One of our fellow posters told me of a truly traumatic experience. When she went in to work yesterday and tried to log on to the Straight Dope, she found that it was blocked by her company's computer network. She only has access at work, and her job leaves her some long streches of free time, so she is at serious risk of severe withdrawal symptoms.

By way of background, she works at a large financial company, and has no idea of what type of internet connection or system they use (and she ain't about to ask). She tried to access the boards through a coworker's computer, and it worked briefly but then got the same access denied message.

So, for very important, um, research needs, might anyone have a suggestion on how she might get around this block and access the SDMB at work. Her sanity could be riding on your responses.

I would advise against fixing this. Your friend could get in trouble for violating her company's web use policies.

Buy her a cheap home computer instead.

Or ask the network guys to allow access to this site...they might go for it, for a couple of beers...

dylan_73 is correct. 'Fixing' this may violate the company's IT policy which could be bad for her career with that company.

That said it is somewhat encouraging that another employee got through a bit then got stopped. In general such things are either blocked or they aren't...no half-measures. It is possible that some other hiccup in the system caused the boards to not be accessible. Frankly the servers the SDMB run on need help. I frequently find them extremely sluggish and occasionally get timed-out trying to access the pages. Have her try a few more times throughout a day and see if anything changes.

Otherwise the beer thing dylan_73 mentioned can work surprisingly well. In addition, male computer types tend to be very susceptible to a woman's charms. I'm not suggesting she sleep with them but I think she'll find a few well placed smiles can do wonders.

Originally posted by Jeff_42
I'm not suggesting she sleep with them...

Spoilsport :)

I would also say that trying to get around company lock outs is a dodgy area to go into.

If they know anybody in IT it might be useful to mention it to them.

The SDMB might have been blocked because of the amount of hits it recieved through their proxy. If this is the case then your friend is out of luck, if it is just blocked because a new piece of software that has picked up on the SDMB then they may be able to convince them to unblock the site.

Good luck.

There is something you can try which has a good chance of working.
Go to http://www.safeweb.com. This site allows you to surf anonymously and gets around firewall blocking and filters.
However, if the company in question already blocks access to safeweb, then you're screwed....
Worth a try.

Michael

Originally posted by DataMike

Worth a try.



Not worth a try if the company decides to look at what's coming through safeweb (yes, they can; if it gets to your computer, it can be observed) and sees a site that they've recently blocked. Then it's up to the bosses office to explain / get fired.

I strongly recommend either asking someone to allow it (with beer, if possible) or giving up and accessing from home.

Of course, maybe the company is quite lenient, or something...you take your own chances on that one...

You are on your own if you do this, so don't blame me if you get fired:

Most web sites are blocked by IP address and/or name. However, in most cases you can get around this by converting the IP address to decimal and using the decimal address in your web browser. To do this, convert the IP address to binary, then the binary to decimal.

For example: The IP address of http://www.straightdope.com is 63.97.40.3. Covert each octet (number seperated by the dot) into binary, adding zeros as necessary to maintain an 8 bit number (3 = 11 in binary, so make it 0000 0011). Next, string all the octets together to make a single binary number. In this case it comes out to 0011 1111 0110 0001 0010 1000 0000 0011. Coverting this to decimal gives you 1063331843. Put this into your browser (http://1063331843) and it will take you to the site, bypassing most blocking.

Say Smitty, how do I go about finding out the IP address of a web site?

Smitty's method will work on some blocking software...until you click on a link, of course :)

(Yeah, Ok, a link with an absolute, rather than relative, reference....)

I got an e-mail from our poster trapped in the land without the SDMB. She asked me to pass along the following:

A tale of woe, part deux:

I was briefly (oh so briefly!) able to log on to the SDMB this
morning, and I saw the thread you started on my behalf. Thanks!
Alas, I'm now locked out again. The message I'm receiving is Error
FW-1 @ dwda125: Access denied. Naturally, I haven't the foggiest
idea what this means. (To pass along Zebra's joke, all I know about
my computer is that it's beige). I can get to the SD main page, just
not the message boards.

Thank you to the folks who are suggesting possible solutions. I saw
a few of them before I was cruelly denied access(once again). At
this point, I'm hoping for a answer that doesn't involve naked IT
people, but it might come to that. :D

She appreciates the help, folks, and has mentioned that her job might not be worth keeping if she cannot access the SDMB, so extreme measures may be called for.

I am a Unix sys admin for a large corporation. Data coming through a secure, ENCRYPTED pipe cannot be 'looked at' just because the the info 'get to your computer'. Safeweb uses a secure, encrypted connection.
This is the basis for all secure e-commerce transactions.
Now if you want to get into a debate on whether 128-bit encryption can be broken using distributed computing schemes....well, that's another story.

