Apophis

I get a slightly different version of that same screeen. What kills me is that even though I can't get to my own website through a DoD network, I'm the one with the access to the systems that do the blocking so I *COULD* always just bypass the filter. I just don't want to risk my job on it.

I do, however, plan on coming up with some sort of dynamic re-addressing solution that I can deploy that would provide multiple new URLs that could all be used to hit the TG site to bypass these types of filters.

__________________
Diplomacy is the art of saying "good doggie" while looking for a bigger stick.

Apophis

Official military war games would likely be hosted under a .mil domain so they wouldn't be blocked. Many of them are classified so they wouldn't even be visible on the non-classified IP network.

__________________
Diplomacy is the art of saying "good doggie" while looking for a bigger stick.

Apophis

I use Google Cache for some personal stuff, but for any official recon/forensic work I'm allowed to bypass the filters. Using proxy servers can get you into serious hot water. Or at least where I am they can.

It probably would work, but the same as the home-based proxy, it could get you nabbed pretty quick. I created some rules for our IDS/IPS systems that will identify users running Tor and automatically shut down their port.

The alternative URL is the best bet as it's not a violation of any of the DoD user agreements for either computer use OR network use. You're not allowed to bypass or attempt to bypass any of the filters and in most cases not allowed to install any unapproved software. (Lets just forget the fact that Tor's development was sponsored by the US Naval Research Lab)

The only real hangup I have with the alternative URL is the URL rewrite rules that I have in place. They try and rewrite the URL to TacticalGamer.com no matter what URL you use to hit the site in the first place. I needed those to transition all the old xlii.com links in Google over to TG without breaking them. I also use them for redirecting the tacticalgamer.co.uk domain.

__________________
Diplomacy is the art of saying "good doggie" while looking for a bigger stick.

CingularDuality

Apo, can you tell us how it is determined whether or not a site is blocked? My work uses a different method of filtering sites, but they're probably similar, and I get the feeling that it's a combination of black listing and content filtering. For instance, YouTube gets past the content filtering, but is black listed, while thousands of pr0n sites aren't blacklisted, but are blocked by the content filtering. TG would pass the content filtering, so it just has to evade the black list, thus an alternate URL would work?

I guess you can't just rewrite the "URL rewrite rules" so that the alternate URLs are private and bypass your "rewrite rules". (Heh... That's an awkward sentence. Lemme add some quotation marks.)

__________________

Become a supporting member! -- Shop at the Tactical Market!

Take the world's smallest political quiz! "I was touched by His Noodly Appendage."
TacticalGamer TX LAN/BBQ Veteran:

Apophis

I can't speak for all military commands or even all government agencies, but this is what I do know:

Most commands/agencies use web filtering appliances or applications to block questionable sites. The most common I've seen are SurfControl and the Secure Computing SmartFilter. These are loaded with the rule categories by default and the command selects which categories they want to block. As the vendors add new sites into each category, the filters download updates and apply the new rules.

In addition to that, DISA will send out notices that require blocking of various sites for various reasons. Either malware propagation, questionable content, or just uncategorized sites that they don't want people going to.

In many cases, commands will also filter out any site outside their enclave that are accessed directly via IP.

As far as TG goes, I do have an idea. I might be able to stand up another URL that uses a different set of rewrite rules yet points to the same server directory for the main site. If this works and the other set of rewrite rules don't get in the way, it will allow me to set up an alias under a different domain that will load the same content as the main TG site. I'm going to play with this a bit tonight.

Personally, I'm not going to use the aliased domain. Being in the INFOSEC group I would think I'm just asking for trouble if I were to utilize this as a method of bypassing the filters. But if it helps some people out and they want to use it, I've got no qualms with that.

__________________
Diplomacy is the art of saying "good doggie" while looking for a bigger stick.