1

I study at a college where most social networking sites are banned(Including this one) and if someone is found using them somehow is heavily fined.I just want to know what all can the network admin find out

WhyDoThis
  • 11
  • 1
  • possible duplicate of [What can IT see and log?](http://security.stackexchange.com/questions/76182/what-can-it-see-and-log) – Xander Apr 03 '15 at 13:58
  • @Xander Not really: that earlier question was about a computer installed by central IT, and about a VPN (which is different from SSH, in particular as DNS requests are usually tunneled through the VPN). We may have a duplicate but that isn't it and I can't find anything in the sidebar either. – Gilles 'SO- stop being evil' Apr 03 '15 at 14:20
  • 4
    The non-answer is: it depends. Are you accessing this site from your own computer the school has never touched, or are you using a school-issued or school-owned computer? If from your own computer, did the school require you to install any of their software on your computer? Then there is the question of where are you SSH-ing to? Is that computer school-owned or has school-installed software on it? So you need to consider more than just what is passing over the wire. – cybermike Apr 03 '15 at 14:21
  • 1
    There is not enough information provided to give an accurate answer. – oBreak Apr 03 '15 at 15:34
  • are you asking simply from the network perspective? – schroeder Apr 03 '15 at 20:19

1 Answers1

3

Depends on the way you use SSH. If you just do it the usual way of using the -D option to provide a SOCKS server and use this as the proxy at the browser, they will not see that you are accessing these sites but they might deduce the use of such sites from tracking DNS queries. ssh -D provides only a SOCKS4 server and for SOCKS4 the resolving of host names to IP addresses must be done outside the SOCKS4 tunnel, because SOCKS4 can only handle connections to IP addresses.

Edit: thanks to dr jimbob for pointing out, that SOCKS5 is available in ssh since 2003, but that have to make sure to use this version. With Firefox you have to explicitly choose the SOCKS version and you need also to explicitly enable RemoteDNS to make the DNS lookups through the SOCKS5 proxy.

Community
  • 1
Steffen Ullrich
  • 184,332
  • 29
  • 363
  • 424
  • 1
    `ssh -D` supports both SOCKS4/SOCKS5 (and `man ssh` explicitly says it supports SOCKS4 & 5 under the `-D` option in OpenSSH v6.2 or v6.6). SOCKS5 support has been in OpenSSH since [version 3.7 (released Sept 2003)](http://www.openssh.com/txt/release-3.7). You still have to make sure that you are using SOCKS5 not SOCKS4 (when you configure your browser to connect to the proxy), and that DNS is being done through the tunnel, e.g., in firefox you'll have to enable network.proxy.socks_remote_dns in `about:config`. – dr jimbob Apr 03 '15 at 17:47
  • @drjimbob: Oh thanks, looks like I've missed that important feature. – Steffen Ullrich Apr 03 '15 at 18:43