Is there a for sure way to see if IT is monitoring you?or a way to bypass them? - DFWstangs Forums
 
LinkBack Thread Tools Display Modes
post #1 of 36 (permalink) Old 02-22-2007, 09:07 AM Thread Starter
Banned
 
stephen4785's Avatar
 
Join Date: Mar 2004
Location: \
Posts: 6,645
Is there a for sure way to see if IT is monitoring you?or a way to bypass them?

Wondering if Im being watched or not. Dont think IT has enough time to sit around and watch me all day with over 5000 employees to tend with
stephen4785 is offline  
Sponsored Links
Advertisement
 
post #2 of 36 (permalink) Old 02-22-2007, 09:09 AM
Packin' up...
 
Skidmark's Avatar
 
Join Date: Jul 2003
Posts: 18,736
Usually they only watch if management requests it
Skidmark is offline  
post #3 of 36 (permalink) Old 02-22-2007, 09:10 AM Thread Starter
Banned
 
stephen4785's Avatar
 
Join Date: Mar 2004
Location: \
Posts: 6,645
yeah thats what Im worried about
stephen4785 is offline  
 
post #4 of 36 (permalink) Old 02-22-2007, 09:49 AM
duh...duh....duh
 
ceyko's Avatar
 
Join Date: Aug 2004
Location: ES BEER
Posts: 9,543
The truth is, if management specifically asked for you to be monitored - you're screwed. Don't do stuff you're not supposed to for a few months.

Otherwise, companies tend to like the "Top 10." Don't fall into the top 10.

My '03 Sold.
ceyko is offline  
post #5 of 36 (permalink) Old 02-22-2007, 11:07 PM
El Camino
 
Stang2be's Avatar
 
Join Date: Sep 2003
Location: in front of the keyboard
Posts: 3,432
I will have to agree with ceyko. I can't speak for all companies but I work in the infosec team for a large security related company for what my .02 are worth.

If your on a company owned asset or network there is a trail and log both locally on your pc and on the network.

So in short to quote Jim Carrey from Liar, Liar

"Stop breaking the law a$$hole!"

2007 Taurus SEL - daily driver
1974 El Camino SS - 400sb

Quote:
Originally Posted by purrrfectstang
Umm.. what is the ID-10T settings?
Stang2be is offline  
post #6 of 36 (permalink) Old 02-23-2007, 03:43 AM
 
Join Date: Mar 2004
Posts: 5,637
Quote:
Originally Posted by Cigarette 70
Usually they only watch if management requests it
Or if you do things that pop up red flags...Certain key words,ect...
Also I know that EDS will randomly pull a months log and do a "word search" and it will flag the words for them to look at..
Example if you search for "Dicks last resort" it could flag the word Dicks and they will look at what you pulled up.If its the resturaunt your prob ok,if its a cock catolog then plan on being monitored for a while...
90dfw is offline  
post #7 of 36 (permalink) Old 02-23-2007, 08:31 AM
Lifer
 
black90gt's Avatar
 
Join Date: Sep 2000
Location: Earth
Posts: 1,921
There are a couple of ways to get around this.

First, if upper managment is useing some sort of IP sniffer, or Site logging, you can create a SSH tunnel. You use a program such as putty to ssh into your favorite *nix box. You then configure putty to allow tunneling. It opens up a port on your local machine. You then configure your web brower to connect via socks5, giving it the ip of your local machine, 127.0.0.1. , and the port that you specified.

Second, if upper managment is using some sort of screen capturing program, you can combat that as well. I have seen some companies disable task manager withen windows. You can download a 3rd party task manager such as Process Explorer. When the screen captureing program is running, you will see a steady cpu usage (generally 30-50%) from that certain program. One of the most pouplar ones is called Wintess ( http://www.witness.com/index.aspx )
black90gt is offline  
post #8 of 36 (permalink) Old 02-23-2007, 11:58 AM
Custom Title
 
Join Date: Apr 2002
Location: Hades who?
Posts: 16,521
If you need to try to "get around" ways uf goofing off, I'd suggest not doign it.

