So I thought I was being all cool…I set up OpenSSH on my computer at work, so I could tunnel back home using putty and be able to bypass the firewall rules at work.
Well, it worked…I was able to surf and get to Gmail, and actually, since I wasn’t using the webproxy, my browsing was super fast.
Then, my boss forwarded me this email he got from our IT Risk folks (identifying information about IP addresses and hostnames removed:
_We have recently received a number of alerts from the Intrusion Detection System which indicate multiple attempted SSH connections from the machine of Matt Stratton (x.x.x.x) via the internet proxy environment x.x.x.com. The timestamps for the alerts are numerous from 14:00 to 15:36 GMT – 23rd May 2005.
Could you please confirm the activity that was being performed by Matt Stratton and ensure that he understands that access to the internet is restricted to HTTP, HTTPS and FTP unless requested and approved by Risk Management.
So I immediately turned off my putty connection, and replied to my boss that I had been messing around with tunnelling at home, and forgot to disable it when I came back in today. He was cool with it (he basically told me he didn’t care what I did, as long as we didn’t “get caught”).
Well, then I started to think about this some more. The intrusion detection that they reported occured between 9 am and 10:30 am today. This was before I actually got the tunnel *working*. So what they saw was me attempting my connections, but once I got it going, they didn’t notice (I got the email from my boss around 11:30, after I’d been successfully using the tunnel for about an hour).
I still am not going to mess with this again for a couple of weeks. There are other people I work with who do this SSH tunnelling stuff, but they do it slightly differently. So in a couple weeks I might try setting it up again, but the “right” way. For now, I’m laying low.
Oh, also, they finally blocked IM through the proxy, so no AIM or YIM while I’m at work. I can get to my Gmail via my cell phone…sorta…but your best bet (if you have to reach me during the day) is via my work email address. If you don’t know what it is, you’re probably not my friend :)