It's what prevents me from starting a search engine named "Google", and what prevents you from opening a computer company named "Apple"
But, what if you started a company that built computers that were sold exclusively to farmers who have apple orchards to keep track of their harvest. Could you call that product an "Apple Computer"?
One of the sessions I attended at Interop this week mentioned a similar service offered by AT&T. Supposedly, they have enough bandwidth and computing horsepower to deal with DDOS attacks that are directed toward their customers.
"AT&T handles 40% of the Internet's traffic" - quote from that session.
-s
Any company serious about monitoring the content of company email is going to simply block TCP port 110. Is the a specific *business reason* why port 110 is open at your site?
Let's assume that TCP 110 isn't blocked. Are there tools which could monitor 3000 people using port 110? Yeah, it's not too hard.
There aren't any ports that are more or less likely to be monitored. Everything is watched and any anomalies are recorded and investigated. Move your POP server to port 8110? We'll find it there too. Move your POP server to port 80 and you'll find that it doesn't work because of our HTTP proxy.
Since POP3 is not encrypted, you should not be moving anything over that connection that you wouldn't want your employer to know about.
Mr. Goat: I concede that yours is the more powerful intellect but I have one more situation for you to consider now that we have moved to the discussion of restrooms:
If I was employed in a line of work where my mental abilities and reaction times could mean the difference between life and death, would the company have the right to "intercept" my urine or samples of my hair?
I am thinking of airline pilots, bus drivers, subway engineers, etc. My behavior can put the company at risk (as well as people's lives). Does the company have the right to "monitor" my urine, blood or hair to detect my use of a substance that could negatively affect my judgement or response time?
But, Mr. Goat, it is highly unlikely that my employer will lose trade secrets, be part of a sexual harassment lawsuit or be infected with a computer virus as a result of anything I do in the Men's Room.
I can do nothing in the bathroom that will endanger the company. Sitting at a keyboard, I can do all kinds of things that put the company at risk.
So what if we told you we're just making it all up?
Well, I've seen things like this in the real world so I already knew about most of the "clever workarounds" that people employ to circumvent the security measures we put in place.
As for "wasting corporate resources", what is your position on the dozens of posts from people who feel it is their God-given right to send personal emails on company time from company-supplied PCs? Aren't those folks wasting corporate resources as well?
We do not have the ability to monitor email that is sent via http (Gmail) or retrieved via POP3. Please continue to use these protocols from your work PC, on company time.
Sooo....if rigorous monitoring and filtering could stop someone like this guy, would you feel a little less 'scared' about the monitoring and filtering?
http://www.jsonline.com/news/metro/sep04/262570.as p
???
Dude, doing something like that is going to show up soooo easily on the systems I use to monitor the various firewalls at our perimeter. It is very likely that I do not even have the ports/protocols opened that you need to connect to your home system from your desk at work.
If I caught you purposely building a tunnel to your home PC (which then provides an avenue for worms on your home machine to attack the corporate network), you would not be employed much longer.
If you have a high-paying job that you love, I'd go easy on the "I'm building a secret VPN tunnel to my home network" thing. If you are just a peon and you can get another $10/hr job the same day they fire you, then ignore what I said above.
that's funny advice coming from someone hiding behind Anonymous Coward
Repeat after me:
"I am at work. I am using the company's PC, the company's network and the company's Internet connection. I have no expectation of privacy while I am at work. I am supposed to be *working* while I am at work."
i have to agree with the grandparent. when you are at work, then work. do your porn-surfing (onling gambling, listening to streaming audio, etc.) at home.
In a perfect world, we could leave Websense turned-off and people would just know better than to go to Playboy.com while they are at work. But people don't know better.
Same goes for online gambling. Which part of your job description requires you to access gambling sites?
One of the big hot-buttons is using IM at work. Personally, I feel that if people use it for occasional communication with friends/family, then it is not something for us to block. For example, a mother or father may IM with a child to see what the plans are for after-school. This kind of stuff is part of the give-and-take for the "knowledge workers" you mention.
we are sometimes expected to work more hours or answer pager calls late at night. in return, sending a few messages via IM to find out if little Suzy has soccer practice tonight is not going to bring the company network to its knees (or get us sued).
