Wondering if Im being watched or not. Dont think IT has enough time to sit around and watch me all day with over 5000 employees to tend with

Usually they only watch if management requests it

yeah thats what Im worried about

The truth is, if management specifically asked for you to be monitored - you're screwed. Don't do stuff you're not supposed to for a few months.

Otherwise, companies tend to like the "Top 10." Don't fall into the top 10.

I will have to agree with ceyko. I can't speak for all companies but I work in the infosec team for a large security related company for what my .02 are worth.

If your on a company owned asset or network there is a trail and log both locally on your pc and on the network.

So in short to quote Jim Carrey from Liar, Liar

"Stop breaking the law a$$hole!" :D

Usually they only watch if management requests it
Or if you do things that pop up red flags...Certain key words,ect...
Also I know that EDS will randomly pull a months log and do a "word search" and it will flag the words for them to look at..
Example if you search for "Dicks last resort" it could flag the word Dicks and they will look at what you pulled up.If its the resturaunt your prob ok,if its a cock catolog then plan on being monitored for a while...

There are a couple of ways to get around this.

First, if upper managment is useing some sort of IP sniffer, or Site logging, you can create a SSH tunnel. You use a program such as putty to ssh into your favorite *nix box. You then configure putty to allow tunneling. It opens up a port on your local machine. You then configure your web brower to connect via socks5, giving it the ip of your local machine, 127.0.0.1. , and the port that you specified.

Second, if upper managment is using some sort of screen capturing program, you can combat that as well. I have seen some companies disable task manager withen windows. You can download a 3rd party task manager such as Process Explorer. When the screen captureing program is running, you will see a steady cpu usage (generally 30-50%) from that certain program. One of the most pouplar ones is called Wintess ( http://www.witness.com/index.aspx )

If you need to try to "get around" ways uf goofing off, I'd suggest not doign it.

There are a couple of ways to get around this.

First, if upper managment is useing some sort of IP sniffer, or Site logging, you can create a SSH tunnel. You use a program such as putty to ssh into your favorite *nix box. You then configure putty to allow tunneling. It opens up a port on your local machine. You then configure your web brower to connect via socks5, giving it the ip of your local machine, 127.0.0.1. , and the port that you specified.

Second, if upper managment is using some sort of screen capturing program, you can combat that as well. I have seen some companies disable task manager withen windows. You can download a 3rd party task manager such as Process Explorer. When the screen captureing program is running, you will see a steady cpu usage (generally 30-50%) from that certain program. One of the most pouplar ones is called Wintess ( http://www.witness.com/index.aspx )
Doing these things only draw more suspension that you're doing shit you're not supposed to. If I see someone pumping a constant data stream through ssh, I know somethings up, let alone the fact that they are kill the monitoring software on the local box.

Doing these things only draw more suspension that you're doing shit you're not supposed to. If I see someone pumping a constant data stream through ssh, I know somethings up, let alone the fact that they are kill the monitoring software on the local box.
No shit that is a sure fire way to make sure you are being watched.

yeah, i wouldn't recommend disabling any kind of monitoring sofware.

I had a girl up here try that, guess what.... She's not here anymore.

<p align=center><font size=10 color=red><BLINK> WE ARE WATCHING YOU</BLINK> </font>
http://www.pennandteller.com/sincity/penniphile/hackers.jpg

<BLINK>WE ARE WATCHING YOU</BLINK>

http://www.pennandteller.com/sincity/penniphile/hackers.jpg

LMAO!

"uh, mr the plague.. we've got enough of a load for 10 users, and there's only one online. I think we've got a hacker."

Doing these things only draw more suspension that you're doing shit you're not supposed to. If I see someone pumping a constant data stream through ssh, I know somethings up, let alone the fact that they are kill the monitoring software on the local box.

If you were tunneling ssh traffic, I'm sure you were take that up with your admin first to make sure thats ok. With that out of the way, I never said kill the monitoring software, just use the 3rd party task manager to see WHEN they are monitoring you. When they are, just dont goto any bad websites.

"uh, mr the plague.. we've got enough of a load for 10 users, and there's only one online. I think we've got a hacker."
lol all they were doing was doing file listings and copying a garbage file, they must've been on a 12mhz 8mb hard drive pos 640k member machine.

"128k outta be enough memory for anyone!"

When they are, just dont goto any bad websites.


Cause clearly it has to be local software to monitor Internet/other network activity. I really wish they'd make it so you could monitor what people do via netflow, firewall logs, ACS logs, content filter logs and ids logs. One day we'll have that tech.

