local network Anonymity

[buckybuck]

ok what i am trying to do is boot from usb inside windows <easy:done> next i want to leave no tracks on the host <easy:done:sandbox> then i want to connect to my home pc while hiding all traffic from host and local ap's while i use it in some cases depending on were i use it i will be going thru a firewall <ie:school firewall proxy> i dont want anyone except me to know what I'm doing <network monitor:wire shark> <not that its illegal i just like privacy> so my idea is portable vbox with 2 vdi's on usb >> bt4 with local proxy >> ssh to second vbox >> second vbox is a linux firewall <ie:zeroshell> >> forward all ports to 56 <xerox> or something <to hide protocol <ie:https> from ids for encryption> >> vpn to my home pc and browse the web and access my media? not sure if i'm way off or not I am still a noob to advanced networking
any ideas would help cause i think i'm way off i overthink everything

[lupin]

Its likely that you have given up all rights to private use of your schools network as part of its conditions of use. This certainly applies in most privately owned networks, including the one where I work. In my position as the IT Security Advisor at my office Id be... upset... if I found someone trying to secretly tunnel data out of my network. "Get a person fired" upset. Just so you know that what you're doing may bite you in the ass.

Some comments:

If the network administrators know what they are doing, you will never be able to hide completely. Decent encryption may hide the details of what you are doing, but it wont hide the fact that you are doing something - the encrypted channel can still be noticed, even if the contents of the transmission cannot, and this may be enough on its own to arouse suspicion.

Changing port numbers wont actually change the details of how a protocol communicates, though it may fool some analysis tools that attempt to match protocols based on port number. Depending on how monitoring is done, this may actually make traffic more visible (seeing significant outbound traffic on port 56 would make me really suspicious, traffic on port 22 less so - dependant on whats normal for the network of course). In addition, if proper outbound packet filtering is done the question of changing ports may be moot anyhow.

You're definitely overcomplicating things. There is one really obvious and simple means of establishing an encrypted outbound tunnel which is very likely to be working in your chosen environment, and which would result in your traffic getting lost in the noise of many other similar types of connection.

[thorin]

Seems like it would probably be easier for you to try a low & slow approach and hide in plain sight.

As lupin suggested what you're proposing likely violates acceptable use policy(ies) for the network(s) in question. Aside from that using a single port doesn't really help you much, the vast majority of modern protocols use a handshake or packet header/wrapper that can be identified by an IDS or FW so it's irrelevant what port you choose to put the traffic on.

For the record anonymity != privacy. You can be or have either one or maybe even both but they are not the same thing.

[Barry]

If you want privacy on a corporate network, start your own business. If I ever find someone trying to do what you're trying to do, they would be on the sidewalk faster than you can spit. We'd mail their personal belongings to them.