New "worst nightmare" for network admins

Well, Tor would not work with BitTorrent. The only things I find that I cannot stuff down SocksCap are BitTorrent, Gnutella, and PP-Live TV, but everything else I have ever tried with SocksCap, and Tor does work. This is becuase SocksCap cannot handle anything that uses UDP, but anything that uses solely TCP can be stufffed down SocksCap. And besides, there is no possible way you can know what they are up to, if they are using a system such as Tor, that uses military-grade encryption, since all the data packets would be encrypted.

Reply to
chilly8
Loading thread data ...

That example was downloading MP3 planed for redistribution! Not exactly legal!

1) I DON'T care if the traffic is encripted! 2) ALL incomming ports are closed by default! You need a very good reason to convince me to open ANY port. 3) I DON'T care TCP,UDP or ANY other IP protocol -If someones Computer creates "mistery" traffic that reduced bandwith, I CAN shut it down! -Then i find normaly very fast who it was. -You (The abuser of the network) has a LOT to explain! -You will stay banned if you cannot explain the extra traffic from your computer! 4) If you have ANYTHING to hide, DON'T put it in the public (Internet) in any form or way! -Encrypted traffic attract everybodys attention! -especialy if it is NOT from a aproved source! (I.E. company mail or webserver)

Rudy P.S. What do YOU have to hide that you use that "service" yourself to post here? :-)

Reply to
God Rudy

You have so many mistaken ideas that it'd be a shame to correct them and reduce the fun.

Let's just say that "the man who was not there", Was Not Here again today.

Reply to
Walter Roberson

That depends. If he turns sharing off, it is far less likely to attract music inddustry attention. Before I started paying for music, I used to use a "hacked" version of Kazaa that ignored the "participation level", which required you to upload a certain amount of stuff to be able to download. There was such a version floating around until Kazaa got that shut down, which you let you turn off sharing, and be able to download all you want, and be far less likely to attract the attention of the music indistry. I still had to use anonymizers, such as open proxies, Tor, etc, etc, because Kazaa was reportedly going to to after users ot any version of Kazaa that

  1. Had the adware and all the spyware that would send your computer straight to HELL.
  2. Disabled the upload/download rations for Kazaa

Even though I quite using Kazaa 3 years ago, I would imagine they are STILL trying to track down people who were using Kazaa ++, and other hacked verrsions of Kazaa that Sharman and FastTrack did not approve of, which necessiates using anonymizing services for at least a few more years.

However, someone with one of various kinds of high-gain antennas could hit your ublic hotspot from quite a ways away without even having to come into your establishment. I know that becuase when I was at Anonymous Antarctic Media, before I left, it was common practice when covering figure skating, or other sporting events, to use various kinds of high-gain antennas to connect to any open WAP we could find. And as far as the MAC address goes, there are programs out there that can "spoof" the MAC address. That was the company policy at Anonymous Antarctic Media, to find open WiFi access points with NetStumbler, and the spoof the MAC address using various hacker tools on the market, and a policy I intend to implement at my newlly founded company. High gain antennas are legal in every country, except England (which has tigher RF rules then anywhere else in the world). You can buy the SuperCantenna online. You might want to check out

formatting link
to see what I am talking about. If you l live anywhere that Chinese cookware is sold, you can buy an authentic Chinese wok that can be made into a very good high-gain antenna, with as much as 17db of gain, though the Cantenna, or antennas made from chip cans or stew cans are much more feasable for use inside a sports arena. The 12db gain of the cantenna is more than enough to hit any nearby open WAP.hotspot.

Reply to
chilly8

Keep on believing that. I might not be able to sniff the content, but I sure can figure out what a user is up to -- I can see every process running on their PC, the contents of the drive, or even remote in and see the desktop.

Things like that tend to make it simple to figure out what the user is doing. *shrugs*

Reply to
DevilsPGD

Do you really believe that you could cheat for a long time? We DON'T care who or where you are. We CAN disable your access. If the same user shows up again with a different MAC, the guys in uniform (and without) will be VERY interested in you! Just for a few questions ...

Rudy

P.S. Still asking why do YOU have to hide behind "anonymous" servers! You have been using 7 different IP addresses in about 4 countrys! Do you thing that the google abuse departement likes that? Or are you afraid that your boss would fire you for NOT working? (You are posting most probaly from work because that computer has the ".NET" built in.)

