Re: bypassing employer's proxy to surf anonymously

From: Karyn Pichnarczyk (karyn@sandstorm.net)
Date: Tue Jun 13 2006 - 12:49:22 EDT

• Next message: Dominique Karg: "Re: OSSIM Fedback"
• Previous message: Mark Lists: "RE: OSSIM Fedback"
• In reply to: gimeshell@web.de: "bypassing employer's proxy to surf anonymously"
• Next in thread: gimeshell@web.de: "Re: bypassing employer's proxy to surf anonymously"
• Reply: gimeshell@web.de: "Re: bypassing employer's proxy to surf anonymously"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Gimeshell,

If a network is being used to transfer traffic, and something is physically
monitoring all traffic (regardless of source/destination port, regardless of
protocol, etc) then there's no way to prevent them from monitoring your
traffic over that network. You're talking about bypassing something in a
lower network layer (physical) with something in a higher network layer (i.e.
Data or Network). It's not going to happen.

Now hiding data in unsuspicious packets....depends on your definition of
"unsuspicious" and the level of detail of the network admins are who are
monitoring the traffic. If the net admins are using a network forensics
analysis product you have to get fairly creative to hide your data.

karyn

gimeshell@web.de wrote:

> Question:
>
> Is there a solution to prevent proxy traffic monitor (and therewith
> big brother) to see SSH traffic to dynamic ip? So that there isn't any
> suspicious line in proxy traffic monitor's output? The best: Proxy
> doesn't get notice of nasty traffic at all.
>
> Perhaps there is some technique to hide data in unsuspicious packets?
>
> regards,
> gimeshell

-- 
Karyn Pichnarczyk
Sandstorm Enterprises, Inc.
______________________________________________________________
Be advised that all electronic communication with Sandstorm
Enterprises(R) is subject to monitoring by NetIntercept(R), our
full-content network forensics analysis tool. More information
about NetIntercept can be found at www.sandstorm.net. Please
direct any questions to privacy@sandstorm.net.
______________________________________________________________
------------------------------------------------------------------------------
This List Sponsored by: Cenzic
Concerned about Web Application Security? 
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's 
Choice Award from eWeek. As attacks through web applications continue to rise, 
you need to proactively protect your applications from hackers. Cenzic has the 
most comprehensive solutions to meet your application security penetration 
testing and vulnerability management needs. You have an option to go with a 
managed service (Cenzic ClickToSecure) or an enterprise software 
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can 
help you: http://www.cenzic.com/news_events/wpappsec.php 
And, now for a limited time we can do a FREE audit for you to confirm your 
results from other product. Contact us at request@cenzic.com for details.
------------------------------------------------------------------------------

• Next message: Dominique Karg: "Re: OSSIM Fedback"
• Previous message: Mark Lists: "RE: OSSIM Fedback"
• In reply to: gimeshell@web.de: "bypassing employer's proxy to surf anonymously"
• Next in thread: gimeshell@web.de: "Re: bypassing employer's proxy to surf anonymously"
• Reply: gimeshell@web.de: "Re: bypassing employer's proxy to surf anonymously"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:56:05 EDT