Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Ask Slashdot: Dealing With University Firewalls?

timothy posted more than 2 years ago | from the little-fiefdoms dept.

The Internet 582

An anonymous reader writes "My university only provides access to the web, via a restrictive content filter and proxy service. There is no access to the wider internet. I was wondering if this is common, and if anyone has any suggestions on how to go about protesting the issue. I've spoken to the lecturers and they have the same frustrations I do. I've also spoken to the head of the IT department who spouted lines about 'protecting the network.' This is very frustrating, I've seen a number of students making use of 3G/4G dongles to get access to the net and this just seems crazy. The restrictions applied to the web are draconian, with sites such as hackaday, hypberbole and a half, somethingawful, etc being blocked." What would you do to get better access?

cancel ×


Sorry! There are no comments related to the filter you selected.

It's their bandwidth ... (2, Insightful)

Dark$ide (732508) | more than 2 years ago | (#39170105)

... so you get controlled.

Get over it.

Re:It's their bandwidth ... (5, Insightful)

mattventura (1408229) | more than 2 years ago | (#39170147)

If the university's IT department isn't providing the services that students and faculty need, then the issue should probably be raised above the IT department. The purpose of an IT department is to provide a service to the organization, not to make the organization bend over to the IT dept.

Re:It's their bandwidth ... (5, Interesting)

Anonymous Coward | more than 2 years ago | (#39170193)

I have been in the position of having to block internet to a college in a previous job. There were constant battles between the marketing and academic departments about blocking and unblocking social media sites. In the end the marketing department won and they were unblocked. The tutors didn't like it because they relied so much on computers for their lessons rather than using good old fashioned methods like lecturing and demonstrating.

Re:It's their bandwidth ... (-1, Troll)

MobileTatsu-NJG (946591) | more than 2 years ago | (#39170365)

Really? I thought it was to bitch about how uselesa the people are that ensure their job security.

University IT usually gets run by morons (4, Interesting)

Weezul (52464) | more than 2 years ago | (#39170529)

Rutgers University bans ssh public keys. Ergo, all the students employ expect scripts that contain their passwords. These expect scripts aren't from students writing em' themselves, but just copied from friends. In particular, there are students who barley know what ls and rm do, but certainly won't know to change their password if their laptop gets stolen. And students commonly hack one another's accounts by copying said script.

Re:It's their bandwidth ... (5, Insightful)

Miseph (979059) | more than 2 years ago | (#39170227)

Unless the author has a full ride scholarship including room and board... I'd say there is at least a partially legitimate claim to some rights here.

Anyway, yeah, campus networks can be like that. It's bull. It's also, in my experience, rarely something the IT people are terribly fond of; most of them are at least passingly familiar with how the internet works, and ultimately it requires far more work to maintain a ridiculously locked-down network than one with minimal restrictions. Usually, that comes from higher up in the organization, from some old administrator or trustee or something... IT takes order in academia just like they do in business.

The best bet for getting a change on this is actually o complain to higher administration, and perhaps as well to school and/or local publications. Putting things in writing usually works well. Bring up issues of censorship and academic freedom, and be sure to mention how this new-fangled internet thing is a really important part of the future. Keep in mind that the details of what is or is not filtered is, largely, irrelevant... it's easy to lose a non-techie audience by getting into the weeds. The point here is to engage them on the emotional level: these decisions are not made because there are clear-cut rational arguments for them, they are made because somebody doesn't like ______ which they believe to be on the internet. Again, getting too logical or specific will just make eyes glaze over, so keep it rhetorical and abstract.

Re:It's their bandwidth ... (-1, Offtopic)

Anonymous Coward | more than 2 years ago | (#39170239)

Mods on crack as usual. A dissenting (and correct) opinion is not a troll. Morons.

Re:It's their bandwidth ... (1)

cheekyjohnson (1873388) | more than 2 years ago | (#39170479)

Which doesn't mean that their actions are immune from criticism.

ssh is permitted? (5, Insightful)

tanveer1979 (530624) | more than 2 years ago | (#39170113)

In that case buy a ssh shell minimal hosting account for 2-3$/month.
Create a tunnel.
And browse.

If paid public VPN services are allowed, you can also subscribe to such services. Of course, your browsing will be slower.

Re:ssh is permitted? (2)

hobarrera (2008506) | more than 2 years ago | (#39170349)

I do this exactly. I have static IP at home, and a personal server elsewhere, so "ssh -D", and "tsocks" are an EXCELENT combo.

Re:ssh is permitted? (2)

toutankh (1544253) | more than 2 years ago | (#39170359)

I would expect that SSH is forbidden and that everything has to go through the university's web proxy.
That is the situation I was facing a few years ago when I lived on a college campus. The solution I found was called desproxy and apparently it still exists [] . Worked wonders with me.

Re:ssh is permitted? (5, Informative)

Anonymous Coward | more than 2 years ago | (#39170415)

The solution then is to use port 443 to run SSH. I have a free trial of Amazon EC2 I use for that kind of thing. The speeds are good, you can even watch YouTube with relatively little buffering. If anyone is interested I have it set up:

SSH Socks Proxy
corkscrew (software to send ssh through an http proxy, you can also use PUTTY on windows for this)
CNTLM (you may not need this but I do because the proxy I go through uses NTLM authentication)
SSH server running on port 443.

