Does your employer know?

Do they care?

Would they care if they knew?

Would it be trivial to detect who was connecting from the kind of security logs most corporations take?

Anything else you'd like to share about mudding and work.

--Does your employer know?

Nope.

--Do they care?

I am sure they would not be happy to discover that I am using company equipment and time to play a game.

--Would they care if they knew?

Lets hope I never find out.

--Would it be trivial to detect who was connecting from the kind of security logs most corporations take?

I am not a computer person, so I have no idea what they could find out if they decided to investigate me (although I am sure they would find something questionable). It's a pretty big company and practically everyone has internet access. I know for a fact that a lot of people goof off on IE half the day. I would think they should be more concerned with people who are participating in file sharing and looking at restricted sites (ie: pr0n).

--Anything else you'd like to share about mudding and work.

It's relatively safe for me (being a faceless minion), but were I a manager or a supervisor I would not be doing it. You never know when someone will come in with a question or annoying request. That said, I schedule my MUD time around meetings and try to block off periods in the day so I can play (while things are slow of course ).

>Does your employer know?
Nope

>Do they care?
If my Boss knew he would probably have something unplesant to say.

>Would they care if they knew?
See above

>Would it be trivial to detect who was connecting from the kind
>of security logs most corporations take?
The Joy of an open University network. Very little is logged, only real anomalies. Lots of researchers using all sorts of software and hardware.
Plus I'm the ITSecurity guy =0p

>Anything else you'd like to share about mudding and work.
I have two flat screen monitors, one has a privacy screen that you have to be looking directly at to see anything other than black. This is of course the one Zmud runs on. I log way more hours as an Imm during the day because if someone walks into my office, or the phone rings its not so big a deal to be AFK. I have however been pk'd more than once out of the corner of my eye, while my boss is standing in my office talking to me, and my hands are clasped on my desk as I fought the urge to type flee;quaf return. Such is the price of mudding from work.

>type flee;quaf return. Such is the price of mudding from
>work.

The worst is having your boss come over to socialize while you're ranking and then switching back to find that you've been slowly wittled to an entirely avoidable mod-death while ranking. Even more gratifying is the sight of your groupmates repeatedly begging you to flee as you wimpy one room away for 8 ticks before finally dieing.

p

>Does your employer know?
>
They sure do.

>Do they care?
>
Only if I were to just blow off work in favor of a pk or something.

>Would they care if they knew?
Obviously not.. Der!
>
>Would it be trivial to detect who was connecting from the kind
>of security logs most corporations take?
I dunno about most. but we keep track of almost everything, I just ignore most of it, or if it gets crazy tell the person they need to leave off it. We have a more relaxed atmosphere than most places.
now stuff coming from outside.. that is where the job gets 'fun'.

>
>Anything else you'd like to share about mudding and work.
It's not the wisest thing. I might have say 70% of a day to mud during certain times of the year, but when I have to go I have to go right THEN. It beats staring at the walls, and if I didn't I'd spend so much money on books it would be sick. For me it's more cost effective to mud. For most of the people out there though I wouldn't suggest it, you are risking your job .. become an alchoholic instead, they tend to send you to rehab and act all supportive when you come out. mudders they just can and give bad references to.

>Does your employer know?

Not to my knowledge.

>Do they care?
>Would they care if they knew?

They would if they knew, but only if I was counting time spent on CF as "work time". Otherwise they wouldn't care. My project manager at one of the client sites I was at recently would organize after-hours LAN parties using the company network. The key being "after hours", meaning people weren't playing games for 2 hours every afternoon then taking off at 5pm.

>Would it be trivial to detect who was connecting from the kind
>of security logs most corporations take?

Depends on how fancy you are w/ regard to tunnelling, proxies, etc. If you're just telnettnig directly to CF then it would be pretty easy to detect. It might be suspicious that you're connecting to a non-standard port, or they might not care. My experience so far, albeit limited, is that companies typically just block what they don't want you to access. Or, at least they try. Unless you're doing something illegal (filesharing), expensive w/ regard to bandwidth, or potentially embarrassing for the company (porn) they're only going to ding you if your job performance dips.

>Anything else you'd like to share about mudding and work.

Don't do it. Yeah, I know, I'm a hypocrite. But trust me, it's bad all around. It makes your job performance suffer, and sooner or later your boss is going to walk in and you'll have to go AFK and probably get PK'd while you're away. That sucks ass.

It wouldn't be hard to set up a pretty innocuous looking system whereby you could mud from work, assuming they give you normal web access and don't have a keylogger installed on your machine.

1. Get a generic sounding domain name and map it to a static IP or one of those services that lets you automatically update the DNS entry for your domain. This will point to your home machine.

2. Set up a web server with a fake storefront or some other "real looking" content that doesn't identify you. This way an admin won't be disappointed if he loads the site in a browser to see whether it's legit. Also, when you register the domain name, use an anonymizer instead of your real info in case they do a whois lookup.

