Welcome to the MacNN Forums.

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

You are here: MacNN Forums > Community > MacNN Lounge > How to get past employer blocking all but white-listed URLs?

How to get past employer blocking all but white-listed URLs?
Thread Tools
Love Calm Quiet
Mac Elite
Join Date: Mar 2001
Location: CO
Status: Offline
Reply With Quote
Apr 3, 2009, 12:40 PM
 
So my wife works at a branch office of her company and they've got tired of slackers who spend all day updating FaceBook and surfing eBay. Apparently they limit web access to just a select few URLs. [ And apparently done from home office, source of their VPN, etc. ] So now she has no way to check Mac mail during day.

I've googled using terms like UNBLOCK proxy CENSORSHIP... and results (for free options) are *poor* - and almost all discussion dates back to 2007 or earlier
[ and I've searched in forums here ]

Does this mean the censors have won? that there's no easy way to circumvent things at her office?

Is she likely to be able to doing anything better by directly plugging a Mac/PC laptop directly into their ethernetwork?

Up-to-date info on this would be *much* appreciated!
TOMBSTONE: "He's trashed his last preferences"
     
turtle777
Clinically Insane
Join Date: Jun 2001
Location: planning a comeback !
Status: Offline
Reply With Quote
Apr 3, 2009, 12:48 PM
 
If the whitelisting takes place centrally on a company server, I don't think there's much you can do.
Even plugging in a different computer directly into the ethernet jack wouldn't work.

Whitelisting will also prevent that you find any accidentally left open proxy pages or services.

I think you should just get your wife an iPhone

-t
     
Love Calm Quiet  (op)
Mac Elite
Join Date: Mar 2001
Location: CO
Status: Offline
Reply With Quote
Apr 3, 2009, 12:50 PM
 
Originally Posted by turtle777 View Post
...
I think you should just get your wife an iPhone
-t
Guess I better not show her this thread
TOMBSTONE: "He's trashed his last preferences"
     
Doofy
Clinically Insane
Join Date: Jul 2005
Location: Vacation.
Status: Offline
Reply With Quote
Apr 3, 2009, 12:50 PM
 
Originally Posted by turtle777 View Post
I think you should just get your wife an iPhone
Or tell her to stop slacking at work.
Been inclined to wander... off the beaten track.
That's where there's thunder... and the wind shouts back.
     
WhaMe
Forum Regular
Join Date: Sep 2000
Status: Offline
Reply With Quote
Apr 3, 2009, 12:57 PM
 
What are the consequences if/when your wife is caught checking personal e-mail on company time/equipment? I know that my company has strict policies against circumventing network security.

Is her personal e-mail that important that it is worth the risk?
     
turtle777
Clinically Insane
Join Date: Jun 2001
Location: planning a comeback !
Status: Offline
Reply With Quote
Apr 3, 2009, 12:58 PM
 
Originally Posted by Doofy View Post
Or tell her to stop slacking at work.
Wow, Doof, I'd expected something along the lines of "move to a non-communist county" from you

-t
     
nonhuman
Posting Junkie
Join Date: Jun 2001
Location: Baltimore, MD
Status: Offline
Reply With Quote
Apr 3, 2009, 01:03 PM
 
Get a new job.
     
Love Calm Quiet  (op)
Mac Elite
Join Date: Mar 2001
Location: CO
Status: Offline
Reply With Quote
Apr 3, 2009, 01:04 PM
 
Originally Posted by WhaMe View Post
What are the consequences if/when your wife is caught checking personal e-mail on company time/equipment?
Valid question: Company is too passive even to *request* (let alone forbid) slackers to abide by any rules.
They won't fire/discipline the most flagrant abuse... let alone my wife's "rising star." :/

*** So: the hopeful responses I'm getting are NOT about how to circumvent.
     I'm guessing that means we're SOL ***
TOMBSTONE: "He's trashed his last preferences"
     
Person Man
Professional Poster
Join Date: Jun 2001
Location: Northwest Ohio
Status: Offline
Reply With Quote
Apr 3, 2009, 01:09 PM
 
Originally Posted by WhaMe View Post
Is her personal e-mail that important that it is worth the risk?
Depends on what is and isn't whitelisted.