Re:ssh is permitted? (0)

Kagetsuki (1620613) | more than 2 years ago | (#39170515)

I'll second corkscrew. Someone please mod this AC up.

Re:ssh is permitted? (0)

Anonymous Coward | more than 2 years ago | (#39170533)

A colleague once told me about an application that tunnels over DNS.
It should also work in wireless networks in hotels that redirect all traffic to their own website until you pay.

Tributes (5, Informative)

Anonymous Coward | more than 2 years ago | (#39170115)

Become friends with a member of the IT department. Alcohol can go a long way in beginning an IT related friendship.

Re:Tributes (3, Interesting)

Anonymous Coward | more than 2 years ago | (#39170157)

This. Or, if your university has a Networking section/sub-section, start there.

I work in IT at a university and although we do have some restrictions on websites (pornography and cheating websites), we also have an appeals process that is open to anyone. I find it silly that they would block off a huge host of seemingly random websites for "safety" reasons, except maybe on university-owned computers open to the public (even then, we just put DeepFreeze on ours).

Another solution would be to get someone with some clout on your side. If your university is like most others, anytime someone important gets huffy over a subject people immediately fold to avoid confrontation. I'm talking about staff though, not academic departments (no one cares about those).

My ass (-1)

Anonymous Coward | more than 2 years ago | (#39170117)
Or set up a server at home, and use Logmein or something to browse through that

Re:My ass (1)

geraud (932452) | more than 2 years ago | (#39170351)

Do not advertise the VPN provider who sold his customer to law enforcement last year. it is.

Re:My ass (0)

Anonymous Coward | more than 2 years ago | (#39170441)

If all the OP wants to use it for is stuff that is currently legal, no harm in taking the easy way out

Grow Up (0, Insightful)

Anonymous Coward | more than 2 years ago | (#39170123)

The University probably has policies about Internet Access that the IT Manager is obliged to enforce. Go about it the correct way and see if you can get the policies changed instead of acting like its your right to have access to everything you want, just because YOU want it

LOL (0)

Anonymous Coward | more than 2 years ago | (#39170131)

1. Buy VPS for about $5 (you can catch some specials $15/year for 128mb RAM / 10gb disk / 500gb bandwidth)
2. Have SSH listen on 25/tcp, 80/tcp, 443/tcp and others
3. ?????????

get over it (1, Insightful)

bloodhawk (813939) | more than 2 years ago | (#39170143)

If you want unrestricted web access then pay for your own connection. Don't bitch about IT people doing their job properly, their primary goal is not to be an ISP for you to surf the web. Most corporates and government agencies all apply these so called "draconian" restrictions on thier staff and it isn't because they are all bastards. Basically your average user can be trusted about half the distance you can kick them, they all think they know what they are doing until something goes wrong then it is IT's fault for not protecting them.

Re:get over it (3, Insightful)

ryanov (193048) | more than 2 years ago | (#39170201)

You imagine he's going to school for free, do you? I work in university IT and understand the pros and cons and plusses and minuses, and while we don't do this, we do some of our own foolish things. However, I don't think for a second that the students aren't already paying for this connection.

Re:get over it (3, Insightful)

Anonymous Coward | more than 2 years ago | (#39170255)

I am also in university IT. The students are NOT paying for a free unlimited Internet connection. They are paying for their degree, and can expect Internet access relevant to their degree, nothing more. Since a large amount of University funding comes from tax payers, why should they/we foot the bill for students to waste terabytes of data on Youtube and torrents?

Re:get over it (1)

ryanov (193048) | more than 2 years ago | (#39170279)

No, but I'd hardly call his university's situation the same thing as what you're talking about. Maybe what he's really out to do is what you're saying, but I could see that content filtering annoying me (as the filtering at my university commonly does if I try to look for anything related to security which is supposed to be part of my job function) and that's not what I'm up to.

Re:get over it (5, Insightful)

MobileTatsu-NJG (946591) | more than 2 years ago | (#39170387)

Because youtube and torrents are part of using the internet.

What part of education do you not understand?

Re:get over it (2)

e70838 (976799) | more than 2 years ago | (#39170469)

Censorship has never worked whatever the energy wasted in it. There is a lot of pedagogical material on youtube.

You are wasting your time and the time of the students for a motivation that smells a bit like Nazism.

The single excuse I give you is that it teaches student how to bypass censorship.

Re:get over it (1, Informative)

smash (1351) | more than 2 years ago | (#39170385)

NO, school isn't free. However, the money pays for tuition and course materials, not free internet porn.

Re:get over it (0)

Anonymous Coward | more than 2 years ago | (#39170419)

I think you would find they would be paying a great deal more for unrestricted access. With that goes a raft of extra support problems, bandwidth consuption etc etc. I work in a large It department, we provide internet access for work purposes, we trialled less restrictive access for a 3 months as one of the directors thought our draconian ways were unfair and had no basis, we then watched as our IT costs, support calls and ISP connection costs all went through the roof. We are now back to using the standard filtering with internet blacklists, it isn't perfect, but then it is hard to get the perfect balance.

