Jump to content

Due to the shift to social media and the use of the forums dropping dramatically, we have made the decision to close the forums.

The forums are now in READ ONLY mode

The gallery will be migrated to flickr

 

epic.Management

Elsie

Oh Noes! EpicLan forums ban at work

Recommended Posts

Pretty much the same here Gary.

If I used SSH on our corporate network it'd get flagged immediately and as if you say i'd be in the ****.

Share this post


Link to post
Share on other sites
(especially considering the implications if I cause a breach - think financially/reputationally).

You could make their reputation worse?!

Damn Gary, you must be good :P

Share this post


Link to post
Share on other sites
(especially considering the implications if I cause a breach - think financially/reputationally).

You could make their reputation worse?!

Damn Gary, you must be good :P

I do try Swyft :D

Share this post


Link to post
Share on other sites

Less risky then would be remote desktop'ing/VNC to a server outside of your corporate network and browsing from there.

Share this post


Link to post
Share on other sites

Nope, at the end of the day, if your employer/IT department don't allow it, then you're screwed either way.

SSH over port 443 can be fairly easily disguised as SSL/HTTPS.

Share this post


Link to post
Share on other sites

Should you get around IT dept. restrictions?

Probably not, you may be fired. ... and to be honest that probably also goes for using your 3G phone / ipad while at work.

Can you get around IT dept. restrictions?

Yes, always! .. and if you're good at it, they won't even know.

RDP/VNC traffic can't easily be conducted using HTTP can it?

There are a few open source programs which do this and aren't difficult to use, but just like using an ssh tunnel you'll need a box on the internet setup to allow you to proxy through it. Also it wouldn't be encrypted... unless you tunneled SSH over HTTP and then put your RDP/VNC inside that - although the overhead would make it so slow that 3G might be faster ;).

SSH over port 443 can be fairly easily disguised as SSL/HTTPS.

Erm, only if you're trying to fool someone who's just looking for unusual port usage. As soon as "they" break out a protocol analyser like wireshark, or install a firewall with decent deep packet inspection; your cover will be blown.

My favorite firewall bypass technique has always been tunneling over large icmp packets. Again pretty easy to setup if you have the software and a box on the internet to act as your proxy. It also has the advantage of allowing you to bounce your traffic via unsuspecting third party hosts (as long as they have ping enabled).

For simplicity and flexibility though SSH is your friend and if you have any reason to be using it at then no one will know that you're also using it for "other stuff" - because it's a security protocol and the protocol analyzers can't look inside it. Although you should be careful that you're part of the SSH usage pie chart for your company isn't too high over the average. I mean being the only person constantly using 20 Mbps of SSH is a good indication that you're probably using it for more than work.

Share this post


Link to post
Share on other sites

Should you get around IT dept. restrictions?

Probably not, you may be fired. ... and to be honest that probably also goes for using your 3G phone / ipad while at work.

Don't see why you would be fired for using a 3G phone/ipad etc. The point of banning most websites is either to stop being able to view imageshack etc where the company can not tell what kind of content you are viewing (eg porn). Should an IP address be linked with the company there may be reputation damage etc.

Most other block are types of websites that are not work related (although during lunchtime I don't see why personally )

What you do with your phone/ipad during your own time, eg lunchtime is your business and not the employer. If you do it during work time, perhaps they would tell you stop buggering about with your phone ;p

Share this post


Link to post
Share on other sites

Well due to security restrictions phones are not permitted...well phones with cameras.

Obviously the ipad has no camera and you can get phones without a camera but still.

Share this post


Link to post
Share on other sites

I usually end up working through lunch and so wait until I'm at home. It's now just a case of abusing WiFi in hotels or their pay by the 15 minute desktops.

Share this post


Link to post
Share on other sites

Or you make sure that you are in charge of monitoring such activity and that your activity isn't recorded.

...next problem?

*grin*

Share this post


Link to post
Share on other sites
Guest Zenith
Or you make sure that you are in charge of monitoring such activity and that your activity isn't recorded.

...next problem?

*grin*

^ This! :)

Been there.

Done that.

Share this post


Link to post
Share on other sites
Or you make sure that you are in charge of monitoring such activity and that your activity isn't recorded.

...next problem?

*grin*

Sadly this is the downfall of working for a large company :(

Share this post


Link to post
Share on other sites
SSH over port 443 can be fairly easily disguised as SSL/HTTPS.

