Busted surfing at work? How? - Tilted Forum Project Discussion Community

johnnymysto · 10-30-2003, 05:51 AM

The "TFP while at work" thread got me thinking, how does the IT group know you're doing too much TFP'ing? I'm one of the merely functionally computer literate here at TFP. So, I'm unfamiliar with how networks and filters and such REALLY work. How would my boss find out if I was surfing too much at work? Does all my surfing set off some sort of alarm at the server? Please fill me in, O computer gurus out there.

Thanks,
JM

Nefir · 10-30-2003, 06:12 AM

There are several things that can be done to monitor your surfing. Probably the easiest is to install a program on your workstation which will record all websites you visit.

Another thing that can be done is recording your internet movements on the office router, through which you probably connect.

I am sure there are other methods, and I wouldn't be surprized if your surfing was on record somewhere. Whether or not they'll bother to check or even care, you'd be able to answer better than I

onetime2 · 10-30-2003, 06:13 AM

I'm interested in hearing this as well. The way that I figure it, if they haven't hassled me about it at this point, then no one is really looking to closely.

shalafi · 10-30-2003, 06:16 AM

that can change onetime. all it takes is one incident (complaint etc.) for them to decide they need to protect themselves and start looking at that stuff

Silvy · 10-30-2003, 06:19 AM

First of all, I'm not very up-to-date on the filtering techniques that are generally used.... but I'll give it a go:

All external traffic (mail, www, telnet, etc) passes through the central gateway between your comapnies network and the Internet. At the gateway, monitoring software can be installed.

Most protocols (like http) allow monitors to read exactly what is going on, which server is being accessed, and what the request was.
So if you make 2000 http requests a day (to yahoo, google, TFP, whatever) and 1000 of those go to TFP, then the software might sound an alarm.

If the monitoring software is a little smarter it can also keep track of 'sessions', which are consistent connections to HTTP servers. So if you browse TFP constantly, your browser re-uses the same connection. The monitoring software sees this, and can calculate the time you spend surfing...

Many possibilities exist, and many tricks are involved, but this is the general idea.

onetime2 · 10-30-2003, 06:38 AM

Quote:

Originally posted by shalafi
that can change onetime. all it takes is one incident (complaint etc.) for them to decide they need to protect themselves and start looking at that stuff

Oh, no doubt about it. That's always been my thinking. It's recorded but seldom if ever looked at. If there's a complaint they do a check.

monty121052 · 10-30-2003, 08:40 AM

I work for one of the biggest computer software companies and get on really well with the I.T people, so that every now and then they come and totally clean my computer for me.Very nice of them I thought

Doesn't Matter · 10-30-2003, 12:03 PM

As long as you do your work efficiently, I dont think anyone will care.

tokaok · 10-30-2003, 04:46 PM

yes it is done thru the gate way.

remember when u make a request for a web page your not asking tfp.org directly you actually asking your companies gateway(just another computer with just more network plugs) to get it for you.

the gate way can record what you requested, and when tfp.org or anysite answers back it can record what you recieved.

the gate way is also keeping track how much information your are asking it to send for you as well as how much it is receiving for you.

thus its pretty easy to determine who is messing about.

a couple of redflags are
1) massive amount of data being transfered (movies, music, porn images)
2) massive ammounts of http page request(your surfing all the tfp topics of the day, fark.com, /. , etc.)

as to what determines massive , its normally any one who is above the average for your company/deparment.

also make note that anything you send (tfp post etc) are sent as pure simple text and can be looked at from ANY computer in your sourouding network.

how the tcp/ip network works is in this manner.

your send your nice tfp post talking about who knows what. your actually just sending a small letter to EVERY ONE in your sourrouding network then every one checks if its for them(if its not they normally disregard). then the gateway picks it up and reads its and passes it on to tfp.org for posting.

take not that even if the message is not addresed to them your coworkers computers can be set to pick up anything coming from your own computer.

