proxy to bypass firewall?

Maybe this how our anonymous poster, who occasionally come here, can chat with his online girlfriends without them getting caught From what I gather, it would be almost impossible for the employers of his online girlfriends to figure out what they are up to. Looks like the inventors of Putty have a winner there.

First clue

Second clue - by the way, it's more likely that the log lists source and destination IP addresses and port numbers as well.

and easy to detect

My definition of "securely" means that there should be no mean by which your employer can know which websites you have visited or are currently visiting, and can not view or decipher the content of those sites (without actually standing over your shoulder.) Keep in mind that the method I discuss here will protected you from NETWORK monitoring, not actual computer or keystroke monitoring.

and The SSH traffic CAN be seen or detected, but it will look like a garbled mess of letters and numbers.

Do you honestly think your employer/admin will _IGNORE_ traffic because it's encrypted? How long do you think it takes to recognize it, and block the network you are connecting to? How long to install monitoring software on the computer (if it's not already there)?

I was talking to the network admin at the local college a couple of weeks ago. He tells me they use the security cameras to identify which user is at which computer every N seconds. They only look at the tapes when there has been a problem, but that eliminated a spam problem (now ex-student was attempting spam runs on "unused" PCs in computer lab). I asked him why it was possible to connect to outside mail servers - he told me it was no longer possible.

Still don't understand network concepts, Charles?

Want to trust them with your job? You keep forgetting that it's easy to detect, and once detected, easy to document. And are you sure there's no possibility of the admin installing monitoring software?

Old guy

X-No-Archive: Yes

"Moe Trin" wrote in message news: snipped-for-privacy@compton.phx.az.us...

Well, when they guy mention Novell, and firewalls, it sounds like Bob JOnes University. I read about their strict filtering policies once. If the student in question is doing it from his/her dorm room, using his own computer, it would be possible to do SSH, and Bob Jones III and his admins would never know what that student was up to. If, say, the students parents had broadband and decided to let him SSH home, and connect to any "banned" web site from the students dorm room, the admins wold not know what they were up to. They would know that a connection was made from one of the dorm rooms to a residential broadband connection somewhere (Comcast, RoadRunner, Verizon, etc), but since the transmission would be encrypted, the university administration would not know what was going on in the dorms. And since this would be a student-owned computer in his/her dorm room, BJU would not be able to place monitoring software on that machine. I, myself, used to chat with a girl from Bob Jones University a few years ago who was able to circumvent the school's filtering system quite easily. She would SSH to her parents computer in Kansas, and the connect to her AOL account from there. This is how I know that the filtering system at Bob Jones University is not secure. Since this was being done from her computer in her dorm room, BJU had no idea what she was up to. If either Bob Jones III, the university presiident, or anyone else ever tried to read that data, all they got was a bunch of indecipherable nonsense. They would know that she connected to her parents broadband connection in Kansas, but that is all they would be able to figure beyond that. Her parents liked the Christian values of the college, but did not agrees with some of their filtering and monitoring policy, so they set it up so she could SSH to her parents computer back home in Kansas, and do her Web surfing through there. This is made it impossible for Bob Jones Univerisity to monitor her web surfing, since all the traffic was going to and being handled by her parents broadband connection in Kansas.

One other thing to note is that this girl was 22 years old at the time I chatted with her, just in case anyone starting getting the wrong vibes.

So what *did* you two chat about?

Clearly, she wasn't looking for network security advice :-)

Man, please do not get him started. I remember something about a lady TV reporter and he were at it hot and heavy as she circumvented security at CBS, ESPN, MSNBC or something like that and they *communicated*. It could have been someone else I am thinking of. :)

Duane :)

That it was someone else. I just happened to jump in on the chat once. This other guy who did that was from Australia, from what I understand, he had it rigged out through his broadband connection at his apartment in Melbourne, Australia.

I know it's a huge surprise for you, but Novell is still fairly common. For years, it was _the_ networking O/S - but that was before microsoft invented networking. Now, it's probably in third or fourth place, but that's still quite a chunk of address space.

