Working Around IT Departments
Since you’re reading this chances are that you are either in IT, wanna be in IT or you think this is some motivation “You Can Do It!” kinda post. Weird starting a blog out about telling folks how to work around our incredibility well thought out information technology policies. This is certainly not a Eric Snowden type of outing but really more of how we as the IT Crowd have to work with other IT departments that, hey let’s face it man; are just not as good as us right?! Can I get a witness up in here!!!
We’ve all made silly IT policies that at the time really seemed like a great idea…you know like password types so complicated that they had to be wrote down?? Heck at my first crack at LAN Administration way back in the Johnson Administration, I required; Unknown letter combo, numbers, mixed case, special character, map to hidden Amber Room and you best possible guess to the Riemann Hypothesis. Oh it was secure for sure…of course it was over a proprietary protocol network type called ScaNET…so that was a resume generating event.
How many times as an IT geek do you just get fire ant angry when a company blocks PINGs!!??! Or turning off rights inheritance; heck I’m still seeing a therapist over that event. Well, that and troubleshooting a system trust issue with over 10K user accounts…thru NAT…internal NAT!!…Yeah I know right!! oh the horror!!! Eli Roth’s next movie…
Here’s a few tricks I’ve picked up along the way to help…solve problems…
Workaround 00×01: No PING!!! Turning off antivirus and violating RFC’s 792 and 4443 should be punished by having to play the video game Desert Bus until you get high score. When I need to test a connection with ICMP blocked, I just use HPing3 http://wiki.hping.org/ It’s small lightweight (wrote in TCL) and works great! For example;
techwisetvNIX#hping3 –S <target IP address> -p80 –c 4
This will send SYN packets (-S flag) to port 80 (-p80 flag) four time (-c flag) instead of ICMP to test connections or even run a speed test to determine bandwidth. HPing3 has a TON of options. I use it to test firewalls too…but I’ll save that for another blog…
Workaround 00×02: “We disabled robots so hackers can’t GoogleDork us!” Aw! That’s so cute! However, if you’ve been around networking awhile you know the answer to all questions is not 42 but; “it depends” Certainly GoogleDorking is fun and an OK way to scare the crap out of analyst who think an IP address is where they go to the bathroom. Practically speaking, when I need that kinda vuln info; I’mheadin’ on over to Shodan. http://www.shodanhq.com/ and letting my fingers do the walking. It’s a search engine that searches on metadata about machines. So the idea isn’t to search about content that’s available on the Internet like GoogleDorking can be. For example; let say I’m looking for a vuln in IOS 15.1, well, I just type ‘er in the search bar and KA-ZOW! Global results! SHODAN uses a variety of techniques to actually determine the version. These may be through SNMP, fingerprinting, SSH, telnet, etc… But either way, it returns what it found as far as devices that are running that version of code. Very cool tool…and oh by the way…there’s a Shodan iPhone app for the; “geek on the go” I use as another tool for security auditing to tell folks to update your code goobers…especially the SCADA folks… Why do I need to us this? It’s another great way to find info and see our network as the world sees it, other then thru Google lens… Honorable mention: Duck Duck Go.
Workaround 00×03: Internet access is filtered! There could be many reasons IT departments block access to certain sites. It could be security issues, it could be State/Government issues, maybe someone doesn’t like you looking at cats walking in socks wearing trucker hats. Heck man, I have no idea. I do know this, when I was in the United States Navy before we pulled into a port, the Skipper would tell everyone were not to go and places to avoid. Those were the first places we hit! It served as a tour map for some rockin’ great stories later on! Folks are gonna find a way…
TOR (The Onion Router https://www.torproject.org/) Is the true Magsaysay Blvd of the Internet. Tor is basically an anonymizer. Many apps will over over TOR too. Rule of thumb, if it runs on TCP it’ll work. TOR bounces your communications around a distributed network of relays run by volunteers all around the world. This multi-branch routing prevents folks from snooping your Internet activity. Why would you want to do that? Well, if you’re traveling or a citizen of a country and you have get out info in a crisis but are being blocked; TOR is your exit. I’ve been to 36 different countries and tested in all countries and it worked great! Oh it’s slow for sure. But if you came from; “Pshhhkkkkkkrrrrkakingkakingkakingtshchchchchchchchcch*ding*ding*ding” welcome to flashback city home slice.
As side note…man alive TOR can be the Terentatek of the Internet. Be careful messing ‘round with .onion URL extensions in this universe.
What did I miss? Share some of your IT workarounds with the TechWise Guyz community here. Hey it’s kinda like hitting a virtual off limits bar online! Kick back crank up some Daft Punk and twist the top off your fav hack! PROST!!!
Jimmy Ray Purser
Trivia File Transfer Protocol
The phone keys One and Zero do not have numbers because they are “flag” numbers and kept for special uses like emergencies or operator services.