Slashdot Mirror
Ask Slashdot: Dealing With University Firewalls?
An anonymous reader writes "My university only provides access to the web, via a restrictive content filter and proxy service. There is no access to the wider internet. I was wondering if this is common, and if anyone has any suggestions on how to go about protesting the issue. I've spoken to the lecturers and they have the same frustrations I do. I've also spoken to the head of the IT department who spouted lines about 'protecting the network.' This is very frustrating, I've seen a number of students making use of 3G/4G dongles to get access to the net and this just seems crazy. The restrictions applied to the web are draconian, with sites such as hackaday, hypberbole and a half, somethingawful, etc being blocked." What would you do to get better access?
Get over it.
Sigs. We don't need no steenking sigs.
In that case buy a ssh shell minimal hosting account for 2-3$/month.
Create a tunnel.
And browse.
If paid public VPN services are allowed, you can also subscribe to such services. Of course, your browsing will be slower.
My Aurora : http://www.youtube.com/watch?v=o91ZsGwJYyg
FB : https://www.facebook.com/TanveersPhotography
Become friends with a member of the IT department. Alcohol can go a long way in beginning an IT related friendship.
The University probably has policies about Internet Access that the IT Manager is obliged to enforce. Go about it the correct way and see if you can get the policies changed instead of acting like its your right to have access to everything you want, just because YOU want it
1. Buy VPS for about $5 (you can catch some specials $15/year for 128mb RAM / 10gb disk / 500gb bandwidth)
2. Have SSH listen on 25/tcp, 80/tcp, 443/tcp and others
3. ?????????
4. YOU CAN NOW LOOK AT SOMETHINGAWFUL WHILE AT SCHOOL!!!!
If you want unrestricted web access then pay for your own connection. Don't bitch about IT people doing their job properly, their primary goal is not to be an ISP for you to surf the web. Most corporates and government agencies all apply these so called "draconian" restrictions on thier staff and it isn't because they are all bastards. Basically your average user can be trusted about half the distance you can kick them, they all think they know what they are doing until something goes wrong then it is IT's fault for not protecting them.
Which means you can setup a dns proxy for IP traffic and use it. It's not fast but is very handy to have ready when you're for example on a wifi that wants you to pay for using it via some kind of web page.
My university doesn't restrict internet access - they, however, ask you to not do anything illegal and log your activities. They give me 1GBit internet connection by cable or 450 MBit/s over WLAN (which I don't know how it is possible) so I can download stuff as quick as my slow laptop harddisk can save it.
However, if they'd restrict access, I'd probably use TOR or some proxies to get full access or I'd set up a VPN connection to my server and access the internet in that way.
Took about 30 sec to find this on Google /.?
http://www.revsys.com/writings/quicktips/ssh-tunnel.html
Really though, this is something college students deal with worldwide, and MANY solutions exist
Why is this on
To choose a school based on it? Not going to a University with these restrictions is one way to vote with your dollar.
If you don't plan on leaving, warn incoming students about these policies. Perhaps encourage them to ask about internet restrictions in their interviews. If it's a deciding factor in student enrollment numbers, they'd think hard about it.
Further, you can petition and urge students to speak out against it. Taking action is an option.
If they're dumb enough to lock down internet access to the point that it becomes unusable for work purposes whilst still allowing their network to be trivially bridged by 3G dongles then you're already fighting a losing battle. Chances are that the people writing the policy don't have the slighest clue what they're doing but have read some stuff about how the internet is bad and so should be blocked; be glad they don't do things like blocking all Javascript from running, which I've seen in some companies, thus breaking just about every site they don't already block (though arguably that's as much the fault of the websites in question as the security policy).
Depending on their application security policies, if you've got a PC somewhere (friends, home, hosted box) with access to the internet proper, run an SSHd listening on a port you can get outbound on from the university network (if there even are any) and proxy all your traffic through that with a copy of Putty and something like Portable Firefox run off a USB key.
Otherwise, you could try organising students and lecturers against the stupid IT policy, but I wouldn't hold out too much hope of getting anywhere.
Most likely nobody cares that a handful of students want to get to somethingawful. Most likely they're using basic checkboxes in the content filter to block off large groups of site by generic category.
Get the kids to come up with 500 legitimate sites that would be useful for schoolwork, but they can't get to. Petition someone important at the school. When presented with a list of 500 sites they have to unblock, IT won't whitelist, they'll start unchecking categories.
Also, make the case for VPN services. You should be able to make a convincing argument. That'll give you a way to get at everything that remains blocked.
I have this at work. get your sshd to listen on 443. if they manage to block that, start a petition. DPI is evil.
Why not just setup a VPN real fast with someones DD-WRT router. I did this at a job that had a really obnoxious content filtering thing that actually prevented me from doing my job. I just vpn'd to home, but you probably have at least one friend in town that has something good enough for you to work with. Even a shitty VPN will do, since your not trying to protect anything so much as evade things.
"Computers will never truly be free until the last windows user is strangled with the entrails of the last mac user."
Bloody hell, get a life. As other people have said, but missed the point, the University's IT Dept. is there to provide a service. That service does not include catering to your stupid browsing whims. From the sounds of it, they're using a category based filter on web content. So Something Awful will probably be classed as "Adult". Your complaint in a nutshell is that you can't access your stupid cartoons. Man up and do some work. You want to private browse, get a private connection. If the Uni was actively preventing you from studying, you might have a point. Unfortunately the slash-bots on here seem to agree with you so I'm sure you'll at least get some feel-good factor from the hive mind.
Setup an OpenVPN server on port 443 from a server at your house. They cannot feasibly block port 443 for everyone, but they could block your residential IP. If you have a dynamic IP for your residential connection, this is a non-issue. Also use a dynamic DNS service so you don't have to keep changing your OpenVPN client's IP setting.
In all Universities there is an "Inner Circle" formed by network admins, who are impervious to proxy filtering.
The incantation to enter that select group is:
"Hey, I'd like to help with the university network maintenance. Can I do it as a practice? I'll do it for free."
This psalm recited to the right university demon will get you access to the University's network system. With luck, in 1 or 2 months you will have the relevant network keys/info. Probably you will have the rights to whitelist the pages you want.
Then move out of there.
Back when I was at university, I bought a cable for my phone and got myself some sweet, sweet 9k6 access over GSM. It was faster and more reliable than the connection in the uni's computer labs ever was, not to mention no BS filtering. Paying by the minute made me focus on getting the job done and hanging up, too...
As far as filtering goes, the conventional way around that was to log in as someone else. After all, their username was their matriculation number and the default password was their date of birth... If you couldn't read a classmate's ID and social-engineer his birthday out of him, no matter - the uni helpfully had an easily-accessible printout of the entire student body's personal information (in fact, you had to sign to get your grant, so they left it on the public side of the window), and those last few pages were awfully loose...
....everyone else, or me. However, to me "restrictive access to the web only" and "no access to the wider internet" means to me that he's not going to be running an SSH or VPN proxy to anywhere (except the VPN access that runs over the web ports, and I guess SSH on an alternate port if it's a simple port filter).
OpenVPN on an openVZ virtual server. A 128k server to $2-3/months should be fine.
And OpenVPN is VPN over HTTP/HTTPS.
But organize a protest. It should be easy to get huge support for it. Start it up on facebook.
Seriously, you're not going to win this one. Get your own Internet. And by all means invest in the offshore VPN service too, so you can find out what the real Internet is like behind the Great Firewall of America because that's where we're going now too.
Help stamp out iliturcy.
I'd say the university isn't fulfilling its role, and you should definitely rally to change things. The purpose of the university network (besides supporting research communications) is to allow you to learn.
During my undergrad the university I attended provided full firewall-free internet with a *public* IP from their block for everyone who plugged in (and no-questions asked CNAMEs). The wireless was of course NAT'd but I had no problems.
This all worked because of the genius way they solved problems was genius. If IT detected any funny business, a tech would physically show up at your lab/office and ask you what was going on and make you fix the problem right then and there.
Make friends with someone in your Cultural/Media Studies faculty. Preferably someone doing research into social media, emerging cultural phenomena, self-organising cliques, something like that. Then get them to repeatedly hassle IT to give them access to blocked sites, claiming its for their research. I reckon after the fifth time IT will give up and just open up the whole network (their router access control lists will get unmanageable for their competence level).
My former university used a VPN-service, where every student had to set up a VPN on their computers, and connect to the VPN-server before being able to browse the web. One of the guys even admitted that they're raping the VPN standard in every way possible by using it to connect outwards, rather than inwards, but still they stuck with it.
The downside was that until the VPN service connected, there was absolutely no traffic to the wider web, which includes Google DNS. So every time I wanted to connect, I had to reset my DNS settings to use theirs (I was too lazy to edit the address into my hosts file every time I remembered). That, and the fact they kept a detailed log about all your activities while on their network.
Hyperbole: I use it liberally!
Unfortunately in that kind of situation you can only work around by using other methods such as 3G/4G or a Webserver based Proxy Script (such as Glype). VPN's, Browser Proxies etc are off the cards due to the network setup.
