Silk Road forums

Discussion => Security => Topic started by: firehawk on December 06, 2012, 11:16 am

Title: TOR on a company network - problem?
Post by: firehawk on December 06, 2012, 11:16 am
So, I've been lurking here on the forums for a bit; made a failed attempt at a domestic buy (bad timing for the vendor and me, mutually decided to call it off) and am currently awaiting an international shipment (nervous and excited!).

Anyway. I'm away from home working in a remote area, so I've been using a 3G USB modem to keep an eye on SR and trawl through the forums.

Yesterday I was happily reading away until I noticed that I'd forgotten to disconnect the corporate LAN cable from my personal laptop. I had my USB modem plugged in and thought I was running off that. I pulled the LAN cable immediately (after a Jaws style focus-pull), and TOR remained connected.... Which leads me to believe that it was running through the USB 3G modem.

So my question is; is it likely that anyone would notice a TOR connection on a corporate LAN? And, is it possible for them to work out what sites I was looking at?

Worst comes to worst I have some explaining to do, but I'll just say I was curious after all the media coverage and wanted to see what all the buzz is about. Or deny, deny, deny.

But having some answers would be reassuring. Thanks guys!
Title: Re: TOR on a company network - problem?
Post by: acider on December 06, 2012, 01:10 pm
Noticing a tor connection  is possible, but not what you were doing.
I wouldn't worry about it. I would be more worried about my ISP than IT  ;D
Title: Re: TOR on a company network - problem?
Post by: SelfSovereignty on December 06, 2012, 01:21 pm
A lot of companies employ automated network monitoring software.  I don't see how that wouldn't notice it.  Bear in mind, if you do something illegal via Tor as an employee at that company, they may well be lible (liable?  Fuck, I never know which to use for that meaning, whatever).

It depends entirely on your IT department though.  I mean if you've got a competent team that actually does their job, sure they'll notice.  And probably ignore it if it doesn't happen again, but who knows.  If they're average, nobody'll be the wiser.  I hear, but can't verify, that IT departments are downsized to the bone these days because of the whole cloud fad.  You're probably fine.
Title: Re: TOR on a company network - problem?
Post by: blueveil on December 06, 2012, 01:57 pm
A lot of companies employ automated network monitoring software.  I don't see how that wouldn't notice it.  Bear in mind, if you do something illegal via Tor as an employee at that company, they may well be lible (liable?  Fuck, I never know which to use for that meaning, whatever).

It depends entirely on your IT department though.  I mean if you've got a competent team that actually does their job, sure they'll notice.  And probably ignore it if it doesn't happen again, but who knows.  If they're average, nobody'll be the wiser.  I hear, but can't verify, that IT departments are downsized to the bone these days because of the whole cloud fad.  You're probably fine.
Personally have used the resources of one of the fortune 100 companies to access and use both TOR and SR. I found that the IT dept was lacking concern as this went on for around 6 months no problem.
Title: Re: TOR on a company network - problem?
Post by: Just Chipper on December 06, 2012, 07:40 pm
I wouldn't worry too much about it as others have said. If an IT guy brings it up play stupid. I am actually typing this response from my work as we speak. The only advice I have is if you're going to do it at least use the obfuscation TOR package as you can make your traffic appear as skype, http, etc.
Title: Re: TOR on a company network - problem?
Post by: Theophilus on December 06, 2012, 08:06 pm
...Anyway. I'm away from home working in a remote area, so I've been using a 3G USB modem to keep an eye on SR and trawl through the forums.

Yesterday I was happily reading away until I noticed that I'd forgotten to disconnect the corporate LAN cable from my personal laptop. I had my USB modem plugged in and thought I was running off that. I pulled the LAN cable immediately (after a Jaws style focus-pull), and TOR remained connected...

...Which leads me to believe that it was running through the USB 3G modem.


I'm confused, what was your LAN cable plugged into?

Sounds to me like you weren't plugged into anything, but just using the wireless modem?

But yes, I'd be careful of this.

It a comes down to what your IT dept has in place. You could easily be attracting unwanted attention, if nothing else.
Title: Re: TOR on a company network - problem?
Post by: woahmang on December 06, 2012, 08:50 pm
If your company lets you connect your own equipment to their LAN then they've probably got a lot more going on than a few connections to TOR.
Title: Re: TOR on a company network - problem?
Post by: ch0sen on December 06, 2012, 08:52 pm
If you are in a big company then I wouldn't worry about it.  There is so much traffic in and out that you would have to do something
large to get noticed.  Lots of traffic to strange ports.  Even then it might go unnoticed.  Use obfuscation like suggested above.

I work at a big company and I run back doors over 443 to avoid their corp. VPN.  I have been doing this for years and have never
been asked anything about my traffic. 