Yup. You are being proxied. There is either an explicit proxy setting in your browser or your outbound traffic on port 80 is being silently re-directed by something like WCCP.
If you running something other than HTTP traffic on port 80, expect it to break.
This is a known problem for the Citrix client which uses TCP port 80 but it is not communicating via HTTP.
If you could see the firewall config at your workplace, you would most likely find that the only IP address than can send traffic *out* via TCP 80 is the address of the cache/proxy. Certainly, no PCs will be able to talk successfully to the inside interface of the firewall on port 80.
Please keep trying tricky things like running SSH on port 80 so you can get to your home PC from the corporate network. This kind of stuff makes it that much easier for me to justify the purchase of extensive logging and monitoring tools to police users who can't be trusted to use the corporate network according the the corporate AUP.
Our firewalls at work do not allow outbound connections on TCP 5800 (or 5900).
Repeated attempts to leave the corporate network on port 5800 would certainly bring unwanted attention in your direction from us (I.T.) and your manager.
On a related note, see my post below about "well, then just make it run on port 80..."
Slashdot Mirror
> I don't see any reason why common names are a problem when they apply to a narrow domain.
Well, I do. Who gets the domain www.tiger.com?
For an interesting twist on this question, point your browser at www.nissan.com.
-s
It's what prevents me from starting a search engine named "Google", and what prevents you from opening a computer company named "Apple"
;^)
But, what if you started a company that built computers that were sold exclusively to farmers who have apple orchards to keep track of their harvest. Could you call that product an "Apple Computer"?
You do know that John Titor posts to Slashdot once in a while, don't you? ;^)
One of the sessions I attended at Interop this week mentioned a similar service offered by AT&T. Supposedly, they have enough bandwidth and computing horsepower to deal with DDOS attacks that are directed toward their customers. "AT&T handles 40% of the Internet's traffic" - quote from that session. -s
Uhh, he's busy right now. He's having an old friend for dinner... ;^)
Any company serious about monitoring the content of company email is going to simply block TCP port 110. Is the a specific *business reason* why port 110 is open at your site?
Let's assume that TCP 110 isn't blocked. Are there tools which could monitor 3000 people using port 110? Yeah, it's not too hard.
There aren't any ports that are more or less likely to be monitored. Everything is watched and any anomalies are recorded and investigated. Move your POP server to port 8110? We'll find it there too. Move your POP server to port 80 and you'll find that it doesn't work because of our HTTP proxy.
Since POP3 is not encrypted, you should not be moving anything over that connection that you wouldn't want your employer to know about.
-s
I could tell you but then I'd have to take you to a meeting in the corn field. ;^)
http://www.imdb.com/title/tt0112641/
Mr. Goat: I concede that yours is the more powerful intellect but I have one more situation for you to consider now that we have moved to the discussion of restrooms:
If I was employed in a line of work where my mental abilities and reaction times could mean the difference between life and death, would the company have the right to "intercept" my urine or samples of my hair?
I am thinking of airline pilots, bus drivers, subway engineers, etc. My behavior can put the company at risk (as well as people's lives). Does the company have the right to "monitor" my urine, blood or hair to detect my use of a substance that could negatively affect my judgement or response time?
But, Mr. Goat, it is highly unlikely that my employer will lose trade secrets, be part of a sexual harassment lawsuit or be infected with a computer virus as a result of anything I do in the Men's Room.
I can do nothing in the bathroom that will endanger the company. Sitting at a keyboard, I can do all kinds of things that put the company at risk.
-s
Actually, we do.
So what if we told you we're just making it all up?
Well, I've seen things like this in the real world so I already knew about most of the "clever workarounds" that people employ to circumvent the security measures we put in place.
As for "wasting corporate resources", what is your position on the dozens of posts from people who feel it is their God-given right to send personal emails on company time from company-supplied PCs? Aren't those folks wasting corporate resources as well?
No, you are safe.
