Managing Network Security
How to Get Around Your ISP
by Fred Cohen

Series Introduction

Networks dominate today's computing landscape and commercial technical protection is lagging behind attack technology. As a result, protection program success depends more on prudent management decisions than on the selection of technical safeguards. Managing Network Security takes a management view of protection and seeks to reconcile the need for security with the limitations of technology.

Pretty Dubious Article?

In some sense, this article is about how to get around the so-called security measures provided by ISPs. In another sense, it is about how ISPs are starting to unnecessarily and, in my view, improperly, limit the use of the Internet by legitimate users for their commercial advantage.

None of the techniques I will be pointing out here are new in any sense, but they may be new to you, which is almost as good from your point of view. I didn't first think of them and probably didn't first implement them either. They are all well known amount those who get past security.

These methods should also serve as a lesson to those who try to defend systems because...

They Work Against Your Network Too

Yes - that's right. Chances are good that some of the same techniques I am listing here will work against your network. And that means that you need to watch out for them, or at least realize that they are there.

Formatting of such articles can be a pain, so I have decided to go to the Q and A format used for so many years...

Q: How does this formatting work?

Q:My ISP restricts port 25 outbound so I cannot do outbound email - how do I get around it?

Q:How do I get around the web access restrictions that prevent me from visiting web sites with words like 'breast' (for example when I want to know how to prepare chicken for a dinner)?

Q:My ISP disconnects me every 8 hours or so and my IP address keeps changing, so how can I run a server when they keep doing this?

Q:How do I avoid prohibitions against inbound TCP connections?

Q:How do I run an unauthorized server?

Q:What if I don't want my ISP to be able to sniff all my traffic?

Q:How do I keep my ISP from finding out my email passwords?

Q:How do I get around their keystroke loggers?

Q:How do I do anything else like these things?


Clearly, there are moral and contractual issues associated with the commercialization of the Internet. The corporate interests will, in time, do everything they can to get control over content, access, methods, etc. in an effort to suck every penny they can out of those who want or need what they, through monopoly, can solely provide. This is not a moral issue - it is the way the system works.

Those of us who do not command the power or the will to battle it out their way will have to find our own ways. This is not an excuse to break the law, and it is not a call for defeating protection measures used by the strong to exploit the weak. It is, rather, a call for those who wish to promote freedom of expression, to keep the good thing that the Internet is and has been, and to retain civil liberties in the information arena, to stand up for what they believe in.

I, for one, think that this should be battled out in the courts, discussed widely in the media, and taught to all who are growing up to live in the information age. It is, in my view, an issue as important to the future of humanity as freedom of speech was when the United States was formed. I believe that it is more important than the so-called safety and security we gain by giving up our freedoms.

About The Author:

Fred Cohen is researching information protection as a Principal Member of Technical Staff at Sandia National Laboratories, helping clients meet their information protection needs as the Managing Director of Fred Cohen and Associates, and educating cyber defenders over-the-Internet as a practitioner in residence in the University of New Haven's Forensic Sciences Program. He can be reached by sending email to fred at or visiting