Universities provide you with internet access for material directly related to your course, Ethernet / fiber connections are not cheap and it is within their interests to keep costs down and so access to plausibly off-topic material is frequently limited in both workplace and educational institutions.
Discussing the issues with campus management is an option, however not an advised one. The IT Department will be seen as "experts in the field" where as you "are just a student". Their word is the gospel truth to management. If your university is a reputable one with a dedicated IT department, volunteering to "help" is unlikely to yield the access required to bypass proxy restrictions, so that's off the cards too.
I myself am a University student and I use a 3G connection for much the reasons you are complaining about. It doesn't cost me much at all to do so.
As a /. reader, I can only assume you're rather technical. Isn't this something you discovered before going there?
Frankly, I wouldn't go to a school that did this. And I didn't. Thankfully, my first choice doesn't do anything like this. Traffic is unmonitored, but for legal reasons you have to register your MAC address to your university credentials to get out of the VLAN. This happens automatically with authentication to the wireless network, or manually through a captive portal for Ethernet.
As required by law of all ISPs, they will use this to forward DMCA notices, which happens pretty frequently. I can't exactly fault them for that. They'll also notice if you're really hammering the network with worm traffic or something, in which case they'll kick you off until you get the system cleaned up, which I can't fault them for either.
But other than that, they're pretty much out-of-the-way. They definitely view themselves as more of an ISP than anything academically-relevant, which is good. The university structure also places them at the same level as the individual schools (liberal arts, engineering, business, etc), and each school has its own school-specific IT that runs their own email and webhosting and so on, all of which helps keep them pretty much service-oriented. They pretty much provide internet access and server space to any university department that wants it (and pays for it, in one of those interdepartmental money-shuffling schemes), and otherwise back off from content management. Individual schools are free to filter whatever they want, but only in the school-managed network. In practice, none do. Even if they did, the dorms are separated out from that.
Not to mention the university is almost as liberal as they come in terms of information freedom.
But in any case, the university is your home for the time you're there. I wouldn't live somewhere that did this, and I wouldn't go to a school that did this. Not even because of the inconvenience - think about what that suggests about how they view academic and intellectual freedom.
I have developed a truly marvelous proof of this comment, which this signature is too narrow to contain.
1, technical. VPN. There are plenty of cheap providers out there who exist to fix this problem, or just find a friend who's willing to let you bounce off their home network.
2, administrative. Go over the head of the technical guy who's blocking the net. You will need to do your homework first: have a good business case for why the current policies are a) inhibiting your (and many others') legitimate needs and b) aren't reasonable, necessary or effective measures to achieve security. If you have a hundred signatures on a petition you'll probably get some attention.
Get your own internet. If you're going to use what the school is giving you then you have to deal with their network restrictions. With what your parents are paying for you to attend college you shouldn't put their money at risk circumventing network security at the school. Buy your own internet access if you want to fark around.
Words are only yours until someone else uses them...
You're not an ECU student, are you?
Depending on where you are located, you can use 3G or 4G data on a phone or a dedicated hotspot. Unless you plan on going hog wild on it.. Then you control your access... Hard to imagine that you didn't know this going in though.... you did ask before you signed up right?
Try a picidae server. http://pici.picidae.net/ It replies you with a clickable image of the website you browse. You can run a server at home or use one from the project.
Do not advertise the VPN provider who sold his customer to law enforcement last year. Bustmyass.com it is.
If you were complaining about web sites related to your studies, you'd have some justification. The University network is there for studies and work, not for pissing around on.
[At this point maybe I should confess that I spent all my mainframe time allocation at Uni playing the original MUD... :-P ]
Donte Alistair Anderson Roberts - hi son!
Karma: Chameleon
Universities do not exist to restrict information. Anybody who thinks they do, is not doing their job.
I agree that it is likely and administrator, rather than the IT department, who is responsible, but don't count on it. That's just worthless guesswork. You can find out.
Whoever is responsible, don't listen to all these wimps who just tell you to cave and pay for ANOTHER internet source when you're already paying for this one. Get hold of EFF, EPIC, the ACLU, and anybody else you can, and tell them your academic freedom is being repressed. Because it is true. But get some help. There are organizations out there who can not only help you find who is responsible, but put pressure on them to change the status quo.
Don't cave and just buy an expensive cell phone data connection (especially with prices going up). Fight the BS. Because that's what it is: BS.
The following serve as an overview. You would like to do your further research.
(1) SSH client (inside) ---SSH Tunnel--> SSH server (outside, with webproxy)
This may be the simplest setup, and the client could be linux or putty on Windows; and the server could be linux or CYGWIN on Windows
(2) OpenVPN client (inside) ---OpenVPN handshake--> OpenVPN server (outside, with internet routing)
You need to setup an OpenVPN server outside. For example, I reflash a CISCO router with OpenWRT at home so that I can connect from anywhere with OpenVPN client and use home's internet. This method could drill through most firewall/proxy, because it can be configured on any port, and any protocol (TCP or UDP).
Above methods requires setting up Internet connection outside. You might want to circumvene University's security policies directly, say by malform URL request. However, I do not recommend you to do so, as it would be considered a direct attack on their firewall.
Oh wait... you expect unlimited access to the network for free? Hahaha...
I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
Check out proxy over dns. The dns is usually not as heavily filtered as the rest. It's not as fast (and you would need a computer you can connect to from outside, but it won't be subject to the same limitations).
I hate to say it but as someone who implements networks with the very restrictions you mentioned. It is often because that is in the best interest of the school or business not to mention protecting your equipment from viruses and malware.
I remember when i was in boarding school we used to use aol demo's to tunnel the schools firewall
I'd like to know at least what country this University is in. Where I am, it's all about the student experience and making and keeping the students happy is the #1 priority. Note, that our IT department is big and these views are only shared by some of the sections, most notably the one I run, but of course we provide the Internet access, including the firewalls and proxy and filter as well as the wireless networks.
We spend considerable effort to protect the Internet from us, rather than the other way around. Heck, we currently give our students on the wireless networks real fully routable IPv4 addresses, with IPv6 coming soon.
Among the key aspects of security that many none security techies (control-freaks and politicians) miss is the fact that Security is supposed to be an enabler. It isn't supposed to get in the way of business.
Aside from legal and compliance matters, security should never get in the way of day-to-day operations.
The business of a University of LEARNING. Internet is a vital and essential part of learning - draconian restrictions will never help security.
The "IT Guy" obviously hasn't segmented his network; nor has he done a threat assessment, risk assessment or analyzed the business requirements of Internet in a University!
When your "security" policy/procedures force users to work around, bypass, hack; then that security policy has FAILED.
At my old university, (1998), we got our useless IT Administrator sacked when the students and staff got together and made the case to the University Administrators (it was a fun meeting :-)). Unfortunately, University Administrators think they are running a prison, not an educational institute; however, they can't fight against the teachers and students! ;-)
FIGHT DA POWA!
-- "To ask a question is to show ignorance; Not to ask a question means you'll remain ignorant."
... running on 443, because at least in my university, other ports were blocked (though I only needed the tunnel for some gaming stuff, exactly because of the port restrictions)
If you can go to your course lecturers and justify why you need access to Hackaday to complete your course, I am sure your lecturers have a process to unblock the sites.
In the meantime there are 1000s of other students trying to use campus PCs without needing to find them screwed over by the previous user. What you *might* be able to persuade the University to do is to provide an unrestricted wi-fi point on campus for personal use.
University isn't normally free.
Also they Uni is wasting additional money on licenses for software and products to block everything, when it would be cheaper for them to provide a wide open internet to paying students.
“Common sense is not so common.” — Voltaire
If you're staying in university accommodation, and they're in a monopoly position as your internet provider, then they have an obligation (moral and possibly legal) to provide an equivalent service to what you'd get from a commercial ISP in private housing.
I am trolling
If all the OP wants to use it for is stuff that is currently legal, no harm in taking the easy way out
Search for a non blocked anonymous proxy? Granted you shouldn't trust sending your personal information through the proxy, you would be able to look at these sites you mentioned
This happens. And Its sad that university which should be a home for free flow of ideas just block the very channel for it. Even more frustrating is when access to IRC is blocked! I used tor but many IRC servers do not like that and they will now allow you on their network. IMHO blocking traffic where it prevents blocking of network is the one legitimate (e.g. torrent which just sucks up the whole bandwidth). I think when IT guys say that they want to prevent malware it shows they are too lazy to do their job of keeping the networks and computers safe.
I'm working at a university in Sweden. This kind of behaviour would be totally unacceptable here (afaik).
Sure, the wired net with static IP's has a MAC filter but anyone is welcome to use the guest wlan which works ok as long as you don't need to access file shares behind our firewalls.
