[olug] anonymizer
m0ntar3 at cox.net
m0ntar3 at cox.net
Tue Jan 14 19:48:17 UTC 2003
if(port == 22) { ring_bell(); } for starters. yes, users could just use another port.
if(
(tcp_stream == "lots data moving away") ||
(
(tcp_stream == "lots of data moving in") &&
(remote_port != 80)
)
{ ring_bell(); }, would be a little better.
even mo' better, turn off all traffic completely. then allow
what you need explicitly, via proxy.
ssh tunnel good for individual, ssh tunnel bad for big company..
Mr. Infosec Officer: "Did you see that?"
Ms. Network Administrator: "Yes, it appeared to be a large blob of data moving away from us at a high rate of speed."
Mr. Infosec Officer: "What did it contain?"
Ms. Network Administrator: "No idea. It was encrypted."
Mr. Infosec Officer: "Go get that user and bring 'it' here."
Joe Black User: "Oh, that, it was a Linux ISO. I downloaded to work and then over to that server 'cuz the transfer is faster that way.. I won't do it again."
Mr. Infosec Officer: "OK, you're sorry, appear honest, mostly harmless, and we don't have the time or resources to check your story.. so back to the mine to you rabble!"
Joe Black User: (thinking) "Linux ISO my ass."
>
> From: Jonathan Warren <thechunk at cox.net>
> Date: 2003/01/14 Tue AM 09:13:00 EST
> To: olug at olug.org
> Subject: Re: [olug] anonymizer
>
> Well the admin's are very clueful but they beleive in policy as the best control. I am inclined to agree with them. Fire the idiots and let me have access.
>
> How would you monitor SSH behavior?
>
> -Jon Warren
>
> On Tue, Jan 14, 2003 at 06:23:13AM -0600, Chris Garrity wrote:
> >
> > Squid, SSH, and optionally a "named" cache for DNS lookups. At work,
> > set your browser to proxy localhost port 3128. Open an SSH connection to
> > your sshd/squid computer, and forward the localhost port 3128 to the
> > remote host. Then install Ghostvilla.
> >
> > This configuration not only hides the URL requests from the
> > "Administration," it encrypts your HTTP traffic and prevents the
> > "Administration" from ever knowing the content of siad HTTP traffic if
> > they were to actively capture your traffic.. BTW, if the
> > "Administration" doesn't monitor SSH behavior, and the company has
> > "sensitive" data; the "Administration" needs to either start monitoring
> > SSH behavior or the "Administration" needs to be replaced with a more
> > clueful "Administration."
> >
> >
> > Jonathan Warren wrote:
> >
> > >I have worked at companies that have restricted internet access.
> > >Sometimes this can be circumvented through the use of a https connection
> > >to a site that allows browsing of the web. Safeweb comes to mind. I have
> > >foudn that these kinds of sites don't last long before they are noticed
> > >and shutdown. Now I am thinking to myself I have a nice little apache
> > >server running on the net and was wondering if anyone knew of an
> > >opensource project to turn an apache install into an anonymouse browser
> > >with login capability ( To keep it from being noticed by employeer)?
> > >Seems to me an unbranded https page on my home machine that allowed me
> > >access to my own internet connection has little possiblity of being
> > >noticed and very little possibility of them determining its purpose.
> > >Anyway just wondering if anyone had done somethign like this before?
> > >
> > >-Jon Warren.
> > >_______________________________________________
> > >OLUG mailing list
> > >OLUG at olug.org
> > >http://lists.olug.org/mailman/listinfo/olug
> > >
> > >
> > >
> >
> > _______________________________________________
> > OLUG mailing list
> > OLUG at olug.org
> > http://lists.olug.org/mailman/listinfo/olug
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> http://lists.olug.org/mailman/listinfo/olug
>
More information about the OLUG
mailing list