:-D
Well I must've really pissed off the IT gods at work. I mean, in our whole network who but I would be surfing a tiny little site dedicated to a ten year old dead game?
Bastards blocked BZUNIVERSE.
"No business value" is what comes up when I try it. It's not like I spent more than my break time surfing, but still... to me it means some poor flunky in India probably had to actually surf here and see what it was about, then mark it as dead.
Bah... back to Solitaire on breaks. Idiots...
Makes me feel a LOT less guilty about all the stuff I do behind IT's back... :)
-Av-
Theres a technique I use to get around that, its called tunneling via SSH.
Requires 1 linux machine with SSH server installed
A dynamic DNS to your home machine (ie: zeroangelmk1.no-ip.com)
Putty and a simple .bat file
Firefox with FoxyProxy extension
Takes a couple of hours to set up if you're starting from scratch with no SSH tunneling experience, but at the end, you got a totally encrypted internet connection that nobody can snoop in on or block (assuming of course they don't block your connection to your house). In addition, you can SFTP (transfer files) to and from your linux server, as well as have the ability to run commands on your linux server.
And I suppose if you have the dynamic DNS thing set up, you could also establish a VNC (remote desktop) connection to your home computer.
I've got a portable 2"5 hard drive that has portable Firefox as well as portable putty installed on it. I click on a .bat file and it connects me to my home machine, and I turn on foxyproxy to access the internet through the SSH tunnel -- and i'm set!
Theres very likely an easier way to do this. Mine is just ultra-geeky!
I just have a little proxy script (that works in IE, Firefox, Opera, Windows in general, just about anything in existence) that redirects non-local addresses to my own server to redirect elsewhere, I get past everything then while still having the inner address work. Sad thing is, I originally set that up because I needed to get a site that was required to do work, but was blocked for some forsaken reason...
If anyone wants to know how to make that little script, just ask, it is really simple, and even if the work blocks setting proxy settings in windows, for some reason the proxy script field never seems to be blocked anywhere I have been.
(http://www.overminddl1.com/image_scripts/image_sig.php?type=ODL1signitures&image/sig.gif)
Generated by OvermindDL1's Signature Auto-Add Script (http://overminddl1.com) that OvermindDL1 did manually since Greasemonkey does not work in Firefox 3.1 yet...
If you don't mind the not so pretty version of BZU, you could just use SSH to a linux box and use the text browser elinks to check on BZU.
Creating a firefox proxy via SSH isnt that difficult, it can be done with putty and a .bat script.
This is the bat script I use to establish an SSH tunnel
@ECHO OFF
ECHO. Establishing SSH Connection on Ubuntu (Dave)
start putty -D 80 -P 443 -ssh Guest@zeroangelmk1.no-ip.com
What this does basically is tells putty to connect to zeroangelmk1.no-ip.com (my linux box) as username Guest (which is a user account I set up on that machine -- you can use your main user account if you want). The port that it is connecting to is 443 (I've set my SSH server to use port 443, which is the HTTPS port -- IOW: It will look like normal encrypted web traffic to the untrained eye) and to tunnel it through port 80, which is the normal HTTP/Web Browsing port.
I used to have a really good script which automatically entered the password in and handled various other contingencies, but I lost it. This one is simple and does the trick though. :)
Problem is, most of those configurations listed do not work without admin privies and with things locked down (like at my job), hence why my method still works. Just make yourself a proxy script, kind of looks like C, but it is interpreted and has proxy specific commands, works everywhere from what I have seen.
(http://www.overminddl1.com/image_scripts/image_sig.php?type=ODL1signitures&image/sig.gif)
Generated by OvermindDL1's Signature Auto-Add Script (http://overminddl1.com) that OvermindDL1 did manually since Greasemonkey does not work in Firefox 3.1 yet...
Providing you have portable putty and portable firefox on your thumbdrive, these shouldnt need admin priviliges. These dont touch the underlying configuration of your computer or use any of the system tools (except for maybe cmd).
I'm interested to learn your method OM.
What is with companies blocking things? Where I work we don't block anything, and we provide Internet for libraries that have obligations to block things that could be objectionable when kids are using the computers and such.
I could probably browse porn at work and nobody would NOTICE unless they looked at my screen.
In fact, the only time I worked on computers at a location that was blocking sites the block list consisted of "sites that are obviously trying to do drive-by installs of crapware, phishing sites, and sites that are obviously trying to get you to install stuff to take control of your machine without your knowledge or consent" and nothing more. They had issues keeping that list up to date, and they had one group dedicated to doing it for all 19 physical locations. Hell, they had someone who's ASSIGNED job was to look for porn sites that had fake codecs.
All that said, if there is anything I might need to do such that a given proxy or proxy service works, let me know.
You'd be surprised at the amount of stuff we get blocked at my school. They blocked Google once. Big mistake. The IT guys got complaints left, right and centre. Anything they deem to have 'no educational value' has been utterly blocked. Though I never use the net at school for anything other than research and checking on my emails. I've never tried to get on to BZ2MD or BZU.
