Websense and the like- IT GUYS

[frapjap]

Alrighty, so work finally installed Websense. I never used anything all that bad on my computer except pandora.com and checking my personal email and youtube at lunch. Nothing bad, just music videos so I have music in the background when the Pandora wasn't work. Occasionally I used Meebo towards the end of my day. I haven't checked to see if NICO is blocked yet.

How can I get around this without raising to many eyebrows in IT? I'm sure its my computer they targeted because I used bandwidth for 7-8 hours using Pandora. Honestly, all I really want to do is check my hotmail at lunch. I mean, its MY lunch break, I should be able to do whatever the hell I want on it.

Can I use that Mobile Version of Firefox and run it off of a zip drive and not be noticed? I hear you can and when I used to use it before all of this happened, the temp files were never shared with my computer.

I guess what I want to know is, am I going to get nailed for using this strategy? Can it even be detected? What can I do?

[BoostFab]

it's a proxy system that sits between you and the internet; you can not get around it.

suggestion: bring a laptop and search for free wifi connection and piggy-back on to it.

[Loki]

I hate websense! They had that installed on the network in the rehab hospital I was in so it blocked a lot of things. I never could figure a way around it.

[dickie]

youtube is of course blocked for me as is myspace and facebook () and even ytmnd. Nico shouldnt be blocked unless they have custom-filtered it.

[AZhitman]

Turn off proxy or use Firefox.

I use Vericept and Ironport to monitor traffic at my work... And that's how people get around it.

Then I pull a Cyfin report and pwn their azzes.

Some days it's fun being the Involuntary Vacation Coordinator.

[DevilMB3017]

Turn off proxy or use Firefox....Some days it's fun being the Involuntary Vacation Coordinator.

QFT. Being a sysadmin at my job is a TON of fun when you start seeing what people are doing at the office. Sometimes it gets weird...haha

You can try using a USB drive with Firefox/Opera on it like a Sandisk Cruzer U3. I really love mine.

Another more complicated approach is an SSH tunnel to your home PC and using that. Do some research on it. Your IT staff still might catch on.

If all else fails, get a phone with web on it.

[kasey352]

I hate that crap its at my school heres some sites that should help you.

http://www.whatcraft.comipjack.comextracraft.com

[Oatmealman]

use the ip address instead of the actual name and it will show up that you were on 208.65.153.251 for youtube or what ever.

[gniknave]

http://www.unblockwebsense.com

[Loki]

youtube is of course blocked for me as is myspace and facebook () and even ytmnd. Nico shouldnt be blocked unless they have custom-filtered it.

Or if your IT guys are Honda lovers

[bobotech]

Yay for working in a higher education environment where freedom of speech is one of the most esteemed values!

(No tracking of anything and none of those silly proxys installed).

Good luck breaking it. Sounds like an easy way to the unemployment line.

[skylndrftr]

Another more complicated approach is an SSH tunnel to your home PC and using that. Do some research on it. Your IT staff still might catch on.

Beat me to it...

Not to discount your 'skillz' DevilMB but I'll bet most IT folks won't catch on (at least the ones I've met) But masking the DNS leak is only a few more steps anyways...

[BoostFab]

Turn off proxy or use Firefox.

network admins that knows what the ef they're doing will not configure it that way,and network connection directly to the gateway are not possible without passing through the proxy. and again; properly configure secure network may not allow outbound VPN nor SSH.

however, there are services that allow you to use their site to browse another site; try this: http://www.youranonymousproxy.com/

[98s14inaz]

it's a proxy system that sits between you and the internet; you can not get around it.

suggestion: bring a laptop and search for free wifi connection and piggy-back on to it.

That's the truth. We have it at my work and anytime one of the kids tries to get around it websense sends IT an alert and the kid's account gets locked. Running firefox from a thumb drive isn't going to help because Websense acts like a firewall between you and the intarweb.

[DevilMB3017]

Beat me to it...