As a member of an IT systems admin team for a faculty we've often got specific mandates which services we must restrict, and to what end. What you may also be up against, other than 'unprivileged' access - is politics. Students do Naughty Stuff (tm) - that's just a fact that keeps on proving itself true time and time again. Even if you can speak for you, your friends, or your entire course - I can bet dollars to donuts that there's someone out there trying to do something shifty. Case in point: I was seriously asked to relax the restrictions on banning Steam so a student could "download 10 or 15 gig so i didn't have to do it over dial-up". On-campus living - sure, i can see where restrictions like that may diminish any sort of sanity saving software platform ( Valve fan \o/ ), but I'm not going to open up a faculty network just so you can play games. It's an education facility, not your personal high speed connection to the 'net. If you were a postgraduate student researching something that required access - then by all means get your supervisor to approve your request and I'll be more than happy to make it happen.
That being said - outline a clear case of why you need certain things re-classified and you may have a better case to work with. I am not suggesting that this tactic will work - as there's probably more to the story ( see - plug and play filter lists/software/appliances which remove the need to dedicate an entire FTE to putting classifications on traffic going out ) than you really know, but it will certainly stop you from seeming like a whinging student and more like an intellectual who is using sound reasoning. Hell - if you are able to find clear, repeated examples of wrongful clasification of websites, you may be able to enact a reconsideration of what's being used to deny you access or relax the level in which things are blocked.
Of course, they might not care. Who knows?
--- perl -e 'printf("%s\n", pack "H*", "7369670a676f6c677940676f6c67792e6e65740a2f736967")'
Rutgers University bans ssh public keys. Ergo, all the students employ expect scripts that contain their passwords. These expect scripts aren't from students writing em' themselves, but just copied from friends. In particular, there are students who barley know what ls and rm do, but certainly won't know to change their password if their laptop gets stolen. And students commonly hack one another's accounts by copying said script.
The Christian religion has been and still is the principal enemy of moral progress in the world. -- Bertrand Russell
See if there's an on campus computer club, that will almost certainly lead you to people, servers and networks that will help with outside access.
A few things I've seen used on campus:
-SSH proxy tunneling
-VPNs
-IPV6 related workarounds
-'partner' universities and organisation that can be accessed/tunelled through without going through the firewall
-wifi router/repeater with long distance wifi link (eg with a 'cantenna') to an off-campus house/building
-friends that work for campus IT, local ISPs and the university's ISP
If you're talking about torrents, then I have one word: BitcoinTorrentz. Cheaper than a VPN, you get your torrented files over a standard port 80 HTTP connection (though it is NOT encrypted, if that makes a difference), and hey this is Slashdot so LOL ANONYMOUS MONEY for whatever that's worth.
For all other normal web traffic, yes your school is being very Draconian if they're blocking the likes of Hackaday. I mean hell, that's pretty much "Great Firewall Of China" levels of censorship there. I frankly don't know what you can do as a single person to try and change that, but know that most colleges in the US don't filter Internet traffic at all, so your IT admin is almost certainly on a power trip if he's implementing these sorts of policies.
Restricting internet access to students like this is ridiculous. If the "University Network" needs to be protected, segment it off from the part of the network students can get to the internet from.
Who is the IT department to determine what is "beneficial" or "useful" to someone's University education? The internet was borne of research and inquisitiveness, blocking the internet goes against this idea completely.
OK, so people might watch YouTube etc but if this helps students feel they are free to go and explore the internet and helps to foster a culture of learning, who cares?
Someone’s "messing around" is another person’s productivity, I wonder if the IT department would have deemed the inception of Facebook for example, a good use the University network?
Teamviewer uses port 80 http which is never blocked, has a portable .exe.
What a lot of people seem to be missing here is that for any university IT dept, one of the main things they have to do is protect and manage their bandwidth. The question for most institutions is not a philosophical policy decision about "should we give full internet access", it's a technical question of "how much access can we give before our bandwidth gets saturated, to the detriment of our core business as a education institute."
IME, most students these days are above-average users of youtube, iplayer, online gaming, streaming music, skype, torrents and other high bandwidth internet usage. No university in the world could reasonably afford the mahoosive pipe needed to allow all their students full access to everything. Even more 'legitimate' things that you wouldn't think of can cause huge problems - the last time a new version of Ubuntu was released, our University's bandwidth was completely saturated for 7 hours.
It sounds like the OP's university is going about it in a slightly ham-fisted way though. Rate-capping of connections would be a better way to go. As many others have suggested, opening a dialogue is the way forward. But remember, like it or not, you are the supplicant here. Show some sympathy and understanding of the problems faced by the people you speak to and you stand a far higher chance of success. Wade in a like a toddler who can't have his sweeties and you'll be dismissed out of hand.
Try being a network admin for something that is typically understaffed, underfunded, etc etc. I do it for a community college and most days it is fine but there are plenty of days when it isn't. You seem to forget that there is likely school business running on the network (different VLAN) and through the firewall too. We pretty much allow anything outbound but bandwidth shape to keep the higher priority stuff moving along. You know, things like class registrations, www. email, etc.
Before resorting to some bypassing scheme, why don't you find out how to request certain sites be opened up? Unless of course you are just bitching because you can't check Facebook, download ISOs, torrent, or whatever else you determined falls under your academic freedom. Have you been to the school library? They don't have every book ever published there. You should complain about that too.
If so ...
This is the basic test to see if you are worth letting back for the second semester. /. I suggest your consider a different career path.
As you have posted this question on
As you obviously want other technical people to get you out of trouble and solve all of your problems for you, I suggest you look at Sales and or Marketing.
Something tells me you have a natural aptitude for either of these.
a ssh server running on port 443 and corkscrew kept me sane though my uni years when all traffic to the outside world had to go through their proxy. Once you can ssh somewhere you can set up tunnels and do anything you want
Most (all?) universities have a union to represent the needs of the students. Get them to raise the issue and it's likely to be a lot more effective than one man's personal protest.
Comment removed based on user account deletion
He's asking what options are available for getting around a problem he has. When someone's IT policy is threatened here, dozens of people instantly rush to its defense. The topic wasn't started to debate whether it was a good or bad policy; whether the IT department here was doing their job well; whether they were just crazy with power. Nor was it a pity plea; they don't want your derision.
/. how to deal with the situation. If someone asks you for help fixing their car, you don't launch into a rant about the engineer's design and material choices and how they know better. Hopefully, you go about helping them fix the problem.
They wanted a solution to their problem. That's why they're asking
There's no point in having Ask Slashdot if the replies are all posts telling the asker they're meddling, they're stupid, they're lazy, they don't understand. You aren't obligated to respond to the questions. If you don't have a solution, don't say anything and avoid being an unhelpful dick.
If it is a private university, then yes, they can do whatever they like, no matter how stupid it is. If they are a public university, then no it isn't "their bandwidth" it is "the public's bandwidth" and they have certain responsibilities.
So that's the first question to answer: Public or private? If it is private, well then suck it up. Private schools can, and often are, stupid with some of their rules. My recommendation is don't go to them, go to a public university.
If it is public then the thing to find out is where this is coming from. If it is from on high, the board of regents, there may be little you can do, though you can investigate state law, maybe talk to FIRE. However if it is coming from an overzealous IT department, then maybe it is time for them to get smacked around and learn that they are there to provide a service, not to act like despots.
In that case maybe talk to the faculty senate. The faculty and administration can ultimately tell the IT department to sit down and shut up, they perhaps just need to be made aware of that fact. Get information from other universities, see how they do it. You'll have no trouble finding places that provide essentially unrestricted Internet access (the university I work at does). Present the faculty with ammunition that it can and should be done a different way and they may choose to affect a change.
As something of an example of the second scenario in the private sector, my dad worked as a VP for a company;s American branch for many years. They decided to bring him over to the British branch for a bit to clean shit up. So he is over there, meets the guy who is the director in everything but title of that place (that was forthcoming). Guy says "Hi, welcome, I've got to go to this meeting, here's my office make yourself comfortable, I'll be back in an hour." My dad decides he'll check his e-mail and such things on the guys computer. No luck, can't get on the Internet.
He has someone call IT for him. IT comes down and says "Oh ya he doesn't have Internet access, he doesn't need it." Umm what? The guy in charge doesn't have Internet access? And who the fuck decided he didn't need it? There was no company policy to this effect. Dad snarls at them, 5 minutes later computer has Internet access. The IT department there was very tyrannical. They made rules all of their own and it just never really occurred anyone to yank on their chain.
Remember, and I say this as someone who works in IT: IT is a service industry. You are there to help people get their jobs done. That means not putting up artificial blocks to shit. That doesn't mean no blocks at all, you have to do things for security, compliance, and so on. However it does mean not being asshats and doing things like offering nothing but extremely locked down web access.
Also any time you say no to something, you need to have an alternative. So you say "No, you can't have an FTP server. The passwords are clear text and that is insecure. However we will happily help you setup an SFTP (SSH) server instead which is fully secure."
At any rate step one is to find out from where this policy comes, then you can see if anything can be done about it.
HARDEN THE FUCK UP!
a poor little kid who has always known the internet is having a cry. that's alight, Slashdot will comfort your tears, we have nothing better to do since we realised the quality and relevance on this site was lost long ago. Don't despair that the world is not bending to your every whim. I've got a packet trace to run and have to figure out is this issue is SAN, DB, driver, app server, VM, programmer error, firewall, router or other. I'll be back to make you some hot coco & wipe your arse in an hour when I've finished doing my adult job.
