Re: OT: Geekness - avoiding proxies
- From: Phil Launchbury <phill@xxxxxxxxxxxxxxxxx>
- Date: Thu, 9 Mar 2006 15:54:20 +0000
In article <heqq025p8ul4itktsl9tf7aun643isepi1@xxxxxxx>, SimonM wrote:
On Tue, 7 Mar 2006 09:35:02 +0000, Phil Launchbury
<phill@xxxxxxxxxxxxxxxxx> wrote:
And as BGN says - be careful. As an ex-network admin I would spot your
traffic pretty easily - and would want to know what and why your PC was
trying to talk to the outside world on an odd port. It is also
conceivable that your external access is by default all blocked with
your firewall admins just opening the desired ports (http etc) and that
your PC exhibiting virus-like network behaviour will trigger all sorts
of alarms..
Sorry, I don't agree with this. You wouldn't easily spot this traffic
*Sigh*
I assume that you have spent five years of your life looking after
firewalls then. You obviously know better than me how they work, how
they are administered and how a good network/security admin does their
job.
Silly me.
and it wouldn't look to be virus-like network behaviour either. It all
depends what is allowed through the firewall. Obviously, for this to
No really? Seeing as we started off on the basis that the IT department
were using a proxy to restrict access to sites its not a huge jump to
imagine that they might restict other outgoing traffic..
work at all you have to be talking to the outside world on a
destination port that is allowed through the enterprise firewalls in
the first place. i.e. deemed acceptable traffic.
Most places allow filtered http to the outside world and nothing else
(except maybe ftp access from IT PCs). Any place that allows any trffic
out that the PC cares to generate are a) terminally stupid and b)
liable to end up with their PC's stuffed with trojans, viruses and
other malware.
If you are suggesting that the employer would be monitoring source
port as well as destination, then that too will be difficult to
You don't really know how firewalls work do you? Hint - it's very easy.
Also look up the concept of application proxies and how they block
tunnelled traffic.
Everyone and their dog used ssh tunneling to get around outbound
firewall port blocking rules and network proxies. Suddenly, for some
reason, destination port 22 was blocked (I never quite figured out why
:-) ). However, for some bizarre reason they still allowed outbound
telnet traffic. Most people and their dogs then configured their ssh
servers to listen on port 23 and tunneled through that instead.
Which indicates to me that your network admins are terminally stupid.
Allowing telnet traffic out while blocking ssh is shooting yourself in
the foot with both barralls and then reloading and doing it again.
Most places start with the basis of "nothing allowed out" and then open
up specific ports. To do otherwise invites disaster.
admins to pick up on it. Realistically that is just not going to
happen in the larger enterprises.
Actually it is there that it is most likely to be spotted.
Phil
--
Phil Launchbury, IT PHB
Triumph Tiger 955i
'I'm training the bats that live in my cube
to juggle mushrooms'
.
- Follow-Ups:
- Re: OT: Geekness - avoiding proxies
- From: SimonM
- Re: OT: Geekness - avoiding proxies
- From: Scraggy
- Re: OT: Geekness - avoiding proxies
- From: simonk
- Re: OT: Geekness - avoiding proxies
- References:
- OT: Geekness - avoiding proxies
- From: doetnietcomputeren
- Re: OT: Geekness - avoiding proxies
- From: SimonM
- Re: OT: Geekness - avoiding proxies
- From: DoetNietComputeren
- Re: OT: Geekness - avoiding proxies
- From: Phil Launchbury
- Re: OT: Geekness - avoiding proxies
- From: SimonM
- OT: Geekness - avoiding proxies
- Prev by Date: OT: BBC2 last night - the Armstrongs
- Next by Date: Thames Valley policeman admits kitten murder
- Previous by thread: Re: OT: Geekness - avoiding proxies
- Next by thread: Re: OT: Geekness - avoiding proxies
- Index(es):
Relevant Pages
|