Not to discount your 'skillz' DevilMB but I'll bet most IT folks won't catch on (at least the ones I've met) But masking the DNS leak is only a few more steps anyways...

My 'skillz' are being 20 years old and a sysadmin/root on a 50 million dollar plus company. This includes Windows Server 2003 sysadmin, Exchange sysadmin, and one of the AIX roots. Thanks.

Catching onto an SSH tunnel is INCREDIBLY easy. Just look at the computers using the highest bandwith, and if you look at hourly breakdowns of bandwith usage you can see spikes all over the place.

[PoorManQ45]

use the ip address instead of the actual name and it will show up that you were on 208.65.153.251 for youtube or what ever.

LOL, that is an old school DNS workaround.

[skylndrftr]

I didn't say it was hard, you just haven't met the IT department where I work...

[SnowSurfLax]

http://www.unblockwebsense.com

I clicked that link (i'm at work and have websense) and got the message:

"The Websense category "Proxy Avoidance" is filtered."

Haha! I hate websense. It gargles my sack.

[frapjap]

I tried the proxy thing and the whole zip drive idea- didn't work. Its set at its highest level of sensitivity. A menu from a restaurant (work related) was blocked for some God forsaken reason! Lighten the eff up.

I mean, I don't want the net for much, just some background noise (radio) and to do something personal on my personal time. If its bandwidth they're worried about, then Christ, maybe I shouldn't have a number of outlook emails and numerous tabs open on my IE...

[PoorManQ45]

Try the old school workaround.

Ping the website you want. This will generate the IP address.

Type the IP address in as the url. IE wont auto lookup the name of the website.

This method is a hit or miss.

[hitbychance]

http://tinyurl.com/ type in a webpage it redirects u and creates a new url, worked for me at school

[BoostFab]

http://tinyurl.com/ type in a webpage it redirects u and creates a new url, worked for me at school

you are missing the whole scope of this thread by a long shot. his problem is his network gateway is blocking all traffic to a certain site. tinyurl just redirects you to the target site; it won't defeat the proxy.

Try the old school workaround.

Ping the website you want. This will generate the IP address.

Type the IP address in as the url. IE wont auto lookup the name of the website.

This method is a hit or miss.

the proxy system do both forward and reverse lookup on the addess; you're still screwed.

[PoorManQ45]

interesting, Your company must be run be Nazis.

I work for a computer tech support company. They use SurfControl. Which isn't as restrictive as WebSense. I wonder why they went that route.

[DevilMB3017]

interesting, Your company must be run be Nazis.

I work for a computer tech support company. They use SurfControl. Which isn't as restrictive as WebSense. I wonder why they went that route.

Price of software and cost of implementation. Web filters aren't cheap...Here just edit their host file. It keeps the stupids from getting virii. If your smart enough to type in the IP Address, your smart enough to not get a virus or be caught by your boss IMO.

[frapjap]

The thing is set pretty hardcore. IP's and a few mirror sites don't work to well.

Its not a big loss, I still have NICO unblocked..though it blocks each and every picture hosted by photobucket! Even if they're on an article I need to read for work. Talk about over sensitive.

I'll live with it. Besides, its getting really nice outside and I can start running/washing my car on my lunch break again.

[BoostFab]

interesting, Your company must be run be Nazis.

I work for a computer tech support company. They use SurfControl. Which isn't as restrictive as WebSense. I wonder why they went that route.

it's for the non productive people spending all day on the web. once you become the owner of a business you will see that perspective side of things.

[l33th41]

You could also setup your own proxy server at home and place your WAN IP address in: Internet Options\Connections\LAN Settings. Of course whatever port you chose for the proxy server software would have to be forwarded in your router to the LAN IP address of the machine the proxy server is running on.

You could also use remote access tools to connect to a PC at home such as remote desktop, VNC, logmein/hamachi, etc...

All of these methods are traceable and depend on what type of access you have on your PC and what your IT department has blocked outgoing.

[PoorManQ45]

Or you could just get a Linksys router that runs linux firmware.

Use a varient of DD-WRT