|
|
 
|
|
Author
|
Topic: Can somebody tell me about "Blacklisting"?
|
Randy Stankey
Film God
Posts: 6539
From: Erie, Pennsylvania
Registered: Jun 99
|
posted 12-01-2003 11:09 PM
Soemthing that's been bothering me for a while:
I think I'm getting some of my network traffic (at work) blocked or blacklisted, or what ever you call it. I'm writing this from home, so I'm not worried about Big Brother here... At least, no more than usual.
I know the network admins where I work aggressively monitor the content of the net traffic that comes and goes. For the most part, I would say that this is a good thing. There are too many file swappers, virus propogators and general bad guys out there to NOT have some kind of protection. However, I think it's going too far.
For a long time I have had NO trouble doing anything I wanted on the college's netowrk. About 6 months ago, the college started a policy of "No fileswapping". (ie: MP3/music) They also cracked down on "Undesireable Content" such as chatting and porno stuff. I also know that they have turned up the heat on virus blocking.
It seems to me that the network server is somehow automatically blacklisting IPs that it thinks are violating the rules. One day, I'll be doing things as normal. Then I send or receive some file like an MP3 and suddenly it seems like my network connection just "shuts itself off".
Now, unbeknownst to the network admins, I have a Linksys router/hub in my office instead of the "straight" connection that everybody else does. I have it set up as a firewall so that no computers behind that router are visible to the outside world. If I go into the routers config panel and change its IP address everything starts working again. Shortly after somebody downloads "forbidden content" through the connection in my office it all stops working.
Here's where it gets scarry. Just about a week ago, one of the chiefs from the computer department came to my office, in person, and said, "There's somebody in this zone whose computer isn't connecting to the network via DHCP." Of course, my COMPUTER is set for DHCP. It's the ROUTER that is set for manual IP... because if it isn't I can't get through.
Another piece of information for you: I was recently accused of hacking on the college network. I was connecting to another computer in another office to transfer some files (for legitimate reasons) when I found an unusual entry in the list. I investigated and discovered that it was a computer on another part of the campus that contained sensitive information that shouldn't be shared on the network. What I SHOULD have done is call the owner of that computer and tell him what I found, IN PERSON. What I did, was tell another person in his department, "I discovered a computer in your department that's sharing its hard drive and it would be VERY EASY for somebody to hack into it." By the time the message got to the right person, the message had morphed from, "Randy wants to warn you of a potential problem.", into, "Randy hacked into your computer."
Technically, yes, it was hacking but that was not the intent. It took me a while to convince people of that. But, ever since then it seems like Big Brother is watching even closer than ever.
I know about networking between individual computers and I'd say that I am proficient at setting up small networks of, say 5-10 computers but when it comes to "big" networks, etc., I'm in the dark.
I'm more than a little peeved off that somebody is filtering my netowrk traffic and not telling me what is going on. If they have a question about something they think I'm doing I wish they'd tell me about it instead of blocking and blacklisting things!
I'm not asking how to circumvent the system but more like, "What's going on here?" and "Am I thinking reasonably?" or "Am I just imagining things?"
| IP: Logged
|
|
Leo Enticknap
Film God
Posts: 7474
From: Loma Linda, CA
Registered: Jul 2000
|
posted 12-02-2003 01:55 AM
I'm sure that a certain amount of monitoring goes on in any large organisation with its own network provision. To a certain extent they have to - for example, if it were later established that an employee was using his employer's equipment to download paedo pics, the employer could possibly be sued by the victims for facilitating it. I'm sure it is sometimes done for political reasons, too, but if so and to what extent is likely to vary according to the organistion. Here, the Data Protection Act would prevent an organisation from actually using any information discovered by such covert means (except to detect or prevent a crime), but proving that this was how they got the information is, of course, another thing altogether.
Sometimes the reason is simply that some relatively junior IT technician gets a kick out reading other people's mail or monitoring their web use, in the belief that knowing the admin password makes them in some way big and powerful. In most cases these people are just too pathetic to worry about.
That having been said, I've found through experience that if you want to send an email which you can be certain won't be read by yours or the recipient's employer, send it from a private address registered with an ISP in your name as a private individual, to an equally private address at the recipient's end. The main reason I sometimes do this is when my opinion on something is or might not be the same as my employer's and want to be absolutely sure that no-one could interpret the message as representing the institution's policy. In such messages I also put my home postal address in the signature file.
