Phone call yesterday afternoon:
Him: “Paul, you know that computer you were sitting at down in the lab earlier?”
Me: “Yeah, what about it?”
Him: “I got a call from Corporate Security. Evidently it was pinging the corporate network.”
Me: “Yeah, I was looking for a machine connected to the network so I could read my email.”
Him: “Well, they want you to stop pinging.”
Me: “I did about 3 pings of relay.foo.com, and then when I saw it was connected, I telnetted to it.”
Him: “Well, I’m going to have to disconnect that machine from the network.”
Me: “DUDE! WTF?”
So I’m down in the lab again, doing this test that takes over an hour to run, and using a different computer to check my email. And this time I was careful to test its network connectivity by attempting a telnet, rather than using one of those evil nasty pings.
Everyone knows only terrorists use ping.
So ping is considered harmful, but telnet is not?
I want some of what he’s having…
It gets worse: I asked if we could allow ssh OUTGOING through the firewall, and they refused because they can’t verify if it’s safe or not.
Knowing these morons, they allow telnet because there is a telnet.exe in Windows, and since it came from Microsoft it *must* be safe.
I’m working at a place that has networked desktops with DVD-ROMs, floppy drives, and 2 USB ports. The USB ports are disabled “for security reasons” but nothing else is. You can e-mail attachments through the firewall without trouble, and PKZIP (well, WinZIP) is installed, so you can get any files out of the machine that you want to no matter how large. In short, there is nothing you can upload or download through the USB port that you can’t upload or download some other way – but the USB port would let you transfer to a thumb drive, which would be very helpful.
Too helpful. The IT clown explicitly refused to enable the drive because that would mean my terminal, with a high-volume input device, a low-volume input/output device, a high-bandwidth network connection, and PKZIP all enabled would then be vulnerable to unauthorized file transfers.
Get as many machines as you can to ping some random box. That should get their panties all afluttter. Then just use the Fat Tony defense, “What? What did i do?”
Man, I wish we had the kind of free time they apparently do to track down security issues.