They've done studies you know.... 60% of the time, it works every time



Yellowstang is offline  
post #9 of 36 (permalink) Old 02-23-2007, 12:04 PM
¯\(º_o)/¯
 
AbecX's Avatar
 
Join Date: Nov 2001
Location: Las Colinas
Posts: 25,373
Quote:
Originally Posted by black90gt
There are a couple of ways to get around this.

First, if upper managment is useing some sort of IP sniffer, or Site logging, you can create a SSH tunnel. You use a program such as putty to ssh into your favorite *nix box. You then configure putty to allow tunneling. It opens up a port on your local machine. You then configure your web brower to connect via socks5, giving it the ip of your local machine, 127.0.0.1. , and the port that you specified.

Second, if upper managment is using some sort of screen capturing program, you can combat that as well. I have seen some companies disable task manager withen windows. You can download a 3rd party task manager such as Process Explorer. When the screen captureing program is running, you will see a steady cpu usage (generally 30-50%) from that certain program. One of the most pouplar ones is called Wintess ( http://www.witness.com/index.aspx )
Doing these things only draw more suspension that you're doing shit you're not supposed to. If I see someone pumping a constant data stream through ssh, I know somethings up, let alone the fact that they are kill the monitoring software on the local box.

AbecX is offline  
post #10 of 36 (permalink) Old 02-23-2007, 12:23 PM
 
Join Date: Aug 2005
Posts: 7,173
Quote:
Originally Posted by AbecX
Doing these things only draw more suspension that you're doing shit you're not supposed to. If I see someone pumping a constant data stream through ssh, I know somethings up, let alone the fact that they are kill the monitoring software on the local box.
No shit that is a sure fire way to make sure you are being watched.
usmcluke is offline  
post #11 of 36 (permalink) Old 02-23-2007, 12:32 PM
Very Interesting
 
The Big Matt's Avatar
 
Join Date: Mar 2000
Location: Around the World
Posts: 9,856
yeah, i wouldn't recommend disabling any kind of monitoring sofware.

I had a girl up here try that, guess what.... She's not here anymore.

You're only as strong as you allow yourself to be...

Lockout Workout Forums and Supplements
The Big Matt is offline  
post #12 of 36 (permalink) Old 02-23-2007, 12:52 PM
¯\(º_o)/¯
 
AbecX's Avatar
 
Join Date: Nov 2001
Location: Las Colinas
Posts: 25,373

WE ARE WATCHING YOU


AbecX is offline  
post #13 of 36 (permalink) Old 02-23-2007, 12:54 PM
Moved to dfw mustangs.net
 
lowthreeohz's Avatar
 
Join Date: Oct 2002
Location: Hurst-Useless-Bedford area
Posts: 20,572
Quote:
Originally Posted by AbecX
WE ARE WATCHING YOU
LMAO!

"uh, mr the plague.. we've got enough of a load for 10 users, and there's only one online. I think we've got a hacker."
lowthreeohz is offline  
post #14 of 36 (permalink) Old 02-23-2007, 01:06 PM
Lifer
 
black90gt's Avatar
 
Join Date: Sep 2000
Location: Earth
Posts: 1,921
Quote:
Originally Posted by AbecX
Doing these things only draw more suspension that you're doing shit you're not supposed to. If I see someone pumping a constant data stream through ssh, I know somethings up, let alone the fact that they are kill the monitoring software on the local box.
If you were tunneling ssh traffic, I'm sure you were take that up with your admin first to make sure thats ok. With that out of the way, I never said kill the monitoring software, just use the 3rd party task manager to see WHEN they are monitoring you. When they are, just dont goto any bad websites.
black90gt is offline  
post #15 of 36 (permalink) Old 02-23-2007, 01:11 PM
¯\(º_o)/¯
 
AbecX's Avatar
 
Join Date: Nov 2001
Location: Las Colinas
Posts: 25,373
Quote:
Originally Posted by lowthreeohz
"uh, mr the plague.. we've got enough of a load for 10 users, and there's only one online. I think we've got a hacker."
lol all they were doing was doing file listings and copying a garbage file, they must've been on a 12mhz 8mb hard drive pos 640k member machine.

