennas.
Starbucks had not altered their access point in any way.
This one guy just picked up the signal, and then noted
where it was coming from.
War drivers do this all the time. They use their
homemade high-gain antennas to pick up signals from
wireless access points all the time. If you have any
wireless nodes on your network you manage now,
war drivers could be zeroing in on any ont of them right
now.
What if someone NEVER uses the Ethernet connection
on the company LAN, and, instead, uses a wireless hotspot
from a nearby Internet cafe, and just simply logs into the
company network via VPN, or whatever remote access
the company implements? I dont think a company could
really take much of an issue with you loggin in via VPN,
and using that to do your work.
You don't really believe that the company is going to let you sit in
their office, connect to an external connection, VPN back into the
office, and then let you access the LAN and internet at the same time do
you? Most of the VPN clients restrict access such that the user can ONLY
access the LAN and not the internet while the VPN is active!
And how are they going to control what you do on
an outside ISP. If I run a VPN client and then start,
say RealPlayer, Windows is not going to stop me from
starting RealPlayer or any other program I have installed
on my computer.
As long as you are doing your work, I see no trouble
with allowing an employee to connect to an ISP outside
the company, be it wiress, or over a phone line, and
then logging in to the company network via VPN.
The point is that YOU ARE NOT DOING YOUR WORK when you are playing
around on the web! You clearly state that you believe that people should
be able to chat/browse while at work, which is NOT something they are
paying you for.
My point is, and will continue to be, that are are
legitimate reasons to use an outside ISP. I STILL say
there is nothing wrong with using your ISP's E-mail
service as your work E-mail as long as you are doing
your work.
Loading...