Use a wireless laptop/iPhone/Blackberry maybe?
i know a solution that involves the queen or the president 'owing you one'
I laugh at my school's proxy with Tor. No I don't sign into anything I just look around.
Interesting, and I'd love to learn those techniques myself... but there are no direct connections to anything at work from the outside. We have 15 proxy servers across the country that everything not internal route through. While I can reach my home box IF I VPN into our network from home I'm then limited to browsing through our proxy servers.
IOW if I can reach my home box at all then I'm then as limited as I am at work.
If there's some way around this I'd love to know, but it's easier for me to just drag a laptop to work with me and hook into some stray wi-fi in the area. Slow but unrestricted... :)
-Av-
See, open source VPN software tends to be able to talk to commercial VPN systems with a bypass on the "you have to route everything through them" rule. I believe Sonic has done this recently with his school, so he has more recent experience than I do.
Oh, you mean how I told my linux box here screw with the non-split-tunneling rule, just let me go where I want? Heh, I have it so my entire network is capable of routing into my school's lab one I establish the link.
As stated, if your school/work/whatever blocks things and has the computers locked down enough to prevent setting up any new port-hosted apps (like vpn), a real basic proxy script works fine, just put it on a webserver that is accessable, or on a little usb drive (if available) or just type it in, short enough:
function FindProxyForURL(url, host)
{
if (shExpMatch(url, "http://someWebsiteYouDoNotWantProxied_LikeAnInternalMailServerOrWhatnot/*"))
return "DIRECT";
return "PROXY <YOURPROXYIP>:<YOURPROXYPORT>";
}
A little googling will get you the full capabilties, but that is the basic bit that will let you get around anything, and no, I am not giving you the IP/port to my private proxy I setup, set one up yourself (there is only like a million and a half proxy server programs out there, janaserver is a good free one).
But yea, I cannot even setup a standard windows vpn, no openvpn, nothing can create ports down in the <2048 range, etc... Although I got around near everything, I like to keep up appearences. I still find it funny I have to go around their things to be able to do my job though...
(http://www.overminddl1.com/image_scripts/image_sig.php?type=ODL1signitures&image/sig.gif)
Generated by OvermindDL1's Signature Auto-Add Script (http://overminddl1.com) that OvermindDL1 did manually since Greasemonkey does not work in Firefox 3.1 yet...
Quote from: AHadley on November 14, 2008, 10:30:28 AM
You'd be surprised at the amount of stuff we get blocked at my school. They blocked Google once. Big mistake. The IT guys got complaints left, right and centre. Anything they deem to have 'no educational value' has been utterly blocked. Though I never use the net at school for anything other than research and checking on my emails. I've never tried to get on to BZ2MD or BZU.
My trade school has wireless home networks all around the building and they are all unsecured. I bring my psp :).
and some computers we have in the lab have wireless cards.. Since this is a computer class, we have ways to get around school blocks, connecting to other networks :). Every other computer in the entire lauderdale county is logged onto a novell server, and smartfiter is the blocking hardware
I still don't get this...
Our network is entirely internal. They allow external links through 15 proxy servers. I can't reach ANY outside computer without going through one of those 15 unless the outside computer hooks to our network through a VPN account.
So... how would any script work? You can't reach any outside computer. You can only reach those that effectively make themselves part of the network.
-Av-
You have your home computer VPN in using software that bypasses the routing of all traffic through the VPN. You then connect to your home computer over the previously established VPN link and get to the internet via it.
So it's a VPN that's not limited to the tunnel to the host? Interesting... seems like that's sortof against the whole idea of a VPN... never occurred to me that there might be such a thing. Still, I guess I'm not the first or only person to run into this sort of thing.
I'd like to know more but in my particular case I think the best solution is to just remove myself from their control completely... :)
-Av-
VPNs have two basic modes.
1 - Routing mode, where traffic to the remote system is dealt with while leaving everything else.
2 - Forced Tunnel mode, where ALL traffic is forced over the VPN.
1 is the original. 2 was introduced for "security" reasons, to help ensure a multitude of things. 2 is implemented with a "remove the default route and add in the VPN" and in some cases "make all the other network interfaces 'vanish' so they can't be used" on top of it.
Open source stuff can bypass the rules that make 2 work, turning a network that requires the full tunnel into one that just adds another piece of the net for you to talk to.
Interesting... thanks. I always thought VPN a bit nuts security-wise... with no way to make multiple connections. Sortof turns your broadband back into a single phone line running one connection...
Turns out it's nothing personal with me, it's as if they're going through logs blocking anything not work-related that anyone's gone to. Several dozen sites have 'dropped off the radar' now. Funny, you can still get to the sports stuff but not the other hobby sites (lots of shopping, cigars and guns are blocked now).
