Work blocks RPD and starts monitoring, I change the port... I win

[GT1999]

I guess it's common place to block external RDP now. I guess it'd make sense since they also block telnet, ftp, use websense for traffic monitoring, and an app called "net support" to remote into our desktops. News is, they'll soon be monitoring ALL web traffic on a user basis and keep it saved as a report. So, what a good time to just RDP.

I didn't realize it but I guess RDP is encrypted, though I don't know how well...

The other option was VNC, but that's sluggish as hell.

It was just a sample change in the registry. Win.

Next stop, if they also block this port... SSH tunneling...

 

[mugs]

I don't even think you have to change anything in your registry, you could forward the port on your router.

 

[GT1999]

I don't even think you have to change anything in your registry, you could forward the port on your router.

You have to forward the port on your router regardless.

You DO have to change the setting in order to run RDP on a port other than 3389.

 

[Wyndru]

Wait, your job has all non standard ports open, then block when needed? Most places I work do it the opposite way, block all ports, and only open when needed.

 

[mugs]

You have to forward the port on your router regardless.

You DO have to change the setting in order to run RDP on a port other than 3389.

No, I'm saying you could forward external port 9999 (or any arbitrary number) to internal port 3389.

I think that's what I did in the past to connect to multiple computers inside my network.

 

[GT1999]

Wait, your job has all non standard ports open, then block when needed? Most places I work do it the opposite way, block all ports, and only open when needed.

Logic would say that's the best way. Thankfully they don't do that though. Though if they do that, one could always use a used port such as 443/SHTTP and run RDP over that instead, it'd show up as secure web traffic.

 

[GT1999]

No, I'm saying you could forward external port 9999 (or any arbitrary number) to internal port 3389.

I think that's what I did in the past to connect to multiple computers inside my network.

Oh, gotcha. Yeah I suppose that'd work too!

 

[Wyndru]

I've never tried, but can you use that registry port change to assign different ports to different PC's?

Or does RDP have a way that routes a single port and ip to different computers?

 

[Scouzer]

Wait, your job has all non standard ports open, then block when needed? Most places I work do it the opposite way, block all ports, and only open when needed.

...and they let you have access to the registry?

 

[SpatiallyAware]

What an incredibly stupid thing to do

Intentionally getting around filters = Termination

Connecting to remote computer = Termination

"Proving" you don't have enough work to keep you busy = Laid off




No matter how you look at it = dumb.

 

[Rubycon]

It's not wise to make attempts to sidestep company rules! It's THEIR network. Is it worth losing your job over so you can goof off?

 

[rudder]

What an incredibly stupid thing to do

Intentionally getting around filters = Termination

Connecting to remote computer = Termination

"Proving" you don't have enough work to keep you busy = Laid off




No matter how you look at it = dumb.

Having your boss know you like to post in Love and Relationships forum = dumber.

Anyway it is his life.. if he gets fired... he can deal with it.

 

[AMDZen]

...and they let you have access to the registry?

Even if they block the registry you can open it back up by going to a command window and typing the registry command manually.

Or just type the command to open registry back up and then close it when you're done.

REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f

0 is off (no restriction)
1 is on (restricted)

 

[imagoon]

RDP works great until the start packet sniffing. It might be encrypted but it is very obvious as to what traffic it is. Also you just increased your traffic by about 10x to look at blocked sites, if your IT guy sees that increase, he may report you.

 

[imagoon]

Even if they block the registry you can open it back up by going to a command window and typing the registry command manually.

Or just type the command to open registry back up and then close it when you're done.

REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f

0 is off (no restriction)
1 is on (restricted)

Need admin rights to do that.

 

[drebo]

Logic would say that's the best way. Thankfully they don't do that though. Though if they do that, one could always use a used port such as 443/SHTTP and run RDP over that instead, it'd show up as secure web traffic.

No it wouldn't. The traffic signatures and patters are far different from each other. Layer 7 network monitoring equipment can identify what you're doing even if it is encrypted (they may not be able to see what you're looking at, but they will be able to identify the pattern of traffic).

Plus, if they're using something like spectresoft, they know EXACTLY what you're doing.

 

[GT1999]

The registry change is on the remote/server PC, all you have to do on the PC you're connecting to is add the ort at the end.

 

[AMDZen]

Need admin rights to do that.

True but I have a laptop for when I travel to various areas so I have to have admin rights on my machine.

And if you have a desktop and you need to install something, you have to request admin rights from our "IT Helpdesk" and its as simple as that. They only open it for 24 hours but its pretty easy to get what you need done in that time

 

[GT1999]

What an incredibly stupid thing to do

Intentionally getting around filters = Termination

Connecting to remote computer = Termination

"Proving" you don't have enough work to keep you busy = Laid off




No matter how you look at it = dumb.

People do a LOT worse things around here. Rules are very very lax.

IT policies are strict, but everybody gets around them.

A good example of this is the OPEN ACCESS POINT that I could connect to, that everybody else does their off-LAN browsing on.

Basically, I won't get in trouble. If I do... oh well... no big to me really.

 

[bobdole369]

If it were an actual problem (too much bandwidth, supervisor asked for help) I would just find the traffic and stop it. If it continued or changed (from the same host) I would just watch that host (either physically or remotely) and see what it was. You aren't fooling anybody. That being said it doesn't seem like you care so by all means, more power to you.

 

[SpatiallyAware]

Having your boss know you like to post in Love and Relationships forum = dumber.

Anyway it is his life.. if he gets fired... he can deal with it.

I dunno, I personally wouldn't have any problem with an employee making a few posts a day in L&R or wherever..

Him making 3-4 posts during his spare time is quite different from setting up an RDP session to another machine.. Mainly because it implies he's doing more than just web browsing he'd otherwise do on the work machine.

 

[ViviTheMage]

I don't even think you have to change anything in your registry, you could forward the port on your router.

You have to change the port your computer is listening for RDP session on, then forward it on your home router.

 

[meltdown75]

you're begging to be canned.

geekish thoughts are one thing. stupid actions are another, entirely.

Basically, I won't get in trouble. If I do... oh well... no big to me really.

ah, so you work because you want to, not because you have to.

 

[GT1999]

So it'd be smarter to browse websites on the company network directly over the connection? I don't think so. For all the company knows this way, is I may be monitoring something at home, whether that be a webcam for home security or something similar... but if I browse in the clear, then they know I'm visiting AT, checking my bank's site, etc.

If I get canned I get canned, but I'm willing to bet my job (literally) that I won't seeing other people do the same thing.

 

[meltdown75]

you're fucking FIRED.