computasm

MAC Address of router banned at university

12 posts in this topic

I go to a small university with a very small technology budget. The extent of network surveillance/security is small, I've been able to get away with BitTorrent downloads after downloading them as .txt files since August. I brought my own Linksys WRT54G router from home loaded up with the DD-WRT custom firmware to give me more control over my router. The school's policy does not allow for rogue routers to be utilized on the network but until now I have been fine using it. After recently raping the network resources (downloading at 2.0MB/s overnight) I found my router's MAC address to be banned from accessing the school's Internet connection.

After discovering this, I changed the MAC address of the router via 2 commands in the Administration tab of the DD-WRT menus. I now have full access to the Internet and all is well again. Each laptop on campus is school provided and only school laptops are allowed to access the network. Each laptop is named with an ID that corresponds to each student's real name and can be traced if discovered. I did not use BitTorrent outside of the wired connection to my router in fear of them banning my laptop's MAC address instead of my router's MAC address. To be sure I was safe, I tried connecting to the network directly (without my rogue router) both using wired and wireless connections just fine.

I am afraid, however. Despite their lack of security/surveillance in the past, how much information can they gain as I hop around from MAC address to MAC address? Can they determine my ethernet and wireless MAC addresses on my laptop even though the IP is handed out to my router? Can they see my computer's host name from Windows XP behind my router? If I login to the domain through the router, can they see that? Basically I fear that my router is not enough to protect me. I know that if I'm THAT afraid, I should cease such activity and follow the rules but what are my options? Is the information I asked about easily attained without intensive searching? I'm curious from a sysadmin's point of view..

Please help? Thank you in advance.

0

Share this post


Link to post
Share on other sites

Despite their lack of security/surveillance in the past, how much information can they gain as I hop around from MAC address to MAC address?

As much information as you transmit in the clear. Which websites you go to and your specific traffic patterns are unique.

Can they determine my ethernet and wireless MAC addresses on my laptop even though the IP is handed out to my router?

MAC addresses are layer2 and stop at the edge of the broadcast domain, so assuming you are doing NAT and not acting as a bridge you are fine in that regard. They can find your mac address directly though they could sniff it over the air.

Can they see my computer's host name from Windows XP behind my router?

If you are logging in to the domain they can, or if you are advertising it in some other manner.

If I login to the domain through the router, can they see that?

Obviously, it is their domain and they can see any domain logins

Basically I fear that my router is not enough to protect me. I know that if I'm THAT afraid, I should cease such activity and follow the rules but what are my options? Is the information I asked about easily attained without intensive searching? I'm curious from a sysadmin's point of view..

As I have said several times in other threads, get a torrent seedbox that is hosted off campus and ssh in to it. You can also use your seedbox as a proxy, tunnel dns and http to the proxy-server over an encrypted channel will protect your web-browsing as well. They will be able to see your bandwidth usage, and that you are using a secure tunnel but not what you are doing over that tunnel. If they are that concerned about bandwidth.. you could write a script that gathers the mac addresses of various users and then cycles through them so that the traffic is not tied to just one user-account. This has the potential to lead to duplicate macs on the network, not a good thing.. so you might want to consider simply using a non-university resource for your bandwidth intensive needs - like open wireless, or paying for a dedicated network drop. Edited by jabzor
0

Share this post


Link to post
Share on other sites

Since posting, I've come up with possible solutions to hide my identity. If there are vulnerabilities in any of these new methods, let me know! I am able to dual boot into Mac OS X (10.6 Snow Leopard) after finding the right kext files for my laptop. If I purchase a USB wireless adapter and use it under OSX without logging on to the domain, am I immune? The network here does not support any Mac computers and as far as I know, they do not have the capability to trace the packets down to the switch port. Also, if I was to continually change my MAC address on my router, it would not be able to be tied to my user ID or school-provided laptop's wired/wireless MAC addresses.

0

Share this post


Link to post
Share on other sites

i would probably just stop messing with the schools network. as even if you were running linux/bsd/osx or w.e. they could still tell you are using a torrent as it totally saturates the network, they will still be able to trace the traffic to your router/ your computer if you are directly hooked up, even if your running linux/bsd or w.e. they can still trace all the traffic to your computer, they all broadcast the mac when your on a network. i guess turn off wireless and just hookup ethernet so they cant sniff your mac through the air when you connect to your router and change the mac addy of the router like everyday but yeah that will only work for some amount of time till they get pissed and start search peoples stuff for the rogue router thats raping their network.

2

Share this post


Link to post
Share on other sites

i would probably just stop messing with the schools network. as even if you were running linux/bsd/osx or w.e. they could still tell you are using a torrent as it totally saturates the network, they will still be able to trace the traffic to your router/ your computer if you are directly hooked up, even if your running linux/bsd or w.e. they can still trace all the traffic to your computer, they all broadcast the mac when your on a network. i guess turn off wireless and just hookup ethernet so they cant sniff your mac through the air when you connect to your router and change the mac addy of the router like everyday but yeah that will only work for some amount of time till they get pissed and start search peoples stuff for the rogue router thats raping their network.