Reply to
God Rudy

X-No-Archive: Yes

God Rudy wrote:

I always use Evidence Eliminator before taking any of my computers accross any international borders. If someone did come on with a differnet MAC, any evidence in their computers could be wiped out with programs like Evidence Eliminator, KillDisk, DriveSweeper, or any one of a number of other disk wiping utilities. It defeats all known forensic software tools. I also encourage anyone listening to my station from work to use EE on their work PCs, so that any evidence that might be used to fire somoene cannot be recovered. You can have illegal stuff in your computer and not even KNOW it, with what the various kinds of malware and spyware do now. So I play it safe before crossing any international borders, by running a session of EE on any computers I am carrying, so that anything illegal that I dont know about is obliterated and cannot be recovered by computer forensics. This way, if Customs randomly decides to scan my equipment (which Canada, Australia, and the USA are doing a lot more these days), anything illegal that might have been there without my knowledge is obliterated and will be unrecoverable. If you travel internationally, and carry any kind of computer equipment with you, you NEED programs like EE, DriveSweeper, KillDIsk, BC Wipe, or any one of a number of disk wiping utilities on the market, so that anything illegal you dont know about will be obliterated and redered unrecoverable even by expensive forensic tools costing US$7000 per license. Using these tools will save you from being thrown in a foreign gaol, for having illegal stuff on your computer that you did not even KNOW was there.

Because the Religious Right has been trying to track me down for YEARS. I have been know for BRTUAL commentary, at times, opposing the Religious Right, and their position on a lot of things. After some not-so-flattering commentary opposing the CDA in the December 6, 1995 edition of my E-zine, they vowed to track me down no matter how long it took. They also said, in a message sent through the old Penet remailer, that they were going to refer the case to the US Attorney's office in Roanaoke, va, for possible prosecution under the Alien and Sedition Acts of 1799, which make it ILLEGAL to criticise the United States Government, in ANY way. I have been using every anonymising service ever since, to avoid being tracked down. They have been trying to find me for years, and have not succeeded yet.

The IPs differ becuase Tor assigns a server on its network automatically when you go through the system. A random selection of what nodes to go through is determined. I wont even know what IP address this message will go through until I see it after the post and look at the address in the headers. There are about 10,000 machines on the Tor network now, and script-kiddies are adding more all the time, which could explain all the machines in educational, government, and corporate enviroments that have become Tor nodes.

I have been doing this for many years. I have never heard anything from either Google, or Deja (its predecessor) about using services like Tor. It would be hard for them to stop anyway. Its not against the rules of Google to use anoymizng web proxies. I have been doing this since probably long before you have had internet access. I periodically change addresses and aliases anyway, when the hotmail address I use gets overloaded with spam, which this account is becoming, and quite rapidly. I am just about ready to deep-6 this alias anyway, with all the spam I am getting now to snipped-for-privacy@hotmail.com, that is somehow geting past MSN's spam filters.

I use the professional version of XP on my personal machines as well, becuase it is far more stable than the "Home" version of the product. It is worth the extra US$100 for the Professional Version. And some PCs for home use now come with one of two versionf of the XP Professional, the original XP Professional, and XP Media Center Edition, which is based on XP Professional. So don't automaticlly assume someone is posting from work, just becuase you see the .NET anywhere in the headers. A lot of home machines now have either XP Professional, or XP Media Center Edition.

Reply to
chilly8

On Wed, 20 Sep 2006 09:35:23 -0700, chilly8 wrote: BullShit!

Do you hear the black helicopters? NO? There comming to get YOU!

:-)

Reply to
God Rudy

Bullshit! What about this,

Windows XP Home Edition vs. Professional Edition: What's the difference?

formatting link
would lead anyone to believe that this is anything but BS?

Windows XP Security Checklist

formatting link
One could actually make the argument that the average Home/SOHO user is too clueless to use WinXP Pro out of the box. Many more network vulnerabilities and services that need locked down.

Configuring NT-services much more secure

formatting link

I agree with that, at least for the savvy user. But it has absolutely nothing to do with security or stability.