Re:get over it (0)

kikito (971480) | more than 2 years ago | (#39170209)

No, it's because they are all bastards.

Re:get over it (1)

Anonymous Coward | more than 2 years ago | (#39170259)

that's the thing

an it-department of an university is expected to manage the network -including- connections to the outside world.

Simply closing the network - while fullfilling the goal of protection - is not what they are expected to do as work!

I could also put my car in a garage and throw the keys away - voÃlÃ, nil chance of accidents with my car.

Re:get over it (1)

hobarrera (2008506) | more than 2 years ago | (#39170367)

This is BS.
I live in a country with free public universities, yet I pay more than the average salary to go to a private one, and one of the thing they have to offer is "internet access in every building via WI-FI". An HTTP proxy is not real internet access.
Additionally, I find that there are lectures on free speach and free internet given by the university all the time, yet I can't even open some specific programming sites, or use external e-mail.

When you complain about e-mail being blocked, they respone that they give you a webmail interface for a university-only email account.

That's not what people pay for, at all.

Re:get over it (0)

Anonymous Coward | more than 2 years ago | (#39170457)

Then you should go elsewhere, and tell them why. If enough people do so, they will rethink their policy.
Of course you might also be able to sue them for false advertising. However IANAL and don't know whether this is indeed possible.

Re:get over it (5, Insightful)

Peter Bortas (130) | more than 2 years ago | (#39170435)

"draconian" restrictions are there because someone in IT/management is lazy or has twisted viewes about what moral powers they should have over students. In other words because they are bastards.

/ex-University sysadm

You have web? So you have DNS. (1)

Pegasus (13291) | more than 2 years ago | (#39170149)

Which means you can setup a dns proxy for IP traffic and use it. It's not fast but is very handy to have ready when you're for example on a wifi that wants you to pay for using it via some kind of web page.

Re:You have web? So you have DNS. (0)

Anonymous Coward | more than 2 years ago | (#39170235)

Not necessarily. Where I work there is web access only, through a HTTP proxy. Computers only have access to internal dns servers which do not have access to the internet. Only the web proxy dns servers have that, and are inaccessible from client computers.

Re:You have web? So you have DNS. (0)

Anonymous Coward | more than 2 years ago | (#39170463)

But if the DNS servers don't have internet access how the hell do they forward queries they are not authoritative for. Pegasus' idea is not great because the speed you get would be terrible but I am fairly sure it would work.

Re:You have web? So you have DNS. (0)

Anonymous Coward | more than 2 years ago | (#39170295)

If he is being forced to use a proxy it is almost certain that the local machine will only have access to internal DNS.
Only the proxy server needs to have access to full "external" DNS.

Not an issue here (2, Insightful)

Anonymous Coward | more than 2 years ago | (#39170153)

My university doesn't restrict internet access - they, however, ask you to not do anything illegal and log your activities. They give me 1GBit internet connection by cable or 450 MBit/s over WLAN (which I don't know how it is possible) so I can download stuff as quick as my slow laptop harddisk can save it.

However, if they'd restrict access, I'd probably use TOR or some proxies to get full access or I'd set up a VPN connection to my server and access the internet in that way.

Google (0)

mehrotra.akash (1539473) | more than 2 years ago | (#39170159)

Took about 30 sec to find this on Google
Really though, this is something college students deal with worldwide, and MANY solutions exist
Why is this on /.?

Re:Google (3)

Daengbo (523424) | more than 2 years ago | (#39170223)

Because Slashdot is a joke now. It used to be a place where IT people hung out.

Re:Google (1)

SgtChaireBourne (457691) | more than 2 years ago | (#39170407)

What if it's simply reflecting the types that are passed off as IT people now?

Re:Google (1)

philip.paradis (2580427) | more than 2 years ago | (#39170523)

That's about the time a large portion of /. became a joke. While I still enjoy many discussions here, there is a definite difference in the /. of today and the /. of ten years ago. As a rule, any industry (including IT) has always had its share of pretenders, but they certainly seem to be much more numerous in IT these days. I blame it on the ever increasing trend of people going to college to get a piece of paper that allegedly qualifies them to do technical work, regardless of their actual ability to do the work.


A /. user of about 12 years who recently created a new user account.

Is it important enough .. (1)

dmomo (256005) | more than 2 years ago | (#39170161)

To choose a school based on it? Not going to a University with these restrictions is one way to vote with your dollar.
If you don't plan on leaving, warn incoming students about these policies. Perhaps encourage them to ask about internet restrictions in their interviews. If it's a deciding factor in student enrollment numbers, they'd think hard about it.

Further, you can petition and urge students to speak out against it. Taking action is an option.

Re:Is it important enough .. (1)

Anonymous Coward | more than 2 years ago | (#39170187)

Vote with your feet.
My old university in Stockholm, Sweden didn't have any firewalling on the wifi-network. We even had a security labb where you could fool around, but that lab had a firwall protecting the Internet from stupid students.

Practicality (2, Insightful)

Spad (470073) | more than 2 years ago | (#39170163)

If they're dumb enough to lock down internet access to the point that it becomes unusable for work purposes whilst still allowing their network to be trivially bridged by 3G dongles then you're already fighting a losing battle. Chances are that the people writing the policy don't have the slighest clue what they're doing but have read some stuff about how the internet is bad and so should be blocked; be glad they don't do things like blocking all Javascript from running, which I've seen in some companies, thus breaking just about every site they don't already block (though arguably that's as much the fault of the websites in question as the security policy).