If they allow their employees to look at Yahoo and Gmail and Hotmail, etc, but not MobileMe (via the whitelist), then there is a legitimate reason to complain.
     
starman
Clinically Insane
Join Date: Jun 2000
Location: Union County, NJ
Status: Offline
Reply With Quote
Apr 3, 2009, 01:37 PM
 
I generally NEVER talk about work, but I have to add to this.

A few years ago, someone got a virus which spit out TONS of mail through our server. Yes, we have mandatory AV software, but this was new and slipped through before the Monday update.

So they blocked outgoing POP mail.

I asked why and besides the virus, my sysadmin said "why do you need to check personal mail at work? you should be working".

/facepalm

Home - Twitter - Sig Wall-Retired - Flickr
     
ghporter
Administrator
Join Date: Apr 2001
Location: San Antonio TX USA
Status: Offline
Reply With Quote
Apr 3, 2009, 01:41 PM
 
It is THE COMPANY'S NETWORK, and they can do whatever they want to with it. If these restrictions keep your wife from doing her work, she could ask for them to be adjusted. But I doubt that's the case here.

Either get her an iPhone so she can use her own network connection, or help her understand that it ain't her hardware to mess with. Censorship? Maybe. But it's still the company's network, and she ain't being paid to do stuff other than work, right?

Glenn -----OTR/L, MOT, Tx
     
lexapro
Baninated
Join Date: Mar 2008
Status: Offline
Reply With Quote
Apr 3, 2009, 03:36 PM
 
Fortunately cell phones are able to check email. Even the most basic ones these days are pretty good at it. Might not be as pretty as mobileme but it'll work. An iPhone or BlackBerry would really solve this problem. Other than that I don't know what to tell you. At least these other solutions exist and will not get your wife in trouble for the work network.
     
nonhuman
Posting Junkie
Join Date: Jun 2001
Location: Baltimore, MD
Status: Offline
Reply With Quote
Apr 3, 2009, 04:17 PM
 
Has she tried rebooting with extensions off?
     
Chuckit
Clinically Insane
Join Date: Oct 2001
Location: San Diego, CA, USA
Status: Offline
Reply With Quote
Apr 3, 2009, 05:07 PM
 
The only way to get around a whitelist (without actually getting on a network that's not whitelisted, as with an iPhone ) is get a proxy on the whitelist. They probably didn't intentionally put a proxy on there, so unless you have control over one of the sites to make your own proxy, your wife is pretty well locked in.
Chuck
___
"Instead of either 'multi-talented' or 'multitalented' use 'bisexual'."
     
turtle777
Clinically Insane
Join Date: Jun 2001
Location: planning a comeback !
Status: Offline
Reply With Quote
Apr 3, 2009, 06:20 PM
 
Originally Posted by nonhuman View Post
Has she tried rebooting with extensions off?
If that admin is any good, the whitelist is NOT client sided.

-t
     
shifuimam
Addicted to MacNN
Join Date: Aug 2006
Location: The deep backwoods of the PNW
Status: Online
Reply With Quote
Apr 3, 2009, 06:22 PM
 
Use TeamViewer. It's free and has client and server software for both Windows and Macs. It works over ports 80 and 443, so if you're wife is behind a proxy that blocks outgoing connections to other ports, it'll work fine.

(It's a remote desktop application, if you didn't figure that part out.)
Sell or send me your vintage Mac things if you don't want them.
     
turtle777
Clinically Insane
Join Date: Jun 2001
Location: planning a comeback !
Status: Offline
Reply With Quote
Apr 3, 2009, 06:24 PM
 
Originally Posted by shifuimam View Post
Use TeamViewer. It's free and has client and server software for both Windows and Macs. It works over ports 80 and 443, so if you're wife is behind a proxy that blocks outgoing connections to other ports, it'll work fine.

(It's a remote desktop application, if you didn't figure that part out.)
I don't think you understand what "whitelisting" means.

-t
     
Rumor
Moderator
Join Date: Feb 2006
Location: on the verge of insanity
Status: Offline
Reply With Quote
Apr 3, 2009, 08:17 PM
 
If she really needs to check her personal email at work, you could set up an auto-forward while she is there.
I like my water with hops, malt, hops, yeast, and hops.
     
goMac
Posting Junkie
Join Date: May 2001
Location: Portland, OR
Status: Offline
Reply With Quote
Apr 3, 2009, 09:00 PM
 
Originally Posted by shifuimam View Post
Use TeamViewer. It's free and has client and server software for both Windows and Macs. It works over ports 80 and 443, so if you're wife is behind a proxy that blocks outgoing connections to other ports, it'll work fine.