Fortunately most universities I know (at least in the UK) respect this. They might hate having to deal with student residences (the wild west), but they prefer to generally treat students as adults and respect that the internet is far too useful as a tool to have some guy lock it down in the misguided name of security.
Now there's one hoopy frood who really knows where his towel is!
Asking a stupid question will get you stupid answers.
"How can I bypass my University's IT policy against their wishes" isn't a question that requires an answer. It's like asking "How do I deploy an open telnetd running as root on the Internet?" or "How do I bypass the fact that my ISP allow me to put my unauthenticated Windows fileshares online?"
When you're doing something stupid, don't expect people to help directly. You think that telling someone they're doing it wrong isn't helping. It is. It helps them learn that they shouldn't NEED the answer to their question.
If someone phones up a garage and asks how they can wire the metal door-handles directly to the battery, or how they can illuminate the petrol tank with an uncovered candle, you'd expect them to be similarly unhelpful. Because it's a stupid thing to do, and if you want to do that, you're on your own. Our "help" is to tell you not to try.
Get friends to start buying old linksys routers and create your own rouge wireless internet campus wide. Get people to donate to pay for hardware and a few cable modems at the perimiter so your mesh network can have multiple internet gateways to balance the load.
Old routers and openWRT will do this, then start putting them up.
you are in college, it's time to be subversive and community building. a non uni owned student run wireless internet setup is the best way to do this.
Do not look at laser with remaining good eye.
Unless they have a default-deny that only authorizes certain websites, you can set up an HTTP tunnel.
http://en.wikipedia.org/wiki/HTTP_tunnel
There's software available for it, you don't need to be a fancy hacker to use this.
In extreme cases, you might be able to work around default-deny HTTP filters by using DNS tunneling. It's horribly, horribly slow, but it works on some of those hotel connections where you would normally be able to access only one webpage, where you have to pay a fee to get X hours of connectivity.
Here's an illustrated tutorial: http://analogbit.com/tcp-over-dns_howto
Have fun!
It's the principal of the matter. If your service is based on the premise of anonymity you shouldn't fold to the cops unless required by law. Even then you shouldn't record any data of substance that can be used to prosecute customers.
You might want to check your University's Network AUP and make sure you won't get expelled for wanton evasion of their security policies.
Best bet is probably to get your own cellular modem, or move off campus where you can get your own DSL/Cable/Fiber. It's their network, and you should abide by their rules even if you don't like them.
When I was at University the way to get things changed was to get a group of people who were interested enough, and then go and occupy something inconvenient to the administration to get the message heard.
Korma: Good
...is somewhere between bad idea and illegal. If there is a policy you should start to investigate why somebody made a very strict policy. My guess is that they just don't want to be a part of a police investigation and don't want to see the university's name on the front page of all newspapers.
You want a solution... buy a 3G USB stick.
You want to be expelled then feel free to try to hack the system...
If you do want to change the policy then you need to:
a) understand the reason for it being there
b) have a really good explanation for why a) is not the right way of protecting whatever they are protecting
c) find the people responsible for the policy
I run into this with clients occasionally. I don't do onsite development work unless I am able to bring my own dev laptop and screens and other equipment including a hardware firewall between their network and my machine. And I don't use their email servers. I've been fortunate that it hasn't been rejected so far. Some clients only allow http/https access going out. I set up my dedicated server with multiple IP addresses for ports 80 and 443 that reroutes for pop/smtp, terminal services, etc... I ask the client first and show them my routing setup. Usually their policies are in place for non IT people and they just don't have different network policies for various departments.
Well... i'd say the solution is not a technology one (though many of those are available and many have been mentioned).
The best solution would be to transfer to a real school, because if they have as restrictive of a policy as OP suggests they're probably a crappy school anyway.
An easier one would be to just use a phone or get DSL or cable or something to get to the blocked sites.
Pay for it.
Those students with the 3G and 4G dongles that you're laughing at have the right idea.
Internet access is not a "right", bub. It's a service you PAY for.
I do not fail; I succeed at finding out what does not work.
I've been the internet cop is several organizations during my employment history and have seen administrators (not IT people) declare everything from "ALL shall be free!" to "Don't let them do anything more than their job" as a standard to use for filtering. Most likely what is happening is that someone, not in IT, has the list of "categories" from the filter service provider, be it Dan's Guardian or a big company like Websense, and have picked the usual suspects of Adult, Security, Malware, and Offensive, along with Hate Speech, Violence, and IT related" and flipped the filter on. The University Administration will ask you one question and one question only, "What part of your EDUCATION" is being effected by this? AND remember these people have fairly well tuned BS detectors. This isn't your parents' basement, they have the right to do what they will to reduce costs (your tuition) by protecting their network and reducing bandwidth use. If you don't like the on campus connection then move off campus and PAY for your own net connection where you can surf to your heart's content and waste your parents' money on reading hackaday instead of getting the Business Degree your parents are paying for by working overtime. And if you want REALLY draconian, they know eveery website you attempt to go to, whether it's blocked or not, and with the newest tech, they are doing a man in the middle on all SSL traffic so they know what you are doing there as well.
~corporate tool, but employed~
I'm assuming you live in on campus housing with the internet connection being provided by the university and pretty much mandatory. I think the old 'vote with your wallet' applies here... don't pay the huge fees for living on campus and find an apartment near by (check the bus routes if you don't have a car, and see if the buses give student discounts). Then you can have whatever internet connection you want. Do it soon, as this time of year, in my experience, is when spots start filling up. Doesn't mean you will have to move immediately, as many landlords near college campuses know students have to complete one housing assignment first, then move. They are usually just happy to have a guarantee of a rent check coming in. If you don't want to stay over the summer, then you may have to work out a deal where you pay half-rent during the summer to reserve the spot or something. Check your options. Find some roommates. See what they are willing to do.
In the meantime, do as others have suggested and see if SSH tunneling and such is blocked. If it is, see about getting it unblocked. You could use the excuse of having to log into a server you own for non-school related projects. Employers like to see personal projects during interviews, and not stuff you were forced to do for class, so blocking that is hurting your chances for future employment. Doesn't matter if you are or are not as that point stands quite well.
Vol~
Try using ProxPN or hotspotshield.
I think it's somewhat common, and mostly just to reduce internet usage (and probably liabilities for illegal use).
Can't you just use tor?
I'd question "anonymous reader's" facts. It's difficult to believe such a restrictive setup would ever exist as a general, university-wide policy. It's much more likely that the "anonymous poster" failed to set up an IT required _proxy_ service, which is a quite common practice. It's also possible that the firewall is for a smaller, restricted part of the network, such as those handling confidential data. Well managed proxies in these environments can help manage network abuse, help prevent or control malware, and restrict potentially network expensive access to porn, P2P services, or to track use of university funded resources, and help manage unregistered clients plugged into the university's networks, especially those using poorly secured wi-fi access points.
I've also regularly seen people refuse to use the proxies who see them as limitations of their rights, and especially as interfering with their use of "their" computers, whether the university or company paid for them or not. This can usually be resolved with a short discussion with the person, explaining why the proxies have proven necessary. It cannot be resolved by giving Slashdot advice about how to work around the firewalls or proxies, because that creates a whole new set of potential problems.
like, blocking stuff that the biggest part of worm-infested laptops brought in by freshmen would try to do. that is, mitigating harm that could be done by careless users. now censoring specific content is BS but there's no patent solution inbetween the two.
When I was at Uni over a decade ago now, the firewall rankled with me (I'm a grown up...let me choose! ;) so being somewhat childish I attached a hardware keylogger and reported a computer fault (I think i cleared the isntalled printers and said the "PC won't print"). Anyhoo, next time I cam back to the lab I had me an admin login. This didn't allow me to access the net through my user, but interstingly the admin account seemed to have pretty much unfettered access to the web. I was too scared to use it, but had I needed soemthing in an emergency...it was there ;)
1- Get a VPS ...
2- Run SSHD on some nice ports like 80 and 443
3- Corkscrew or even PuTTY alone if it's a dumb old and not well configured squid proxy
4-
5- Profit?
This seems to be especially problematic in Australian universities. University IT typically argues that they cannot supply that level of internet access because of the cost of their service. I think that the backend cost needs to be reviewed, because most local ISPs charge a fraction of the cost of what the university charges per MB.
I also think that metered internet access via VPN seems to be a better solution. My PhD supervisor is kind enough to foot the bill for my VPN access which means that I don't have to *** around with tunelling.
You get the usual self-important IT heads here defending their own little network. It's a freaking geeks circle-jerk. The purpose of the IT department is not to run a nice little network, it's to provide service to the users. You don't get to decide what that service is, you just provide it. The number of little napoleons of network admin around here are amazing - "It's my bandwidth, not yours!" "That's not for your degree". Sorry IT gimps, you don't get to decide what's legitimate for me to look up on my university network. You're the plumbers and janitors of the network, you don't get to decide what goes down the lines, you just get to make them work. So stop imposing your own rules on everyone else and just make the system work.