Since she appears to be able to access www.straightdope.com, but not boards.straightdope.com, does boards.straightdope.com have a different IP address that she may be able to use.

Also, I think I've seen a variation of Smitty's method being used, where the four decimal number IP address (separated by dots) is converted number by number into an eight-digit hexidecimal number with no seperators (i.e. each decimal 0-255 is converted to its two digit hex equivalent). Might this be another way of getting there.

Ahem!

How does one go about finding out a web pages IP address?

Datamike: Ooops. I'm mostly wrong, it's true. I didn't realise it used encryption (note to self: visit a site before you comment on it, idiot!); I assumed it just anonymised (ie, stripped out user info so the site visited can't tell who accessed).

As for 100%...ahh, you sure they aren't using SMS at that place? :)

re distributed computing: well, distributed.net are still working on 64bit, aren't they? I think 128 bit is a *long* way off. Mind you, I just picked up a new Quantum Computer from PC World, so you never know... :)


Inky: "nslookup http://www.straightdope.com"

Bugger. I forgot to turn off URL parsing.

nslookup www.straightdope.com

should do it.

Even if you could get around it there is probably a computer on the netowrk that records all you are doing with the computer & a lot of comp's have 0 tolerance for this sort of thing.

Once more:

While you could possibly 'record' the encrypted data stream, there would be no point.
This data simply looks like garbage and cannot be decrypted; at least not given any reasonable time span--like the human life.

BTW, straightdope.com and boards.straightdope.com use two different ip addresses: 63.97.40.3 and 63.97.40.4.

In all likelyhood the corp. in question subscribes to a monthly update service which provides a list of ip's and keywords for the firewall.

The message "Error FW-1 @ dwda125: Access denied" is simply the message from the firewall software running on a machine named 'dwda125' denying the request.

In short, if you can get to safeweb, you can get to any site securely and with NO chance of anyone knowing about it aside from someone looking at your computer monitor.

Please note that the admins WILL know that you are hitting safeweb. Many hits to this site and they'll probably add it to the 'deny' list.

Michael

I tried the typing the nslookup thing directly into Netscape, and couldn't get it to work, but while waiting around for the reply window to pop up I found this site: http://www.webreference.com/cgi-bin/nslookup.cgi

That site allows you to enter a URL and get an IP address.

www.straightdope.com was 63.97.40.3
boards.straightdope.com was 63.97.40.4


Anyway, using Smitty's method, http://1063331843 got me to straightdope.com and http://1063331844 got me to boards.straightdope.com

Let's see if it works at the big evil financial company

I'm an IT security consultant in my spare time (oh, okay, for a living). Using sites like SafeWeb and Anonymizer is all well and good, but in security audits the logs will be checked for large amounts of time and/or page changes while using those sites.

Incidentally, FW-1 would be Firewall-1, a very popular firewall product that we use too.

The IP address-to-decimal trick will probably work, but always remember that sys admins can (and will) manually check out any sites that people seem to be spending a lot of time on -- they're not stupid when it comes to anonymous surfing or loopholes.

Originally posted by Inky-
Ahem!

How does one go about finding out a web pages IP address?

nslookup, or ping (DOS prompt, ping http://www.straightdope.com, this will return the IP address. There are also many utilities that you can use to simplify the process. Go to http://www.davecentral.com and see the Finger/Whois section for a ton of freeware and shareware apps that will let you do just that.

As far as monitoring of web browsing by the IT department, I AM the IT department at my job, and the only time I check the logs to see what people have been browsing is when there is already a suspicion that management wants checked, or when someone pisses me off. Many apps record a log of who has attempted to access banned sites, but if you are at a large company that blocks a great many sites, this log is probably so big that you probably don't have to worry unless they are gunning for you personally. YMMV

Damn parsing, I meant ping www.straightdope.com

Of course, this port may be blocked as well.

Thank you all for your help... at the moment, I'm using safeweb.


Anyway, using Smitty's method, http://1063331843 got me to straightdope.com and http://1063331844 got me to boards.straightdope.com

Let's see if it works at the big evil financial company

Nope. Billdo emailed the text of this thread to me. When I clicked on the first link, I got the SD main page, but the second link gave me the same old error message.

Anyway, hopefully Smitty is right about the huge log of banned sites and I won't find my personal belongings in a box on Monday morning...

About a year ago, the senior IT staff at work and I had a bet. I'd try to send an email from my desk to one of them, and they'd try to find conclusive proof that it came from me. Very fun educational for all of us- it was a sort of arms race, as every new trick I'd use, they'd eventually find a way to prevent it.