;^)
We do not have the ability to monitor email that is sent via http (Gmail) or retrieved via POP3. Please continue to use these protocols from your work PC, on company time.
1. Are you using the company's PC?
2. Are you using the company's network?
3. Are you using the company's Internet connection?
*Anything* you send over the wire while at work is property of the people who own the infrastructure (your employer).
-s
Sooo....if rigorous monitoring and filtering could stop someone like this guy, would you feel a little less 'scared' about the monitoring and filtering? http://www.jsonline.com/news/metro/sep04/262570.as p
???
So... did she get burried in a corn field?
;^)
And is there now an opening in the I.T. department at the Tangiers?
USB ports are crippled
;^)
tsk, tsk. these days we prefer more Politically Correct terms like "the USB ports are connectivity-challenged."
There's a small possibility
Dude, doing something like that is going to show up soooo easily on the systems I use to monitor the various firewalls at our perimeter. It is very likely that I do not even have the ports/protocols opened that you need to connect to your home system from your desk at work.
If I caught you purposely building a tunnel to your home PC (which then provides an avenue for worms on your home machine to attack the corporate network), you would not be employed much longer.
If you have a high-paying job that you love, I'd go easy on the "I'm building a secret VPN tunnel to my home network" thing. If you are just a peon and you can get another $10/hr job the same day they fire you, then ignore what I said above.
-s
that's funny advice coming from someone hiding behind Anonymous Coward
Repeat after me:
"I am at work. I am using the company's PC, the company's network and the company's Internet connection. I have no expectation of privacy while I am at work. I am supposed to be *working* while I am at work."
-s
I setup SSL-protected access to my mail because my employer has no right to my personal business.
But the first person who downloads a file harboring a virus while they are checking their "personal" email will end it for everyone.
-s
i have to agree with the grandparent. when you are at work, then work. do your porn-surfing (onling gambling, listening to streaming audio, etc.) at home.
In a perfect world, we could leave Websense turned-off and people would just know better than to go to Playboy.com while they are at work. But people don't know better.
Same goes for online gambling. Which part of your job description requires you to access gambling sites?
One of the big hot-buttons is using IM at work. Personally, I feel that if people use it for occasional communication with friends/family, then it is not something for us to block. For example, a mother or father may IM with a child to see what the plans are for after-school. This kind of stuff is part of the give-and-take for the "knowledge workers" you mention.
we are sometimes expected to work more hours or answer pager calls late at night. in return, sending a few messages via IM to find out if little Suzy has soccer practice tonight is not going to bring the company network to its knees (or get us sued).
-s
the IP they go to, and the port they're going out on
and what will that get you? just because you can talk to the proxy doesn't mean the proxy is going to let your traffic out of the network.
-s
Yup. You are being proxied. There is either an explicit proxy setting in your browser or your outbound traffic on port 80 is being silently re-directed by something like WCCP.
If you running something other than HTTP traffic on port 80, expect it to break.
This is a known problem for the Citrix client which uses TCP port 80 but it is not communicating via HTTP.
If you could see the firewall config at your workplace, you would most likely find that the only IP address than can send traffic *out* via TCP 80 is the address of the cache/proxy. Certainly, no PCs will be able to talk successfully to the inside interface of the firewall on port 80.
Please keep trying tricky things like running SSH on port 80 so you can get to your home PC from the corporate network. This kind of stuff makes it that much easier for me to justify the purchase of extensive logging and monitoring tools to police users who can't be trusted to use the corporate network according the the corporate AUP.
-s
Bzzzzzt!
Thanks for playing.
Our firewalls at work do not allow outbound connections on TCP 5800 (or 5900).
Repeated attempts to leave the corporate network on port 5800 would certainly bring unwanted attention in your direction from us (I.T.) and your manager.
On a related note, see my post below about "well, then just make it run on port 80..."
-s
Seems like a lot of money for a little wire,
;^)
Yeah, but it's still cheaper than Monster Cable.
Google for "CIDR", read the resulting hits and you'll understand what the gparent was trying to say when he wrote "127/8".
-s