Yeah - you ought to read about their student dress code. Still, if a student decides to attend such a "school" - it's not like they didn't have their eyes open. It's not my dog.

I don't know if you are saying that because of the incompetence of the admins (I was going to say something, but no - I'm not going there), or that you think that they'll throw up their hands and say "Wow, it's encrypted - we'll just have to ignore it" and that's the end of that. In either case - do you think all admins are going to do the same?

Hey, Charles - you have a separate box that you use as a toy firewall, why don't you sniff the traffic between your computer and the world while you check your mail at hotmail/where-ever, and when you surf at that web site where they have the "interesting pictures" of those hamsters wrapped in duct tape (or what-ever). Think you might notice a FUNDAMENTAL difference down at the data link (wire) level in the traffic EVEN IF IT'S ALL ENCRYPTED? Or is this networking stuff still to complicated for you? Or doesn't your toy networking setup include stuff like 'ethereal', 'sniffit' or 'tcpdump' to name just three common tools. Or even worse, did your "accounting" instructors merely train you to be a data entry clerk, and to NEVER EVER look at the data? Do the words "due diligence" mean anything?

That's nice. Do you think every admin around the world operates to the same standards? (Skill, not moral, religious or other.) I was going to suggest some reading - but I don't think you'd understand it.

Old guy

This also proves my point why software-based systems are better than hardware appliances. Tiny notifies me on screen instantly of any activity not in the ruleset, and prompts me to decided whether to ban or allow it in the future. That is something your hardware appliances have not learned yet. If a script kiddy tries to make a scan on my network, and there is no rule in the rulset, an alert comes up on the screen instantly, and then I can tell it to ban the activity in the future. Windows dominates networking, and will do so even more when Windows Vista comes out in 2006 or 2007. Of course Windows Vista will need 64-bit hardware, and the server box for my network was recently upgraded to 64-bit for that reason, so it will be ready for Windows Vista.

In article , Charles Newman wrote: : This also proves my point why software-based :systems are better than hardware appliances. :Tiny notifies me on screen instantly of any :activity not in the ruleset, and prompts me :to decided whether to ban or allow it in the :future. That is something your hardware :appliances have not learned yet. If a script kiddy :tries to make a scan on my network, and there is :no rule in the rulset, an alert comes up on the :screen instantly, and then I can tell it to ban :the activity in the future.

How fast can you click your mouse? How long can you keep that rate up?

The lowly hardware appliance guarding us intercepts approximately four hundred thousand attempts per day (more on busy days.) That's an average of more than 4 1/2 per second, all day and all night.

Even if one supposed that each scan was for an average of 4 1/2 IPs [which isn't the case -- small-scope hits are in the majority these days] then one would still have to make a decision about every 1 second. Every second. How long could you keep up? How's your RSI holding out?

Except that your application runs on a OS that is user installed, user maintained, user controller, and often compromised before the user even has a clue that it's compromised. In addition, even if the OS isn't compromised, the user, without understanding the "alerts" may approve them without understanding and then defeat the reason for having the software.

Many appliances can "email" a user if something happens, take a look around, you may learn more about these things.

That's funny, I could run it on my non-64 bit P4 system right now.

I heard sometime back that Windows Vista will need a 64-bit system to run, as will many of the applications that will be written for it. Windows Vista will be an entirely new OS, unlike the Windows

What proves your point? The only thing your post "proves" is that when someone points at a massive clue, you do your best to ignore it and change the subject.

The cyber expert was advocating installing software on the box to get around the firewall. To install the software means having advance privileges on the system - the same privileges that can be used to turn off your toy firewall, and prove it is totally worthless. It doesn't even give an illusion of security - much less actually do anything useful,

Charles - you never learn, do you. A firewall should not try to block bad stuff. It should ALLOW known good stuff, and block/ignore the rest. I guess your toy firewall won't let you configure things like that, huh? Allowing things, rather than looking though a vast list of "block this" uses less CPU - but I guess that's why you need the 64 bit box instead of the 386SX-16.