Take care,

Cause clearly it has to be local software to monitor Internet/other network activity. I really wish they'd make it so you could monitor what people do via netflow, firewall logs, ACS logs, content filter logs and ids logs. One day we'll have that tech.

Take care,

Boy it would be even better if you could dump all the security and event logs into a single product (http://www.arcsight.com/) to correlate the data and notify you when someone is being naughty.

oh my GAWD! Its got a twenty-eight point eight bee pee ess modem!

but seriously, trying to find workarounds for monitoring can only make things worse.

lol @ ppl thinking that SSHing to their home linux box will stop IT from seeing what they are doing:) lol

Only safe way is using your co workers PC to surf your dirty sites.

Only safe way is using your co workers PC to surf your dirty sites.

lol yet another good reason to not give out your passwd and to lock the keyboard when you get up.

In case you didnt know and you have XP or 2k3 just hold down the windows key and hit L and it will lock the ui.

Faster than the 3 finger salute and hitting enter

lol @ ppl thinking that SSHing to their home linux box will stop IT from seeing what they are doing:) lol

yeah its not like there isn't local logging of the sites you look at

lol @ ppl thinking that SSHing to their home linux box will stop IT from seeing what they are doing:) lol

it will stop them from packet sniffing

You could always RDP to your home machine, and surf from there.

it will stop them from packet sniffing
no it wont..

If they are monitoring network traffic at the start of the session, the session key can be stripped from the data and you can reconstruct the whole session.. i know this for a fact:)

let me elaborate.. it Will stop bubba using etherpeak or etherreal who really has no idea what he is doing or looking for. but it wont stop a real packet logger.. Lots of companys have large (3-6tb storage capable) sniffers sitting out there captureing every outbound and inbound pipe

I use logmein.com at school since they block myspace. Is alls you need to do is download logmein.com to your home machine and you will be able to reach your machine via a web browse and its free.

no it wont..

If they are monitoring network traffic at the start of the session, the session key can be stripped from the data and you can reconstruct the whole session.. i know this for a fact:)

let me elaborate.. it Will stop bubba using etherpeak or etherreal who really has no idea what he is doing or looking for. but it wont stop a real packet logger.. Lots of companys have large (3-6tb storage capable) sniffers sitting out there captureing every outbound and inbound pipe

not to mention you think IT wouldnt notice a daily outbound ssh connection to an IP in the roadrunner, dsl netblock? Not many people have a valid reason for work purposes to be making outbound ssh connections.

Be sure and bookmark our jobs forum, monster, careerbuilder, etc and don't come crying to us if you get walked out.

Or if all you really wanna do is look at dirty sites all day, start working for a webhosting company where I get paid to fix them :) . As for SSHing there are plenty of methods to see wtf you are doing on that as White_L said. Never think just because some thing has "secure" in its name, that its really secure. Hell we have a system on our network that when you ssh out it CAN record your session and play it back like a movie :p

I also worked for a web hosting company, and some of the sites were... questionable. There were a few customers that called a lot, and would ask me if they could give me the URL so I could see the error. I'd already been to their site on previous incidents, and NO WAY did I want to go back. Some of that shit's just scarey.

Yea.....hungangels.com called me.... :(

Not many people have a valid reason for work purposes to be making outbound ssh connections.

Yup. In most environments I've been in - SSH users know who the other SSH users are and most of the time it is all IT. Hell, for the most part I don't SSH outside my network unless working on someone else's firewall.

When you get down to it, don't jack with the IT department. Not because those IT guys are so smart. Because those IT guys use products that have millions of dollars invested and years of R&D - to stop/detect people from doing things they should not be doing.

Maybe another IT guy who knows the internal policies could bypass and get away with stuff. (why? Dunno....just use lab DSL, cable...T1...etc) However, it really is not worth it to be sneaky.

Something tells me the original poster got wise, have not seen another post. :)

Trust me, if you are on a network and accessing ANYTHING either inside the network or on the internet someone is watching you.

In our organization, every website that someone hits is screened. If you get a screen letting you know that you've been blocked it's too late - you've already been reported to IT and that is forwarded to your supervisor. All other traffic, if not blocked, is still logged as it is allowed into and out of the firewalls. Any IP address that shows up that is not "allowed" by us will be shut down immediately and sought out... Its not worth your job.

Yea.....hungangels.com called me.... :(


You told me you called them...

but seriously, trying to find workarounds for monitoring can only make things worse.


yep, I concur.

That's why I only do things online at work that do not get me in trouble :D