Is it wrong that when the annoucement goes around that the company I work for is going to start monitoring internet usage that my first thought is to install and configure PPTPD and proceed my internet usage abuse? :s

No, I'd do the same, pixel. I have nothing but loathing for companies that want to inspect every nook and cranny of their employees. :D

Good! I thought I was going a lil weird

you know most corporate monitoring like that uses deep packet inspection so even if you get your shit via proxies they can see see the end stream from their router > your desktop

yeah but pptpd is a vpn server, so everything would be encrypted from my machine outwards

didn't realise it was an encrypted tunel thought it was just a standard proxy tool

No, I'd do the same, pixel. I have nothing but loathing for companies that want to inspect every nook and cranny of their employees. :D

What's wrong with wanting to make sure you're paying your employees to do what they are suppose to be doing and not looking at porn?

My friend is IT for a small company(has around 1200 people, most work in mills) and the CFO said his desktop was slow, so he goes to look at it and found a bunch of porn. At least the companies money went somewhere useful.

Nah VPN encrypts the data from the source of the connection to the destination of the connection. Essentially it creates a dummy network interface on the machine connecting to the VPN, with an ip address provided by the server accepting the connection, everything on that interface is encrypted and the operating system by default (unless additional routing rules are set up) will send all subnet unspecific network traffic over that interface (ie: when you open up a browser/putty it will go via the vpn'd interface, while your exchange connection via outlook will still go over the corporate LAN)

What kind of company will allow VPN connections from internal client machines? Just about every environment I manage blocks everything and anything from going external other than http/https packets via 80/443.

Also any secure environment using GPO's would never allow a USER to create a new network interface on their local machine. Again, in most of the environments I work in users are blocked from opening up display properties, never mind creating new network interfaces.

I only see the above working on extremely loosey goosey environments, any real managed secure environment wouldn't have any of it.

What's wrong with wanting to make sure you're paying your employees to do what they are suppose to be doing and not looking at porn?

My friend is IT for a small company(has around 1200 people, most work in mills) and the CFO said his desktop was slow, so he goes to look at it and found a bunch of porn. At least the companies money went somewhere useful.

Fair enough, if you have reason to suspect people, or if you generally employ people who can't be trusted. By all means activate measures that kick in once certain suspicious criteria are met, but constant monitoring can kill the trust in a company. It's not exactly the one case of monitoring I'm against per se, but a measure such as this, usually indicates that the management are (or have) using other tactics as well, in regards to employee supervision. Even if people have nothing to hide, knowing that your every step and move is being meticulously scrutinized can wear down the trust and general happiness in a company. If management gets into the habit of thinking of employees as people who're up to no good (which can happen, believe me), they shoot themselves in the foot.

You don't ensure proper computer usage by looking over peoples shoulders telling them to behave. Well, you can, but it's one of the worst ways of doing it.

Maybe, probably, it differs from country to country.

If you're doing your work, while at work, why care if your company monitors you doing your working? Just continue working, work your way up to the top, where you have the control and power, that you won't be monitored.

Or just go into IT, there you don't have to worry, because you'll be the one doing the monitoring.

Out of everyone on this forum, how many do you think visit this site during work? This site has nothing to do with anyone's work, no reason to be here. I know I visit this forum when I should be working, but I work for myself, so I'm only hurting myself. Other people waste time that they could be spending getting work done.

If you're doing your work, while at work, why care if your company monitors you doing your working? Just continue working, work your way up to the top, where you have the control and power, that you won't be monitored.

Or just go into IT, there you don't have to worry, because you'll be the one doing the monitoring.

Out of everyone on this forum, how many do you think visit this site during work? This site has nothing to do with anyone's work, no reason to be here. I know I visit this forum when I should be working, but I work for myself, so I'm only hurting myself. Other people waste time that they could be spending getting work done.