Ron :)

Reply to
Ron Lopshire

X-No-Archive: Yes

Sebastian Gottschalk wrote:

However, there is a new browser that some hacker have released called TorPark, which does not have to be installed on any machine. You can carry it on one of these USB drives that fit on your keychain, and plug that into any USB port and run the executable. TorPark conneccts to the Tor network without having to download and install the Tor software. It comes pre-configured to surf via the Tor network. Its desinged to run in "restricted" enfiroments where one does not have priveleges to install the Tor software. Whoever came out with that browser will be the network admins WORST NIGHTMARE COME TO LIFE.

Reply to
chilly8

^^^^^^^^^^^^^^^^^^^^^^ That's the point where your scenario would fail. As long as the admin doesn't specifially add the USB drive, the exact path, the exact filename and the exact cryptgraphic checksum to the exec whitelist, execution of the program will be denied on first place.

Damn, get a clue about what you're talking before doing so!

Reply to
Sebastian Gottschalk

Got something to hide?

What makes you think Tor is any harder to block then anything else on the network?

Reply to
DevilsPGD

Huh? Only fools would think that Google wouldn't archive such a posting instead of simply not displaying it, or that Google would be the only instance who archives certain newsgroups. Actually one could think that Google is simply dumb to offer such a useless feature, which simply restricts their own database.

Because the TOR protocol has essentially no characteristics?

Reply to
Sebastian Gottschalk

That "whitelist", as it were, could be hacked. Someone could try to hack their way into the whitelst on theri local machine and add thier app to the list of allowed applications. All someone would have to do is disconnect the workstation from the network so that the activity does not show up in the network logs. Then they could use BC-Wipe, Evidence Eliminator, or one of a growing number of programs like them that would wipe out anything that could be used as evidence in any criminal trial.

Reply to
chilly8

The same pseudo-argument applies to every security implementation, and isn't valid as long as there are no conceptional errors.

So what? This doesn't give them the required privileges.

Well, except that it wouldn't work, as without the privilege to access the raw filesystem and/or bypass ACLs you won't be able to write to the system log at all.

Reply to
Sebastian Gottschalk

Regardless of whether Google archives it (I believe they do), it does prevent his employer, family, friends, etc from looking up his words down the road.

My present employers know this alias, and are free to read up whatever I post. My contributions to their own mailing lists, and third party mailing lists is what got me the job (and yes, I was an asshole there too)

Sure it does. It's lack of characteristics is it's characteristic. Unless there is anything else that fits the profile that is needed by the business, it gets blocked by default. 99% of office users won't even notice that anything other then HTTP is blocked, and those that notice can make a case for additional access.

For the record, I consider "listening to music" as a business need if it increases employee productivity. Personally, I download one of my favourite TV shows and watch it while I work daily -- Does it hurt my productivity? Maybe... But I use that time for brainless parts of my job, and then I tend to work through lunch.

I also read usenet, slashdot, and do personal email on company time. 'course when my boss wants to know about something happening in our field, I'm up to date without doing the research. I'm the "If nobody knows what the hell this customer is talking about, ask DevilsPGD" guy.

So that's just my two cents worth. If a network admin wants to detect it, the fact that it doesn't match another known traffic pattern will make it stand out to any IDS.

Reply to
DevilsPGD

When X-No-Archive is detected, Google keeps it for 6 days, to give people whose only newsgroup access is Google, a chance to read it, then it is deleted.

However, with some cities in the USA, and Europe offering either free wireless, or offering it for a fee, it mght be possible now to connect to that network from the office, by unplugging from the network, and plugging into the citywide WI-Fi. There are some commercial outlets that offer citiwide Wi-Fi, where anyone with a good enough antenna (and who want to pay the monthly fee) can connect from anywhere in the coverage area, even from work. Someone with a SuperCantenna, Pringle-can antenna, stew-can antenna, or smiliar antenna, could connect to their wireless account from work. Just unplug from the office network, and connect to the citywide Wi-Fi network either operated by the city, or operated by a commercial venture. Since it would be your wISP that would be handling the traffic, nothing would ever show in the company logs. Need to grab a file from your office network? No problem, you can just VPN back into the office network to get it (or FTP, or whatever methods is used for remote access)

Reply to
chilly8

It doesn't, as there are many other News2Web Gateways beside Google.

This is applicable to many many other protocols, including legitimate ones.

Uh, wonderful. What about tunnels over HTTP? Essentially the very same problem!

Yeah, and make the IDS pointless.

Reply to
Sebastian Gottschalk

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.