Getting around a firewall...

[retiredwikit]

How?

My brother needs some help getting around the company firewall. They block stupid things like Autozone.com and Lowes.com. He needs some of those websites to look up prices and comparison shop for the company. Any clue?

[Neost]

go to the IT security group and ask for an exception that allows him to hit the sites he needs for work.

[noel]

Do what Neost said for sure. If he needs it for his job, that's the way to go.

The way you traverse a firewall 'illegally' is by tunnelling your blocked traffic through an allowed port. There are many ways to accomplish this, but in your 'brother's' case, a direct approach seems ideal.

I'd add that it's not really a firewall he needs to get around. Sounds more like a websense box or something.

[retiredwikit]

everytime he tries to hit up those sites he gets:

error: 403 forbidden

message. So thanks, I'll tell him to talk to the IT department

[Llaffer]

Sounds like that port 80 gets re-routed to a junk address and gets the forbidden message. A common practice in corprate networks.

But it's not hard to have a proxy server set up that will allow for full or restricted internet access that can be set up by his IT department.

I wouldn't do anything outside of official channels, or else he could end up jobless, then it wouldn't matter how to get outside of the firewall.

[Neost]

in my first post in this thread, i started to mention that it was most likely a proxy box w/websense or some similar type of site blocking app that keeps him from hitting those sites. We use websense and I'm pretty sure you can allow individuals to access sites normally rejected by adding them to an allowed group for various content groups.

And typically high ports, i.e. > 1024 is the way to go to "sneak" out onto the internet if you want to risk your job. Either setup your own proxy or use a proxy anonymizer service that runs on a port above 1024 (most run on 8080 by default so I wouldn't use that). Just remember, if traffic is on the network someone somewhere has the ability to see it and a lot of corporations actively look for that kind of stuff (we do). Around here if I catch you using a proxy other than the corp proxies you can be terminated if I feel like being an ass and report you.

Its like shooting fish in a barrel really. We don't even have to actively try to catch people surfing inappropriate content at work. Websense logs all activity and sends automated emails to the right folks if there are hits for certain type of content. We just had a list of 14 people that got terminated for surfing porn using the corp proxies. And it is widely publicized that big brother is watching and these dumbasses still did it and acted surprised when they were called in and axed.

[Fash]

I use a version of CGI-Proxy, modified nicely to completely evade websense and leave no valuable info for any logging. the url you request is encoded with javascript prior to submission

if bandwidth were free, i'd let everyone use it... but i'd hafta charge a monthly fee for continued use. you can test it out at http://www.fosco.com/cgi-bin/nph-test.cgi

[Mr Bacon]

Google Web Accelerator (if you can install programs) works pretty well. It uses google as a proxy and runs pretty silently in the background. It also caches pages before you visit them, which may be what allows it to work. I'm not a pro so that's purely a guess. So for example if you visited http://www.veeshanvault.org it would cache http://www.veeshanvault.org/forums because that initial page has a link to the forums.

I would say it gets me through 95% of the time. I don't know if it allows my company to monitor what I do but I'm not worried, as they don't really monitor anyone much.