I generally do my nonsense browsing during dead time anyway, like when im sitting in a server room running firmware updates on blades and I can only bring 1 unit down at a time..some of those updates take 5~ mins so i may aswell soil those 5 mins on random net browsing and forum posting.

Put yourself in the shoes of the executives, who's job is to bring in as much money as possible, or be fired. That "dead time" won't seem as dead as you think they are.

And yes, I know, the executives already make so much, who gives a fuck what they think, but getting the most out of someone you're paying, is what makes a successful company, successful.

That's the cynical approach, if you know what I mean, and fortunately, far from all bosses and/or mid-level managment people are like that, here anyway. Some of the most successful companies in Denmark are known for 'round' policies, in that keeping people happy is what makes them work their asses off, not keeping them stressed out and on their toes, but yeah, there are infinite combinations and variations of these ideas put together, all different relative to global location, executive level management, company type and about 312 other factors.

People are just people, you can't cater to everyone's needs. Everyone is motivated in different ways, it's easier to just monitor employees to ensure they are working at their fullest, if they are not, fire them and hire someone who will. During a financial crisis, such as now, most companies will go the easiest route to make sure they are getting the most out of every penny(whatever a penny is called in your country) they spend.

What kind of company will allow VPN connections from internal client machines? Just about every environment I manage blocks everything and anything from going external other than http/https packets via 80/443.

Also any secure environment using GPO's would never allow a USER to create a new network interface on their local machine. Again, in most of the environments I work in users are blocked from opening up display properties, never mind creating new network interfaces.

I only see the above working on extremely loosey goosey environments, any real managed secure environment wouldn't have any of it.

I'm a developer with local administrator privileges on my own machine, and restricted privileges on our corporate domain. We have unvetted access to the 'net currently but VPN connections will not be blocked as our support team frequently VPNs to customer sites to provide support... Failing that as I am setting up my own VPN server there is nothing stopping me from binding it to port 80 or 443...

in my last position i bound sshd to port 443 to get around this exact problem

Just wait till they start whitelisting the customer vpn servers only... That is when they find out they can do advanced ACL's....

sorry remind me, with a large list of customers whose internet connectivity details are known to change occasionally, how would white listing or access controls prove to be beneficial? :P

Not beneficial, additional workload, but it'd clearly make a point of securing the intranet and disencouraging non workrelated activity.

Put yourself in the shoes of the executives, who's job is to bring in as much money as possible, or be fired. That "dead time" won't seem as dead as you think they are.

And yes, I know, the executives already make so much, who gives a fuck what they think, but getting the most out of someone you're paying, is what makes a successful company, successful.

Not really. The IT department at my gf's company is full of the laziest workers ever, and her company was rated among the top companies in Canada to invest in.

Go figure. Those guys work 1/2 the hours I do and spend half of those hours gaming.

Logic -> Out the window.

I'm a developer with local administrator privileges on my own machine, and restricted privileges on our corporate domain. We have unvetted access to the 'net currently but VPN connections will not be blocked as our support team frequently VPNs to customer sites to provide support... Failing that as I am setting up my own VPN server there is nothing stopping me from binding it to port 80 or 443...

in my last position i bound sshd to port 443 to get around this exact problem

Read my post a bit closer. If packets are properly filtered, you can bind whatever you want to port 80 or 443 on your servers end, HTTP/HTTPS packets only, the rest are dropped.

That means bye bye VPN packets, no matter what port you try and use them on.

If I didn't know how to stop kids from dicking around on company computers, I wouldn't have a job. Bouncing packets through port 80 to get around filtering should only work in schools, library's, and half assed unsecure networks.

If I was in charge of your companies network, the support team would belong to their own group allowed to VPN out, the rest of you who didn't need vpn out wouldn't have it. But hey, its your companies network and its rules. Just don't abuse them or they'll get assholes like me to come in and do something about it :P

I don't know shit but...