(It's a remote desktop application, if you didn't figure that part out.)
Won't work. It's a whitelist. She's only allowed to talk to specific hosts.
8 Core 2.8 ghz Mac Pro/GF8800/2 23" Cinema Displays, 3.06 ghz Macbook Pro
Once you wanted revolution, now you're the institution, how's it feel to be the man?
     
alligator
Mac Elite
Join Date: Aug 2003
Location: Minnesota
Status: Offline
Reply With Quote
Apr 3, 2009, 09:20 PM
 
The solution is simple. Buy a laptop with a cellular card. Use the cellular connection whenever surfing is desired.
     
starman
Clinically Insane
Join Date: Jun 2000
Location: Union County, NJ
Status: Offline
Reply With Quote
Apr 4, 2009, 02:42 AM
 
How about setting up VNC at home and connecting that way? Since there's a whitelist of web sites, this might work. It would mean leaving your computer on at home all the time, but you have complete access to it.

Home - Twitter - Sig Wall-Retired - Flickr
     
besson3c
Clinically Insane
Join Date: Mar 2001
Location: yes
Status: Offline
Reply With Quote
Apr 4, 2009, 03:05 AM
 
1) SSH X11 forwarding from a machine off the network

2) NoMachine is a better option than VNC - much faster (same goes for X11 forwarding)

3) VPN to your own network (OpenVPN is very easy to setup) and explore ways to use your VPN as a network gateway
     
Chuckit
Clinically Insane
Join Date: Oct 2001
Location: San Diego, CA, USA
Status: Offline
Reply With Quote
Apr 4, 2009, 03:07 AM
 
This would rely on Love Calm Quiet's ISP's IP block to be on the whitelist, wouldn't it? That seems rather unlikely.
Chuck
___
"Instead of either 'multi-talented' or 'multitalented' use 'bisexual'."
     
besson3c
Clinically Insane
Join Date: Mar 2001
Location: yes
Status: Offline
Reply With Quote
Apr 4, 2009, 03:10 AM
 
Chuckit: who are you responding to?
     
besson3c
Clinically Insane
Join Date: Mar 2001
Location: yes
Status: Offline
Reply With Quote
Apr 4, 2009, 03:13 AM
 
i don't understand why companies do this.

If you are unhappy with the performance of a worker or workers, you deal with that issue. Cutting them off to sites just creates an atmosphere of distrust, of not valuing employees, and of being monitored. If you can't monitor productivity without using technology, this is a problem.
     
ghporter
Administrator
Join Date: Apr 2001
Location: San Antonio TX USA
Status: Offline
Reply With Quote
Apr 4, 2009, 06:52 AM
 
Originally Posted by besson3c View Post
i don't understand why companies do this.

If you are unhappy with the performance of a worker or workers, you deal with that issue. Cutting them off to sites just creates an atmosphere of distrust, of not valuing employees, and of being monitored. If you can't monitor productivity without using technology, this is a problem.
You have the cart before the horse here. Nobody spends the money and time it takes to set up a whitelist until there is a reason for it. And frankly, if the job requires access to sites X, Y, and Z, and ONLY those sites, why spend money on the connectivity for anything else?

Trust the employees? Sure. But most employers trust people only as far as is needed to get the job done. Obviously there's a reason for this particular employer to distrust their employees on this issue.

Glenn -----OTR/L, MOT, Tx
     
WhaMe
Forum Regular
Join Date: Sep 2000
Status: Offline
Reply With Quote
Apr 4, 2009, 08:40 AM
 
The slackers are probably only one of a multitude of problems that they are addressing with the white listing.

By limiting the sites that the employees can visit, it reduces the risk of viruses. Allowing e-mail that is transmitted through their mail server is another way to minimize viruses on the network (provided that they properly maintain/update their servers/clients).

