Work blocks RPD and starts monitoring, I change the port... I win

[AMDZen]

So it'd be smarter to browse websites on the company network directly over the connection? I don't think so. For all the company knows this way, is I may be monitoring something at home, whether that be a webcam for home security or something similar... but if I browse in the clear, then they know I'm visiting AT, checking my bank's site, etc.

If I get canned I get canned, but I'm willing to bet my job (literally) that I won't seeing other people do the same thing.

Where do you work? I'm moving to Chicago right now and applying

 

[KeithTalent]

I don't really understand much of what you said OP, but it still sounds like a stupid idea if you want to keep your job.

KT

 

[meltdown75]

haha, i saw your last post before you edited it.

you don't need to work. so you don't care if you lose your jerbs. it all makes sense now.

end thread.

 

[GT1999]

Well, another option is get a second laptop like a co-worker does, and use that.

Tether it to my cell phone.

No way in hell they're monitoring that.

Case closed.

 

[rasczak]

OP must be you and stupid. Oh to be that again.

 

[meltdown75]

Well, another option is get a second laptop like a co-worker does, and use that.

Tether it to my cell phone.

No way in hell they're monitoring that.

Case closed.

i suppose just doing work at work is out of the question......

kids these days.

/goes back to surfing from work

 

[GT1999]

Posting this from a tethered cell phone.

SUCK IT!

 

[SpatiallyAware]

Posting this from a tethered cell phone.

SUCK IT!

About Geekish Thoughts

Location
Chicago
Occupation
Network Engineer
forename
Geekish
surname
Thoughts





:O

 

[GT1999]

That was from 2005. I updated it to Nothing.

It's more accurate.

 

[AMDZen]

LOL @ everyone saying he will get fired.

 

[mfenn]

You have to change the port your computer is listening for RDP session on, then forward it on your home router.

Yeah....no.

You can forward any port to any other port. Already explained earlier in the thread BTW.

 

[Zstream]

Logic would say that's the best way. Thankfully they don't do that though. Though if they do that, one could always use a used port such as 443/SHTTP and run RDP over that instead, it'd show up as secure web traffic.

Umm, most companies DO do it this way. You have more then a firewall as a security device. It is called............ *drum roll* IPS/IDS.....

 

[Kirby]

you'll lose your security clearance at my job doing shit like that

 

[Wyndru]

Yeah....no.

You can forward any port to any other port. Already explained earlier in the thread BTW.

The port to port forwarding does work on most modern routers, it's how I have mine set up for remote access.

I think the reg change is for if you want 2 or more RDP servers on the same IP to have their own ports. I'm gonna try this tonight, cause I want to be able to hit my web server and my file server by just passing different ports on the rdp client.

 

[Rubycon]

The port to port forwarding does work on most modern routers, it's how I have mine set up for remote access.

I think the reg change is for if you want 2 or more RDP servers on the same IP to have their own ports. I'm gonna try this tonight, cause I want to be able to hit my web server and my file server by just passing different ports on the rdp client.

Wouldn't it be more secure using a VPN endpoint rather than exposing your PCs?

 

[spidey07]

Hmm, I see a lot of unusual activity on a non standard port. The packet shaper has identified it as RDP. Looks like somebody is trying to circumvent security measures which explicitly prohibit remote terminal or remote desktop. He signed the policy document so we're covered for the termination. Who's IP address is that, send the termination warning to his boss and copy HR and infoSec.

 

[OCGuy]

logmein

 

[Wyndru]

Wouldn't it be more secure using a VPN endpoint rather than exposing your PCs?

Probably, dunno, never looked into that. I just set it up for when I'm away for business and need to hit it from a hotel. I usually close the ports when I'm home.

I always thought the vpn endpoints needed special hardware, I just have a standard wrt54g router.

 

[OutHouse]

I guess it's common place to block external RDP now. I guess it'd make sense since they also block telnet, ftp, use websense for traffic monitoring, and an app called "net support" to remote into our desktops. News is, they'll soon be monitoring ALL web traffic on a user basis and keep it saved as a report. So, what a good time to just RDP.

I didn't realize it but I guess RDP is encrypted, though I don't know how well...

The other option was VNC, but that's sluggish as hell.

It was just a sample change in the registry. Win.

Next stop, if they also block this port... SSH tunneling...

I dont get what you are trying to do get around your companies security policy? OK so you do but your traffic is still going to show up and its real easy to track it back to you.

your problem is that you think you are smarter than your IT dept, and that will only get you a spot in line at the unemployment office.

 

[palswim]

Hmm, I see a lot of unusual activity on a non standard port. The packet shaper has identified it as RDP. Looks like somebody is trying to circumvent security measures which explicitly prohibit remote terminal or remote desktop. He signed the policy document so we're covered for the termination. Who's IP address is that, send the termination warning to his boss and copy HR and infoSec.

I think the OP is thankful that his (and most people's) IT staff doesn't care so much.

 

[GT1999]

Well,

#1 Our IT department does not care so much

and

#2 I've decided to use my cell phone's internet connection for all external browsing from this point on out, usually when my boss is out for the day. He's out quite a bit. But the days he's in, of course I'm busy at work.

Regardless, I'm "always busy".

This...

Saves the cost of a second laptop
And makes me look good at the same time.

 

[spidey07]

I dont get what you are trying to do get around your companies security policy? OK so you do but your traffic is still going to show up and its real easy to track it back to you.

your problem is that you think you are smarter than your IT dept, and that will only get you a spot in line at the unemployment office.

What I find even more funny is they think "oh! I'll just tunnel it, they can't see what I'm doing!"

Oh, we see it alright. It's identified as tunneled traffic no matter what port it is on and tunneling through a firewall/security system is strictly verboten. That's why there are alarms for when it happens.

 

[GT1999]

What I find even more funny is they think "oh! I'll just tunnel it, they can't see what I'm doing!"

Oh, we see it alright. It's identified as tunneled traffic no matter what port it is on and tunneling through a firewall/security system is strictly verboten. That's why there are alarms for when it happens.

Okay, you "see" the traffic. Encrypted traffic that is. Now, tell me what the user is doing.

That's what I thought.

 

[Rubycon]

Okay, you "see" the traffic. Encrypted traffic that is. Now, tell me what the user is doing.

That's what I thought.

I don't think that's the point.

The point is they can see YOUR computer connected to an untrusted host running on a non standard port with a service that is normally on 3389 but blocked normally. If you're connected a long time and browsing the web that will generate lots of traffic on this connection. It's not work related so they can definitely pin you with it. Disobeying orders and doing something you're not supposed to be doing is one thing but when you sidestep their efforts to curb this activity it sends a strong signal that's not in your interest at all.

 

[TheVrolok]

Okay, you "see" the traffic. Encrypted traffic that is. Now, tell me what the user is doing.

That's what I thought.

They don't need to actually see WHAT you're doing, by simply DOING it, you're in violation. At most places that's grounds for termination.