3. Set up a ssh server listening on port 443. It's unlikely this port will be blocked (or monitored) since it's used for SSL. SSL traffic is encrypted, so the fact that you're sending non-plain-text data to port 443 shouldn't raise any red flags.

4. SSH to yourdomain.com:443 and use the port-forwarding feature to foward localhost:9999 to carrionfields.com:9999. The three main Windows SSH clients each support this: PuTTY, SecureCRT and the OpenSSH/Cygwin port. The latter is simplest, imho.

5. Load up your favorite mud client and point it at localhost:9999. Your packets will be encrypted and travel to port 443 on yourdomain.com, at which point they'll be decrypted and forwarded to carrionfields.com:9999.

The main flaw in this scheme is that if someone were to actually telnet (or ssh) to yourdomain.com:443 they would immediately know you're running a ssh daemon on that port. That would raise huge red flags, since it would be pretty obvious that you're trying to cover your tracks.

Also, if your employer does periodic disk scans to detect third-party software, use a client like WinTin or yTin that doesn't have to be "installed" in the Windows sense. Compress the client and your scripts into a password-protected zip file, then rename that file to something drab like "temp.txt". When you're ready to play, just rename the file and extract its contents.

>> The main flaw in this scheme is that if someone were to actually telnet (or ssh) to yourdomain.com:443 they would immediately know you're running a ssh daemon on that port. That would raise huge red flags, since it would be pretty obvious that you're trying to cover your tracks.

Couldn't you set up iptables on yourdomain.com to drop all incoming packets that don't originate from your work desktop?

Or even better, to do some internal package shuffling so all packages but those from your work computer end up at an actual SSL server running at some different port. Or forward them to an external SSL server, some e-commerce system for example. (Don't know if the latter works, but it would be neat.. The first option would probably also raise the red flags)


>> Also, if your employer does periodic disk scans to detect third-party software, use a client like WinTin or yTin that doesn't have to be "installed" in the Windows sense. Compress the client and your scripts into a password-protected zip file, then rename that file to something drab like "temp.txt". When you're ready to play, just rename the file and extract its contents.

I put my laptop pr0n in a password protected zip file like that in a last-minute stint of paranoia when I went to thailand (it's illegal there). Much to my dismay, the contents of the folder could still be listed... So I'd say it's more important to rename the ytin.exe file before adding it to the password protected zip folder. (Since I assume a good disc scanning program will recognize the headers of archive files and check their contents anyway)

>Couldn't you set up iptables on yourdomain.com to drop all
>incoming packets that don't originate from your work desktop?

Most likely your work machine sits behind a firewall, so everybody connecting from work (including a curious admin) will look like they're originating from the same place.

Given that the OpenSSH server and client are both open source, it wouldn't be *too* hard to modify the code so that they no longer exactly implement the SSH protocol. If you telnet to a ssh daemon, the first thing it does is identify itself as an ssh daemon. You get the string "OpenSSH" passed to you in plaintext. All you'd need to "disguise" your ssh service is to replace that string with some unintelligible ASCII garbage, then modify your client to detect the same sequence of bytes.

>I put my laptop pr0n in a password protected zip file like
>that in a last-minute stint of paranoia when I went to
>thailand (it's illegal there). Much to my dismay, the contents
>of the folder could still be listed...

Wow. That's really dumb. Of the zip guys, not you. I had no idea it worked that way. Easy workaround: put a zipfile inside a zipfile. Unfortunately, password protection isn't supported in the win32 port of "zip" that I use. Would need to get an old command-line version of PKZIP.

Does your employer know?

If we consider my employers my kids, then yes, they know. Sort of. Well they can't read, and I call it "work". "Mommy's working!" Does that make me a bad mother? Trust me, it's more true than not! I only play my imm while my kids are present.. they are far too distracting to play mortals although they are mercifully getting more self sufficient and I did manage a cloistered Herald all the way up to an impressive level thirty-something during their lego sessions.

Do they care?

Yes. Usually it's, "But MOMMMMMY! I'm HUNGRY/THIRSTY/BORED!" and anything that prevents me from instantly jumping up and gratifying their whim is something they care about. Sheesh, them kids and their needs!

Would they care if they knew?

My daughter, the only one old enough to speak, would probably be much more interested if she DID know what it was I really was doing. In fact, often she asks me to play my "Dragon Game" which refers to any graphical game I've ever played (Except for Knights of the Old Republic, which is "the Jedi Game" or "the Jawa Game").. she likes games. Too bad she can't read!

I'm sure this was of no help to you, but perhaps mildly amusing.

I mud from work when I can though I don't like to do it with an established character as I hate dropping link due to uncontrolable events in the office.

If my employer knew they would care, not sure to what extent, but I have no desire to test those waters either