Another reason to limit what web sites that employees can visit is to clamp down on illegal downloads of copyright material. Software companies as well as the likes of the RIAA, love to catch companies with illegal downloads on their computers. The companies will quickly settle out of court to avoid having the feds come in and confiscate the serves as evidence for a long drawn out trial.
     
turtle777
Clinically Insane
Join Date: Jun 2001
Location: planning a comeback !
Status: Offline
Reply With Quote
Apr 4, 2009, 10:23 AM
 
Originally Posted by starman View Post
How about setting up VNC at home and connecting that way? Since there's a whitelist of web sites, this might work. It would mean leaving your computer on at home all the time, but you have complete access to it.
Uhm, yeah, if she is in control of port forwarding of her company's firewall, yes.

That's rather unlikely.

-t
     
starman
Clinically Insane
Join Date: Jun 2000
Location: Union County, NJ
Status: Offline
Reply With Quote
Apr 4, 2009, 12:15 PM
 
Originally Posted by turtle777 View Post
Uhm, yeah, if she is in control of port forwarding of her company's firewall, yes.

That's rather unlikely.

-t
There's no indication how the whitelist works. Does it only block web sites? It's worth a shot to at least TRY. If their system is only blocking WEB SITES then maybe other protocols can get through because they're not blocked.

Home - Twitter - Sig Wall-Retired - Flickr
     
Chuckit
Clinically Insane
Join Date: Oct 2001
Location: San Diego, CA, USA
Status: Offline
Reply With Quote
Apr 4, 2009, 12:38 PM
 
Originally Posted by ghporter View Post
You have the cart before the horse here. Nobody spends the money and time it takes to set up a whitelist until there is a reason for it.
I've known businesses that altogether rejected the Internet, at great cost to themselves. I even knew one where the owner discouraged drinking water in the office — meaning employees had to take a break and run across the street just to keep hydrated. Some employers are just plain quirky.

Originally Posted by ghporter View Post
Obviously there's a reason for this particular employer to distrust their employees on this issue.
I don't see how so. Moreover, if your employees are a problem, whitelisting them under the rug is not the solution. If your employees aren't doing their jobs, fire them. If they are, no reason to be a prick.
Chuck
___
"Instead of either 'multi-talented' or 'multitalented' use 'bisexual'."
     
besson3c
Clinically Insane
Join Date: Mar 2001
Location: yes
Status: Offline
Reply With Quote
Apr 4, 2009, 02:21 PM
 
Originally Posted by ghporter View Post
You have the cart before the horse here. Nobody spends the money and time it takes to set up a whitelist until there is a reason for it. And frankly, if the job requires access to sites X, Y, and Z, and ONLY those sites, why spend money on the connectivity for anything else?

Trust the employees? Sure. But most employers trust people only as far as is needed to get the job done. Obviously there's a reason for this particular employer to distrust their employees on this issue.
I disagree with the wisdom of this attitude.

There are two kinds of companies: companies where employees truly are their most valuable asset (e.g. certain IT companies), and companies where employees are pretty much interchangeable (e.g. McDonalds). The problem is, too many companies that are the former treat their employees as if they are in a company that is more like the latter.

I honestly don't understand why more companies haven't picked up on the success of Google's working model. If employees truly are your most valuable asset, prove it beyond your rhetoric. There are so many little things you can do to provide a better atmosphere for your employees, say, an exercise room, nice furniture, work spaces, common areas, etc. When you adopt the attitude that "this is not needed to get the job done", with enough of this sort of attitude you increase your turnover rate (which carries its own expenses), and you create an atmosphere where what would be most pleasant for your employees doesn't really matter. You slowly drive good talent away.
     
Ghoser777
Professional Poster
Join Date: Dec 2000
Location: Chicago, Illinois
Status: Offline
Reply With Quote
Apr 4, 2009, 05:43 PM
 
Originally Posted by nonhuman View Post
Has she tried rebooting with extensions off?
Ah... memories.
     
ghporter
Administrator
Join Date: Apr 2001
Location: San Antonio TX USA
Status: Offline
Reply With Quote
Apr 4, 2009, 05:45 PM
 
Originally Posted by besson3c View Post
I disagree with the wisdom of this attitude.

I honestly don't understand why more companies haven't picked up on the success of Google's working model. If employees truly are your most valuable asset, prove it beyond your rhetoric.
Google can afford to hire their very top picks, which is a luxury in the business world. Most businesses have to make compromises-hire people who aren't perfect for the job and make do with providing what extra resources they need to get it done right. And frankly, most businesses aren't as interesting as Google, either.