Depending on their application security policies, if you've got a PC somewhere (friends, home, hosted box) with access to the internet proper, run an SSHd listening on a port you can get outbound on from the university network (if there even are any) and proxy all your traffic through that with a copy of Putty and something like Portable Firefox run off a USB key.

Otherwise, you could try organising students and lecturers against the stupid IT policy, but I wouldn't hold out too much hope of getting anywhere.

Re:Practicality (2)

Kjella (173770) | more than 2 years ago | (#39170439)

If they're dumb enough to lock down internet access to the point that it becomes unusable for work purposes whilst still allowing their network to be trivially bridged by 3G dongles then you're already fighting a losing battle.

Uh, who said anything about bridged? My impression was that they'd use 3G/4G dongles on their laptops instead of plugging into the university network at all, I don't see how you could block that short of jamming the signal. And presumably they don't care, if it doesn't happen over their network it's not their problem.

Well... (0)

Anonymous Coward | more than 2 years ago | (#39170175)

Most likely nobody cares that a handful of students want to get to somethingawful. Most likely they're using basic checkboxes in the content filter to block off large groups of site by generic category.

Get the kids to come up with 500 legitimate sites that would be useful for schoolwork, but they can't get to. Petition someone important at the school. When presented with a list of 500 sites they have to unblock, IT won't whitelist, they'll start unchecking categories.

Also, make the case for VPN services. You should be able to make a convincing argument. That'll give you a way to get at everything that remains blocked.

port 443 (1)

Anonymous Coward | more than 2 years ago | (#39170183)

I have this at work. get your sshd to listen on 443. if they manage to block that, start a petition. DPI is evil.

VPN? (4, Informative)

SalsaDoom (14830) | more than 2 years ago | (#39170185)

Why not just setup a VPN real fast with someones DD-WRT router. I did this at a job that had a really obnoxious content filtering thing that actually prevented me from doing my job. I just vpn'd to home, but you probably have at least one friend in town that has something good enough for you to work with. Even a shitty VPN will do, since your not trying to protect anything so much as evade things.

Re:VPN? (0)

Anonymous Coward | more than 2 years ago | (#39170247)

Or you could pay for a VPN service (like Private Internet Access VPN Service [] for instance). They are also handy if you want content restricted to certain countries--like if you want to watch stuff on and you live in Europe, just use a VPN service in the US and you can watch it just fine...

Re:VPN? (1)

omz13 (882548) | more than 2 years ago | (#39170301)

Because it is easy for VPN traffic to be blocked, especially as people tend to use this to get past content filters, etc.

Re:VPN? (0)

Anonymous Coward | more than 2 years ago | (#39170303)

What is this thing you call "friend"?

Re:VPN? (0)

Anonymous Coward | more than 2 years ago | (#39170497)

What is this thing you call "friend"?

It's someone stalking you on facebook. :-)

Get over it (0, Insightful)

Anonymous Coward | more than 2 years ago | (#39170197)

Bloody hell, get a life. As other people have said, but missed the point, the University's IT Dept. is there to provide a service. That service does not include catering to your stupid browsing whims. From the sounds of it, they're using a category based filter on web content. So Something Awful will probably be classed as "Adult". Your complaint in a nutshell is that you can't access your stupid cartoons. Man up and do some work. You want to private browse, get a private connection. If the Uni was actively preventing you from studying, you might have a point. Unfortunately the slash-bots on here seem to agree with you so I'm sure you'll at least get some feel-good factor from the hive mind.

Re:Get over it (1)

MobileTatsu-NJG (946591) | more than 2 years ago | (#39170429)

Maybe the slashbots have been unfairly filtered from being able to do their work before, (I have, on multiple occasions.) Or maybe in this case they'ce seen the damage this sort of resrtiction can cause in the context of education and they do not approve.

I, personaly have issues with the groupthink, Ive even been m

Re:Get over it (1)

MobileTatsu-NJG (946591) | more than 2 years ago | (#39170455)

Sorry, accidently hit submit instead of preview... ...moddez down for saying it even exists. However, you cannot blame this as a groupthink invention. The maintenance of these restrictions is a waste of resources. If a student pay tuituion and fails, it is not the fault of the IT dept for failing to bl

Re:Get over it (1)

MobileTatsu-NJG (946591) | more than 2 years ago | (#39170481)

Oh, for f's sake. Im sorry, this is my fault for missing the preview button. No hard feelings for making fun of my incompetence.

In short, let the student fail if he wants to waste time. Policiing the internet is not the job of a University iT dept and the groupthink agreeing with that doesn't make it wrong.

Personnaly I'd rather my tuition and/or tax money not have a bloody thing to do with censoring the internet. Afterall, there are no guarantees anybody will graduate. This is not an issue of fairness.

OpenVPN on port 443 (0)

Anonymous Coward | more than 2 years ago | (#39170203)

Setup an OpenVPN server on port 443 from a server at your house. They cannot feasibly block port 443 for everyone, but they could block your residential IP. If you have a dynamic IP for your residential connection, this is a non-issue. Also use a dynamic DNS service so you don't have to keep changing your OpenVPN client's IP setting.

