Re: bypassing employer's proxy to surf anonymously
- From: "" <gimeshell@xxxxxx>
- Date: Thu, 15 Jun 2006 02:05:51 +0200
On Tue, 13 Jun 2006 13:46:56 -0400
"Levenglick, Jeff" <JLevenglick@xxxxxxxxxxx> wrote:
1) Is there any other way for you to send your data or must you go
through a proxy? (ie: firewall blocking all traffic except
The proxy box)
If you can send your data, then just avoid the proxy. If not, then the
only thing you could do is try to spoof the ip/mac of the
Proxy and send your data. (unless you know what your doing then this
is not an option for you :) )
Firewall/packetfilter (running on proxy server) is blocking all traffic
except proxy. Am i right when saying to make spoofing IP/MAC of the
proxy work there must be a another seperate firewall before WAN i can
work directly with spoofed IP/MAC?
If not, why should i spoof IP/MAC?
2) What is nasty traffic? Are you not allowed ssh? Ssh is encrypted,
so they can't view your data.
3) hide data? (Karyn) There really is no such thing. Yes, you can
change ports, but that would just set off more
Alerts. On top of that, he is going to another box so he must use the
port that the host is listening on.
You can mess around with the payload, but ssh is an encrypted prot, so
your going to end up with more problems then it
Is worth. If you think about it: If he is on a company network and I'm
an admin who wants to find out who is
Sending the traffic, I can track you down to your port. (ie: you
change your ip or mac address to hide yourself)
This depends on skills of network admin. An admin who doesn't care about
packet sniffing and other deeper techniques but does only look at his
protocols -which structure and content is known- doesn't care about
more or less hidden ssh traffic reported in proxy's logs as 'connection
to xxx.xxx.xxx.xxx (HTTPS) 5 calls/10 MB'.
regards,
gimeshell
------------------------------------------------------------------------------
This List Sponsored by: Cenzic
Concerned about Web Application Security?
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's
Choice Award from eWeek. As attacks through web applications continue to rise,
you need to proactively protect your applications from hackers. Cenzic has the
most comprehensive solutions to meet your application security penetration
testing and vulnerability management needs. You have an option to go with a
managed service (Cenzic ClickToSecure) or an enterprise software
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can
help you: http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for you to confirm your
results from other product. Contact us at request@xxxxxxxxxx for details.
------------------------------------------------------------------------------
- Follow-Ups:
- Re: bypassing employer's proxy to surf anonymously
- From: Syv Ritch
- Re: bypassing employer's proxy to surf anonymously
- References:
- RE: bypassing employer's proxy to surf anonymously
- From: Levenglick, Jeff
- RE: bypassing employer's proxy to surf anonymously
- Prev by Date: RE: firewall auditing/testing
- Next by Date: Re: Publishing Findings on Commercial Applications
- Previous by thread: RE: bypassing employer's proxy to surf anonymously
- Next by thread: Re: bypassing employer's proxy to surf anonymously
- Index(es):
Relevant Pages
|
