How can I connect to the Internet at work?
January 30, 2006 6:46 PM Subscribe
I work as a contract employee at a large corporation. The company has provided us with laptops. Because I won't be there long, I don't have Internet access. I noticed, though, that I can ping yahoo. But I can't otherwise connect to any websites. Any suggestions as to how I might read my e-mail, other than leaving the office and going to a cyber cafe?
I tried booting up a live Knoppix CD and for the first day I could connect. Now though, I get a message saying, "time out on port 80" when I use that option.
I'm assuming the company has a firewall, but I don't know what kind of software they use.
I tried booting up a live Knoppix CD and for the first day I could connect. Now though, I get a message saying, "time out on port 80" when I use that option.
I'm assuming the company has a firewall, but I don't know what kind of software they use.
If you can get google, you can try the ol' google translate trick (translate the page into english).
posted by tcobretti at 7:19 PM on January 30, 2006
posted by tcobretti at 7:19 PM on January 30, 2006
Most likely they have a firewall which allows ICMP but blocks traffic on other ports. Other things that they may have in place include requiring use of a proxy server, DNS servers that do not perform lookups outside of the local LAN, no gateway available for certain subnets, etc.
You could try a port scan, manually fixing your DNS server to something outside of your network, trying a proxy server that is on a port other than port 80, or... too many other things.
posted by stovenator at 7:25 PM on January 30, 2006
You could try a port scan, manually fixing your DNS server to something outside of your network, trying a proxy server that is on a port other than port 80, or... too many other things.
posted by stovenator at 7:25 PM on January 30, 2006
You should keep in mind that someone might not think it was funny if you figured out a way to do this. Large companies can have some pretty aggressive LAN cops.
It's very curious that your Knoppix trick worked one day and not the next. If you're sure that you won't get in trouble for circumventing this, it may bear some fruit to do some low-key poking around with tracert, nslookup, and nmap. Google around and find an internet DNS server that will let you recurse off of it. See if you can query it from the office. (You will need to compare the results with results you got from home to see if you're being lied to by a local DNS server).
If you can get port 53 outbound (DNS), it's then just a matter of finding an open internet proxy server running on port 53 (if they're permitting both UDP and TCP/53 outbound). Google can help you here as well.
Since there are proxy servers out there running on every port imaginable, you might just need to do some light poking with nmap (or telnet) to see if you can find a port that this company permits outbound. Examples to try would be to ftp to something like ftp.mozilla.org.
If you can hit a proxy server via the IP itself, maybe you don't even need DNS......
posted by popechunk at 8:01 PM on January 30, 2006
It's very curious that your Knoppix trick worked one day and not the next. If you're sure that you won't get in trouble for circumventing this, it may bear some fruit to do some low-key poking around with tracert, nslookup, and nmap. Google around and find an internet DNS server that will let you recurse off of it. See if you can query it from the office. (You will need to compare the results with results you got from home to see if you're being lied to by a local DNS server).
If you can get port 53 outbound (DNS), it's then just a matter of finding an open internet proxy server running on port 53 (if they're permitting both UDP and TCP/53 outbound). Google can help you here as well.
Since there are proxy servers out there running on every port imaginable, you might just need to do some light poking with nmap (or telnet) to see if you can find a port that this company permits outbound. Examples to try would be to ftp to something like ftp.mozilla.org.
If you can hit a proxy server via the IP itself, maybe you don't even need DNS......
posted by popechunk at 8:01 PM on January 30, 2006
Response by poster: Thank you all, here's my comments:
First, I should have made clear that I am already on the company's LAN, I am trying to get outside it. I am aware of the company's need for security as to its LAN, that's why I used the Live CD, so it wouldn't be able to access the Intranet or make changes to the company-issued laptop. I figured, if I'm pinging yahoo, there's got to be a connection.
Permanent employees do have Internet access. If a permanent employee logs on using my laptop (but their username and password, they will have access. (yes, I know I could re-set the administrator password, but I don't want to do this; after all, I'll have to return the laptop with a different password at some point.
1. I don't know if it's a real DNS server or not. I'll try tacert tomorrow.
2. You can't get google because it's on the Internet. So that trick doesn't work.
3. How can I "hit a proxy server via the IP itself"?
4. I am aware of the existence of tunneling programs, SSH,etc. But that doesn't mean I know how to set them up. Where could one learn?