Get into the net as a volunteer (4, Insightful)

kikito (971480) | more than 2 years ago | (#39170205)

In all Universities there is an "Inner Circle" formed by network admins, who are impervious to proxy filtering.

The incantation to enter that select group is:

"Hey, I'd like to help with the university network maintenance. Can I do it as a practice? I'll do it for free."

This psalm recited to the right university demon will get you access to the University's network system. With luck, in 1 or 2 months you will have the relevant network keys/info. Probably you will have the rights to whitelist the pages you want.

Then move out of there.

Re:Get into the net as a volunteer (1)

ryanov (193048) | more than 2 years ago | (#39170253)

My university appears to filter everyone, even the IT department.

Re:Get into the net as a volunteer (1)

omz13 (882548) | more than 2 years ago | (#39170317)

That's because the worst offenders are the uni IT people.

3G/4G? (3, Informative)

6Yankee (597075) | more than 2 years ago | (#39170217)

Back when I was at university, I bought a cable for my phone and got myself some sweet, sweet 9k6 access over GSM. It was faster and more reliable than the connection in the uni's computer labs ever was, not to mention no BS filtering. Paying by the minute made me focus on getting the job done and hanging up, too...

As far as filtering goes, the conventional way around that was to log in as someone else. After all, their username was their matriculation number and the default password was their date of birth... If you couldn't read a classmate's ID and social-engineer his birthday out of him, no matter - the uni helpfully had an easily-accessible printout of the entire student body's personal information (in fact, you had to sign to get your grant, so they left it on the public side of the window), and those last few pages were awfully loose...

Not sure who's confused... (1)

ryanov (193048) | more than 2 years ago | (#39170229)

....everyone else, or me. However, to me "restrictive access to the web only" and "no access to the wider internet" means to me that he's not going to be running an SSH or VPN proxy to anywhere (except the VPN access that runs over the web ports, and I guess SSH on an alternate port if it's a simple port filter).

OpenVPN (1) (102718) | more than 2 years ago | (#39170233)

OpenVPN on an openVZ virtual server. A 128k server to $2-3/months should be fine.
And OpenVPN is VPN over HTTP/HTTPS.

But organize a protest. It should be easy to get huge support for it. Start it up on facebook.

Re:OpenVPN (2)

jimicus (737525) | more than 2 years ago | (#39170325)

No it isn't, OpenVPN is a protocol in its own right, the security comes from SSL. Usually it runs on UDP/1194, though you could run it on TCP/443.

It wouldn't be over HTTPS, but even so it may well be able to get through the firewall this way - assuming the firewall isn't doing some clever DPI work to fingerprint traffic type. (Possible, but IME rare).

I think you may have got the HTTP/S idea from the full version of OpenVPN that also installs a web-based GUI. But when users log in, the first thing they're prompted to do is download a pre-configured client.

4G dongle (1)

symbolset (646467) | more than 2 years ago | (#39170237)

Seriously, you're not going to win this one. Get your own Internet. And by all means invest in the offshore VPN service too, so you can find out what the real Internet is like behind the Great Firewall of America because that's where we're going now too.

Which University? (5, Interesting)

JambisJubilee (784493) | more than 2 years ago | (#39170251)

I'd say the university isn't fulfilling its role, and you should definitely rally to change things. The purpose of the university network (besides supporting research communications) is to allow you to learn.

During my undergrad the university I attended provided full firewall-free internet with a *public* IP from their block for everyone who plugged in (and no-questions asked CNAMEs). The wireless was of course NAT'd but I had no problems.

This all worked because of the genius way they solved problems was genius. If IT detected any funny business, a tech would physically show up at your lab/office and ask you what was going on and make you fix the problem right then and there.

Re:Which University? (1)

Anonymous Coward | more than 2 years ago | (#39170483)

I've heard about the university of Bristol having such restrictive filtering, but that was several years ago. I don't know if it has changed since then.

There should be a public list of universities describing these limitations, so students can prepare their stay there.

Cultural/Media Studies? (1)

Bazman (4849) | more than 2 years ago | (#39170261)

Make friends with someone in your Cultural/Media Studies faculty. Preferably someone doing research into social media, emerging cultural phenomena, self-organising cliques, something like that. Then get them to repeatedly hassle IT to give them access to blocked sites, claiming its for their research. I reckon after the fifth time IT will give up and just open up the whole network (their router access control lists will get unmanageable for their competence level).

VPN outwards (1)

ThunderBird89 (1293256) | more than 2 years ago | (#39170275)

My former university used a VPN-service, where every student had to set up a VPN on their computers, and connect to the VPN-server before being able to browse the web. One of the guys even admitted that they're raping the VPN standard in every way possible by using it to connect outwards, rather than inwards, but still they stuck with it.
The downside was that until the VPN service connected, there was absolutely no traffic to the wider web, which includes Google DNS. So every time I wanted to connect, I had to reset my DNS settings to use theirs (I was too lazy to edit the address into my hosts file every time I remembered). That, and the fact they kept a detailed log about all your activities while on their network.

