Bypassing work internet firewalls?

[JivinJeffJones]

I know you can run portable apps from flash-drives for things like browsers and anonymizers, but is there a combination of apps you could put on a flash-drive which would enable you to plug into a work computer and untraceably access the internet regardless of firewalls, without having to install anything on the hard-drive?

Obviously I'm no computer-programmer, and it's likely that what I'm asking is ridiculous on any number of fronts. But if you don't ask you'll never know. Any hackers out there who can help an INFP out?

 

[Fluffywolf]

*puts on hypocritical cap*

Tsk tsk, as a manager/boss I feel inclined to tap you on your fingers for browsing during your work hours...

>.>

<.<

*closes office door*


On a more serious note, I never really looked for such means myself so can't help you off the top of my head.

 

[entropie]

It's tough; we use webwasher at work and it blocks files larger than 20 mb already. And sometimes we receive blueprints from customers, which are far past the 20 mb limit in size.

I havent found a way so far to bypass it myself. *exe files you can exchange by renaming them to *zip; but thats all i got.

 

[Shaula]

Befriend the network admin.

 

[JivinJeffJones]

Befriend the network admin.

I prefer the idea of having a flash-drive skeleton key with everything I need for a ninja browsing session. But that might be as likely as obtaining an actual skeleton key. I just don't know. Which is why I ask.

 

[Wyst]

I was just talking about this with Synarch over a few drinks on Saturday. Ghostzilla is an app that can do that.

 

[Athenian200]

@Wyst: That would only hide you from a casual visual inspection of your monitor. Not from something that monitors activity on the network.

One good way I can think of would be booting the computer from a Linux USB stick (to avoid any monitoring/logging on the computer itself) that was configured to connect to the network via protocol encapsulation and encryption. In other words, it would establish one connection that looked legitimate no matter what (perhaps by recording a normal session), and then send the real data to a known computer outside the network over that connection (which would somehow always look like a legitimate website), monitoring the connection as if it were a code, connected to the unfiltered internet. This would involve some advanced DNS and/or IP spoofing techniques, Linux configuration skill, and knowledge of the specific protocols and weaknesses of your companies intranet security software.

So it's probably not for you.

 

[scantilyclad]

you could change the proxy address.

 

[Athenian200]

you could change the proxy address.

Actually, that could work, too. It really depends on how "smart" the firewall software is, and what other monitoring techniques are being used.

Some are so dumb you just have to change a few variable to get through. The majority of the time, "smart" hacking isn't needed. It's just important to know your enemy (the security procedures) before trying anything.

Bypassing a firewall is not unreasonable, it's just unethical and potentially complicated.

 

[JivinJeffJones]

@Wyst: That would only hide you from a casual visual inspection of your monitor. Not from something that monitors activity on the network.

One good way I can think of would be booting the computer from a Linux USB stick (to avoid any monitoring/logging on the computer itself) that was configured to connect to the network via protocol encapsulation and encryption. In other words, it would establish one connection that looked legitimate no matter what (perhaps by recording a normal session), and then send the real data to a known computer outside the network over that connection (which would somehow always look like a legitimate website), monitoring the connection as if it were a code, connected to the unfiltered internet. This would involve some advanced DNS and/or IP spoofing techniques, Linux configuration skill, and knowledge of the specific protocols and weaknesses of your companies intranet security software.

So it's probably not for you.

This sounds more like what I had in mind. It also sounds considerably outside my abilities. I'm a bit surprised nobody has come up with a preconfigured portable software suite which can do this, especially given how much storage capacity flashdrives have these days. Or maybe they have, but they don't want it known lest security software close the loops which could allow it.

you could change the proxy address.

Use something like TOR, you mean?

 

[Athenian200]

This sounds more like what I had in mind. It also sounds considerably outside my abilities. I'm a bit surprised nobody has come up with a preconfigured portable software suite which can do this, especially given how much storage capacity flashdrives have these days. Or maybe they have, but they don't want it known lest security software close the loops which could allow it.

Likely. There might be something preconfigured, but it's usually better if you make and configure it yourself based on knowledge of the specific software at hand. Otherwise... it might know about one piece of software but not the other, accidentally trigger it, and get you in trouble.