The post got edited somewhat prior to publication. I never asked how to to bypass but how to protest. Lecturers have the same issues. We have game programming courses which are being cut down to not include console platforms as the devkits cant phone home to microsoft. IT wont act even on this. Its not about comics on the net.
...But couldn't you technically get through the firewalls and proxies via a VPN tunnel?
And if the university blocks the standard VPN ports, use non-standard port.
Admit nothing. Deny Everything. Make Counter-accusations.
Turn off the computer and go outside. Go to a bar. Go to a concert. Go skiing. Go to the beach. Go to a party. Repeat as needed.
THIS is what college is for.
Move off campus.
"The Devil does not know a lot because He's the Devil, He knows a lot because he's old." -- unknown
This is a good point. The problem of getting around firewalls is pretty easily solved by Googling. If you can't do basic problem solving, you are definitely in the wrong field.
Also internet access is a privilege. Even "way back when" I went to university some 15 years ago, you could still obtain your own cable or DSL. Do so. Torrent to your hearts content.
Just go to any public library, and you too could be watching all the hard core man on man pron you like while kids walk around right behind you.
It's the American way don't cha know - ZERO consideration for anyone else. Get used to it.
ports and a reason why. Other than that there's no real way of doing it except a few ways.
The world is full of graduates who passed their courses. I want to see something else if I'm hiring, like working on open source projects, writing original papers, etc. This is the sort of attitude I expect from school up to the age of 18, not a university. (And yes, I used to decide filtering policy at a university, though not a US one. Is it better to block Internet banking sites and lose an hour of someone's time to get into town and back, or take the hit and have them only unavailable for 10 minutes?)
Brigham young university has some kind of internet filter. I don't have any experience with how strict it is, though.
Get the faculty mad about it. If yours is like most universities, faculty are the only ones with the pull to demand big change like this.
Go complain that the school library doesn't let you access everything that has ever been printed (books, mags, etc) ... in every country, in every language. After all it is your money and your academic freedom.
Let us know how that works out for you.
Keep the Classic Slashdot.
"If you can go to your course lecturers and justify why you need access to Hackaday to complete your course, I am sure your lecturers have a process to unblock the sites."
I'll bet that you're wrong. In my experience, college IT departments are run separately from teaching staff, and usually from the stance of "we'll tell you how things work" rather than vice-versa. Moreover, this policy is so wildly nonstandard that it smacks of a tyrannical banana-republic college IT department.
Remember: Schools have an administrator side and a teaching side; the two sides are usually in direct conflict; and for the last 20+ years the teachers have always been losing.
We know where leadership by an anti-intellectual "strongman" who scapegoats minorities and likes boisterous rallies goes
The submission I made was edited somewhat from submission through to being posted to the front page. Originally it was stated that all internet access was through the proxy server, with a firewall blocking everything else. So access to anything other than the web on campus is just not possible.
Yes there are ways to tunnel through it, I know that and I did not ask about how to do so. I was asking for suggestions on protesting the issue, who to take it up with, how to go through things the proper way to bring about change.
There are a number of problems with a lack of internet access (I put it this way, because the web is not the internet). One example of such is the games programming course that is offered within the university. Xbox360 devkits were purchased as well as Source Engine liceses to that these could be used for teaching in the class room. These need to authenticate directly to Microsoft and Valve respectively, the IT department has refused to allow these services through the firewall, as such the introductory components of this course are now taught with sub par free 3d engines. The staff are not being listened to either. The purchased hardware sits unused in the lab now.
I am enrolled in a double major, computer science and computer security. A number of the readings for security units are blocked by the content filtering system due to discussions of terrorism or hacking. The lecturer for this unit provides a 4G to wifi bridge in the tutorials (as his complaints to the IT department are ignored) for these classes so that we can access the readings, however research on campus outside of those tutorials is not possible. This is directly impacting the ability of students to complete coursework and conduct research.
Staff members have commented about issues with research systems not having access to the internet (work arounds are NOT provided for academic staff). I know that a number of staff members in the computer science building share the cost of a 4G internet connection so that they can connect to resources belonging to other universities and research insitutions (they can't SSH out to access government research clusters etc).
This is a real problem and isn't just about cartoons on the internet. Yes I have applied for a transfer to another university, but for this semester I will have to remain here.
Universities exist to educate students, and I would say that the idea of a university censoring anything, including what websites its students can access, is antithetical to that -- and it should be unthinkable. If malware is a concern, just disconnect infected systems from the network and refuse to assign them IP addresses until the issue is resolved.
Palm trees and 8
The restrictions applied to the web are draconian, with sites such as hackaday, hypberbole and a half, somethingawful, etc being blocked."
Did you read and understand the TOS/AUP before you signed on the dotted line, proverbially or literally? If you NEED access to sites with such questionable material that they are blocked, why not request access and specify why you need it? That's what's going to happen in the real world after you get a real job. Everything or at least most everything will need to go through multiple layers of bureaucracy to get access to products, tools, or sites. At each level there is always some sort of needs/benefits test done. As I see it the majority of students, the ones fresh out of High School at least, expect everything to be given to them with no limits or stipulations. It doesn't work that way in the corporate working world, so why should it be that way in the corporately ran education world either. I think higher ed should not be just book knowledge, but also to prepare the students for it's going to be like fro the rest of their working lives.
Don't blame me for redundant posts. I can't type very fast. Hence the user ID.
I was in a similar situation. For nearly 3 years I fought against the outdated and shit tastic IT department at my school (whose members i will point out didnt thought that I-Tunes was illegal like edonkey and napster....). There is nothing you can really do when you have an IT squad that thinks their gods and you are their children. The best thing i can recommend is that you need to get someone over them on board or nothing will change.
"I was wondering if this is common..."
In my experience, this is not at all common in universities. (It's the first time I've heard of anything so draconian; contrast this with the corporatists who are accustomed to it being the case in private businesses). Consider calling it an issue of "academic freedom" -- usually that's supposed to be a third-rail issue wherever I've taught.
We know where leadership by an anti-intellectual "strongman" who scapegoats minorities and likes boisterous rallies goes
I work in IT at a Canadian University. In our case, there is no requirement to go through a proxy server. It isn't necessary, although it is a strong solution to prevent running of web sites and bots on student, staff and faculty desktops.
In University, faculty have clout. Talk to them. Get an informed opinion together and make a dialogue happen between faculty and IT services. This will likely help, and if it doesn't right away, faculty can push their issue with the senior administration to get things changed, whether that is change of policy or change of the person serving as IT Director/CIO.
Of course the other option, if you are discovering this in your first year, is to switch to a campus with better IT management.
The relationship between the student and the University is much like customer/client combined with hotel guest if they live on campus. The student should be treated like a customer, and pleased whenever possible. However they cannot expect to go beyond being a guest. A guest does not have the privileges of ownership. This is what rock stars have gotten confused when they trash their rooms. Just because you pay for something doesn't make you king of it. A guest remains at the pleasure of the host. If you break the rules of the host, you are not welcome to remain. Thus most IT departments have rules that if repeatedly broken, lead to loss of network access.
http://en.wikipedia.org/wiki/OpenVPN
Looks like normal SSL traffic to your IT department. Looks like the free and open internet to you. There are plenty of providers out there who will hook you up with a connection for $5-10/month, if you don't feel like setting up your own.
BRENT ROCKWOOD, EST'd 1975
Tor, I2P, proxies...
I don't see the point of restricting anything outside of file sharing, my uni has unrestricted access ecxept file sharing which has to do with bogging down the upload as well as most uses being fairly illegal. It is possible to run torrents and such, but you have to get it cleared by IT using their automated system and you can only do it 50 times a semester, this system cut down federal agent visits on campus from 50+ to less than 5 a year, though feds can't track our internal network very easily or legally so there is that and it has community restrictions where people bogging down the connection during the day get kicked or banned. IT on campus has no problem with keeping the network safe, if you get a virus your computer gets blacklisted until you take it to IT and verify you removed the virus, if you fileshare you are given an automated warning to appeal it if you were doing something legitimate, such as when my phone was flagged for filesharing, it had to do with iCloud syncing, it has since been fixed. I am friends with people in IT and they maybe deal with 100 or so warnings in a week, if you fight it they will either call your bluff or forgive the offence, they see less than 20 viruses a week with maybe one or two being severe enough to require the "official" IT policy of re-installation of the OS, this is with around 7,500 students and well over 10,000 computers. As far as cheating sites, many professors promote them, as our exams are theory based or pencil and paper ONLY so they are made simple enough that if you learned doing homework it's easy, if you cheated on homework you are screwed. Then again this is a university with the majority being engineers so most of us are smart enough have our computers locked down and can solve virus issues easily, maybe other schools need self control in the students more so than IT restricting them, ours is often appreciated with most issues with the network being related to wi-fi during peak times which can't be solved unless IT gets more money with the state possibly cutting 12.5% of school funding this year.
You're right, accessing the Internet is totally like a projector.
A uni with the kind of mentality that the submitter is talking about and that you exhibit have no place in modern society. It's anathema, totally opposite of the whole idea of a university and the university experience.