Just use 3G (0)

Anonymous Coward | more than 2 years ago | (#39170277)

Unfortunately in that kind of situation you can only work around by using other methods such as 3G/4G or a Webserver based Proxy Script (such as Glype). VPN's, Browser Proxies etc are off the cards due to the network setup.

Universities provide you with internet access for material directly related to your course, Ethernet / fiber connections are not cheap and it is within their interests to keep costs down and so access to plausibly off-topic material is frequently limited in both workplace and educational institutions.

Discussing the issues with campus management is an option, however not an advised one. The IT Department will be seen as "experts in the field" where as you "are just a student". Their word is the gospel truth to management. If your university is a reputable one with a dedicated IT department, volunteering to "help" is unlikely to yield the access required to bypass proxy restrictions, so that's off the cards too.

I myself am a University student and I use a 3G connection for much the reasons you are complaining about. It doesn't cost me much at all to do so.

Re:Just use 3G (4, Insightful)

ledow (319597) | more than 2 years ago | (#39170339)

Unfortunately, 90% of the headache of running a network is the userbase. Even in a small secondary school it can be difficult to keep people from abusing the connection (hell, I know I abused my uni's connection when I was there, not to mention their storage, FTP, CPU time, etc.) without policies like this.

They are providing you the service for things related to your work. Those sites you mention are not related to your work. Even if they were, the abuse of people using for things NOT related to their work is a burden that the IT department will be able to statistically measure. Otherwise they wouldn't bother with the hassle from students, staff, and technical problems associated with limiting your access.

It's not a question of "experts vs students", it's a question of different priorities. Even if you escalated it to the Dean themselves with the aid of staff, you would all end up sitting in a room with the IT guys who would explain exactly how much traffic that system cuts out, how many lost hours, how fewer abuse complaints they receive, how many more PC's they'd need to cope with the extra demand because of people hogging the computers for personal use, etc. and all for something that - if a site is genuinely vital to your work - they would gladly adjust to make sure it didn't interfere with your studies.

And then either you or the Dean would end up basically agreeing that what's in place isn't actually that draconian after all, and standard practice for most places for SEVERAL, very good, measurable, verifiable reasons. And every year you'd have the students/staff make the same argument and every year since the 90's it's been less of an issue because - as you point out - if you want unfiltered Internet for personal use, you can get it for next to nothing. And hell, in any university town I've ever been in, every cafe has free Internet to draw students in.

You have paid the uni, indirectly, to support your studies. If they are not supporting your studies, you can complain. But you can't complain that they aren't other personal Internet services to all X thousand students on their campus without paying the difference it would cost.

In my experience, working in schools rather than universities, I wouldn't be surprised if traffic (and therefore costs) quadrupled the second they relax their policy, even if they DON'T announce that they've done so. And those sorts of places usually run HUGE dedicated lines that are the backbone of the Internet - X thousand students accessing junk sites is NOT more important than the chemistry lab pushing a few Gigabytes around the world to their research partner. I assure you.

You have a workaround in the form of your own Internet connection, use it. If you want the uni to provide it, they will charge you MORE for the same thing because they are NOT an end-user ISP.

Didn't you know this going in? (5, Insightful)

slimjim8094 (941042) | more than 2 years ago | (#39170281)

As a /. reader, I can only assume you're rather technical. Isn't this something you discovered before going there?

Frankly, I wouldn't go to a school that did this. And I didn't. Thankfully, my first choice doesn't do anything like this. Traffic is unmonitored, but for legal reasons you have to register your MAC address to your university credentials to get out of the VLAN. This happens automatically with authentication to the wireless network, or manually through a captive portal for Ethernet.

As required by law of all ISPs, they will use this to forward DMCA notices, which happens pretty frequently. I can't exactly fault them for that. They'll also notice if you're really hammering the network with worm traffic or something, in which case they'll kick you off until you get the system cleaned up, which I can't fault them for either.

But other than that, they're pretty much out-of-the-way. They definitely view themselves as more of an ISP than anything academically-relevant, which is good. The university structure also places them at the same level as the individual schools (liberal arts, engineering, business, etc), and each school has its own school-specific IT that runs their own email and webhosting and so on, all of which helps keep them pretty much service-oriented. They pretty much provide internet access and server space to any university department that wants it (and pays for it, in one of those interdepartmental money-shuffling schemes), and otherwise back off from content management. Individual schools are free to filter whatever they want, but only in the school-managed network. In practice, none do. Even if they did, the dorms are separated out from that.

Not to mention the university is almost as liberal as they come in terms of information freedom.

But in any case, the university is your home for the time you're there. I wouldn't live somewhere that did this, and I wouldn't go to a school that did this. Not even because of the inconvenience - think about what that suggests about how they view academic and intellectual freedom.

Two solutions: (1)

subreality (157447) | more than 2 years ago | (#39170283)

1, technical. VPN. There are plenty of cheap providers out there who exist to fix this problem, or just find a friend who's willing to let you bounce off their home network.

2, administrative. Go over the head of the technical guy who's blocking the net. You will need to do your homework first: have a good business case for why the current policies are a) inhibiting your (and many others') legitimate needs and b) aren't reasonable, necessary or effective measures to achieve security. If you have a hundred signatures on a petition you'll probably get some attention.