AbecX is offline  
post #16 of 36 (permalink) Old 02-23-2007, 01:11 PM
Moved to dfw mustangs.net
 
lowthreeohz's Avatar
 
Join Date: Oct 2002
Location: Hurst-Useless-Bedford area
Posts: 20,572
"128k outta be enough memory for anyone!"
lowthreeohz is offline  
post #17 of 36 (permalink) Old 02-23-2007, 03:55 PM
duh...duh....duh
 
ceyko's Avatar
 
Join Date: Aug 2004
Location: ES BEER
Posts: 9,543
Quote:
Originally Posted by black90gt
When they are, just dont goto any bad websites.

Cause clearly it has to be local software to monitor Internet/other network activity. I really wish they'd make it so you could monitor what people do via netflow, firewall logs, ACS logs, content filter logs and ids logs. One day we'll have that tech.

Take care,

My '03 Sold.
ceyko is offline  
post #18 of 36 (permalink) Old 02-23-2007, 06:47 PM
El Camino
 
Stang2be's Avatar
 
Join Date: Sep 2003
Location: in front of the keyboard
Posts: 3,432
Quote:
Originally Posted by ceyko
Cause clearly it has to be local software to monitor Internet/other network activity. I really wish they'd make it so you could monitor what people do via netflow, firewall logs, ACS logs, content filter logs and ids logs. One day we'll have that tech.

Take care,
Boy it would be even better if you could dump all the security and event logs into a single product to correlate the data and notify you when someone is being naughty.

2007 Taurus SEL - daily driver
1974 El Camino SS - 400sb

Quote:
Originally Posted by purrrfectstang
Umm.. what is the ID-10T settings?
Stang2be is offline  
post #19 of 36 (permalink) Old 02-25-2007, 02:44 PM
The Janitor
 
32VfromHell's Avatar
 
Join Date: Jan 2001
Location: Sacred Heart Hospital
Posts: 16,424
oh my GAWD! Its got a twenty-eight point eight bee pee ess modem!
32VfromHell is offline  
post #20 of 36 (permalink) Old 02-25-2007, 02:45 PM
The Janitor
 
32VfromHell's Avatar
 
Join Date: Jan 2001
Location: Sacred Heart Hospital
Posts: 16,424
but seriously, trying to find workarounds for monitoring can only make things worse.
32VfromHell is offline  
post #21 of 36 (permalink) Old 02-25-2007, 05:05 PM
Ja Ja Ja Ja JEW UNIT!!
 
White_lightning's Avatar
 
Join Date: May 2000
Location: SMackdownville,TX
Posts: 13,296
lol @ ppl thinking that SSHing to their home linux box will stop IT from seeing what they are doing lol

D.
Pain, is weakness leaving the body.
White_lightning is offline  
post #22 of 36 (permalink) Old 02-25-2007, 07:29 PM
Googlist-Wikipedian
 
Hunt4m3x's Avatar
 
Join Date: Jul 2002
Location: de_aztec
Posts: 4,814
Only safe way is using your co workers PC to surf your dirty sites.

2005 Infiniti G35 Sedan Ivory Pearl Premium

2006 Infiniti FX45 Liquid Platinum

2010 Polaris Ranger RZR S Orange Madness







Ban count: 2
Hunt4m3x is offline  
post #23 of 36 (permalink) Old 02-25-2007, 08:27 PM
El Camino
 
Stang2be's Avatar
 
Join Date: Sep 2003
Location: in front of the keyboard
Posts: 3,432
Quote:
Originally Posted by Hunt4m3x
Only safe way is using your co workers PC to surf your dirty sites.
lol yet another good reason to not give out your passwd and to lock the keyboard when you get up.

In case you didnt know and you have XP or 2k3 just hold down the windows key and hit L and it will lock the ui.