Erm, only if you're trying to fool someone who's just looking for unusual port usage. As soon as "they" break out a protocol analyser like wireshark, or install a firewall with decent deep packet inspection; your cover will be blown.

My favorite firewall bypass technique has always been tunneling over large icmp packets. Again pretty easy to setup if you have the software and a box on the internet to act as your proxy. It also has the advantage of allowing you to bounce your traffic via unsuspecting third party hosts (as long as they have ping enabled).

For simplicity and flexibility though SSH is your friend and if you have any reason to be using it at then no one will know that you're also using it for "other stuff" - because it's a security protocol and the protocol analyzers can't look inside it. Although you should be careful that you're part of the SSH usage pie chart for your company isn't too high over the average. I mean being the only person constantly using 20 Mbps of SSH is a good indication that you're probably using it for more than work.

SSH over HTTPS. Deep packet inspection can't see past the encryption unless they MITM your connection, which you can detect trivially and abort. And if anyone asks what you're doing over HTTPS to $RANDOM server, have a dummy website that does some useful task (webmail, maybe?) that would be justifiable usage.

Share this post


Link to post
Share on other sites
SSH over port 443 can be fairly easily disguised as SSL/HTTPS.

Erm, only if you're trying to fool someone who's just looking for unusual port usage. As soon as "they" break out a protocol analyser like wireshark, or install a firewall with decent deep packet inspection; your cover will be blown.

SSH over HTTPS. Deep packet inspection can't see past the encryption unless they MITM your connection, which you can detect trivially and abort. And if anyone asks what you're doing over HTTPS to $RANDOM server, have a dummy website that does some useful task (webmail, maybe?) that would be justifiable usage.

:D Of course anything can be hidden inside of HTTPS and no one can see it (without accessing your PC). So IMHO there's no need to run SSH over HTTPS when you could just tunnel TCP/SOCKS/PPP over HTTPS. Doubling up on the encryption would just slow it down.

Again though, if you're using a constant 50 Mbps of bandwidth where as everyone else is only using 1 or 2 ... then someone is probably going to ask you about it at some point, even if they can't technically find out what it is.

Share this post


Link to post
Share on other sites

for me personally, iphone. So much is blocked at work, at one point my website was blocked as porn! I fail to see the logic in that one.

My personal opinion is that really, you should not go through the effort of trying to get through these restrictions. If you do get caught then the ramifications of doing so outway the advantages of getting around it.

Share this post


Link to post
Share on other sites

So... I found a way around it.. at least at college.

Go to "hunt.epiclan.co.uk" and click "forums", it then uses the "hunt.epiclan.co.uk" URL, and works!

Might not work at your work place, but worth a try.

Share this post


Link to post
Share on other sites

Most bad content filtering systems are just based on a database of urls. Change the URL [some contain records per subdomain, rather than main domain] and hey presto you've bypassed it, until said link gets added.

Share this post


Link to post
Share on other sites

Yea, well, whatever!

It seems really tempremental; when I first clicked forums via hunt.epiclan.co.uk, the URL didn't update to forums.epiclan.co.uk, it just stuck with hunt.epiclan.co.uk no matter what I clicked on. Whereas I did it again earlier and it changed to forums.epiclan.co.uk, and now again it hasn't!

Share this post


Link to post
Share on other sites

  • Amazon

  • Recent Status Updates

    • bakewell

      Me and a mate are attending the Cardiff CS:GO qualifiers. Looking to join a team that needs 2 x mercs.
       
      We've been playing since 1.6 on and off, are part of an online team, and are usually rank LE+
       
      Get in touch if you have availability. Steam name: myalternativeaccount or just message on here.
      · 0 replies
    • Solarr

      epic24 seems so long ago and I haven't been back since. Having taken the 3v3 Rocket League tournament, I'm hungry for more.
       
      And so...
       
      I have plans to return to epic27 with a new team behind me! I am incredibly excited as epic24 was my first taste of a LAN and I loved every minute of it. It's completely worth the 700 miles round trip and I'm ready to do it all over again!


      · 1 reply
    • BackByDemand  »  Digsy

      Are you still looking for a team? Our 3rd went AWOL
      · 0 replies
  • Twitch Streams

    • No Streams Available
    • No Streams Available
  • New Topics

  • epic.LAN Twitter




×