During World War II, many men were captured in POW camps.  We’ll call these men employees, and these camps work.  It was the job of the Nazi Germans, here by known as managers, who ran these works to keep the employees from escaping unnoticed into the freedom of the outside world, which will now be referred to as the Internet.  When employees attempted to escape work into the Internet, the managers would see them and shoot them, referenced in this article as being chewed out or fired by a Nazi, controlling ass-hat.  To avoid being Nazi, controlling ass-hatted, the employees devised a way to get into the Internet unnoticed, called a tunnel, or a tunnel.  In order to aid our lost men and women, chained to desks by the Third Reich, I present a tutorial on digging tunnels to the Internet.  Use at your own risk, for I am not responsible for any ass-hattery you may receive as a result of being caught.

An Internet Tunnel runs on a simple principle.  When you access wildbestiality.com from your web browser, it has to request it from the Internet.  Your computer, being generally too preoccupied with crashing Microsoft Office and hating kittens, only has the vaguest of idea where the Internet actually is.  Like your cousin Vinnie, he knows a guy who knows a guy, and just passes it along down the chain of command.  At home, your request quickly hits the Internet, and is lost amidst every other deviant-fetish pervert.  But at work, that next guy’s a fink.  He can record and view any requests, along with the computer that made them, cuz he knows no one gets by without him seeing it.  The idea of a Tunnel is that you scramble your requests, and a man on the outside decodes them after it’s made it past the dirty rat.  So, you’ll need a means of encoding, and a decoding man on the outside.

Likely, you’ll need a means of supplying this outside man.  For our purposes, we’ll assume this is your computer at home.  I won’t go very indepth on setting up your home end, because there are too many variables.  For example, most people have routers at home.  Routers are like snowflakes; everyone is unique and most likely concealing a ninja.  Varying types of Internet connections, dynamic IP addresses, and several other hurdles come into play that need to be handled from person to person.  So, we’ll stick to the basics for this article.  The machine that will be your outside man will be running a SSH server.  SSH is a remote means of logging into another computer, but not letting in between guys see what you are doing.  That is, essentially, half of what we’re trying to accomplish already. 

If your machine at home is running Windows, there is an application called freeSSHd that will run such a server, for free, right on your PC.  If you’re using a router or firewall on your Internet connection, both of those will have to be set up to allow access to the program from the outside.  There’s lots out there on how to do it, and I can give stabbing guesses as to your situation on the forums, but again, I’m not going to spend the time right now on it.  If your machine is running Linux, one is likely already installed, and there’s a 98% chance you know how to use it already.  If not, ask your router ninja.

On your work PC, you’ll need a program called PuTTY.  This is a client application that allows you to log into a command line on a computer running a SSH server.  The program doesn’t have to be installed, so you won’t need any administrator privileges to use it. 

• Get putty.exe from here, and save it somewhere not immediately noticable.  A USB drive, or even ye old floppy disk are fine.
• Open Notepad, and create a one-line batch file:
  putty -D 8080 -P p# -ssh ip#
• Replace p# with the port number of your SSH server (often 22) and ip# with the IP address of your outside computer.  If you are behind a router at home, this won’t be the IP address assigned to that computer, but rather the address your router gets from your ISP.  If you go to an IP checking site, such as whatismyip.com, from home, you’ll see what that address currently is.
• Save this file as putty.bat in the same directory as putty.exe.
• Run putty.bat. It’ll ask you for a username and password (which you set when setting up your SSH server), then sit idly as if waiting for commands.  After you login, your tunnel is dug. You can close the tunnel at any time by typing exit.

Unfortunately, only programs that know about this tunnel can use it.  Everything else will connect as they have been, ignorant of your underground project.  You do this by telling the program that your tunnel is a SOCKS proxy.  Not every program supports these types of connections.  Those that don’t can’t use the tunnel.  The two major browsers, Internet Explorer 7 and Firefox both work with it, so your major browsing needs are handled.  To tell a program where the tunnel is, set the SOCKS Proxy Server address to 127.0.0.1, with a port number of 8080. 

In IE7, this is under Tools > Internet Options > Connections > LAN settings.  Check "Use a proxy server for your LAN", click Advanced, and next to "socks:", put "127.0.0.1" and "8080".  Leave everything else blank.

In Firefox 2, this is under Tools > Options > Advanced > Network, and hit the Settings buttons under Connection.  Choose Manual Proxy Configuration, and enter "127.0.0.1" and "8080" under "SOCKS Host:".  Leave the others blank.

Now, in your newly configured browser, hit up an IP Address checking site like whatismyip.com.  The address you should get is the one of your outside computer.  If it isn’t, something went wrong.  If it is, it means the Internet thinks all of your traffic is going to that machine, where it will then be encrypted and sent to your work machine, unreadable by any eyes but yours.  That’s exactly what you want.  Congratulations.  Enjoy your freedom, soldier.  You’ve earned it.

Disclaimer

As networking tricks go, this one is fairly well known.  Luckily, the average Colonel Klink of IT has the ego to think he’s the only ones who know it.  Still, while someone staring at the network statistics can’t see what it is you’re doing, they can tell that you are doing it.  The contents and origin of your traffic is masked, but the fact that it is all going to and from the same computer outside their network is not.  A little web browsing would go unnoticed, but large downloads and excessive daily traffic may not.  Some companies have severe policies on dodging their filters, which can mean your job, or your anus, when you’re sharing an 8×8 cell with a guy who thinks your mouth looks purty.  Know that a network administrator normally knows less than you think and is capable of finding out more than you think.  These are tools, and if you’re a dumbass with them, that’s your problem to deal with.

• Axel can possibly help you with little things over the forums.  He’s an ex-router ninja.

Late Addition! (May 15, 2008)

As security goes, there’s always another angle.  And while your traffic is hidden with the above, there is another way many organizations can see where you are visiting.  That’s the DNS server.  Without getting too technical, DNS is a service proved by your internet connection that turns website names, like www.attackedbygorillas.com, into number-soup for the computer.  It’s kind of like the computer calling the operator to get someone’s phone number, because all it knows is the name.  Since this is a separate service, your computer asks for it separately of actually visiting a web page, and only asks occasionally to make sure the address hasn’t changed on it.  Since this is provided by your organization’s Internet connection, some of them like to log these requests, and see not just what you’re doing, but get a general idea of what sites you’re computer is asking about visiting.

Long story short, if you’re looking for that extra measure of secrecy, you’ll want to hide this too.  In Firefox, it isn’t that hard.  At the address bar, type about:config.  A lot of stuff will be there.  Don’t freak.  Type dns in the filter box.  Now the list of options should get much much smaller.  One will be called network.proxy.socks_remote_dns.  If it’s set to false, double click it to set it to true, and you’re done.  Your browser will now dial home when it gets lost in a sea of addresses.

Internet Explorer isn’t so lucky to have a feature like this, at least that I know of.  If you wish to dabble, I can recommend a program called FreeCap, not just for IE, but for many other programs.  (I personally use it with Xfire sometimes.)  I won’t go into detail, but basically, it works by launching a program and telling it "if you want the Internet, you go through me!"  It then channels all of that information through your underground network of forbidden wares.  No proxy information needs to be entered into IE (or whatever other program it may be).  It blissfully believes it is connecting normally to the web.  Tch.  Silly, ignorant program.