I (and my cohorts) are scanning the building for wifi signals but it's a big, old, concrete/steel building and so far blocking the wifi we find when checking outside. Lol, we may have to run an antenna and network of our own. :)
Crazy world...
-Av-
A good powerful directional antennae, and a window. :)
(http://www.overminddl1.com/image_scripts/image_sig.php?type=ODL1signitures&image/sig.gif)
Generated by OvermindDL1's Signature Auto-Add Script (http://overminddl1.com) that OvermindDL1 did manually since Greasemonkey does not work in Firefox 3.1 yet...
:lol:
Quote from: OvermindDL1 on November 18, 2008, 08:57:33 AM
A good powerful directional antennae, and a window. :)
You can go miles if you use the right parabolic antennas and aim them at each other.
Evil thoughts abound here...
New direction! Warm up those brain cells, cgi skills, and HTML codes...
I can get to any web site 'out there' that 'THEY' haven't blocked specifically.
So...
What would it take to create a web app that would serve me pages under another web address?
For instance, I can't get to www.bzuniverse.com, but I could go to www.mypage.athome.com.
What would it take to host something on my home computer that would take www.bzuniverse.com and hand it to me at work as www.mypage.athome.com? Maybe something that would do so dynamically based on what I ask it for? For example, I ask for www.mypage.athome.com/www.bzuniverse.com and it gives me www.bzuniverse.com as that?
I hope I explained that correctly... basically something that I can have hand off other pages, since there'd be quite a few I'd like to make available for people at work. This would let them surf their favorite sites without being blocked... maybe only for awhile, but from what I hear we're dumping IT completely within 2 years in favor of a 'help desk' in India and HP techs onsite when needed. I just need to hold out that long... hehe...
-Av-
Soooooooo, a web based proxy?
Hundreds of those...
Well, for example you used to be able to go to ASK.COM, search for a page, and it gave it to you in a frame. That was enough to get around however they were filtering out specific web pages at the time.
Doesn't work now.
So, whatever it would be would have to change the whole naming of the various pages and links...
Are there such things as that? If so, name a few?
-Av-
Well, be careful. They could can you for bypassing corporate network security.
Not if it's just a page out in the world... but that IS the main reason I wouldn't do so via VPN to my home machine. As long as I stay out of 'our' network they can't say a thing.
Besides, the only people ever fired that I saw were those grabbed in a drug bust. Every other one, including some who've stolen, have ended up back in service either through Union intervention or legal action. Sure, they end up a part-timer at a small office, but to me that'd be a reward, not a punishment.
*sigh*
-Av-
The thing with proxies is that your proxy requests are still readable by any decent corporate proxy system, so they can still see your request for 'bzuniverse.com'. The trick here is as what we mentioned earlier, SSH. If you can setup a small linux box at home, you can install a proxy on it and than access it via SSH. Since your SSH session is 'encrypted', the corporate proxy will not be able to see the content of your traffic.
SSH and Squid - How to (http://www.bstpierre.org/Articles/SSH+SQUID-HOWTO/SSH+SQUID-HOWTO.html)
It just occurred to me that setting up an SSH proxy requires a spare computer, runing linux. I wonder if tor would work, problem here is that it might not if the people who have developed the corporate network have thought of the idea and developed defenses towards it. -- Its much more difficult for them to do so if you use my solution and set up an SSH to work off of the HTTPS port, but requires you to have a spare linux computer, or for your primary PC to run linux (which mine did up until a couple of months ago, when I upgraded it to be a gaming PC).
Just setup a virtual linux server in VMWare (Server edition is free) then. Nice and easy.
(http://www.overminddl1.com/image_scripts/image_sig.php?type=ODL1signitures&image/sig.gif)
Generated by OvermindDL1's Signature Auto-Add Script (http://overminddl1.com) that OvermindDL1 did manually since Greasemonkey does not work in Firefox 3.1 yet...
You don't have to be accessing/using their network to get canned. All they have to say is that you're bypassing it.
I'm not worried about being fired as long as I don't break any 'real' rules, such as misuse my VPN account to connect directly to my home computer. That could be monitored, or at the very least noticed if traffic spiked considerably. Besides that part of the point of my little exercise is to think outside the box without poking real holes in the box. I'd never do anything that would compromise our network security such as use VPN software that isn't secure. It's interesting to know about, but I'd never actually use it.
So, thinking about the box outsides...
Makes me wonder how I'd mirror certain sites and offer them back up as another site name, preferably with password access before anything is sent out. So, to read the boards I'd hit something like "www.MyOfficeDepot.com\login.jsp" (just an example, basically something that looked harmless and business-y) :) which would ask for a username and password, which when entered would give me a mirror of the boards...
Still, I'm thinking the best thing is still a laptop with wi-fi... :) Or, if you can't think your way outside the box maybe you need a different box... lol...
-Av-
Even so, with everyone running around looking for ways to cut costs, probably not worth it.