-
Title: Re: TOR on a company network - problem?
Post by: firehawk on December 06, 2012, 09:55 pm
Thanks for all the feedback guys! I'm feeling much less concerned about it.

It's a *huge* company with many subcontractors spread over dozens of sites; and I think the IT guys have a hard enough time just keeping everyone online.

I'm confused, what was your LAN cable plugged into?

Sounds to me like you weren't plugged into anything, but just using the wireless modem?

But yes, I'd be careful of this.

It a comes down to what your IT dept has in place. You could easily be attracting unwanted attention, if nothing else.

To clarify, the corporate LAN cable was plugged into the back of my laptop, and I had the wireless USB modem running as well.
Title: Re: TOR on a company network - problem?
Post by: sysco88 on December 07, 2012, 02:23 am
IT would be more concerned if you were downloading torrents or porn than using the TOR network.  At least at every IT department I've worked in, we were much more concerned with bandwidth issues and security breaches to worry about someone trying to get around the firewall block of facebook, which is what we assume your doing.  I would always do a mental check to remember this person is more tech savy than they may let on and at most make sure they weren't pegging our bandwidth or filling up a network share somewhere.   
Title: Re: TOR on a company network - problem?
Post by: SelfSovereignty on December 07, 2012, 01:10 pm
If you are in a big company then I wouldn't worry about it.  There is so much traffic in and out that you would have to do something
large to get noticed.  Lots of traffic to strange ports.  Even then it might go unnoticed.  Use obfuscation like suggested above.

I work at a big company and I run back doors over 443 to avoid their corp. VPN.  I have been doing this for years and have never
been asked anything about my traffic. 

-

I think we're long past the days of network monitoring being a simple history of ports and their associated protocols and connection times.  Deep packet inspection can do very scary things.  Things I don't even know about, really, because I don't spend my days making sure Iran and China can satisfactorily control their citizens with my company's hardware.

What I'm thinking of is an article I saw several months ago about how an American company was selling one-piece-solutions to foreign countries so that they could accurately monitor and control their citizens online.  The features they claimed/included were able to reveal a shocking amount of data, even to me -- a paranoid geek.

I'm just pointing it out so that everyone's informed and all: very scary levels of monitoring are not only possible but done every day with existing hardware and software solutions.  Whether or not they're done on you and me... well, of course -- but how much?  Who knows.
Title: Re: TOR on a company network - problem?
Post by: Just Chipper on December 07, 2012, 02:43 pm
I think we're long past the days of network monitoring being a simple history of ports and their associated protocols and connection times.  Deep packet inspection can do very scary things.  Things I don't even know about, really, because I don't spend my days making sure Iran and China can satisfactorily control their citizens with my company's hardware.

What I'm thinking of is an article I saw several months ago about how an American company was selling one-piece-solutions to foreign countries so that they could accurately monitor and control their citizens online.  The features they claimed/included were able to reveal a shocking amount of data, even to me -- a paranoid geek.

I'm just pointing it out so that everyone's informed and all: very scary levels of monitoring are not only possible but done every day with existing hardware and software solutions.  Whether or not they're done on you and me... well, of course -- but how much?  Who knows.

Good point Sovereignty. The NSA has been doing this to americans since 2000. Then used the FISA portion of the Patriot Act to allow it by law. Lookup William Binney and the program he regretfully created "trapwire". He originally designed the program to monitor traffic of radical groups overseas, then upon finding out it was being used on US citizens he immediately resigned and became a whistleblower. It's a simple enough piece of code as it just monitors inbound/exbound traffic at the major Backbone chokepoints (NYC, LA, etc) and copy it to off-site servers for later use. In fact they are building a $2billion dollar facility in Utah with over a yottabye (new term) of storage. For reference 1024tera-1peta, 1024peta-1exa, 1024exa-1?(unnamed yet), 1024?-1yotta! Also it should be pushing an exa-flop of processing power! They're not censoring the internet in USA just yet, just acquiring mass amounts of encrypted mesages to brute-force at a later date.

Trapwire Link: https://rt.com/usa/news/stratfor-trapwire-abraxas-wikileaks-313/
Data Center Link: http://www.forbes.com/sites/andygreenberg/2012/03/16/nsas-new-data-center-and-ultra-fast-supercomputer-aim-to-crack-worlds-strongest-crypto/
Title: Re: TOR on a company network - problem?
Post by: ch0sen on December 08, 2012, 01:48 am
A good friend of mine worked for a large company (nameless) who was involved in the installation
of hardware at many AT&T datacenters.

They get every bit in and out of every AT&T DC at the very least and it goes to be stored and searched.

That is only the US.  And that is only what I know of first hand.

Extrapolate that info and basically NSA gets everything.  Even this message I am sure...