It wasn't often that Marcus saw his boss Harry scrambling to reach the mute button on his phone, simultaneously erupting into convulsing laughter. Between gasps for breath, he heard Harry say "bestiality" only to start laughing even harder.
Marcus, Harry, and company had recently gotten a contract to do security analysis for a mid-sized document management firm that we'll call Initrode. Their primary contact was Brad — a well-intentioned but scatterbrained (read: borderline incompetent) employee. Marcus would be working on penetration testing for Initrode's network. So why was Harry laughing? Well, it all started earlier that day.
"barnyardfapping.net? What the hell is barnyardfapping.net?" Brad punched the URL into his browser. "Oh. Oh god. He's not going to- Oh god. Oh dear god no!" Brad closed his browser and furiously Alt-F4'd the series of popups for several similar sites, trying in vain to forget the image that would be permanently seared into his memory.
He was in the midst of reviewing his company's proxy server logs, where he spotted a lot of requests he'd rather not see on his company's network — mostly warez and porn. And oh, the porn! The normal stuff would have been bad enough to see on the company network, but this was the really freaky stuff.
But who could possibly be looking at this stuff at work? And how are they capable of looking at so much of it during the day? Brad wondered. He had to root out the responsible employee (employees?). Having just formed up the contract with Harry, Brad called him for help.
"Yes, Harry? This is Brad at Initrode. Look, I know you guys are doing your tests, but I found these requests in our proxy server's log files that... *cough*" Brad had to choose his words carefully so he could get his point across without sounding crude. "They're for warez and bestiality porn." Damn. "So, uh, does that have anything to do with your testing?"
Which brings us to Harry's uncontrollable laughter. When he finally regained his composure, he bit his lip and responded "No, the bestiality porn is not part of our testing." That wasn't a sentence often uttered around the office.
"Well, what about some of these other sites? I have logs of the requests, and the vast majority are in direct violation of company policies. There is a lot of warez and, frankly, frightening porn in here. Can you guys analyze this and help me track down whoever is responsible?"
Harry was confused at this point — if Brad had the log, he must've had a list of IP addresses. Was the perpetrator savvy enough to masquerade as a legitimate client to gain access and make it look like it was someone else on the network? If Brad could figure out how to look at the proxy server logs, surely he had the technical knowledge necessary to figure this out on his own.
After thinking for a few seconds, Harry had another idea. "Brad, what's the address of your proxy server?"
"One sec... It's 208.77.188.166."
Harry kept Brad online while he configured his computer to use Brad's proxy server. He typed in www.google.com, which loaded without errors.
"Uh, Brad? I just loaded google through your webproxy. It would seem that your proxy server is open to the whole internet..."
After several seconds of silence, Harry added, "It's got to be someone outside your company doing this. You should really have a talk with your network admin right away. I can't imagine how he could've done something this careless and stupid!"
After several more seconds of silence, Brad replied "I am the network admin..."