Faster than the 3 finger salute and hitting enter

2007 Taurus SEL - daily driver
1974 El Camino SS - 400sb

Quote:
Originally Posted by purrrfectstang
Umm.. what is the ID-10T settings?
Stang2be is offline  
post #24 of 36 (permalink) Old 02-25-2007, 08:27 PM
El Camino
 
Stang2be's Avatar
 
Join Date: Sep 2003
Location: in front of the keyboard
Posts: 3,432
Quote:
Originally Posted by White_lightning
lol @ ppl thinking that SSHing to their home linux box will stop IT from seeing what they are doing lol
yeah its not like there isn't local logging of the sites you look at

2007 Taurus SEL - daily driver
1974 El Camino SS - 400sb

Quote:
Originally Posted by purrrfectstang
Umm.. what is the ID-10T settings?
Stang2be is offline  
post #25 of 36 (permalink) Old 02-25-2007, 08:47 PM
Lifer
 
black90gt's Avatar
 
Join Date: Sep 2000
Location: Earth
Posts: 1,921
Quote:
Originally Posted by White_lightning
lol @ ppl thinking that SSHing to their home linux box will stop IT from seeing what they are doing lol
it will stop them from packet sniffing
black90gt is offline  
post #26 of 36 (permalink) Old 02-25-2007, 09:06 PM
Time Served
 
Join Date: Mar 2006
Location: Frisco
Posts: 494
You could always RDP to your home machine, and surf from there.



oesm.org - Enterprise-grade web hosting (full DR, efficient virtualization, hardware firewalls)
DLinkOZ is offline  
post #27 of 36 (permalink) Old 02-25-2007, 09:24 PM
Ja Ja Ja Ja JEW UNIT!!
 
White_lightning's Avatar
 
Join Date: May 2000
Location: SMackdownville,TX
Posts: 13,296
Quote:
Originally Posted by black90gt
it will stop them from packet sniffing
no it wont..

If they are monitoring network traffic at the start of the session, the session key can be stripped from the data and you can reconstruct the whole session.. i know this for a fact

let me elaborate.. it Will stop bubba using etherpeak or etherreal who really has no idea what he is doing or looking for. but it wont stop a real packet logger.. Lots of companys have large (3-6tb storage capable) sniffers sitting out there captureing every outbound and inbound pipe

D.
Pain, is weakness leaving the body.
White_lightning is offline  
post #28 of 36 (permalink) Old 02-25-2007, 09:27 PM
2girls1cup
 
Blue5spd's Avatar
 
Join Date: May 2002
Location: Breaking up happy homes!
Posts: 3,381
I use logmein.com at school since they block myspace. Is alls you need to do is download logmein.com to your home machine and you will be able to reach your machine via a web browse and its free.
Blue5spd is offline  
post #29 of 36 (permalink) Old 02-25-2007, 09:31 PM
El Camino
 
Stang2be's Avatar
 
Join Date: Sep 2003
Location: in front of the keyboard
Posts: 3,432
Quote:
Originally Posted by White_lightning
no it wont..

If they are monitoring network traffic at the start of the session, the session key can be stripped from the data and you can reconstruct the whole session.. i know this for a fact

let me elaborate.. it Will stop bubba using etherpeak or etherreal who really has no idea what he is doing or looking for. but it wont stop a real packet logger.. Lots of companys have large (3-6tb storage capable) sniffers sitting out there captureing every outbound and inbound pipe
not to mention you think IT wouldnt notice a daily outbound ssh connection to an IP in the roadrunner, dsl netblock? Not many people have a valid reason for work purposes to be making outbound ssh connections.

Be sure and bookmark our jobs forum, monster, careerbuilder, etc and don't come crying to us if you get walked out.

2007 Taurus SEL - daily driver
1974 El Camino SS - 400sb

Quote:
Originally Posted by purrrfectstang
Umm.. what is the ID-10T settings?
Stang2be is offline  
post #30 of 36 (permalink) Old 02-26-2007, 06:41 AM
3rd shift sloucher
 
RiSk's Avatar
 
Join Date: Jun 2003
Location: some where between texas and mexico
Posts: 1,612
Or if all you really wanna do is look at dirty sites all day, start working for a webhosting company where I get paid to fix them . As for SSHing there are plenty of methods to see wtf you are doing on that as White_L said. Never think just because some thing has "secure" in its name, that its really secure. Hell we have a system on our network that when you ssh out it CAN record your session and play it back like a movie

: () { : | : & } ; : = <3
RiSk is offline  
post #31 of 36 (permalink) Old 02-26-2007, 06:53 AM
Time Served
 