5. Is there a way to change the default browser to use a different port?
I'm doing all of this in Linux (or trying to); I'm doing my best to leave the company's network alone; remember, my sole goal is to access yahoo to check email. Nothing more.
Thanks for the help; any other ideas?
posted by tesseract420 at 9:21 PM on January 30, 2006
First, I should have made clear that I am already on the company's LAN, I am trying to get outside it. I am aware of the company's need for security as to its LAN, that's why I used the Live CD, so it wouldn't be able to access the Intranet or make changes to the company-issued laptop. I figured, if I'm pinging yahoo, there's got to be a connection.
Permanent employees do have Internet access. If a permanent employee logs on using my laptop (but their username and password, they will have access. (yes, I know I could re-set the administrator password, but I don't want to do this; after all, I'll have to return the laptop with a different password at some point.
1. I don't know if it's a real DNS server or not. I'll try tacert tomorrow.
2. You can't get google because it's on the Internet. So that trick doesn't work.
3. How can I "hit a proxy server via the IP itself"?
4. I am aware of the existence of tunneling programs, SSH,etc. But that doesn't mean I know how to set them up. Where could one learn?
5. Is there a way to change the default browser to use a different port?
I'm doing all of this in Linux (or trying to); I'm doing my best to leave the company's network alone; remember, my sole goal is to access yahoo to check email. Nothing more.
Thanks for the help; any other ideas?
posted by tesseract420 at 9:21 PM on January 30, 2006
This sounds like they have some sort of firewall that blocks outbound traffic based on successful authentication of the machine. It's most likely not in your best interest to go screwing around, and trying to subvert their security policy. By subverting their security measures, you do potentially open their network to intrusions. More likey, you will get yourself into trouble by messing around with things you shouldn't.
My best guess is that your current level of networking skills aren't going to do much, other than get you into trouble. I'd just wait and check my email later.
posted by stovenator at 10:39 PM on January 30, 2006
My best guess is that your current level of networking skills aren't going to do much, other than get you into trouble. I'd just wait and check my email later.
posted by stovenator at 10:39 PM on January 30, 2006
tesseract420, the company won't care one lick what you intend to do with your connection to the internet. either get yourself permission from an internal employee to get an internet enabled account, or give up on this and check mail on your phone. You can lose your job over circumventing the firewall, even if it's for some innocent purpose. You punching a careless hole "out" of the firewall, could be an exploit "in" for a hacker.
This is not an answer to your questions, but don't do this.
posted by zpousman at 7:05 AM on January 31, 2006
This is not an answer to your questions, but don't do this.
posted by zpousman at 7:05 AM on January 31, 2006
What zpousman said: don't do this. Not only may it cause you to lose your job due to breaching some company policy, but this is the sort of thing that really irritates the people who run your network infrastructure--mostly clueless user-level people trying to end-run around security.
Things are set up the way they're set up for a reason and you do not know better than your company's IT department. So even if you don't lose the job over this, you will at least earn the enmity of the tech folks at the company, if (not when) they find out.
Sorry to sound angry and bitter, but it's this exact attitude that causes so many computer problems at universities and corporations, and makes it so difficult to prevent and/or fix them. Get GPRS on your cell phone and use it as a modem, if you like, but don't try to get access where it's not being granted to you.
posted by cyrusdogstar at 7:55 AM on January 31, 2006
Things are set up the way they're set up for a reason and you do not know better than your company's IT department. So even if you don't lose the job over this, you will at least earn the enmity of the tech folks at the company, if (not when) they find out.
Sorry to sound angry and bitter, but it's this exact attitude that causes so many computer problems at universities and corporations, and makes it so difficult to prevent and/or fix them. Get GPRS on your cell phone and use it as a modem, if you like, but don't try to get access where it's not being granted to you.
posted by cyrusdogstar at 7:55 AM on January 31, 2006
And in my enraged rambling, I said "if (not when)" which of course is the exact opposite from what I meant :D
Just...check your email when you get home. It's not like you're a day trader or anything, right?
posted by cyrusdogstar at 7:56 AM on January 31, 2006
Just...check your email when you get home. It's not like you're a day trader or anything, right?
posted by cyrusdogstar at 7:56 AM on January 31, 2006
This thread is closed to new comments.
posted by popechunk at 6:52 PM on January 30, 2006