campus network admins
Thomas Shaddack
shaddack at ns.arachne.cz
Thu Nov 4 11:28:42 PST 2004
On Thu, 4 Nov 2004 cypher at tediouspath.com wrote:
>
> I recently violated the network user agreement (they packet-sniffed and
> got the username/password for my FTP server and didn't like what I was
> sharing with myself) and was informed by the admin that I am now 'under
> observation' and that they "hope I don't like privacy". Considering
> this admin was an NSA employee, I tend to take that threat a little
> seriously.
Depending on how trivial the violation was, it may be worth checking the
FTP server logs, identifying the bad ones and collecting the evidence, and
eventually, preferably after consultation with a lawyer, nail the admin
with hacking charges. (Alternatively just threat with the same, with a
remark that you hope he likes lawyers. I suppose you're located in the
Land of Lawyers.)
If it is better to play a repentant sinner, or go to a confrontation,
depends on many more factors unknown to us, including the exact text of
the network AUPs, the personality profile of the admin (he may be just
power-tripping at you, but the severity of his threats depends on the
exact content of your disk which you didn't specify), and other factors
like if you are an employee or a student and how much risk you want to go
through.
Violating AUPs with cleartext protocols isn't a good idea, especially with
nazi admins. Next time you may like to prefer ssh/scp, or WebDAV over
HTTPS, or a simple password-protected upload/download interface written in
PHP or as a CGI script, again over HTTPS (you may like to use one-time
passwords for added security).
If the admin in question can have physical access to your machine, put the
sensitive/objectionable data on an encrypted partition.
> Two questions:
>
> 1) I'm assuming they can legally look at anything that comes in or out
> of my computer, but is that the case? Can they look at my computer
> itself, or take me off the network for the private contents of my
> computer?
That depends a lot. If you're in a suitable uni campus, you may try to
consult with local law students. This question is something a mere
technician can't reliably answer.
> 2) Is there some sort of service I can use to have everything I do on the
> network encrypted, such as a tunneling service to the internet?
Yes. Depends on what you want to do; if you want to be independent on any
special software installed on the computers you're operating from, I
suggest a HTTPS server, with a self-signed certificate (cheaper), and
manually check its fingerprint when connecting. For upload you may use a
web file upload form. Don't neglect the certificate check; the admin may
like to start playing games with you and launch MITM attack at your
connections. Do the fingerprint check even when the browser claims all is
OK.
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> This message was sent from The Tedious Path
> Are you ready to travel The Tedious Path?
> http://www.tediouspath.com
> http://forum.tediouspath.com
More information about the cypherpunks-legacy
mailing list