In two ways:
1) JFGI is the go to strategy for most things IT related. It is one of the first things I teach our students. Have a problem you don't know the solution to? See if someone else already solved it. Don't waste time reinventing the wheel, the solution may be out there. Even if not, someone may have done something related that will set you down the right path.
2) Youtube is where we are now posting instructional videos. When there's something that students need to see over and over that doesn't change, like an introduction to lab equipment, I shoot video of it, edit it, and upload it to Youtube. Students can then watch it at the leisure, at home or on campus, rewatch it when needed, and other universities can make use of it, should they find the content useful. It is a valuable tool for reducing the time faculty spends on things as well as enhancing the education students receive.
The Internet isn't just for LOLcats anymore. It is used for real work and education.
Also, when you are talking the dorms, I feel (and we've been told here this is legally the case) that the university has an obligation to provide unfiltered access. It is your home, you do what you like. If they are unwilling or unable to do that, they ten need to open it up to competition: Let the phone and cable companies sell DSL and Cable Modem service. You can't go and declare yourself a monopoly and then also offer restricted service.
The best way to get something done like a policy change is to go through the marketing and retention office. If people start to put down one of the reasons why they are leaving as draconian internet policies, they will tell that to the president of the university and president will then tell the head of IT to fix the problem that they created.
In all Universities there is an "Inner Circle" formed by network admins, who are impervious to proxy filtering.
The incantation to enter that select group is:
"Hey, I'd like to help with the university network maintenance. Can I do it as a practice? I'll do it for free."
This psalm recited to the right university demon will get you access to the University's network system. With luck, in 1 or 2 months you will have the relevant network keys/info. Probably you will have the rights to whitelist the pages you want.
Then move out of there.
This is a position of power and trust. It isn't given to volunteers. That would be like volunteering to look after the SWAT teams guns, or volunteering to clean the bank vaults. You must have watched a lot of Commando Cody or something as a kid.
However people are often loathe to switch universities.
Parent is right though, lots of universities don't do this. We have no web filter, at all, where I work. Not only are they expensive, but they are ineffective. It would surely block shit that was legitimately needed for research, and fail to block things it should. Better to just do without.
You can find universities, plenty of them, that will not fuck with your net access. Now they'll all have AUPs and the like. You get caught doing illegal shit you can get in trouble, and if you try and suck up more than your fair share of bandwidth you'll get snarled at (or they'll be rate limits to just keep it form happening). However they won't restrict where you can go, or what protocols you can use.
Look at state schools, and particularly research schools (where I work, both are true). State schools, being a public entity, have a duty to provide the public access, including students. Research universities understand that arbitrarily banning shit interferes with research and thus is stupid.
At my college we started with no controlled Internet for the most part. During my third year in college they implemented a filter that did similar to what the poster's college is doing. Our solution was to spread the word. Our college was primarily funded by donors and one of our strategies was to contact the donors and past alumni to get them to cancel their funds until the issue is resolved. That took care of the problem awfully quickly. The strategy is go for their wallets. We also had that crappy CleanAccess program by Cisco and bandwidth limiting; those two didn't get fixed until the guy in charge was fired.
Plenty of people did directly help. Pointing him to setting up SSH tunneling or VPN services, to either be bought or setup himself to route around the horrible network he's on. Or fight the policy above the IT department. I'd add look into transferring to a different institution or off-campus living.
So no "your" help is to tell him not to try.
Now that you've determined IT management isn't interested, it's time to escalate.
Have PARENTS -- yes, the ones paying the tuition/room/board bills -- contact the administration. There are few things more effective for moving administrators, than concerned contact from a parent who expresses concern that their money is not providing the kind of educational experience they hoped it would. (Things that are even more effective: contact/concerns from accreditation boards, from the institution's Board of Directors, from Big Donors, from the state legislature if the school is public, and from Alumni who fall into any of these categories).
Who should your parents call? If the filtering is hampering study, research, or other academic matters, call the Academic Dean or even Provost. If it's a complaint with the "campus life" atmosphere, call the Dean of Students/Student Life/whatever-it's-called-on-your-campus. Or just go right to the top and call the President's office. Or even better, send a letter to all three, wait 3 or 4 days, and call the Prez.
In addition to other concerns, have parents point out that students and instructors are being forced to access the Internet via alternate means at their own expense, that some such means are undetectable and unblockable (3G/4G), and thus the campus network is MORE porous and undefended as a result. Mention competing schools in the area that have better policies.
Change may not occur immediately but the conversation should begin. Involve student government -- can they make it enough of an issue to appear in a local new story? Lobby the faculty union if you're lucky enough to have one.
Make popcorn.
Do they block VPN connections out of your university?
> He's asking what options are available for getting around a problem he has.
There have been a couple of legitimate suggestions, if you've been reading...
1) Get their own internet
2) Present a reasonable sane argument to the university administration which probably gives the IT department their marching orders.
> The topic wasn't started to debate whether it was a good or bad policy; whether
> the IT department here was doing their job well; whether they were just crazy
> with power. Nor was it a pity plea; they don't want your derision.
If you're going with option #2 above, then you damn well have to take the real world into consideration
* know what real-world problems IT is facing
* be capable of marshalling facts on your side
That was why all the explanations of what's happening.
I'm not repeating myself
I'm an X window user; I'm an ex-Windows user
I do find that the idea that giving unlimited internet access to a bunch of hormonally challenged students to be a one-way ticket to malware hell. It would be remiss of the IT department not to operate a white listing approach to their internet with a process in place for having a site added to the list.
Why would anyone go to a university that doesn't provide internet access?
Someone here saying "it's their network," are you joking? School isn't cheap. Are they going to refuse you classes and textbooks too?
I can't conceive of a modern university not providing internet access. Internet access does not just mean HTTP. Tell us the school, I can't imagine anyone knowing this in advance would go there.
I seriously think you'd be better off dropping out and getting a job then spending another day in a university that doesn't offer internet access. That's just a waste of time.
Hello, I had the same problem at my university. But I got around it by having an SSH server at home set to listen on port 443 (SSL). I then tunneled in using putty via flash drive (renaming "putty.exe" to "iexplore.exe" if it computer restricts foreign executables) and used remote desktop to explore the interwebs. I also tunneled EVE Online through this tunnel as well, playing games at school... shame on me.
This is the 21st century. Internet access, not web access, is as much a life requirement as a telephone.
Errors in a university's behavior tend to be reflected in the reputation of its degree. An error as outrageous as what you describe is very unlikely to be the only one. Flawed decisions will have been made in every other aspect of university administration. The breadth of those errors is likely to impact the value of any piece of paper you leave there with. If you don't want to waste your time, find a better university and transfer
Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion.
* we chose a file name that matches some regular expression deemed dangerous by their IT staff ... (Yes sir, gamesexpert.com is not a sex site!)
Yep! I remember when the firewall used to block the old JPL Mars exploration website, marsexploration.jpl.nasa.gov. Notice those three letters in the middle of the word "marsexploration." --JPL eventually renamed the site.
And don't even try to access the old physics preprint site, xxxlanl, any site beginning with those letters just has to be pr0n. (that one got renamed, too)
http://www.geoffreylandis.com
transferring is so bad states have law forcing them to take community colleges credits.
But over all that is a sing that the collage system needs change / reworking.
I say brake it up in to smaller chunks / badges
http://news.slashdot.org/story/12/01/08/221257/do-online-educational-badges-threaten-conventional-education-models
http://chronicle.com/article/Badges-Earned-Online-Pose/130241/
Pay for your own access.
There is no "-1 offended" or "-1 you don't agree with me" mod options for a reason.
He didn't ask how to hack his way around the firewall, he asked how he could most effectively protest the issue and if this was common.
I *hope* it is not common, or the US is doomed.
Don't call it a fucking "firewall" in your title and then a content filtering proxy in the body. You sound like an idiot.
I shouldn't need to explain why your web proxy isn't a firewall.
was wondering if this is common, and if anyone has any suggestions on how to go about protesting the issue. I've spoken to the lecturers and they have the same frustrations I do.
No, I'm PRETTY sure he's asking about ways of protesting and getting this fixed, not about circumventing blocks in place...
Find a better university.
The core idea of academia is the free flow of information. A university that cannot solve problems without discarding its principles has nothing useful to teach you.
Make sure you tell 'em why you're leaving.
It is definitely the tail wagging the dog here, but if I go directly to the CIO, with the support of the dean and president, thinsg do get done, and graciously so... so the dog still can be the wagger if it so chooses to.
With the major media labels suing businesses and universities, with their continuing push in Washington to purchase a SOPA/PIPA from the US senate and house, with ACTA getting turned on in many nations, providing internet access of any kind is a risk that carries a high price tag... You can hardly blame them for taking the cheap way out and just blocking access to non-web traffic and from sites that may expose themselves to further lawsuit risks... And to the OP that started this thread, get used to it baby. You're going to graduate from this college and move into the business world where they, too, block internet access to even more stuff than what the university is blocking.
Tunnel via port 80.
Seriously. OpenVPN can even breach HTTP proxies. You can also make the server to listen on any port that they allow direct communication. It operates on both TCP and UDP.
It would be pretty much the death of higher education in America if what you say was implemented.