It sounds like the OP's subject business has been hurt by employees doing a lot of non-work, and while their current policy may not impact the people that caused the problem, it does help prevent having a recurrence of that problem. Not cool, sure. But bad business policies are anything but new. Stupid sometimes, but not new.

In this case, it sounds like management has swung WAY too far and is over-controlling the resources their employees need to do the work. That will impact how well they retain employees and thus their bottom line over time.

And it is STILL the company's RIGHT to control access to THEIR network, whether they're doing it smart or not.

Glenn -----OTR/L, MOT, Tx
     
turtle777
Clinically Insane
Join Date: Jun 2001
Location: planning a comeback !
Status: Offline
Reply With Quote
Apr 4, 2009, 06:14 PM
 
Originally Posted by starman View Post
There's no indication how the whitelist works. Does it only block web sites? It's worth a shot to at least TRY. If their system is only blocking WEB SITES then maybe other protocols can get through because they're not blocked.
Dude, your profound level of ignorance astonishes me.

Whitelisting doesn't BLOCK anything.

Besides, the OP claims that the whitelisting happens on a URL (= IP) basis. Even if certain ports for VPN or SSH are open, how the heck are you going to establish outgoing or incoming connections w/o the IP whitelisted or having port forwarding enabled ?

-t
     
Wiskedjak
Posting Junkie
Join Date: Jun 2002
Location: Calgary
Status: Offline
Reply With Quote
Apr 4, 2009, 06:42 PM
 
Windows or Mac? If Windows, remote in to an off-site Windows box that you control.
     
turtle777
Clinically Insane
Join Date: Jun 2001
Location: planning a comeback !
Status: Offline
Reply With Quote
Apr 4, 2009, 06:45 PM
 
Originally Posted by Wiskedjak View Post
Windows or Mac? If Windows, remote in to an off-site Windows box that you control.
WHITELIST.

How the heck are you going to address that computer, if the IP is not whitelisted ?

-t
     
Gavin
Mac Elite
Join Date: Oct 2000
Location: Seattle
Status: Offline
Reply With Quote
Apr 4, 2009, 07:20 PM
 
a couple of questions.

1. does she have admin access to her own computer?

2. what exactly does the filter block? web traffic on port 80? or ip's on every port range.

if the whitelist only applies to port 80 then you can use a proxy on a different port - if they are blocking all ports then you are SOL on that network.

but there may be another option. if she has admin access to the computer she can install a usb wireless dongle (you can pick these up for ~ $10) and look for an nearby open wireless network.

do they allow portal sites like google or yahoo? if so you may be able to set up email on one of those systems and forward your mail or check it with imap.
You can take the dude out of So Cal, but you can't take the dude outta the dude, dude!
     
ghporter
Administrator
Join Date: Apr 2001
Location: San Antonio TX USA
Status: Offline
Reply With Quote
Apr 4, 2009, 07:25 PM
 
Originally Posted by Gavin View Post
a couple of questions.

1. does she have admin access to her own computer?

2. what exactly does the filter block? web traffic on port 80? or ip's on every port range.

if the whitelist only applies to port 80 then you can use a proxy on a different port - if they are blocking all ports then you are SOL on that network.

but there may be another option. if she has admin access to the computer she can install a usb wireless dongle (you can pick these up for ~ $10) and look for an nearby open wireless network.

do they allow portal sites like google or yahoo? if so you may be able to set up email on one of those systems and forward your mail or check it with imap.
1. Probably not. If the company knows enough to build the whitelist into their network, they should know enough to not give users admin rights to the computers they use.

2. A decent whitelist system will block ALL traffic that is not routed to a (usually very small) list of IPs and/or URLs. Port is irrelevant, they don't let the user connect to anything but the listed addresses.

There's another issue here. Evading the employer's network management could get the OP's wife FIRED. It's usually considered serious misbehavior, and may also be called misuse of corporate resources. Either way, it's not a safe activity.