Charles - you don't know anything about hardware firewalls. Thus, you don't have one single clue of their capability. You've proven that with your false statements, and ignore when people point out exactly where you are wrong. Logging has been part of every firewall I've ever seen since long before microsoft heard about networks. You keep forgetting they're 13 years behind everyone else. Google for 'syslog' - though you might need help with the bigger words, like "default".

Charles - real firewalls don't need clueless overseers. They get configured correctly, then work silently without intervention and there are no problems. I guess you don't know enough about networking to understand how that could be done, and can only react when someone pokes you through your wide open "firewall". By the way, why are you allowing skript kiddiez on your network in the first place?

Install the latest virus, spyware, and worm removal tools, your bandwidth use should come down to normal, assuming it's not some new variation of the malware de jour.

Are you sure it will be out before 2008? Bill has missed nearly every target date (which is why he had to buy QDOS to have something to ship to IBM in 1981) in the past. I notice he's learning not to put year indications into the software names - gets embarrassing when he misses by more than that, even given a two year window of possible ship dates.

Well, that should keep the 64 bit viruses off your other systems.

By the way - had any luck looking at the packets on your wire, as I suggested in the section you clipped? Really, if you did as suggested, you'd see some quite Homer Simpson "duh" things.

Old guy

Microsoft has put a release date of December of 2006. They are planning, as of right now, to have machines based in Windows Vista in the stores in time for Christmas 2006. I read that in an article a few days ago.

You gotta stop believing those comic books - all they are doing is repeating line noise they hear - doesn't matter much, because everyone knows they're just "mis-information". The only reasons microsoft are talking about 64 bit is because they've discovered that other O/S have had that capability for over five (in some cases for over ten) years, AND that windoze needs more RAM than is now reachable with 32 bit addressing (1074 million dwords -> 4 Gigabytes with 32 bit processors).

Still haven't got it right - maybe they can try again.

What is "Windows 4.x and 5.x"? Do you mean NT? NT 3.x, 4.x and 5x (w2k and XP) departed from the old WfW 3.11, win9x model because microsoft decided they needed something less insecure. As is usual, when microsoft can't figure out what to do, they steal concepts from other operating systems (here, VMS), and "improve" them. They did this with TCP/IP networking (stealing the 13 year old design from BSD, and breaking it). They did it with the GUI from Apple, multi-user from *nix and VMS, multi-tasking from Desqview, memory management from QMM among others, disk compression from Stac, the browser from Netscape - even the base OS itself. XP was supposed to be exciting new technology too, but they just stole concepts from NT and broke things in different ways because NT was to hard to use.

So, you know it's a total piece of crap that will be just as bad as previous crap from microsoft - and you just can't wait to buy it.

Haven't you heard microsoft (and specifically Bill Gates) claim that previous versions of windoze were going to be "more secure"? If that's the case, why is this huge third party market in software to make windoze secure, like your toy firewall, the anti-virus programs, the anti-worm programs, the anti-spyware programs... Sounds like more "Fairy Tales For The Sheep" to me.

Do you think microsoft will try to get it certified? Or will they claim that there is no standard any more (DOD standard 5200.28-STD is

Old guy

Was that was an official announcement from Microsoft, or merely more marketing hype from "insiders" or "industry observers". If it's in time for Christmas, it has to be on the shelves IN THE STORES not later than Thanksgiving. Of course, Christmas 2006 is sixteen and a half months away - and most people will have forgotten the current rumors by then.

So - you're going to ignore the suggestions to get that packet sniffer busy, and learn something about TCP/IP? Or is it to complicated? You know, if you configured your windoze boxes right in the first place, you wouldn't need an inbound firewall. If there is no service listening on a port, all versions of windoze that have networking would "Do The Right Thing"(tm), and ignore connection attempts without your intervention. Most late versions should even withstand mis-shaped/sized packets without crashing.

Old guy

In article , Moe Trin wrote: :The only reasons microsoft are :talking about 64 bit is because they've discovered that other O/S have :had that capability for over five (in some cases for over ten) years,

Supporting fact: SGI introduced the 64 bit version of it's IRIX operating system on June 7, 1994, a little over 11 years ago.

The Sun Sparc architecture was completed in mid 1992

More secure?