Tags:





Brute Force White List Determination
July 14, 2008 1:23 PM   RSS feed for this thread Subscribe

I am at a new job with restricted internet access. They have a list of white listed sites, but no one seems to know what sites are on the list, and I can't ask anyone because the company uses a third party solution and their website doesn't have a list of the sites.. Is there a program that will determine what sites are on the white list by brute force?
posted by Infernarl to technology (9 comments total)
Well, if by brute force you mean that it would exhaustively test every possible domain name, you might want to ask yourself if that's the sort of program you want to be running at work.
posted by jon_kill at 1:33 PM on July 14, 2008 [1 favorite]


Do you know what the third party solution is? It's possible someone here had some inside information about it they could share.

Otherwise, no.
posted by Ookseer at 1:46 PM on July 14, 2008


If you know the company name, try calling them and asking.

If you're willing to brute force it at work (honestly, not a good idea), you might want to look into the method of blocking, especially if it's at the DNS level. You can look into OpenDNS, or even do some SSH tunneling to your home machine to get around the restrictions.

But be aware that any of the above options may get you fired.
posted by blue_beetle at 1:58 PM on July 14, 2008


Typically, webwasher companies hold their whitelists (and blacklists) as trade secrets.
posted by rhizome at 2:07 PM on July 14, 2008


The odds are that the list from the webwasher company is online somewhere and can be googled up by using their name and "whitelist" in a search.

Brute forcing it is a bad, bad idea.
posted by dejah420 at 2:22 PM on July 14, 2008


I'm not sure why you're wanting to get the full list of white-listed sites? Can't you just try the ones you want and see what happens?

Every restricted proxy I've used has spit up an error with the name (and logo) of the company doing the restricting, FWIW. But I don't suggest trying to browse Playboy.com at work to get that error!
posted by fogster at 2:51 PM on July 14, 2008


Being able to brute force the whitelist would mean being able to pass off some million-odd HTTP requests, some to blocked sites, and get away with it without your company's network operations guys shutting off your Ethernet port the minute that much suspicious Web traffic appeared and attempted to gnaw its way out of the intranet.

Probably not worth it.
posted by fairytale of los angeles at 5:45 PM on July 14, 2008 [1 favorite]


If they see a million requests coming out of your machine, you'll definitely raise some red flags. Try asking around to see if people have been able to access sites like Facebook and try to compile an internal list based on shared experience?
posted by perpetualstroll at 7:14 AM on July 15, 2008


In a previous life I had responsibility for managing a filtered proxy like this. If you can get hold of the log files that the IT guys have it will give you a pretty comprehensive list.
We actually ran it in black list mode, and after a couple of years we collected a pretty extensive black list ourselves by monitoring logs.
posted by bystander at 9:29 PM on July 15, 2008


« Older Looking for recommendations fo...   |   Why would a laptop+conference ... Newer »
This thread is closed to new comments.