Re: home VPN

2006-03-13 Thread Bryan Brake 

Joachim Schipper wrote:

On Sat, Mar 11, 2006 at 09:03:21PM -0300, Gustavo Rios wrote:

Dear folks,

i live in brazil, and it is a common practice for local
corporation/institutions to monitor our phone calls, internet access
and personal email. I would like to be able to access Internet by
means of a proxy. My initial ideia is to get some peer (personnel)
outside brazil that would allow me to connect through it.

I wanted to be able to access the web and surf 
without the Nazi admin checking the firewall logs 
to see what I am doing.


I setup my OpenBSD machine at home with Privoxy 
(in packages section) and using Putty to forward 
my traffic over SSH.  Privoxy was very easy to 
setup and I am running it with the defaults.


Here is the link I used to setup my local machine 
to use my proxy...




http://www.zunta.org/blog/archives/2005/08/29/sshirking_work/

HTH,

Bryan

Re: home VPN

2006-03-13 Thread Joachim Schipper 
On Mon, Mar 13, 2006 at 07:55:47AM -0800, Bryan Brake wrote:
 Joachim Schipper wrote:
 On Sat, Mar 11, 2006 at 09:03:21PM -0300, Gustavo Rios wrote:
 Dear folks,
 
 i live in brazil, and it is a common practice for local
 corporation/institutions to monitor our phone calls, internet access
 and personal email. I would like to be able to access Internet by
 means of a proxy. My initial ideia is to get some peer (personnel)
 outside brazil that would allow me to connect through it.
 
 I wanted to be able to access the web and surf 
 without the Nazi admin checking the firewall logs 
 to see what I am doing.
 
 I setup my OpenBSD machine at home with Privoxy 
 (in packages section) and using Putty to forward 
 my traffic over SSH.  Privoxy was very easy to 
 setup and I am running it with the defaults.
 
 Here is the link I used to setup my local machine 
 to use my proxy...
 
 
 
 http://www.zunta.org/blog/archives/2005/08/29/sshirking_work/

There is no guarantee, though, that the nazi admin will be particularly
well-inclined towards ssh... ;-)

Some attacks are still possible, though; notably, even if we presume the
other end and all neighbouring networks are trustworthy, and the
firewall admin has no capabilities beyond his own network, he can still
notice *that* you are doing something, and traffic analysis will give
quite a bit of a hint.

Not much there's to be done about that, but still - something to think
about.

Joachim

Re: home VPN

2006-03-13 Thread steve szmidt 
On Monday 13 March 2006 10:55, you wrote:
 Joachim Schipper wrote:
  On Sat, Mar 11, 2006 at 09:03:21PM -0300, Gustavo Rios wrote:
  Dear folks,
 
  i live in brazil, and it is a common practice for local
  corporation/institutions to monitor our phone calls, internet access
  and personal email. I would like to be able to access Internet by
  means of a proxy. My initial ideia is to get some peer (personnel)
  outside brazil that would allow me to connect through it.

With all the illegal and then not so smart activities of people that often 
becomes the solution in any country.

 I wanted to be able to access the web and surf
 without the Nazi admin checking the firewall logs
 to see what I am doing.

Oh, nice. Figure out how to bypass company security policy and put them all at 
risk. Then call the guy who's job it is to keep it all working a Nazi. Mmm, 
impressive.

Hopefully you are not running on a windows machine thus opening a door to 
making it a cinch to hack your company network through your eh, 
inventiveness.

-- 

Steve Szmidt

For evil to triumph all that is needed is for good men to do nothing.
Edmund Burke

Re: home VPN

2006-03-12 Thread Lars Hansson 
On Sunday 12 March 2006 08:03, Gustavo Rios wrote:
 Dear folks,

 i live in brazil, and it is a common practice for local
 corporation/institutions to monitor our phone calls, internet access
 and personal email. I would like to be able to access Internet by
 means of a proxy. My initial ideia is to get some peer (personnel)
 outside brazil that would allow me to connect through it.

Have a look at Tor in packages.

---
Lars Hansson

Re: home VPN

2006-03-12 Thread Joachim Schipper 
On Sat, Mar 11, 2006 at 09:03:21PM -0300, Gustavo Rios wrote:
 Dear folks,
 
 i live in brazil, and it is a common practice for local
 corporation/institutions to monitor our phone calls, internet access
 and personal email. I would like to be able to access Internet by
 means of a proxy. My initial ideia is to get some peer (personnel)
 outside brazil that would allow me to connect through it.
 
 I am publicly request some one from the OpenBSD user base because of
 the trust i have on all those i believe share some of the ideology of
 the project and since, make uses of it.
 
 I would really appreciate your help.

Aside from the already suggested Tor, GnuPG is cool for mail (though it
will not obfuscate who is talking to who, it will obfuscate what is
said; something like HushMail + Tor will be pretty secure and easy to
set up, if you are willing to trust the HushMail people); more esoteric
solutions exist.

Obfuscating phone calls is nontrivial; in fact, using an OpenPGP
implementation (GnuPG, PGP) is pretty nontrivial unless you only deal
with people who are both somewhat technically competent and willing to
spend an hour or so to protect their privacy.

Publicly solliciting for proxies, though, is likely to be Googleable for
years. And might not produce the best possible antecedents.

And do not forget the other question of trust - the administrator of the
proxy is likely to be held responsible if you do anything nasty (whether
this holds up in court is another question, but still...)

Joachim

home VPN

2006-03-11 Thread Gustavo Rios 
Dear folks,

i live in brazil, and it is a common practice for local
corporation/institutions to monitor our phone calls, internet access
and personal email. I would like to be able to access Internet by
means of a proxy. My initial ideia is to get some peer (personnel)
outside brazil that would allow me to connect through it.

I am publicly request some one from the OpenBSD user base because of
the trust i have on all those i believe share some of the ideology of
the project and since, make uses of it.

I would really appreciate your help.

All the best.

Re: home VPN

2006-03-11 Thread Gustavo Rios 
Hey Chris,

2006/3/11, Chris Kuethe [EMAIL PROTECTED]:
 why would you trust us, and why should we trust you?

I would trust some one else, because there may be some one around
having the same problem and that could trust it for such a matter.

  i'm not saying
 you're evil, i'm just saying that not everyone is going to want to
 allow you to move arbitrary bits around. and if you're that worried
 about monitoring, you're not going to want to use just any old bsd box
 as your proxy. how do you know the other guy isn't going to sell you
 out?

 while you think about that, can i point you at a few ports
 net/tor
 security/gnupg
 security/stunnel

 if you can find someplace that offers shell accounts, you should have
 everything you need to move bits around. use gnupg or mixmaster to
 send encrypted email, tor to route tcp sessions and stunnel to ssl-ize
 anyting.

 CK (i get paid to think like that)


 On 3/11/06, Gustavo Rios [EMAIL PROTECTED] wrote:
  Dear folks,
 
  i live in brazil, and it is a common practice for local
  corporation/institutions to monitor our phone calls, internet access
  and personal email. I would like to be able to access Internet by
  means of a proxy. My initial ideia is to get some peer (personnel)
  outside brazil that would allow me to connect through it.
 
  I am publicly request some one from the OpenBSD user base because of
  the trust i have on all those i believe share some of the ideology of
  the project and since, make uses of it.
 
  I would really appreciate your help.
 
  All the best.
 
 


 --
 GDB has a 'break' feature; why doesn't it have 'fix' too?