10-30-2003, 05:51 AM | #1 (permalink) |
Overreactor
Location: South Ca'lina
|
Busted surfing at work? How?
The "TFP while at work" thread got me thinking, how does the IT group know you're doing too much TFP'ing? I'm one of the merely functionally computer literate here at TFP. So, I'm unfamiliar with how networks and filters and such REALLY work. How would my boss find out if I was surfing too much at work? Does all my surfing set off some sort of alarm at the server? Please fill me in, O computer gurus out there.
Thanks, JM
__________________
"I'm disinclined to acquiesce to your request." - Capt. Barbossa |
10-30-2003, 06:12 AM | #2 (permalink) |
Junkie
Location: Louisville, KY
|
There are several things that can be done to monitor your surfing. Probably the easiest is to install a program on your workstation which will record all websites you visit.
Another thing that can be done is recording your internet movements on the office router, through which you probably connect. I am sure there are other methods, and I wouldn't be surprized if your surfing was on record somewhere. Whether or not they'll bother to check or even care, you'd be able to answer better than I
__________________
You do not use a Macintosh, instead you use a Tandy Kompressor break your glowstick, Kompressor eat your candy Kompressor open jaws, Kompressor release ants Kompressor watch you scream, Because Kompressor does not dance |
10-30-2003, 06:19 AM | #5 (permalink) |
paranoid
Location: The Netherlands
|
First of all, I'm not very up-to-date on the filtering techniques that are generally used.... but I'll give it a go:
All external traffic (mail, www, telnet, etc) passes through the central gateway between your comapnies network and the Internet. At the gateway, monitoring software can be installed. Most protocols (like http) allow monitors to read exactly what is going on, which server is being accessed, and what the request was. So if you make 2000 http requests a day (to yahoo, google, TFP, whatever) and 1000 of those go to TFP, then the software might sound an alarm. If the monitoring software is a little smarter it can also keep track of 'sessions', which are consistent connections to HTTP servers. So if you browse TFP constantly, your browser re-uses the same connection. The monitoring software sees this, and can calculate the time you spend surfing... Many possibilities exist, and many tricks are involved, but this is the general idea.
__________________
"Do not kill. Do not rape. Do not steal. These are principles which every man of every faith can embrace. " - Murphy MacManus (Boondock Saints) |
10-30-2003, 06:38 AM | #6 (permalink) | |
Junkie
Location: NJ
|
Quote:
|
|
10-30-2003, 04:46 PM | #9 (permalink) |
Crazy
Location: Canada
|
yes it is done thru the gate way.
remember when u make a request for a web page your not asking tfp.org directly you actually asking your companies gateway(just another computer with just more network plugs) to get it for you. the gate way can record what you requested, and when tfp.org or anysite answers back it can record what you recieved. the gate way is also keeping track how much information your are asking it to send for you as well as how much it is receiving for you. thus its pretty easy to determine who is messing about. a couple of redflags are 1) massive amount of data being transfered (movies, music, porn images) 2) massive ammounts of http page request(your surfing all the tfp topics of the day, fark.com, /. , etc.) as to what determines massive , its normally any one who is above the average for your company/deparment. also make note that anything you send (tfp post etc) are sent as pure simple text and can be looked at from ANY computer in your sourouding network. how the tcp/ip network works is in this manner. your send your nice tfp post talking about who knows what. your actually just sending a small letter to EVERY ONE in your sourrouding network then every one checks if its for them(if its not they normally disregard). then the gateway picks it up and reads its and passes it on to tfp.org for posting. take not that even if the message is not addresed to them your coworkers computers can be set to pick up anything coming from your own computer. i run a small network(27 comps) and at any time from any computer i can check what is being sent and received to any of the computers under my charge. and yes we have fired 4 people in the last 3 years for wasting time surfing, waching porn, downloading mp3s and such. Last edited by tokaok; 10-30-2003 at 04:51 PM.. |
10-30-2003, 04:58 PM | #10 (permalink) |
Crazy
Location: Canada
|
here are some screens of one of the many applications
that do this. http://www.ethereal.com/introduction.html#screens |
11-01-2003, 01:33 AM | #12 (permalink) |
Junkie
Location: San Diego
|
I have seen a program which if installed on the computer can monitor every single action you do. I don't know what it is called, but there is one out there so be careful.
__________________
If something seems too good to be true, then it probably is.... |
11-01-2003, 03:11 AM | #13 (permalink) | |
Psycho
Location: London...no longer a student
|
Quote:
Although admin can set up the switches to send the packets to the intended recipient plus their own computer. THis is probably what they are doing to monitor the traffic.
__________________
"Never underestimate a dumb question"-- Brandon Boyd Last edited by dnd; 11-01-2003 at 03:14 AM.. |
|
11-01-2003, 05:12 AM | #14 (permalink) |
Addict
Location: Wisconsin, USA
|
At my old place, we used to get a good laugh looking at who's been surfing what. You learn some very interesting things about people. Don't forget your email too. Who ever is in charge of it IS browsing thru your emails, even if only for private interest.
|
11-01-2003, 10:02 AM | #15 (permalink) |
Insane
Location: Rio Grande Valley, Texas
|
The above posters are mostly correct. However, the TCP/IP protocol section above is horribly flawed.
1) TCP/IP is not responsible for the requests being mirrored to all computers on a network...that's the physical link and data link layers. 2) The "gateway" does not go out and get pages for you. The gateway just tells your computer where to go next in the network. A proxy would actually go out and get pages, then re-serve them (like...you know....a proxy). But essentially, if someone takes an interest in your browsing habits, they can look at everything that your system transmits and receives. This is why most browsers initially give you a prompt like "you are sending data unsecured, do you want to continue?". There are a few protocols that are encrypted, and thus impossible to sniff (admin can tell that you are doing something, but can't read it) Among these are https, and ssh.
__________________
"I can't understand why people are frightened of new ideas. I'm frightened of the old ones." -- John Cage (1912 - 1992) |
11-01-2003, 08:02 PM | #18 (permalink) |
Tone.
|
Simple explanation of one way this can be done:
Internet data is sent in chunks, called packets. The packets all go through the same "doorway" at work - the link between your office and the internet. If you drop a monitor, called a packet sniffer, on that doorway, it can look at every packet that goes through and see what's in it. The packet will tell the packet sniffer what computer sent the packet, and where it's sending it. (or if it's an incoming packet it'll tell the packet sniffer where it's from and what computer it's heading for). So if you visit a page here on TFP, the packet sniffer can see that. As far as the idea of "I've never been caught yet, so it's nothing to worry about. . . " Well that depends. The packet sniffer itself has no way of determining whether what you're doing is work or play. It takes a human to do that. So not having been caught yet only means no one's seen the report on you. Yet. There are a lot of people in a typical office, so it takes awhile to get around to snooping on everyone. Saying that is just like saying "I've never been caught speeding yet, therefore there are no cops, so I can speed all I want." Doesn't work that way |
Tags |
busted, surfing, work |
|
|