|
understanding tormy employer uses some sort of filter that prevents visiting certain websites. putting tor bundle on a usb drive I'm now able to see those sites.
my ? is this: what would the IT person see if they looked at my data flow while using tor?
tia,
sun |
|
|
An eavesdropper would see encrypted TCP connections to port 443, and possibly other ports, on remote hosts acting as tor relays and directory servers. Upon cursory inspection it might look not unlike a whole lot of SSL browsing was taking place. All of the encapsulated traffic would be encrypted. |
|
|
thanks!
so to be clear, if i was browsing a web site inside or outside of tor, they would only see "noise"? this would also be the case if i downloaded files?
tia. |
|
|
|
While you were running tor, they would not be able to decipher any of the content of what you were downloading, or what sites you were browsing or downloading from, all that is encrypted, and the routes anonymized.
They would be able to see that you were sending and receiving encrypted traffic to relay hosts participating in the tor network. They would not know a priori that these were tor relays, they would just know you were engaging in encrypted TCP sessions with some remote hosts.
If you just wanted to circumvent the content filtering firewall, and didn't care about route anonymization downstream, you could tunnel to a VPN server instead, and get the same encryption and "displacement" out of the filtered network. Tor does more than that, it is fully anonymized via random routing through multiple, hop encrypted tor relay servers, at a performance cost. |
|
|
to sbconslt
ok, thanks.
so i guess then it wouldn't matter if i was going through tor to http site or inside tor to an onion? also would guess that if i downloaded something, they wouldn't see that either, all encrypted? |
|
1 edit |
You've read this » www.torproject.org/about ··· solution right? An onion address is just a hidden service within the tor network. At the hop between you and the first relay, an eavesdropper can not distinguish between a packet that encapsulates traffic between you and a public server beyond an exit node and a packet that encapsulates traffic between you and a hidden service. If you download a file from a website, that's also HTTP and has no functional difference from a network standpoint as browsing an html page. The protocol is the same. Tor encrypts all TCP traffic, so you'd also be covered for FTP, and other protocols that ride on TCP. |
|
Name Game Premium Member join:2002-07-07 Grand Rapids, MI |
to sun1999
The good...the bad.. » www.ehow.com/how_4881426 ··· ers.htmland the ugly. » www.knowhowcompany.com/e ··· or-UsersI assume you have a workstation at this place of business. |
|
Woody79_00I run Linux am I still a PC? Premium Member join:2004-07-08 united state
3 recommendations |
to sun1999
Why are you trying to get around your companies filters? Do you like violating company policy?
To answer your question, Yes the IT person would see suspicious traffic.
Any IT person worth their salt, is going to notice a spike of SLL/HTTPS/TLS traffic in their logs....this is especially true in places where they run filtering systems.
then Any IT guy worth their salt is going to want to know WHY there are so many more encrypted connections coming from that work station then normal, and is going to investigate that machine (after all, some malware uses encrypted connections, if i don't recognize the IP's its talking to...im going to look into it...so will any other good Network Admin, perhaps a user is trying to get around my filters.)
At this point he/she is going to investigate that workstation (if its company owned) and start digging. Even if your running TOR on a flash drive, a little proper digging in the Registry and a good scripter can find out what programs have been run on the system, not to mention log files.
and depending...who knows what type of logging/HIPS/policy monitioring tools they may have installed on those workstations.
A good HIPS(Host Based Intrustion Prevention System) configured correctly would in alert its main server the minute someone ran Tor from a flash drive...one i tested here last year did....it didn't alert the users, but it showed up as an alert in the main HIPS server control log as a silent alert...so they may already know your using it.
Do yourself a favor...stop using TOR at work....nothing good can come of this... |
|
|
yeappers
Anon
2012-Jul-27 12:58 pm
Yeap an IDS rule would popup saying that this specific workstation is using a lot more then X encrypted traffic over norm. My initial assumption would be that 1) it's either infected with malware so it will have to be scanned and bolted down or 2) The user of the workstation engages in corporate espionage. |
|
vaxvmsferroequine fan Premium Member join:2005-03-01 Polar Park |
to sun1999
OT When your boss walks up from behind and sees you at one of those certain websites having tor ain't gonna do you no good. |
|
|
to sun1999
You've got a job. So many would love to be in your position. Why jeopardize your standing there and take the chance of getting kicked to the curb for trying to get around something for your own self interests? |
|
|
to sun1999
Of course you do realize that your employer can file a lawsuit against you if you infect his business system by going to those questionable websites you like so much ? An it could even actually get really complicated......more than you realize.
So.....what did you expect to achieve by coming to this Forum ? Will you get caught...of course you will.
|
|
Lagz Premium Member join:2000-09-03 The Rock 1 edit |
to sun1999
I wonder how Sonicwall's DPI-SSL plays with this topic? edit: Only advantage I see in using tor would be to keep the host site guessing at who is actually visiting. » I thought SSL Traffic couldn't be inspected? |
|
|
sun1999
Member
2012-Jul-28 10:07 am
thanks everyone for your comments. |
|
dave Premium Member join:2000-05-04 not in ohio |
to The Snowman
For all sun1999 knows, The Snowman is his boss. |
|