i run a small network(27 comps)
and at any time from any computer i can check what is being sent and received to any of the computers under my charge.

and yes we have fired 4 people in the last 3 years for wasting time surfing, waching porn, downloading mp3s and such.

tokaok · 10-30-2003, 04:58 PM

here are some screens of one of the many applications
that do this.

http://www.ethereal.com/introduction.html#screens

johnnymysto · 10-31-2003, 06:15 AM

Thank you tokaok. I am now afraid for my life.

punx1325 · 11-01-2003, 01:33 AM

I have seen a program which if installed on the computer can monitor every single action you do. I don't know what it is called, but there is one out there so be careful.

dnd · 11-01-2003, 03:11 AM

Quote:

Originally posted by tokaok

also make note that anything you send (tfp post etc) are sent as pure simple text and can be looked at from ANY computer in your sourouding network.

how the tcp/ip network works is in this manner.

your send your nice tfp post talking about who knows what. your actually just sending a small letter to EVERY ONE in your sourrouding network then every one checks if its for them(if its not they normally disregard). then the gateway picks it up and reads its and passes it on to tfp.org for posting.

This was easier with the old skool Hub networks but now with switches being dropping in price and being far safer, it has now become harder for everyone on the network to read all the packets because a switch opens a direct connection between itself and the computer its contacting as opposed to just dumping the packet on the network and letting it find its way.
Although admin can set up the switches to send the packets to the intended recipient plus their own computer. THis is probably what they are doing to monitor the traffic.

mtsgsd · 11-01-2003, 05:12 AM

At my old place, we used to get a good laugh looking at who's been surfing what. You learn some very interesting things about people. Don't forget your email too. Who ever is in charge of it IS browsing thru your emails, even if only for private interest.

strcrssd · 11-01-2003, 10:02 AM

The above posters are mostly correct. However, the TCP/IP protocol section above is horribly flawed.

1) TCP/IP is not responsible for the requests being mirrored to all computers on a network...that's the physical link and data link layers.

2) The "gateway" does not go out and get pages for you. The gateway just tells your computer where to go next in the network. A proxy would actually go out and get pages, then re-serve them (like...you know....a proxy).

But essentially, if someone takes an interest in your browsing habits, they can look at everything that your system transmits and receives. This is why most browsers initially give you a prompt like "you are sending data unsecured, do you want to continue?". There are a few protocols that are encrypted, and thus impossible to sniff (admin can tell that you are doing something, but can't read it) Among these are https, and ssh.

WarWagon · 11-01-2003, 05:54 PM

I blame it all on ECHELON

james t kirk · 11-01-2003, 07:49 PM

Get the internet at home and solve the problem.

Don't give them any amo to use against you in the future ever.

shakran · 11-01-2003, 08:02 PM

Simple explanation of one way this can be done:

Internet data is sent in chunks, called packets.

The packets all go through the same "doorway" at work - the link between your office and the internet.

If you drop a monitor, called a packet sniffer, on that doorway, it can look at every packet that goes through and see what's in it. The packet will tell the packet sniffer what computer sent the packet, and where it's sending it. (or if it's an incoming packet it'll tell the packet sniffer where it's from and what computer it's heading for).

So if you visit a page here on TFP, the packet sniffer can see that.

As far as the idea of "I've never been caught yet, so it's nothing to worry about. . . "

Well that depends. The packet sniffer itself has no way of determining whether what you're doing is work or play. It takes a human to do that. So not having been caught yet only means no one's seen the report on you. Yet. There are a lot of people in a typical office, so it takes awhile to get around to snooping on everyone. Saying that is just like saying "I've never been caught speeding yet, therefore there are no cops, so I can speed all I want." Doesn't work that way

10-30-2003, 05:51 AM	#1 (permalink)
johnnymysto Overreactor Location: South Ca'lina	Busted surfing at work? How? The "TFP while at work" thread got me thinking, how does the IT group know you're doing too much TFP'ing? I'm one of the merely functionally computer literate here at TFP. So, I'm unfamiliar with how networks and filters and such REALLY work. How would my boss find out if I was surfing too much at work? Does all my surfing set off some sort of alarm at the server? Please fill me in, O computer gurus out there. Thanks, JM __________________ "I'm disinclined to acquiesce to your request." - Capt. Barbossa

10-30-2003, 06:12 AM	#2 (permalink)
Nefir Junkie Location: Louisville, KY	There are several things that can be done to monitor your surfing. Probably the easiest is to install a program on your workstation which will record all websites you visit. Another thing that can be done is recording your internet movements on the office router, through which you probably connect. I am sure there are other methods, and I wouldn't be surprized if your surfing was on record somewhere. Whether or not they'll bother to check or even care, you'd be able to answer better than I __________________ You do not use a Macintosh, instead you use a Tandy Kompressor break your glowstick, Kompressor eat your candy Kompressor open jaws, Kompressor release ants Kompressor watch you scream, Because Kompressor does not dance

10-30-2003, 06:13 AM	#3 (permalink)
onetime2 Junkie Location: NJ	I'm interested in hearing this as well. The way that I figure it, if they haven't hassled me about it at this point, then no one is really looking to closely. __________________ Strive to be more curious than ignorant.

10-30-2003, 06:19 AM	#5 (permalink)
Silvy paranoid Location: The Netherlands	First of all, I'm not very up-to-date on the filtering techniques that are generally used.... but I'll give it a go: All external traffic (mail, www, telnet, etc) passes through the central gateway between your comapnies network and the Internet. At the gateway, monitoring software can be installed. Most protocols (like http) allow monitors to read exactly what is going on, which server is being accessed, and what the request was. So if you make 2000 http requests a day (to yahoo, google, TFP, whatever) and 1000 of those go to TFP, then the software might sound an alarm. If the monitoring software is a little smarter it can also keep track of 'sessions', which are consistent connections to HTTP servers. So if you browse TFP constantly, your browser re-uses the same connection. The monitoring software sees this, and can calculate the time you spend surfing... Many possibilities exist, and many tricks are involved, but this is the general idea. __________________ "Do not kill. Do not rape. Do not steal. These are principles which every man of every faith can embrace. " - Murphy MacManus (Boondock Saints)

10-30-2003, 04:46 PM	#9 (permalink)
tokaok Crazy Location: Canada	yes it is done thru the gate way. remember when u make a request for a web page your not asking tfp.org directly you actually asking your companies gateway(just another computer with just more network plugs) to get it for you. the gate way can record what you requested, and when tfp.org or anysite answers back it can record what you recieved. the gate way is also keeping track how much information your are asking it to send for you as well as how much it is receiving for you. thus its pretty easy to determine who is messing about. a couple of redflags are 1) massive amount of data being transfered (movies, music, porn images) 2) massive ammounts of http page request(your surfing all the tfp topics of the day, fark.com, /. , etc.) as to what determines massive , its normally any one who is above the average for your company/deparment. also make note that anything you send (tfp post etc) are sent as pure simple text and can be looked at from ANY computer in your sourouding network. how the tcp/ip network works is in this manner. your send your nice tfp post talking about who knows what. your actually just sending a small letter to EVERY ONE in your sourrouding network then every one checks if its for them(if its not they normally disregard). then the gateway picks it up and reads its and passes it on to tfp.org for posting. take not that even if the message is not addresed to them your coworkers computers can be set to pick up anything coming from your own computer. i run a small network(27 comps) and at any time from any computer i can check what is being sent and received to any of the computers under my charge. and yes we have fired 4 people in the last 3 years for wasting time surfing, waching porn, downloading mp3s and such. Last edited by tokaok; 10-30-2003 at 04:51 PM..

10-30-2003, 06:16 AM	#4 (permalink)
shalafi ARRRRRRRRRR Location: Stuart, Florida	that can change onetime. all it takes is one incident (complaint etc.) for them to decide they need to protect themselves and start looking at that stuff

10-30-2003, 08:40 AM	#7 (permalink)
monty121052 Insane Location: Newcastle-Australia	I work for one of the biggest computer software companies and get on really well with the I.T people, so that every now and then they come and totally clean my computer for me.Very nice of them I thought

10-30-2003, 12:03 PM	#8 (permalink)
Doesn't Matter Banned	As long as you do your work efficiently, I dont think anyone will care.

10-30-2003, 04:58 PM	#10 (permalink)
tokaok Crazy Location: Canada	here are some screens of one of the many applications that do this. http://www.ethereal.com/introduction.html#screens

10-31-2003, 06:15 AM	#11 (permalink)
johnnymysto Overreactor Location: South Ca'lina	Thank you tokaok. I am now afraid for my life. __________________ "I'm disinclined to acquiesce to your request." - Capt. Barbossa

11-01-2003, 01:33 AM	#12 (permalink)
punx1325 Junkie Location: San Diego	I have seen a program which if installed on the computer can monitor every single action you do. I don't know what it is called, but there is one out there so be careful. __________________ If something seems too good to be true, then it probably is....

11-01-2003, 05:12 AM	#14 (permalink)
mtsgsd Addict Location: Wisconsin, USA	At my old place, we used to get a good laugh looking at who's been surfing what. You learn some very interesting things about people. Don't forget your email too. Who ever is in charge of it IS browsing thru your emails, even if only for private interest.

11-01-2003, 10:02 AM	#15 (permalink)
strcrssd Insane Location: Rio Grande Valley, Texas	The above posters are mostly correct. However, the TCP/IP protocol section above is horribly flawed. 1) TCP/IP is not responsible for the requests being mirrored to all computers on a network...that's the physical link and data link layers. 2) The "gateway" does not go out and get pages for you. The gateway just tells your computer where to go next in the network. A proxy would actually go out and get pages, then re-serve them (like...you know....a proxy). But essentially, if someone takes an interest in your browsing habits, they can look at everything that your system transmits and receives. This is why most browsers initially give you a prompt like "you are sending data unsecured, do you want to continue?". There are a few protocols that are encrypted, and thus impossible to sniff (admin can tell that you are doing something, but can't read it) Among these are https, and ssh. __________________ "I can't understand why people are frightened of new ideas. I'm frightened of the old ones." -- John Cage (1912 - 1992)

11-01-2003, 05:54 PM	#16 (permalink)
WarWagon Loser	I blame it all on ECHELON

11-01-2003, 07:49 PM	#17 (permalink)
james t kirk Junkie Location: Toronto	Get the internet at home and solve the problem. Don't give them any amo to use against you in the future ever.

11-01-2003, 08:02 PM	#18 (permalink)
shakran Tone.	Simple explanation of one way this can be done: Internet data is sent in chunks, called packets. The packets all go through the same "doorway" at work - the link between your office and the internet. If you drop a monitor, called a packet sniffer, on that doorway, it can look at every packet that goes through and see what's in it. The packet will tell the packet sniffer what computer sent the packet, and where it's sending it. (or if it's an incoming packet it'll tell the packet sniffer where it's from and what computer it's heading for). So if you visit a page here on TFP, the packet sniffer can see that. As far as the idea of "I've never been caught yet, so it's nothing to worry about. . . " Well that depends. The packet sniffer itself has no way of determining whether what you're doing is work or play. It takes a human to do that. So not having been caught yet only means no one's seen the report on you. Yet. There are a lot of people in a typical office, so it takes awhile to get around to snooping on everyone. Saying that is just like saying "I've never been caught speeding yet, therefore there are no cops, so I can speed all I want." Doesn't work that way