We know where leadership by an anti-intellectual "strongman" who scapegoats minorities and likes boisterous rallies goes
In college I used to tether as well. Back then you were lucky to get 33600bps on the dial up.
give www.hidemyass.com a try, they have a awesome service for this type of thing.
Tor. Use it. http://en.wikipedia.org/wiki/Tor_(anonymity_network)
i'm not young, but i find it disturbing to find that as the /. user
community ages, so many of us have become "the man".
i hope to avoid this trend by remaining immature and continuing
to find universities filtering content to be assinine, short-sited,
a waste of time and lazy.
Most IT people are to lazy to filter port 443(https) You might be able to use a proxy there. Some also don't block ports. You can use putty to generate a ssh proxy. If all else fails, put a ssh server on port 80 or 443 and use the putty method. I do this all the time, in schools, and public buildings.
If you re-read the post I never asked how to bypass these things. I agree it isn't difficiult.
I can draw an analogy, if you don't agree with a law, should you try to change it or just break it?
If you'd like more information take a look here: http://yro.slashdot.org/comments.pl?sid=2693917&cid=39171653 this isn't about torrenting or comics on the internet, legitimate course materials are also blocked.
Youtube and torrents OVERWHELMINGLY consist of purely entertainment content, not college educational content.
Seems like you need a little more education on how to do basic math and how to recognize things at face value.
If States thought it was bad to transfer, they would pass laws to discourage transfering college credits. If they are passing laws that require college credits to transfer, they must believe it is a good thing to transfer. The lawmakers seem to want to encourage it. Or did you mean 'BAD' as 'GOOD' like: 'That is one BAD A** M***** F***** transfering all those college credits from their community college'?
Does this statement have to do with art school? I'm not sure what singing and collages have to do with the topic.
Just call quizes 'chunks'. Then call tests 'badges'. Finally call semesters or quarters or trimesters 'patches' and you have implemented the new educational model. Baden Powell would be proud.
I have the same issue at my university. The IT staff seem almost draconian in what they decide to block. To get around it I either SSH into my own personal proxy outside the university or use Hotspot Shield which creates a VPN and gets you around the firewall.
I work for K-12 and attended a public university. At university, PERSONAL devices connected to the network were pretty much unfiltered. UNIVERSITY computers available for student use were filtered. Filtering university computers keeps students from denying other students valuable resources, simply because they want to watch some guy getting kicked in the junk over and over on Youtube or spending hours on Facebook. Most of the easily accessible and large computer labs are like parking lots on Black Friday during peak hours, this is without the ability to get to facebook, youtube, twitter, ebay etc.
You might think you are invisible, but in all reality, they're probably logging your every move. Trust me, much more than you can imagine can be logged/captured. I manage web filtersingfor a large corporate environment. In the bigger shops, it's not the IT guy that makes the decision on this stuff. It's the legal counsil, HR, and CSO (cheif security officer). Even though I have all the knowledge to bypass it, I surf with caution while on the job. Changes are logged, multiple systems log traffic, so anything questionable will used against you if a legitimate reason is found. By the way, setting up an SSH listener on 443 might not work. The really good filters have caught up on this practice and will still stop it if properly configured (for example, Palo Alto boxes!).
Be aware you that are most probably bound by a usage agreement you signed when you entered university. If you violate this agreement, the University in question may a) suspend/expel you b) refuse to graduate you c) other retribution. Your choices are a) get another provider (3G/4G dongle) b) convince the university to change it's policy c) Live with it d) Leave the university (and presumably attend another with less draconian policies) e) start up your own company / provider to allow yourself and your fellow students access to unfiltered internet.
Note that his applies to work networks as well as more and more companies are locking things down tightly.
"Computer Scientists can count to 1024 on their fingers" (non-mutant, non-mutilatated, human computer scientists)
Set up a remote desktop to home computer through the https port, then use internet on home computer. Its not the fastest, but it works.
It's not your university's job to provide you with access to the Internet. Be glad to have at least some access. If you want more, do what others are doing and use your phone / dongle.
I can't speak for the whole community of universities, nor have I worked at one in a few years. That said, I think there are cultural issues here. WHen I worked at a University, we even debated whether someone would have a legitimate reason to receive email viruses.
At the place I worked, there was NO firewall. Well..there was, but, it was opt in, only specific critical hosts were behind it. Users were not, the main service machines were not.
It was seen as a matter of intellectual freedom and not wanting to restrict anything that might be legitimate research. However, as I started with...its cultural. We had people in IT who were long time academics and who were used to this and even championed it.
"I opened my eyes, and everything went dark again"
Someone needs to take your IT Director by the ear and explain to him the differences between a corporation and a university.
1) University folks generally get paid less than their corporate counterparts
2) Basic research occurs on all levels, not just in the lab. Innovation in the network, software development, etc. happens and is expected to happen with the staff as well as faculty. It's a learning environment. It's a try-this environment.
3) A university's most basic tenet is access to information and that goes both ways. By inhibiting what is likely the largest fountain of information and means of transferring that information, it's a little insane. Tell your IT guy to work on better security techniques: locking your kid in the closet may keep him safe but it's not a good idea.
I'm curious about this "University". The University I attended was a state University(in the United States) that would never have restricted internet access, because that would prevent professors from doing research. I suspect that you're at a trade school masquerading as a "University" in which case this sort of thing is very common. If that's that case you should just work from home. If you must work from there ssh to a virtual server as mentioned by others is best.
Besides, why should the tutors care? - If people waste the lessons updating Facebook instead of getting smart, they'll simply fail and thus have wasted their tuition. I hope Facebook was worth it, but the tutors shouldn't care less if the students are that stupid.
Because most teachers go into teaching to get students to learn? Because a lot of institutions tie student performance into their evaluations? Because students that aren't paying attention are more likely to distract their neighbors? etc etc...
Because teachers with no classroom management skills can't handle potential distractions? Because intro classes are too big for anyone to manage? Because a lot of institutions incorrectly apply industrial metrics to human dynamics?
There are other concerns about unfettered Internet access in the classroom that go beyond the ideals you mention. My wife has had unfettered internet access in her classrooms for seven years now, in three different schools, and has had very few problems and none recurring. Granted, she's at the middle-school / high-school level instead of university, but plenty of her students have had laptops and smartphones in class. The keys are 1) having small enough class sizes that you can manage them effectively, and 2) having the classroom management skills to get in front of any potential issues and making sure the kids are paying attention to you instead of Lady Gaga. She's found that classes upwards of about 28 students really start to spiral downwards.
As such, the many intro uni courses with 100+ students can't possibly work, unless the students themselves are invested in their own learning. That said, cutting off internet access is no guarantee that otherwise distracted students will suddenly find themselves raptly attending the teacher's words.
"What in the name of Fats Waller is that?"
"A four-foot prune."
If you can, move to a dormatory at the edge of the campus. See if there are some SSIDs that you can pick up from your room. If you do, then you've got a good starting point for the next step. Which is going up and down the houses on adjacent streets with flyers giving some contact info and offering to pay $20 a month for guest access to their wifi. (Maybe you can go lower or higher - if lucky somebody might be giving away wifi for free, but that $20 price sounds about fair for starters.)
It might work, or it might not. This would be much cheaper than using a cellular service, and less hassle than trying to tunnel through the schools network which may be against IT policy or who knows what. Only downside is you got to make sure whoever is letting you on their wireless network is trustworthy enough, such that you don't get ripped-off or become the subject of MITM hacks. Likewise, you also have to be fair about how you use the network bandwith if it tends to be limited in some regards.
One last option to consider is that college towns usually have restaurants, cafes, or bookstores right outside of the campus which are popular because they have wifi access which isn't restrictive. If you scout around, you'll know of these places because you'll see the laptop crowd hanging out there.
ever take uP?
I lived off campus (near campus, but off). I had my own el-cheapo dialup internet. I couldn't afford much in the way of internet, and didn't have a lot of time surfing the web as I was usually too busy studying!. Although a few times per semester my housemates and I would go out and drink (we didn't have a lot of beer money either). Since I had my own net connection, I didn't care how draconian the university was. Mind you, I didn't use their computers either, I generally used my own since 1) The lab computers were either all occupied, 2) The lab computers were 'taken over' by some prof. wanting to run some kind of big processing job and the lab machines are a cheap and readily available cluster. 3) The lab computers in general were slower than molasses in January. Sparc 1+ machines were craploads slower than my 66 MHz '486 (with 16 MB of ram!!!). Ok, its a few years ago, but still....get your own net connection. Budget for it.
having been to meetings in corporate offices, government offices, and universities, I have to say that getting ordinary internet access is the hardest in universities, generally; which is strange, as access to information and communication is fundamental to their mission.
I'm a sysadmin at a large Canadian University, and for the most part we try not to have any draconian policies on our network. I always thought that was what separated us from real corporate networks; Corporations need white lists and stuff because really there's very little excuse for their staff to access Facebook or other sites that aren't strictly work, but Universities are supposed to foster innovation and freedom to pursue knowledge. We CAN'T limit your internet access if we want to do that, it's completely counter to university culture. There's always a legitimate reason for accessing all sorts of different sites, heck we can't often even blog spam/phishing sites because there may be some faculty studying them and they'd raise a giant stink if we block them. So our network is generally very open.