Of course, they eventually brought out the nuclear weapons of spyware- keystroke logging and screencaptures every random(x) minutes.

Cutting-and-pasting individual letters to avoid using any keys other than ctrl, shift, arrows, c, and v is far too time-consuming to do. It was much easier to concede defeat and buy the IT staff their bottle of scotch.

And to think I said I'd never resort to bribes or politics in the workplace...

Slightly off topic:
I manage the corporate network for a company .. magazine publisher, 1500 employees or so in a little under a dozen locations.

Speaking from an IT perspective.. if your company decides it's time to start screen capturing and keystroke logging, it's time to look for a new job.

The only time I ever care what sort of data a user is doing, is when they are causing problems on the network, and the only thing that we *block* is access to Napster servers, simply for bandwidth reasons. (Users can bring in their own cds/songs on cdrom).

Seriously. Time to find a new job. If your company is that bored that they have to check up on you -- then they obviously have no idea of your "measurables" actually are, and they're just making themselves look good.

Vix glad to see you are back on from work. I'm blocked at work from boards.straightdope.com (see http://boards.straightdope.com/sdmb/showthread.php?threadid=59481) Since I have access at home, I'm not going to circumevent the block, but you may want to see if anyone here would be willing to build you a home system. I'm sure many of us have used parts that are not being used and would be able to build a system. I had some spare drives until I got a killer deal on a system now my dad has a computer

I'm far from network savvy, but since my school had a ban on Napster, measures had to be taken. One that was supposed to work (presumably for people with more network knowledge than I) was a proxy server. Probably worth more trouble than it's worth (well, then again, this is the SDMB), but would this be a possible answer?

I was just thinking of a similar problem i have. I'm taking the AP C++ a class at school,and we're working ont his borign research project about the ap test. Soo... in my spare time surfing the web i have to entertain myself somehow. I tried downloading napster(the computers have cd burners and t1 lines so you can make cd's) and aim but.. their network security prevents us from acessing any important .dll files needed for installation. One good solution i heard was to put the program on cd and use it off of there(so this could help you access some other stuff Vix if you have similar problems). Basically,is there anyway to bypass security and acess the files to install something? The network guys at my school aren't the smartest,sicne I already know how to print something from any computer in the school to any printer in the school.

Here's what you do:

Get one of those Black Box converters (http://catalog.blackbox.com/BlackBox/) and hook it in between your computer's modem and your digital phone line.

Dial in as you would at home to your regular ISP. (You may have to learn how to switch TCP/IP settings on-the-fly)

The company's computers will not see your activity. Your only risk now is someone coming up behind you and staring at your screen and busting you.

What blocking software is your company using? If you are using a proxy filter like Smart Filter you can get around it with the following method. However, if you are using software such as Cyber Patrol which is not a proxy filter then it will not work. Check out http://www.peacefire.com to see whether the software you are using is a proxy software or not. If it is proxy software you can use this method to access the SDMB.



Step one: Check the filenames of the icons on your desktop to see if they have their file extensions showing. If you don't know what a file extension is, it's the part of the files title which tells the computer which application it should use to open it. For example a text file in Notepad, if saved to your desktop, should be called TEST.TXT. The .txt part. is the file extension. Similarly if you have a word document saved to your desktop it would be called TEST.DOC because the file extension for a word document is .DOC and for a program it is .EXE. Anyway, check to see if you can see the file extensions on the files saved to your desktop. If you can you can skip the next 3 steps. If you cannot see them it means that your system admins have rendered them invisible so you'll have to make them visible again. To do this you must:


Step A: Open My Computer.

Step B: Click on View and then click on Options.

Step C: Once the options menu is open click on the View tab and check to see if the box labelled "Display the Full MD-DOS path in the title bar". If it is ticked leave it alone. If it is not ticked, tick it and then click on Apply at the bottom of the menu. you have just unhidden the file extensions.

Once you've got the file extensions enabled you may continue.

Step 2: Open Notepad and copy and paste the following into it


{a href="http://a1.g.akamaitech.net/6/6/6/6/http://boards.straightdope.com/sdmb/}STRAIGHT DOPE{/a}


IMPORTANT: MAKE SURE YOU CHANGE THE { } BRACKETS INTO < > BRACKETS WHEN YOU HAVE DONE THIS ELSE IT WON'T WORK. ALSO, IF YOU DECIDE TO TYPE THE URL YOURSELF MAKE SURE YOU DON'T MAKE ANY SPELLING MISTAKES ELSE IT WON'T WORK.