If the firewall is the ONLY security procedure, getting around it should be easy. As easy as using an Internet proxy server, or possibly remote access to your home computer. Kids use those to get around school firewalls and access Facebook all the time. But if there's more, you have to be careful.

 

[scantilyclad]

Just find a list of proxy servers, go to your internet options and change the proxy address. it might work. this will only work if you can actually access your internet options. some places have that blocked too.

I used to do this in high school, i never got caught or anything. BUT it wouldn't work on internet explorer because they had the internet options blocked. I just downloaded firefox and did it there.

 

[Athenian200]

I used to do this in high school, i never got caught or anything. BUT it wouldn't work on internet explorer because they had the internet options blocked. I just downloaded firefox and did it there.

Single application option block-outs? Without limiting ability to download alternate versions of software? LOL, those guys deserved to get hacked.

 

[Nighthawk]

When I worked for megabank, they cut off all our outside email, IM, and lots of websites. Being a rebellious INTP by nature, I learned how to make a few Windows registry changes to point to a proxy server that was being used by the company executives to maintain their access to ESPN and such. That lasted about 8 months before a network admin in the security division detected my traffic and I was exposed. I was called to the carpet for my infraction, despite my protestations that what was good for company execs was also good for the rank and file.

My next tactic was to purchase an air card for my personal laptop and use it as I pleased at work. After a few weeks of that, I was forbidden by my manager from bringing in my personal laptop.

My next tactic was to quit working there.

...

Perhaps a registry hack is all that you need to point to an open proxy server. However, depending upon how draconian your company's security policies are ... and on how vigilant their network admins are ... you might be discovered. This link might help you get started on the hack. Of course, that assumes you have an open proxy server available.

Best of luck and may your data continue to flow freely.

 

[JivinJeffJones]

Perhaps a registry hack is all that you need to point to an open proxy server. However, depending upon how draconian your company's security policies are ... and on how vigilant their network admins are ... you might be discovered. This link might help you get started on the hack. Of course, that assumes you have an open proxy server available.

Best of luck and may your data continue to flow freely.

Thanks mate, I'll look into it. This is kind of exciting. Like hunting, for geeks. Or those who share the interests of geeks without the skillz, anyway.

If I never post again, you'll know I've been caught.

 

[Athenian200]

If I never post again, you'll know I've been caught.

I don't think they'll kill you or send you to jail.

You'll probably just get fired, or possibly even a slap on the wrist... still an awful risk in this economy, but you seem to really want this.

 

[thisGuy]

When I worked for megabank, they cut off all our outside email, IM, and lots of websites. Being a rebellious INTP by nature, I learned how to make a few Windows registry changes to point to a proxy server that was being used by the company executives to maintain their access to ESPN and such. That lasted about 8 months before a network admin in the security division detected my traffic and I was exposed. I was called to the carpet for my infraction, despite my protestations that what was good for company execs was also good for the rank and file.

My next tactic was to purchase an air card for my personal laptop and use it as I pleased at work. After a few weeks of that, I was forbidden by my manager from bringing in my personal laptop.

My next tactic was to quit working there.

...

Perhaps a registry hack is all that you need to point to an open proxy server. However, depending upon how draconian your company's security policies are ... and on how vigilant their network admins are ... you might be discovered. This link might help you get started on the hack. Of course, that assumes you have an open proxy server available.

Best of luck and may your data continue to flow freely.

you need to know the unblocked proxy server first...how the hell do you get that

 

[Nighthawk]

you need to know the unblocked proxy server first...how the hell do you get that

Yes, that indeed is the trick. I got it through checking the automatic configuration script in the LAN settings. In Internet Explorer: Options -> Connections Tab -> LAN Settings button. I opened the file in notepad and tried every proxy contained therein until I found one that worked. If you don't have an automatic configuration script, then the only way I know is to try social engineering. Not an easy task for an INTP like me.

 

[ygolo]

If you haven't solved your problem yet, use some Ping Fu.

Specifically, for getting Ventrilo to function through workplace firewalls, use Ping Fu UDP.

I think you can place it on your flash-drive, and run it from there, but I haven't tried. Of course don't let it make the shortcuts on the hard-drive when it installs, and don't use the default area.

 

[mortabunt]

The block at my school can be beaten by using https instead of http.