Glenn -----OTR/L, MOT, Tx
     
besson3c
Clinically Insane
Join Date: Mar 2001
Location: yes
Status: Offline
Reply With Quote
Apr 4, 2009, 07:29 PM
 
Unless this blacklist system was designed by a bunch of monkeys, there isn't anything that can be done on the client end to circumvent it on that network, the only choice is to find ways to use another network using techniques such as those I've listed. A proper content blacklist, AFAIK, sits at the network gateway level to block outbound access to certain IPs. All network traffic from the workstations on the network has to go through this gateway.
     
besson3c
Clinically Insane
Join Date: Mar 2001
Location: yes
Status: Offline
Reply With Quote
Apr 4, 2009, 07:37 PM
 
Originally Posted by ghporter View Post
Google can afford to hire their very top picks, which is a luxury in the business world. Most businesses have to make compromises-hire people who aren't perfect for the job and make do with providing what extra resources they need to get it done right. And frankly, most businesses aren't as interesting as Google, either.

It sounds like the OP's subject business has been hurt by employees doing a lot of non-work, and while their current policy may not impact the people that caused the problem, it does help prevent having a recurrence of that problem. Not cool, sure. But bad business policies are anything but new. Stupid sometimes, but not new.

In this case, it sounds like management has swung WAY too far and is over-controlling the resources their employees need to do the work. That will impact how well they retain employees and thus their bottom line over time.

And it is STILL the company's RIGHT to control access to THEIR network, whether they're doing it smart or not.

This sounds like a chicken and egg thing though...

If a company doesn't need top talent, than nothing of what I've said applies. The company would fall into my McDonald's-like category. However, it seems like most companies are interested in attracting top talent.

If a company has to "make do with what they have", maybe this is because of these sorts of practices? Maybe they wouldn't have to make do with what they have if they created a better work environment similar to Google's? You don't have to be an elite company like Google to do this, I don't think.

Top talent and a passion and real pride in work seem to go hand-in-hand, and productivity goes hand in hand with this as well. It's rather ironic that by attempting to be "more productive" in many cases you can shoot yourself in the foot and end up creating a less productive work environment (by not attracting top talent).

Is there a shortage of top talent? Maybe, but why not do what you can to attract this top talent and raise the stakes - make people work harder to be granted an interview? The laws of supply and demand apply here too... If you create a work environment that everybody wants to work in, you increase demand and competition in these jobs - all good things.
     
besson3c
Clinically Insane
Join Date: Mar 2001
Location: yes
Status: Offline
Reply With Quote
Apr 4, 2009, 07:40 PM
 
Originally Posted by turtle777 View Post
Dude, your profound level of ignorance astonishes me.

Whitelisting doesn't BLOCK anything.

Besides, the OP claims that the whitelisting happens on a URL (= IP) basis. Even if certain ports for VPN or SSH are open, how the heck are you going to establish outgoing or incoming connections w/o the IP whitelisted or having port forwarding enabled ?

-t

Way to go to the jugular dude, and on such incredibly important subject matter. Do you have any being nice DNA in you?
     
turtle777
Clinically Insane
Join Date: Jun 2001
Location: planning a comeback !
Status: Offline
Reply With Quote
Apr 4, 2009, 07:42 PM
 
Originally Posted by besson3c View Post
Unless this blacklist system was designed by a bunch of monkeys, there isn't anything that can be done on the client end to circumvent it on that network, the only choice is to find ways to use another network using techniques such as those I've listed. A proper content blacklist, AFAIK, sits at the network gateway level to block outbound access to certain IPs. All network traffic from the workstations on the network has to go through this gateway.
Even you don't get the difference between blacklisting and whitelisting ?

Your suggestions DON'T work on a (IP) whitelisted network, unless you can change DNS entries.

-t
     
besson3c
Clinically Insane
Join Date: Mar 2001
Location: yes
Status: Offline
Reply With Quote
Apr 4, 2009, 07:42 PM
 
Originally Posted by turtle777 View Post
WHITELIST.

How the heck are you going to address that computer, if the IP is not whitelisted ?

-t

It depends on whether port 80/443 is being blocked, or all network traffic is being blocked. You're right though, I was thinking that this was a blacklist. Either I misread or I just went off on the wrong track. I fully comprehend the difference.
     
turtle777
Clinically Insane
Join Date: Jun 2001
Location: planning a comeback !
Status: Offline
Reply With Quote
Apr 4, 2009, 07:44 PM
 
Originally Posted by besson3c View Post
Way to go to the jugular dude, and on such incredibly important subject matter. Do you have any being nice DNA in you?
Sorry, but I thought that starman was a very much a computer / IT proficient guy. Kind a like you.