In a company I once worked for it was very well known that the head office person responsible for IT routinely intercepted e-mails. This became an in joke to the extent that we would start our messages 'Dear X (and <insert name here> if you're reading),' or words to that effect. The end result was that within a few months, everyone was e-mailing each other through Hotmail accounts (the company had a lot of small sites, most of which had dial-up connections only to a separate ISP from the POP3 email provider, so this person couldn't monitor web use) and the company's email accounts were virtually abandoned.
| IP: Logged
|
|
Daryl C. W. O'Shea
Film God
Posts: 3977
From: Midland Ontario Canada (where Panavision & IMAX lenses come from)
Registered: Jun 2002
|
posted 12-02-2003 05:29 AM
The fun you can have with your clients while using (Cisco) managed network equipment. Everything you've said is easily accomplished Randy.
Have some fun with them, with a proxy server setup somewhere on a highspeed connection and a VPN router connected at the proxy server, tunnel outta the college without them being able to snoop -- at least until they block your ability to use VPN.
quote:
Of course, my COMPUTER is set for DHCP. It's the ROUTER that is set for manual IP... because if it isn't I can't get through.
Setting your router to use dynamic IP assignment on the WAN side could prevent this. To get around the blocks, compile a list of MAC addresses you can safely use (your home computer's, your desktop at work, the existing router MAC, etc), then whenever you get blocked, change the router's MAC address so that it gets a new IP dynamically. You'll probably have to disconnect the router from the network, or at least disconnect its power for a bit when you do this.
Then again, you could just stop violating the rules. ![[Smile]](smile.gif)
| IP: Logged
|
|
Randy Stankey
Film God
Posts: 6539
From: Erie, Pennsylvania
Registered: Jun 99
|
posted 12-02-2003 09:41 AM
quote:
Daryl C. W. O'Shea:
The fun you can have with your clients while using (Cisco) managed network equipment.
Yes, the equipment is Cisco. This I have been told.
We also have a few hot shots who think their shit doesn't stink who operate the stuff. You know... The typical kinds of people you get when you have grad. students and other academic types running the show. They do things, not necessarily because it's a good idea, but because they CAN.
90% of the time I agree with what they do. It's the other 10% where the things they do get in the way of what I want to do.
To be honest, yes, I do things that are outside of the realm of business necessity. On the other hand, every dorm room and student apartment has a network connection. So, by this very token, the network will be used for recreational purposes. I agree that fileswapping and other things will slow the network down to a crawl if limits aren't enforced.
The flipside of this is that, because I work in a Performing Arts Center, I have to sometimes deal with files like MP3s as part of my work. (Advertising material, etc.)
For the time being, my solution is to put any files that I suspect may set off alarm bells into archives then send them that way. It doesn't appear that the network equipment even tries to look inside ZIP/SIT files. If they start doing that (if they can) I can always start processing them through BLOWFISH, DES, PGP or some other encryption. I KNOW there's not enough computer power on this ENTIRE CAMPUS to crack that!
As to whether I break the rules too much... Myabe I do, every once in a while. However, I'm not the only one who uses the net through this office. During big productions my office is also used by the visiting production manager. Students also have access. The last time my connection got shut off was when the visiting production company had six other computers hooked to the network. (3 off via hard wire & 3 via Wi-Fi.) Thus, one reason why I installed the router in the first place.
My personal policy has been, "Do whatever you want within reason but if you do something that brings the heat down on me, I'm going to come after YOU and I'm going to hang you up by the testicles!" I think I'm going to have to change that policy and set my router to recognize only computers with certain MAC addresses. If somebody else wants to use a computer on a part of the network in "my neck of the woods" they'll have to give me the MAC of their machine so that I can authorize it.
I HATE having to do shit like that! This isn't the way things ought to be, AFAIC. It looks like I'm going to HAVE to do it for my own protection. Next time I get the opportunity I'll look into my router's settings and see if I can take some of your advice, Daryl.
| IP: Logged
|
|
|
|
|
|
All times are Central (GMT -6:00)
|
|
Powered by Infopop Corporation
UBB.classicTM
6.3.1.2
The Film-Tech Forums are designed for various members related to the cinema industry to express their opinions, viewpoints and testimonials on various products, services and events based upon speculation, personal knowledge and factual information through use, therefore all views represented here allow no liability upon the publishers of this web site and the owners of said views assume no liability for any ill will resulting from these postings. The posts made here are for educational as well as entertainment purposes and as such anyone viewing this portion of the website must accept these views as statements of the author of that opinion
and agrees to release the authors from any and all liability.
|
Home
Printer-friendly view of this topic