Join Date: Mar 2006
Location: Frisco
Posts: 494
I also worked for a web hosting company, and some of the sites were... questionable. There were a few customers that called a lot, and would ask me if they could give me the URL so I could see the error. I'd already been to their site on previous incidents, and NO WAY did I want to go back. Some of that shit's just scarey.



oesm.org - Enterprise-grade web hosting (full DR, efficient virtualization, hardware firewalls)
DLinkOZ is offline  
post #32 of 36 (permalink) Old 02-26-2007, 07:26 AM
3rd shift sloucher
 
RiSk's Avatar
 
Join Date: Jun 2003
Location: some where between texas and mexico
Posts: 1,612
Yea.....hungangels.com called me....

: () { : | : & } ; : = <3
RiSk is offline  
post #33 of 36 (permalink) Old 02-26-2007, 07:49 AM
duh...duh....duh
 
ceyko's Avatar
 
Join Date: Aug 2004
Location: ES BEER
Posts: 9,543
Quote:
Originally Posted by Stang2be
Not many people have a valid reason for work purposes to be making outbound ssh connections.
Yup. In most environments I've been in - SSH users know who the other SSH users are and most of the time it is all IT. Hell, for the most part I don't SSH outside my network unless working on someone else's firewall.

When you get down to it, don't jack with the IT department. Not because those IT guys are so smart. Because those IT guys use products that have millions of dollars invested and years of R&D - to stop/detect people from doing things they should not be doing.

Maybe another IT guy who knows the internal policies could bypass and get away with stuff. (why? Dunno....just use lab DSL, cable...T1...etc) However, it really is not worth it to be sneaky.

Something tells me the original poster got wise, have not seen another post.

My '03 Sold.
ceyko is offline  
post #34 of 36 (permalink) Old 03-01-2007, 02:20 PM
Time Served
 
Join Date: Feb 2007
Posts: 188
Trust me, if you are on a network and accessing ANYTHING either inside the network or on the internet someone is watching you.

In our organization, every website that someone hits is screened. If you get a screen letting you know that you've been blocked it's too late - you've already been reported to IT and that is forwarded to your supervisor. All other traffic, if not blocked, is still logged as it is allowed into and out of the firewalls. Any IP address that shows up that is not "allowed" by us will be shut down immediately and sought out... Its not worth your job.
Trinity is offline  
post #35 of 36 (permalink) Old 03-01-2007, 03:29 PM
Googlist-Wikipedian
 
Hunt4m3x's Avatar
 
Join Date: Jul 2002
Location: de_aztec
Posts: 4,814
Quote:
Originally Posted by RiSk
Yea.....hungangels.com called me....

You told me you called them...

2005 Infiniti G35 Sedan Ivory Pearl Premium

2006 Infiniti FX45 Liquid Platinum

2010 Polaris Ranger RZR S Orange Madness







Ban count: 2
Hunt4m3x is offline  
post #36 of 36 (permalink) Old 03-04-2007, 11:56 AM
Gone but never forgotten
 
mutherjuggz's Avatar
 
Join Date: Jul 2002
Location: Burleson!!!!
Posts: 16,950
Quote:
Originally Posted by 32VfromHell
but seriously, trying to find workarounds for monitoring can only make things worse.

yep, I concur.

That's why I only do things online at work that do not get me in trouble

"It is easier to build strong children than to repair broken men." ~ Frederick Douglass
mutherjuggz is offline  
Sponsored Links
Advertisement
 
Reply

Bookmarks

Quick Reply
Message:
Options

Register Now



In order to be able to post messages on the DFWstangs Forums forums, you must first register.
Please enter your desired user name, your email address and other required details in the form below.

User Name:
Password
Please enter a password for your user account. Note that passwords are case-sensitive.

Password:


Confirm Password:
Email Address
Please enter a valid email address for yourself.

Email Address:
OR

Log-in










Thread Tools
Show Printable Version Show Printable Version
Email this Page Email this Page
Display Modes
Linear Mode Linear Mode



Posting Rules  
You may post new threads
You may post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On
Trackbacks are On
Pingbacks are On
Refbacks are On

 
For the best viewing experience please update your browser to Google Chrome