If you're going to live under my roof... (0)

micker (668555) | more than 2 years ago | (#39170285)

Get your own internet. If you're going to use what the school is giving you then you have to deal with their network restrictions. With what your parents are paying for you to attend college you shouldn't put their money at risk circumventing network security at the school. Buy your own internet access if you want to fark around.

Guessing the university... (0)

Anonymous Coward | more than 2 years ago | (#39170291)

You're not an ECU student, are you?

Get your own network (1)

krelvin (771644) | more than 2 years ago | (#39170319)

Depending on where you are located, you can use 3G or 4G data on a phone or a dedicated hotspot. Unless you plan on going hog wild on it.. Then you control your access... Hard to imagine that you didn't know this going in though.... you did ask before you signed up right?

picidae (0)

Anonymous Coward | more than 2 years ago | (#39170337)

Try a picidae server. [] It replies you with a clickable image of the website you browse. You can run a server at home or use one from the project.

Get on with some work (1)

maroberts (15852) | more than 2 years ago | (#39170357)

If you were complaining about web sites related to your studies, you'd have some justification. The University network is there for studies and work, not for pissing around on.

[At this point maybe I should confess that I spent all my mainframe time allocation at Uni playing the original MUD... :-P ]

I Would Also Like To Know Who It Is (4, Insightful)

Jane Q. Public (1010737) | more than 2 years ago | (#39170361)

Universities do not exist to restrict information. Anybody who thinks they do, is not doing their job.

I agree that it is likely and administrator, rather than the IT department, who is responsible, but don't count on it. That's just worthless guesswork. You can find out.

Whoever is responsible, don't listen to all these wimps who just tell you to cave and pay for ANOTHER internet source when you're already paying for this one. Get hold of EFF, EPIC, the ACLU, and anybody else you can, and tell them your academic freedom is being repressed. Because it is true. But get some help. There are organizations out there who can not only help you find who is responsible, but put pressure on them to change the status quo.

Don't cave and just buy an expensive cell phone data connection (especially with prices going up). Fight the BS. Because that's what it is: BS.

Re:I Would Also Like To Know Who It Is (3, Funny)

cheekyjohnson (1873388) | more than 2 years ago | (#39170519)

But it's their connection! Therefore, they are exempt from all criticism and he should do nothing if he disagrees with their policies.

A Brief on Drilling corporate firewall (2)

jsse (254124) | more than 2 years ago | (#39170373)

The following serve as an overview. You would like to do your further research.

(1) SSH client (inside) ---SSH Tunnel--> SSH server (outside, with webproxy)

This may be the simplest setup, and the client could be linux or putty on Windows; and the server could be linux or CYGWIN on Windows

(2) OpenVPN client (inside) ---OpenVPN handshake--> OpenVPN server (outside, with internet routing)

You need to setup an OpenVPN server outside. For example, I reflash a CISCO router with OpenWRT at home so that I can connect from anywhere with OpenVPN client and use home's internet. This method could drill through most firewall/proxy, because it can be configured on any port, and any protocol (TCP or UDP).

Above methods requires setting up Internet connection outside. You might want to circumvene University's security policies directly, say by malform URL request. However, I do not recommend you to do so, as it would be considered a direct attack on their firewall.

don't like it, buy your own 3G card/modem (0, Flamebait)

smash (1351) | more than 2 years ago | (#39170377)

Oh wait... you expect unlimited access to the network for free? Hahaha...

students are technically paying customers (2)

OrangeTide (124937) | more than 2 years ago | (#39170431)

University isn't normally free.

Also they Uni is wasting additional money on licenses for software and products to block everything, when it would be cheaper for them to provide a wide open internet to paying students.

Re:don't like it, buy your own 3G card/modem (1)

geogob (569250) | more than 2 years ago | (#39170449)

Unlimited access to internet is much cheaper than university administrative fees for such things as, you know, internet connection.Your concept of "free" is quite distorted.

We have the same problem at our uni (1)

mufflon (634922) | more than 2 years ago | (#39170379)

Check out proxy over dns. The dns is usually not as heavily filtered as the rest. It's not as fast (and you would need a computer you can connect to from outside, but it won't be subject to the same limitations).

Protection (0)

Anonymous Coward | more than 2 years ago | (#39170381)

I hate to say it but as someone who implements networks with the very restrictions you mentioned. It is often because that is in the best interest of the school or business not to mention protecting your equipment from viruses and malware.

QaD (0)

Anonymous Coward | more than 2 years ago | (#39170389)

I remember when i was in boarding school we used to use aol demo's to tunnel the schools firewall

As a University network administrator ... (0)

Anonymous Coward | more than 2 years ago | (#39170401)

I'd like to know at least what country this University is in. Where I am, it's all about the student experience and making and keeping the students happy is the #1 priority. Note, that our IT department is big and these views are only shared by some of the sections, most notably the one I run, but of course we provide the Internet access, including the firewalls and proxy and filter as well as the wireless networks.

We spend considerable effort to protect the Internet from us, rather than the other way around. Heck, we currently give our students on the wireless networks real fully routable IPv4 addresses, with IPv6 coming soon.

