campus network admins

Thomas Shaddack shaddack at ns.arachne.cz
Thu Nov 4 11:28:42 PST 2004 

On Thu, 4 Nov 2004 cypher at tediouspath.com wrote:

> 
> I recently violated the network user agreement (they packet-sniffed and
> got the username/password for my FTP server and didn't like what I was
> sharing with myself) and was informed by the admin that I am now 'under
> observation' and that they "hope I don't like privacy". Considering
> this admin was an NSA employee, I tend to take that threat a little
> seriously.

Depending on how trivial the violation was, it may be worth checking the 
FTP server logs, identifying the bad ones and collecting the evidence, and 
eventually, preferably after consultation with a lawyer, nail the admin 
with hacking charges. (Alternatively just threat with the same, with a 
remark that you hope he likes lawyers. I suppose you're located in the 
Land of Lawyers.)

If it is better to play a repentant sinner, or go to a confrontation, 
depends on many more factors unknown to us, including the exact text of 
the network AUPs, the personality profile of the admin (he may be just 
power-tripping at you, but the severity of his threats depends on the 
exact content of your disk which you didn't specify), and other factors 
like if you are an employee or a student and how much risk you want to go 
through.

Violating AUPs with cleartext protocols isn't a good idea, especially with 
nazi admins. Next time you may like to prefer ssh/scp, or WebDAV over 
HTTPS, or a simple password-protected upload/download interface written in 
PHP or as a CGI script, again over HTTPS (you may like to use one-time 
passwords for added security).

If the admin in question can have physical access to your machine, put the 
sensitive/objectionable data on an encrypted partition.

> Two questions:
> 
> 1) I'm assuming they can legally look at anything that comes in or out
> of my computer, but is that the case? Can they look at my computer
> itself, or take me off the network for the private contents of my
> computer?

That depends a lot. If you're in a suitable uni campus, you may try to 
consult with local law students. This question is something a mere 
technician can't reliably answer.

> 2) Is there some sort of service I can use to have everything I do on the
> network encrypted, such as a tunneling service to the internet?

Yes. Depends on what you want to do; if you want to be independent on any 
special software installed on the computers you're operating from, I 
suggest a HTTPS server, with a self-signed certificate (cheaper), and 
manually check its fingerprint when connecting. For upload you may use a 
web file upload form. Don't neglect the certificate check; the admin may 
like to start playing games with you and launch MITM attack at your 
connections. Do the fingerprint check even when the browser claims all is 
OK.



> 
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> This message was sent from The Tedious Path
> Are you ready to travel The Tedious Path?
> http://www.tediouspath.com
> http://forum.tediouspath.com

More information about the cypherpunks-legacy mailing list