I'm not horribly worried about them knowing that torrents are on their network, I assumed that would at least happen. I only would torrent while connected to ethernet from my laptop to my router. Directly connecting would allow them to have easy access to my laptop's MAC address on my onboard LAN. I never use wireless just for the fact that the MAC address is out there in the open, being broadcast to the world. My solution of purchasing a USB wireless adapter would not allow them to see my onboard wireless MAC address that is tied to my real name in their files from the beginning of the year.

Your uni doesn't have a bandwidth restriction policy?

The school's usage policy restricts Internet usage that degrades the quality or experience of other users on campus. Obviously file sharing is specifically outlawed in the policy but as far as bandwith restriction is concerned, throttling has not been implemented. From overhearing conversations and talking to friends who have student jobs in IT, the infrastructure is seemingly too poor to manage bandwith allocation to each user.

0

Share this post


Link to post
Share on other sites

Just hope the admins don't get *really* smart and start dropping P2P traffic

0

Share this post


Link to post
Share on other sites

First...Did you change your router's default password? You router's name is in the clear.

Can they determine my ethernet and wireless MAC addresses on my laptop even though the IP is handed out to my router?

Yes, NAT tables can be requested by other routers. Once in the other, school router, that information is easily accessible. Therefore, your mac for the NAT address in your router can be discovered. You should be able to block this at your router, however.

Can they see my computer's host name from Windows XP behind my router? If I login to the domain through the router, can they see that?

Sure...and if not for some reason they can script a program to poll your host name.

Basically I fear that my router is not enough to protect me

You should be. They must really have a meager IT staff since you haven't been caught already. The IT level at the school is very basic. For instance, you are not "changing" the mac address but only cloning it. They can program their routers to poll all routers' real MAC's and then block or unblock based on that. But let's back up...they don't have any security whatsoever...basic security is MAC filtering- only allowing trusted MACS on the network period. Instead, they let everything on it until something goes awry...no excuse...MAC filtering is sehr einfach! In fact, you are providing them a real world lesson in the merits of MAC filtering...it prevents you from doing what you are doing without any support overhead whatsoever.

Since posting, I've come up with possible solutions to hide my identity. If there are vulnerabilities in any of these new methods, let me know! I am able to dual boot into Mac OS X (10.6 Snow Leopard) after finding the right kext files for my laptop. If I purchase a USB wireless adapter and use it under OSX without logging on to the domain, am I immune? The network here does not support any Mac computers and as far as I know, they do not have the capability to trace the packets down to the switch port. Also, if I was to continually change my MAC address on my router, it would not be able to be tied to my user ID or school-provided laptop's wired/wireless MAC addresses.

This is what you should have done from the beginning. You are already potentially exposed. However this setup gives your computer a new 'real' MAC address which your school has no knowledge...by changing the OS you've masked your host name. You are back to getting caught if you send stuff in clear text...like email or other stuff that relates to who you are...that also reminded me that your windows update also potentially gave you away before you did all of this. Also, why are you using Apple? Why didn't you just use Linux proper?

0

Share this post


Link to post
Share on other sites

After recently raping the network resources (downloading at 2.0MB/s overnight) I found my router's MAC address to be banned from accessing the school's Internet connection.

2 MB/s? My friend got a temporary ban after doing 100 MB/s transfers using a wall jack we thought we were allowed to use ;) 100 MB/s is not a typo :P

My university is connected to the CANARIE network :)

0

Share this post


Link to post
Share on other sites

:laugh:

I still think it is a typo...100MB or 100Mb...That Canarie network is pretty cool but it provides 10Gbs not 10GBs to locations, not to end user. 100MBs is 800Mbs which is close to the "theoretical" max for 1000BaseT. With collisions, other traffic, inability of other sites to operate even remotely at that speed, and other shiz I can't see that actually happening, oh not to mention that it represents 1/10th the bandwidth of the network speed just for one guy...although I could be wrong...I would seriously be interested though if that isn't a typo...and would like to then know which porn movies you were watching in real time in HD... :tongue:

0

Share this post


Link to post
Share on other sites

hmm you can always try mad macs from irongeeks website. then you can spoof your mac/hostname every time you boot up. if your lazy anyways.

0

Share this post


Link to post
Share on other sites

Just hope the admins don't get *really* smart and start dropping P2P traffic

They do that at my school, which is irritating. It's a weird system, though. Initially they just blocked the .torrent extension, so people were using Txtor or connecting to the tracker with a basic proxy. Then, they somehow found a way to block all torrent traffic, even if you switched up the ports. I had to use a VPN to download. Sometimes torrents are blocked, other times you can download no problem.

2 MB/s? My friend got a temporary ban after doing 100 MB/s transfers using a wall jack we thought we were allowed to use ;) 100 MB/s is not a typo :P

That's weird. My Uni doesn't care at all about on-campus (read: no bandwidth used) traffic. In fact, the DC++ hub used by students has been known to get pretty good speeds. I live in an older building that doesn't have gigabit, so my DL speeds cap at less than 2.0 MB/s. Still though, can't complain. :rolleyes:

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now