Save your notepad file onto your desktop and then click to rename it and rename the file extension from .TXT to .HTM. Then reopen the file and you should see a link to the straight dope. Click on it and it should take you there.

This method works because the site http://a1.g.akamaitech.net requests a copy of the straight dope for you and as such the blocking software doesn't detect it because it will pick up akamaitech and not the straight dope and because akamaitech is not banned the cmoputer will let you see what's on it and if you've followedt he above instructions carefully what will be on it is a copy of the straightdope

BTW - If you can't access http://www.peacefire.com either because it is blocked then just post the name of your software here and I'll find out for you.

And, of course, if you spend long enough going through anonymous sites you run an increased risk of someone checking more thoroughly to find out what on earth you've been up to. Security auditors know about anonymous sites and know what to look for; it may not be an everyday risk, but don't be surprised if once a year someone checks.

If you are really insistent about getting around the company firewall, DataMike had a reasonably easy solution. There are a number of such "safe surfing" services, which have the obvious drawback that they will also eventually be placed on the "blocked" list.

You will notice that what those services do is parse the delivered content and rewrite the URL's in all the links to be routed again through their site. For instance, the message board link http://boards.straightdope.com/sdmb becomes a link to safeweb with the "real" url as an argument, so that safeweb can simply fetch that page and process it for you, too.

The decimilization solution would work if you could perform similar URL rewriting on your delivered pages to change all the http://boards.straightdope.com links to decimilized addresses. As observed, the links on the delivered page still say "straightdope".

There are some pitfalls with URL rewriting, BTW. If the URL's are extremely unusual, it may confuse the parsing and screw up the links. I have seen this recently with content in which all the actions on links are heavily javascripted, so that rather than going somewhere directly, every click on the page performed some sort of javascript-based processing first. URL rewriting usually makes a total hash of that, of course. (the context I've seen this in is working with app servers that try to handle session control this way when working with a browser that won't honor cookies - the rewriting is used to insert the session identifier in all the URL's pointing back into the server site).

If I were writing a "corporate nanny" firewall, I think I would have an option to try to parse outgoing URL's for other URL's embedded in the arguments or POST fields, and block on that basis as well, so people couldn't relay through something like safeweb. Maybe they do.

Which leads to an idle thought I just had. If corporate blockers can be circumvented by routine URL translation like this, I could write a very annoying (from their point of view) utility which would be installed as an HTTP proxy on your machine, and would simply perform URL rewriting as desired. On windows systems, make it manifest as a system tray app, and allow you to interactively add locations to be rendered in alternate forms, such as turned into IP's, decimilized as discussed, embedded in some other syntax, or converted into a different site. Or, for that matter, simply ignored or turned into some local reference, so you could get the benefit of stripping out ad banners through the same tool. I've got a "filtration" proxy like this I developed and was thinking of commercializing for different purposes a couple years ago... hmmmm ...

One could try this. If you own a laptop, and are allowed ( and are willing ) to bring it to work, you can do the following.
You can use a wonderful little box called a Linestein (http://hellodirect.com/catalog/HD-ProductSearchResults.jhtml;$sessionid$UI1C2CAAAA4Q2ZEXAIBCFEQ?_DARGS=%2Fcatalog%2FHD-ProductSearch.jhtml). It is an interface box between your digital PBX- type phone system and your laptop. The Linestein decodes the office phone system's PBX Coding, and delivers a straight analog line to you. It's a tiny box, and can be either ac/dc powered or battery powered. It's NOT phone theft, you are still dialing into your office telephone normally. It simply reads and memorizes, and decodes the coding for your particular office phone system. I mention this because A) Illegal activities are not allowed to be promoted here, and this device is not banned, and B) Office managers would be all over users, and I don't wish to make anyone's life miserable. The device , and I quote the manual, " ...complies with Part 68 of the FCC Rules. It is tested to Comply with FCC Part 15 Class B. For home or office use". It is in no way an underground or illegal device.

I've used it all over the United States, and only had trouble twice. Both times, my shoulder bag had been dropped. The laptop was fine ( thank god ) but the Linestein lost it's programming. It is re-programmable OVER the telephone, by HelloDirect, the maker.

I don't work for them, I'm just a really amazed happy customer here, offering yet another way to get to the SDMB while at work. You could leave up some other page of office work, minimized and ready to show while you surf the Dope Boards.

Cartooniverse

Frown. That link worked right to the Linestein page when I created it, now it lands you on the Hello Direct Home Page. Sorry :( Just type in Linestein on the left hand product search area, and it will take you to that page.

Hmmmph.

Cartooniverse