DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Security

OpenBSD Security Functionally paranoid!

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 6th May 2008
mfaridi's Avatar
mfaridi mfaridi is offline
Spam Deminer
 
Join Date: May 2008
Location: Afghanistan
Posts: 320
Default OpenBSD 4.2 behind NAT and Squid

In our company our NAT server is FreeBSD and we have Squid server , me and all employer get our internet from NAT server and Squid server so everything we do and everywhere we go can record in squid server and they can understand where we go and what we do .
I want find way they can not record what I am do
Is this possible ???
Reply With Quote
  #2   (View Single Post)  
Old 6th May 2008
marcolino's Avatar
marcolino marcolino is offline
Real Name: Mark
Custom Title Maker
 
Join Date: May 2008
Location: At the Mountains of Madness
Posts: 128
Default

So, let me get this straight; you want us to help you violate your employer's acceptable use policy.

Anyway, if they have it locked down, and if they're thorough, there will not be any way to do it. If you have access to the squid server, then you will need to change the configuration files to let you through and not log your activity. See the Squid project site for more info.
__________________
That's nothing a couple o' pints wouldn't fix.
Reply With Quote
  #3   (View Single Post)  
Old 6th May 2008
mfaridi's Avatar
mfaridi mfaridi is offline
Spam Deminer
 
Join Date: May 2008
Location: Afghanistan
Posts: 320
Default

Thanks
but I do not have access to squid server and I can change configure file
I want only do something and squid server can not log me.
Reply With Quote
  #4   (View Single Post)  
Old 6th May 2008
lvlamb's Avatar
lvlamb lvlamb is offline
Real Name: Louis V. Lambrecht
Spam Deminer
 
Join Date: May 2008
Location: .be
Posts: 221
Default

In some countries, it is legitimate for users -just plain right to information- to try to by-pass government or corporations fileters or activity logs.
It is, IMVHO, not fair to use a corporate structure which pays the costs and not abide to that corporation rules. Although, in Europe, an employer is not allowed to control an employee's use of corporate Internet, with all abuses it generates.
OTOH, as a private user paying his own bandwith, trying to by-pass governement regulations can be, in many cases, considered as pure freedom of speech. (With all abuses it might cause )
Don't want your employer register what you are doing? Get your own ISP contract.
__________________
da more I know I know I know nuttin'
Reply With Quote
  #5   (View Single Post)  
Old 6th May 2008
marcolino's Avatar
marcolino marcolino is offline
Real Name: Mark
Custom Title Maker
 
Join Date: May 2008
Location: At the Mountains of Madness
Posts: 128
Default

mfaridi,

If your employer has configured all Internet traffic to go through the squid server, and only traffic from the squid server is allowed to access the Internet, then I'm afraid you have no choice but to access the Internet through the squid server.

Actually, there is one alternative: use a different Internet connection.

Sorry if this is not too helpful for your situation, but those are your options.
__________________
That's nothing a couple o' pints wouldn't fix.
Reply With Quote
  #6   (View Single Post)  
Old 7th May 2008
mfaridi's Avatar
mfaridi mfaridi is offline
Spam Deminer
 
Join Date: May 2008
Location: Afghanistan
Posts: 320
Default

thanks
Is this possible
I do something , my invalid IP is 192.168.0.104
and when I use internet everything log by this IP with Squid Server.
Can I do something all thing I do log with another IP , without change my IP. ???
Reply With Quote
  #7   (View Single Post)  
Old 7th May 2008
marcolino's Avatar
marcolino marcolino is offline
Real Name: Mark
Custom Title Maker
 
Join Date: May 2008
Location: At the Mountains of Madness
Posts: 128
Default

mfaridi,

Can you have other people call you by a different name, if you do not tell anyone that name? What if they call you by that different name, but they still know you by your face? Will it make a difference?

This is similar to what you are asking. (OK, not a perfect analogy, but it suffices.) You will have to change your IP address in order for squid to log a different IP address. Even in that case, I believe squid logs your MAC address as well, which will be the same no matter what your IP address is. Now, there is a possibility that you could change your NIC's MAC address as well, but then you are looking at something else entirely.
__________________
That's nothing a couple o' pints wouldn't fix.
Reply With Quote
  #8   (View Single Post)  
Old 19th May 2008
windependence's Avatar
windependence windependence is offline
Real Name: Tim
Shell Scout
 
Join Date: May 2008
Location: Phoenix, Arizona
Posts: 116
Default

What if he tunnels through port 443 to his home server and then goes out to the net? They wouldn't be able to see what was going on inside the tunnel.

-Tim
__________________
www.windependence.org
Get your Windependence today!
Reply With Quote
  #9   (View Single Post)  
Old 19th May 2008
marcolino's Avatar
marcolino marcolino is offline
Real Name: Mark
Custom Title Maker
 
Join Date: May 2008
Location: At the Mountains of Madness
Posts: 128
Default

Quote:
Originally Posted by windependence View Post
What if he tunnels through port 443 to his home server and then goes out to the net? They wouldn't be able to see what was going on inside the tunnel.

-Tim
Quite true, although if they look through the logs and see a significant amount of traffic going from his work IP to his home IP, they might get suspicious and block traffic to that IP. At least, they would do this if they were monitoring it. I did the same when I administered a Squid/Squidguard filtering proxy.

Note that doing this, if prohibited by the company's fair use policy, could result in severe consequences.
__________________
That's nothing a couple o' pints wouldn't fix.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
squid 3.0 ccc FreeBSD Ports and Packages 4 16th February 2009 12:05 PM
exclude URL from caching at squid 3 ccc FreeBSD General 1 31st January 2009 06:20 PM
squid transparent questions toolbox FreeBSD Ports and Packages 0 20th December 2008 04:01 AM
squid bind problem samile Other BSD and UNIX/UNIX-like 0 11th July 2008 02:13 PM
Squid -> Privoxy -> Tor Peter_APIIT OpenBSD Security 3 17th June 2008 08:06 AM


All times are GMT. The time now is 02:01 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick