LebGeeks

jayinferno

Member

Defying ISA Monitoring

Hey all. Can someone help me out with this security issue.

I wuz in a talk with our Sys Admin this week on this. The sys admin monitors each user's internet activity through ISA, we need help in two issues. I'll post this one here, and the other in another thread.

How to become invisible to ISA, knowing that we use DHCP, so the sys admin is able to monitor my internet activity through my IP address on ISA, and he is able to limit it (Say stop hotmail). So now ISA forbids us from using hotmail. I can use the Tunnel, but the sys admin sees my activity and stops the Tunnel by blocking the Tunnel IPs that he sees related to mine. I try a different tunnel, he blocks it by mid-day. Even if i change my IP manually, i cant use that Tunnel anymore. Let's say i have a 3rd tunnel that he didnt block and that i can use, what can i do to roam without having my activity seen on ISA ?

rolf

Member

Re: Defying ISA Monitoring

He probably blocked the tunnel IP for all users.
If he logs by IP and you can change the IP, then it's loose security. He should log by MAC or NTLM user.

The way he notices tunnel activity is probably by checking the usage statistics. He may have noted the tunnel connection because of the lifetime of the connection or the high traffic on it (Have you been using the tunnel a lot before he blocked it?).

I think one possibility if you want to have a tunnel is to wait for the admin to get bored and to stop watching the usage statistics... and maybe use a tunnel that simulates browsing activity by alternating connections with different IP's, I'm not sure it exists, but it is technically possible for sure.

rolf

Member

Re: Defying ISA Monitoring

If' it's just to check hotmail, you can use this site:
www.anonymizer.com
Or try to use a "CGI proxy". The browsing activity with a CGI proxy looks similar on the logs to browsing a normal webpage. Now if he catches you using a CGI proxy and blocks it, it means that the admin is currently watching you and examining all the websites that you visit. In this case you need to take a break so that he forgets you, or change your IP, since he cannot possibly watch all the IP's.
I'm not sure though if ISA will also log the MAC address or username, as I said before, I never worked with ISA.

mahdoum

Member

Re: Defying ISA Monitoring

cgi proxies rock

jayinferno

Member

Re: Defying ISA Monitoring

Actually we're working together (or more specifically Challenging each other hehehe) so basically yeah he is watching me, and even if i change IPs he will catch me cuz he only got something like 20 IPs all in all to watch

Can't find a good (working) cgi proxy. Will keep on trying

rolf

Member

Re: Defying ISA Monitoring

You can use the cgi proxies on this page:
http://proxy.org/cgi_proxies.shtml

jayinferno

Member

Re: Defying ISA Monitoring

tnx rolf. i just saw ur reply. I'll give it a shot

jayinferno

Member

Re: Defying ISA Monitoring

none of the CGI's worked for hotmail..

Padre

Member

Re: Defying ISA Monitoring

yeah...cgi wont work for hotmail
What we used to do is set up our own tunnel servers and maskarade the requests.
You can still get a free tunnel that has lots of servers and will let you switch between em
Try "you freedom" tunnel, seems ok to me