What if the packets where manipulated so they get through out to the net to a remote server (home computer) which understands them and then humm yeah :blush:

If I didn't know how to stop kids from dicking around on company computers, I wouldn't have a job. Bouncing packets through port 80 to get around filtering should only work in schools, library's, and half assed unsecure networks.


Is that why people keep finding ways to beat the system, humm funny...

Is that why people keep finding ways to beat the system, humm funny...

And I keep finding ways to shut them down.

They are my job security.

LiL T, welcome to the world of network ops vs the rest of the company :)

haha so true, its a constant battle.

i definitely wouldn't wanna work for a company where my charms didn't turn the network guys to mush :p

i definitely wouldn't wanna work for a company where my charms didn't turn the network guys to mush :p

I know of a lingerie company (google Marlies Dekkers), they only hire homosexual men or goodlooking women, i had to go to their hq once to fix a wan connection laid down by the comapny i was doing it for, and they pay absolute attention to detail there... But you wouldn't get ANYTHING from those IT guys as a woman atleast!

Oh so you got lucky that day then didn't you vamps?

there we go, the primary ip range that i use to vpn and irc and forward my internet traffic through has been blocked by the networks team :(

time for a workaround... (currently on a customers vpn heh)

Oh so you got lucky that day then didn't you vamps?

No cause i didnt learn much there, all the IT staff is dumb there, they were like the first to implement server 2k8 just so microsoft would send professionals to fix that shit up for them lol, in exchange for a few photos and a story.

They call support for ANYTHING they hire external parties..

Then again Marliesje Dekkers has more money than blondes in her inventory so she can afford to have such a company...

Thinking of it i need a new string, this one is getting dirty.

there we go, the primary ip range that i use to vpn and irc and forward my internet traffic through has been blocked by the networks team :(

time for a workaround... (currently on a customers vpn heh)


You know thats worse huh, abusing a customers vpn.... You'll prolly be thouroughly fucked if found abusing the network again, and if they blocked that range they surely are onto you.... But since a smile and a sexy look can apparently fix a lot with the people around you....

clearly but im not going to go and use it within hours of them cutting me off now am i, not gonna make myself look desparate

clearly but im not going to go and use it within hours of them cutting me off now am i, not gonna make myself look desparate

You could vpn to my debian box, then again you'd never accept such a proposal..

Get a laptop, buy a wireless internet card, and there you go, internet, and your job is safe.

i have enough vpns at my disposal vamps, but ty for the offer... just trying to not make it blatently obvious that the second they close off said ip range i suddenly start usin another ^_^

If you can't be bothered to sit at a computer all day doing boring shit, then don't get a job sitting at a computer all day long doing boring shit.

hey im working on my new career as we speak

How did you come about getting the job in Køge, btw? Just the short version.

was in the states, got bored of the states, i have a passport that is valid in the eu, looked for jobs all over the eu, applied, got offered an interview, did it over the phone, moved to dk

Where did you live when you were in the US?

was in the states, got bored of the states, i have a passport that is valid in the eu, looked for jobs all over the eu, applied, got offered an interview, did it over the phone, moved to dk

Good for you for daring changes. Strange to be in Denmark, if you got bored of the states, though, haha. Are the Danes treating you okay? I think Danes for the most part are obnoxious and rude, but maybe it's because I am one.

which is why im leaving shortly :P i get antsy, cant sit still for too long... its why im constantly vpn'd in one way or another, my digital life is stored elsewhere so when i get up and leave i dont leave anything behind...

when i went to the states i was just bumming around and having fun really, didn't work (was illegal duh) - spent the last 3 months sleeping on orange county beaches during the day and clubbing at night, made a bunch of friends out there and would crash over and their places

Good for you for daring changes. Strange to be in Denmark, if you got bored of the states, though, haha. Are the Danes treating you okay? I think Danes for the most part are obnoxious and rude, but maybe it's because I am one.
I hate most danish kids, I think I was lucky to go to a inner city school there were more normal kids and gang wars with muslims :P

Good times...