However, we are responsible for making sure that everyone on the network has the same access, and that means throttling services that are a drain on bandwidth i.e. streaming video, bittorrent. Of course it's mostly students who use those services the most, so they often see IT as unfairly targeting them when we're really just trying to make sure that everyone gets a fair chunk of the network.
There's also just a general lack of security overall within university networks. If you run a server and it gets compromised, suddenly there's a system that's on our network that could cause trouble. So anyone running something even slightly questionable, if we notice it we have to shut it down.
Then there's the fact that the big bad guys out there are monitoring us. We get copyright claims and cease and desists type stuff fairly regularly, I wish I saved a couple of those emails to show. The big wigs don't want to have to deal with "making a stand" against stuff like that, so we have no choice but to disconnect people who have been caught uploading movies and other copyrighted material. Again, it's something that students are doing mostly, so it appears we're targeting them when we're honestly not. As much as I'd like to give those guys sending the notices the finger, it's not my decision.
What I'd suggest is make friends with your IT guys. Give them a legitimate reason why you want to do something, aside form just "well I should be able to because I'm paying my tuition". Often times they'd probably help you and suggest ways around some of these blocks and white lists. So long as you don't affect other users, or get the university in trouble, they're probably on your side.
DSL or Cable.
If you are in dorms and neither is an option, 4G is.
The university network is there for a specific purpose - to provide the university with access to the sites and communications necessary to the function of the university, and to maintain the integrity and reliability of those connections. If you want to access things outside what the university defines as necessary to this function, you are welcome to do so, apparently, through the use of external connections. If you want free access to any pron site that strikes your fancy, you're asking for something that doesn't apply to the university's needs, and if it is not available to you through their network, it is a simple decision. buy it yourself, or whine much harder. As for the people telling you that the IT staff needs to be educated as to how to serve the student's needs, they need a lesson in exactly how much work is involved in cleaning up after the students that go blindly into the web trusting that they won't face any consequences, and the costs of providing an infrastructure that can support the campus without assuming the responsibility for every student's irresponsibility. If you have email, access to your university coursework, resources and search tools in a secure and dependable environment, the IT staff is doing their job admirably. If you want unrestricted access to anything on the net, regardless of its provenance, to download any movie or streaming video, pron or game site, tell mommy and daddy that you need the money to buy a 4G data device and pay for the bandwith/content you want.
Comment removed based on user account deletion
A lot of post have dealt with the technical aspects of overcoming the firewall. While this may help in the short term, it doesn't help your friends or future students. If you're willing, you may want to consider taking this up with provost/president/ombudsman/et al.
The easiest place to start is a local editorial. Your campus newspaper, local newspaper, local TV news. Tying your campus as against net neutrality should get enough people to pay attention.
Next, consider famous alumni. There was a policy that was in the process of becoming a rule at the university when I was a student. When I graduated, I told them that I wouldn't pay alumni dues until this policy was scrapped. Of course, one alumni not paying dues is not really an issue. But when I started posting on the alumni message boards about the issue and more alumni got involved (some far more famous than me), the school quickly reversed the policy. Money, unfortunately, speaks louder than words.
Another avenue is to speak at school board meetings. These meetings are often public but not well advertised. You may have to do some hunting to get this information.
Finally, form a campus group. Get students involved. Raise awareness, have a fun run, etc.
You want to make the cost to maintain the firewall unacceptably high. This might be a hard hurdle since they are probably weighing the cost to maintain the firewall and the cost of a free-for-all internet connection.
We don't live in Shouldland.
If they have a laptop, there are games, etc.. The internet is likely no more or less a distraction in this case.
The University is preparing you for life at work. Do you really believe that in a work environment their won't be a highly restrictive proxy?
Get over it. It is their network to run as they like, not yours.
If you want control over the network - you need to buy it.
At work if you try to get around network controls, you'd be fired. Your actions could have dire results to the company and cost millions should you cause something bad to happen.
Thank you for doing this, you are so fucking awesome!
Also you can use HTTPTunnel on any PHP enabled server (with almost no other requirements) and connect to it with the multiplatform Perl client to open a local SOCKS server (there are other projects named like this one, but this is the only one that really works). The client supports HTTP proxies and the request are normal HTTP GETs/PUTs (not CONNECTs). The project is not being updated since 2010, but it just works (even tho the SSL part has problems, but you can just configure the PHP folder on an HTTPS web server and use stunnel in front of the client).
Then under Windows many programs do not support the SOCKS protocol to connect to the client (I'm looking at you, Remote Desktop), but you can just run ProxyCap to transparently redirect single programs (or all of them) through any proxy. There are free (as in beer, mostly) alternatives to ProxyCap, but they are either not updated (i.e., they don't work on 64-bit systems) or they are likely to deeply mess up the windows network driver configuration when you remove them (or both).
1. Change.org 2. Put pressure on the administration to change the censor policy: Get your fellow students and the faculty to sign a petition, then present the petition to the university of the president. Use social media to get the word out. Try to get an article in the local or national press. 3. Transfer to another university that does not block basic access to information, and write a letter to the president explaining why you are transferring and how you are going to encourage all of your fellow students to do the same.
But it's the assumption he lives on campus, and therefore, does not have the ability to distinguish between the two (especially since it specified "university" not "community college" or "local college")
You could always use something like fireBwall to write a module that avoids using the proxy. I use it often if a hotel WiFi uses ARP Poisoning to force you to register on their network. fireBwall lets you write modules that control your network flow. I know this is a shameless plug, but it really could help. http://firebwall.com/
the devkits cant phone home to microsoft
And nothing of value was lost.
Assuming you have some kind of internet at home, put up a cheap server out of old hardware, set up opensshd and then tunnel through to that with Firefox + Foxyproxy. You can even tunnel your DNS queries from Firefox that way.
If you're on Windows, you might have to run a portable Firefox if they've locked down the desktop of course.
ssh -l [username_at_home] \
-o TCPKeepAlive=yes \
-X -g -D localhost:8888 \
Then, in Firefox after installing Foxyproxy change the following in about:config:
## network.proxy.socks_remote_dns: true
## network.proxy.socks: 'localhost'
## network.proxy.socks_port: 8888
## network.proxy.socks_version: 5
## network.proxy.type 1
I might be missing some other stuff (specifically to routing DNS through the proxy) but that's the basic setup.
I find it's rather easy to setup a reactive filter. Make the rules known like no bittorrent during certain times + Heavy handed QoS makes life much easier. As a network admin my goal is to keep the network working. I'll let you do pretty much anything on it till it becomes saturated, then it's show time. I'm talking laying down the law, wraith of god style. You break the rules during peak load, enjoy dial up until the pipe frees up. Best part of this it all happens automatically. Universities that don't have some type of automated system in place and are filtering based on content beyond malicious sites need new management.
I do admit to filtering differently based on time and location though. If your in one of the lecture halls Facebook just doesn't exist (even through your SSH tunnel ;P). If I feel really nasty (ie, get woken up at 1am) I'll let you connect to Facebook, but wont let it talk to you. It's very effective at stopping all sorts of things this way, it's also very good at crashing browsers and proxy programs.
This is common in UK Universities, JANET ( Joint Academic Network) started charging based on transatlantic traffic - as a result almost all University's instroduced Squid proxy's for the dorms/hall of residence. This charging mechanism has changed now many of these proxy's remain in place for security/performance reasons.
There are a number of ways to circumvent this:
- Change your IP address to one outside the blocked range
- Login to a Unix account and use SSH
- Use a VPN server (open VPN can be tunneled over HTTPS if you run your service on TCP port 443)
Proxy your traffic. If there is any connection thru the firewall to a system you control, you can proxy thru it. The tighter the firewall the more annoying and performance impact it will be, but it will work.
Do they blacklist or whitelist? Blacklist means you have a good chance. With a whitelist, aka they lock it down so you can only connect to a few specific internet sites, you may be SOL.
Some places firewall to protect from legal liability, "we have a firewall and we block that site/content but the offender bypassed our firewall." If you bypass the firewall, you take the blame and responsiblity squarely on yourself.
Some places firewall to protect from problems caused by the clueless, so if you bypass the firewall, do try not to cause problems for other network users.
Some places firewall because they themselves are clueless and/or frightened. Not much help for that, I'm afraid.
Remember the correct pattern of thought... Think of the firewall as your ultimate university exam. Pass it. Quietly. This means you first need to learn about the subject -- networking, protocols, tunneling and firewalls in general, and your university firewall specifically. It will be very educational, and isn't that why you are in school?
Enjoy learning.
You can use "Tor". Google it up and you'll know what it is (btw its an Open Source Project so its free :P).
Been using it for like..2 years maybe :| Should work great (if you have good speeds available through your Univ. Network)
Cheers,
echo9
porn on your phone
Download firefox setup an put it on ur pendrive and bring it to collage then install it! Go to settings, advanced network an click proxy! Follow me on twitter: OxideParadox