Still, you both don't seem to get it.

-t
     
turtle777
Clinically Insane
Join Date: Jun 2001
Location: planning a comeback !
Status: Offline
Reply With Quote
Apr 4, 2009, 07:46 PM
 
Originally Posted by besson3c View Post
It depends on whether port 80/443 is being blocked, or all network traffic is being blocked.
If you assume that the whitelisting *ONLY* takes place on port 80, then yes.

But what kind of idiot would set up IP whitelisting, and then restrict it to port 80.

Btw, hint, hint, the OP said that even email was restricted.

So that admin must be a real idiot if he locks down ports 25 and 80, but not 443 and 22.

-t
     
besson3c
Clinically Insane
Join Date: Mar 2001
Location: yes
Status: Offline
Reply With Quote
Apr 4, 2009, 07:51 PM
 
Originally Posted by turtle777 View Post
If you assume that the whitelisting *ONLY* takes place on port 80, then yes.

But what kind of idiot would set up IP whitelisting, and then restrict it to port 80.

Btw, hint, hint, the OP said that even email was restricted.

So that admin must be a real idiot if he locks down ports 25 and 80, but not 443 and 22.

-t

Very well, you're right, I did misread. I wrote "blacklist" and thought "blacklist", but that doesn't mean that I don't understand the difference, and yes, it would be dumb to whitelist traffic only on ports 80/443, but it is possible (although improbable) that either this is a simple turnkey product that for some reason only supports blocking traffic on these two ports (perhaps it was only designed as a sort of kid-friendly parental tool rather than a security tool/resilient firewall), or that the company needs access to remote network services and decided not to do this.
     
King Bob On The Cob
Mac Elite
Join Date: Apr 2002
Location: Illinois
Status: Offline
Reply With Quote
Apr 4, 2009, 08:20 PM
 
You guys realize that this could just very well be a DNS blackhole for non-white listed IP, right? (It requires the least amount of work on the network admin's side, and doesn't require hardware to continuously monitor traffic.)

She may, in fact, be able to phone home over port 80 if she has the IP. Just be careful that you don't get noticed for the large amount of traffic it would show.
     
Hg2491
Grizzled Veteran
Join Date: Sep 2007
Location: NYC
Status: Offline
Reply With Quote
Apr 4, 2009, 08:34 PM
 
I'm with whoever said to get her an iPhone. Going through all that trouble just to check her email is unintelligent. Worst case scenario she gets laid off work.
     
Chuckit
Clinically Insane
Join Date: Oct 2001
Location: San Diego, CA, USA
Status: Offline
Reply With Quote
Apr 4, 2009, 10:11 PM
 
Originally Posted by King Bob On The Cob View Post
You guys realize that this could just very well be a DNS blackhole for non-white listed IP, right? (It requires the least amount of work on the network admin's side, and doesn't require hardware to continuously monitor traffic.)

She may, in fact, be able to phone home over port 80 if she has the IP. Just be careful that you don't get noticed for the large amount of traffic it would show.
That's an interesting theory. Worth checking, I suppose.
Chuck
___
"Instead of either 'multi-talented' or 'multitalented' use 'bisexual'."
     
starman
Clinically Insane
Join Date: Jun 2000
Location: Union County, NJ
Status: Offline
Reply With Quote
Apr 4, 2009, 11:56 PM
 
Originally Posted by turtle777 View Post
If you assume that the whitelisting *ONLY* takes place on port 80, then yes.

But what kind of idiot would set up IP whitelisting, and then restrict it to port 80.

Btw, hint, hint, the OP said that even email was restricted.

So that admin must be a real idiot if he locks down ports 25 and 80, but not 443 and 22.

-t
Irrelevant. My company blocks mail ports but NOT web so hint, hint, it doesn't matter until you TRY.

Home - Twitter - Sig Wall-Retired - Flickr
     
 
Thread Tools
 
Forum Links
Forum Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Top
Privacy Policy
All times are GMT -4. The time now is 11:05 AM.
All contents of these forums © 1995-2017 MacNN. All rights reserved.
Branding + Design: www.gesamtbild.com
vBulletin v.3.8.8 © 2000-2017, Jelsoft Enterprises Ltd.,