Security should be an Enabler (0)

Yousef (66495) | more than 2 years ago | (#39170403)

Among the key aspects of security that many none security techies (control-freaks and politicians) miss is the fact that Security is supposed to be an enabler. It isn't supposed to get in the way of business.
Aside from legal and compliance matters, security should never get in the way of day-to-day operations.
The business of a University of LEARNING. Internet is a vital and essential part of learning - draconian restrictions will never help security.

The "IT Guy" obviously hasn't segmented his network; nor has he done a threat assessment, risk assessment or analyzed the business requirements of Internet in a University!
When your "security" policy/procedures force users to work around, bypass, hack; then that security policy has FAILED.

At my old university, (1998), we got our useless IT Administrator sacked when the students and staff got together and made the case to the University Administrators (it was a fun meeting :-)). Unfortunately, University Administrators think they are running a prison, not an educational institute; however, they can't fight against the teachers and students! ;-)

Re:Security should be an Enabler (0)

Anonymous Coward | more than 2 years ago | (#39170467)

You are a fuckwit who doesn't know what they are talking about

ssh-tunnel to home ... (0)

Anonymous Coward | more than 2 years ago | (#39170405)

... running on 443, because at least in my university, other ports were blocked (though I only needed the tunnel for some gaming stuff, exactly because of the port restrictions)

Honestly I think you might have this all wrong.... (3, Informative)

awjr (1248008) | more than 2 years ago | (#39170417)

If you can go to your course lecturers and justify why you need access to Hackaday to complete your course, I am sure your lecturers have a process to unblock the sites.

In the meantime there are 1000s of other students trying to use campus PCs without needing to find them screwed over by the previous user. What you *might* be able to persuade the University to do is to provide an unrestricted wi-fi point on campus for personal use.

Use their obligations as a landlord (3, Interesting)

m50d (797211) | more than 2 years ago | (#39170437)

If you're staying in university accommodation, and they're in a monopoly position as your internet provider, then they have an obligation (moral and possibly legal) to provide an equivalent service to what you'd get from a commercial ISP in private housing.

Anonymous Proxy? (0)

Anonymous Coward | more than 2 years ago | (#39170473)

Search for a non blocked anonymous proxy? Granted you shouldn't trust sending your personal information through the proxy, you would be able to look at these sites you mentioned

Network lockdown by university is frustrating (1)

Xolve (2527602) | more than 2 years ago | (#39170499)

This happens. And Its sad that university which should be a home for free flow of ideas just block the very channel for it. Even more frustrating is when access to IRC is blocked! I used tor but many IRC servers do not like that and they will now allow you on their network. IMHO blocking traffic where it prevents blocking of network is the one legitimate (e.g. torrent which just sucks up the whole bandwidth). I think when IT guys say that they want to prevent malware it shows they are too lazy to do their job of keeping the networks and computers safe.

US issue? (1)

tiedemann (214491) | more than 2 years ago | (#39170505)

I'm working at a university in Sweden. This kind of behaviour would be totally unacceptable here (afaik).
Sure, the wired net with static IP's has a MAC filter but anyone is welcome to use the guest wlan which works ok as long as you don't need to access file shares behind our firewalls.

Speaking from the other perspective.. (5, Insightful)

GoLGY (9296) | more than 2 years ago | (#39170511)

As a member of an IT systems admin team for a faculty we've often got specific mandates which services we must restrict, and to what end. What you may also be up against, other than 'unprivileged' access - is politics. Students do Naughty Stuff (tm) - that's just a fact that keeps on proving itself true time and time again. Even if you can speak for you, your friends, or your entire course - I can bet dollars to donuts that there's someone out there trying to do something shifty. Case in point: I was seriously asked to relax the restrictions on banning Steam so a student could "download 10 or 15 gig so i didn't have to do it over dial-up". On-campus living - sure, i can see where restrictions like that may diminish any sort of sanity saving software platform ( Valve fan \o/ ), but I'm not going to open up a faculty network just so you can play games. It's an education facility, not your personal high speed connection to the 'net. If you were a postgraduate student researching something that required access - then by all means get your supervisor to approve your request and I'll be more than happy to make it happen.

That being said - outline a clear case of why you need certain things re-classified and you may have a better case to work with. I am not suggesting that this tactic will work - as there's probably more to the story ( see - plug and play filter lists/software/appliances which remove the need to dedicate an entire FTE to putting classifications on traffic going out ) than you really know, but it will certainly stop you from seeming like a whinging student and more like an intellectual who is using sound reasoning. Hell - if you are able to find clear, repeated examples of wrongful clasification of websites, you may be able to enact a reconsideration of what's being used to deny you access or relax the level in which things are blocked.

Of course, they might not care. Who knows?

Student computer club? (1)

introcept (1381101) | more than 2 years ago | (#39170531)

See if there's an on campus computer club, that will almost certainly lead you to people, servers and networks that will help with outside access.

A few things I've seen used on campus:
-SSH proxy tunneling
-IPV6 related workarounds
-'partner' universities and organisation that can be accessed/tunelled through without going through the firewall
-wifi router/repeater with long distance wifi link (eg with a 'cantenna') to an off-campus house/building
-friends that work for campus IT, local ISPs and the university's ISP

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>