Sign in to follow this  
Followers 0
twirlz

Traffic thru Remote Desktop

6 posts in this topic

Recently I setup remote desktop on my home pc and have been using it as a make shift tunnel so i can surf what i want at work. I stopped doing this because i want to make sure the content of what i'm looking at while on my home pc isn't some how coming across the work server and gets me in trouble or worse fired. And no i'm not making a habit of looking at pron while on the job, just a few sites like yahoo mail and a few others that are filtered.

Do i need to worry about this getting me in trouble, like i should stop doing this and just wait till i get home or is there no content that is sent across and i'm just being paranoid.

0

Share this post


Link to post
Share on other sites

Keep in mind... even though you're using your home PC as the "vehicle", you are still viewing the same content on your work computer. And while it isn't cached or stored in the browser history, if the content is on the screen and it isn't supposed to be, you are likely in violation of your company's policies. (And they would not likely look too favorably on your means of subverting their proxies/filters either.)

You would know better than we would how your company would be likely to handle a violation. In general, though, assume you are doing something to subvert their policies and if you got caught you would be subject to the terms specified in the employee handbook.

If you're extremely paranoid, there used to be a browser called Ghostzilla that would integrate into whatever other app you were running on the screen (so it would blend into one of the panes of Outlook, or an Excel worksheet, stuff like that). Run that through a proxy on your home computer, it won't be as visible on your screen for shoulder surfers.

0

Share this post


Link to post
Share on other sites
Recently I setup remote desktop on my home pc and have been using it as a make shift tunnel so i can surf what i want at work. I stopped doing this because i want to make sure the content of what i'm looking at while on my home pc isn't some how coming across the work server and gets me in trouble or worse fired. And no i'm not making a habit of looking at pron while on the job, just a few sites like yahoo mail and a few others that are filtered.

Do i need to worry about this getting me in trouble, like i should stop doing this and just wait till i get home or is there no content that is sent across and i'm just being paranoid.

Are you worried that what you're doing when you're home will be visible to people still at work? If so, as long as you don't save your password and be sure to log out before you go home you're reasonably safe from that.

As far as people looking over your shoulder for sites you shouldn't be looking at, you could use lynx, it makes everything look like work.

0

Share this post


Link to post
Share on other sites
If you're extremely paranoid, there used to be a browser called Ghostzilla that would integrate into whatever other app you were running on the screen (so it would blend into one of the panes of Outlook, or an Excel worksheet, stuff like that). Run that through a proxy on your home computer, it won't be as visible on your screen for shoulder surfers.

Screenshot of Ghostzilla: http://web.archive.org/web/20060529002302/...illa-large.html

I never had any real use for it, but I thought it was pretty cool.

More info: http://en.wikipedia.org/wiki/Ghostzilla

Apparently you can still grab the last known working version, though development seems to have stopped.

0

Share this post


Link to post
Share on other sites
i want to make sure the content of what i'm looking at while on my home pc isn't some how coming across the work server

I think you are asking if your session can be monitored via packet sniffing or similar. System admins would be able to tell you have a RD session running assuming you used the default port config however, RD and ssh (gotomypc) are common work related applications so perhaps your connection wouldn't nessecarily stand out. Although windows remote dekstop is an encrypted service, you are still succeptable to a MITMA due to lack of authentication certificates as seen in shh. This is probably the most important part. I don't know how big your work environment is but usually system admins won't have packet sniffing on because the log files become larger exponentially and space is quite scarce in your typical IT budget. If malicious or irregular network activity was reported then the admins would look into it and then they would notice that your IP has a RD session on x port connectedn to your home ip on 3389, if the admins got skill they could decipher what you are looking at. Now there are ways to bypass this. You can configure your remote desktop session to use a different port that would be a bit more amibigious to a sys admin which could be a good or a bad thing thats your call. You can also set up an ssh tunnel using openssh and putty that if done correctly; will tunnel your remote desktop connection through a higher level of encryption and authentication on top of the remote desktop proprietary encryption. If this wasn't what you were looking for then fuck, i'm sorry..

0

Share this post


Link to post
Share on other sites

One attack vector I haven't seen anyone mention is that the RDP service (on your destination PC) is exposed to the series of tubes known as the Internet. I don't know if there are known unpatched vulnerabilities out there for it now, but I know there have been exploits in the past which have been patched. At the very least you'll get skiddies who will try to brute force the login, which is traffic/processing cycles you'd probably rather not give up. My suggestion (at the very least) is to only allow inbound 3389 from IPs you know, if you're not doing that already.

A step up, as someone mentioned, is tunneling in via ssh. Obviously, you'll need a public accessible SSH service on your network to be able to do that. Personally, I would trust that a million times more than exposing RDP to the world.

FYI - for tunneling over SSH: You'll want to set the "local" port to something other than what RDP uses (TCP 3389). I usually use 3388. The RDP client that ships with Windows (XP at least) doesn't allow being connected to localhost on 3389. If you put "localhost:3388" though, you should be gravy... so long as your forwarding on local TCP 3388 of course.. :P

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0