Sharing network connection... stealthily?

Audigex

Audigex

Audigex

Associate
Joined
3 Feb 2009
Posts
2,245
Hey

I'm currently on a uni network, which is fantastic in terms of speed (100mb/s both around campus and to the net, well 96mb/s actual throughput)

However, they only allow us to connect one device at a time - it's physically possible to connect more, but if you're caught they go mental.

Considering that devices are sorted using NAT, is there any way I can connect my xbox, Eee, laptop and desktop at once without arising suspicion?

Any thoughts appreciated :-)
 
This has arisen many times... but the simplest solution I found at uni was to just plug my router in. I spoofed the MAC of my laptop onto the router so they assumed nothing had changed. Had wireless in halls, that way.
 
Same at my uni. Router solved the problem neatly, I registered the router as if it was my computer. Mac spoofing would work too.

Alternative option is to run a router in software on your computer, and have a couple of nics attached. This will feed all of their connections through your main one, and the uni will be none the wiser. I'd personally use ipcop in virtualbox to do this, but I'm sure there are alternative approaches. I decided it wasn't worth the effort in the end and just bought a router
 
Interesting point by Confused. I see that applying to a router, presumably setting up a nas server on your main computer isn't detectable by this?

Or at least, since all the signals come from the same source, a fraction of them will still look normal. Perhaps I should go and google ttl :)

Cunning people set up the internet. This would indeed catch you. You can however state that you chose to use a hardware firewall between your computer and their network for fear of other students attacking your computer :)

also could catch me :(
 
Last edited:
Just do it :)

nothing they will do will get you kicked off tbh, Just say u wanted a network in your room and your only using there internet connection like usual.

Just got a simply £20 router, stick the uni network into the rj45 connection that is designed for a external/internet connection and then connect your devices to the one designed for local devices sorted, and free wirelesss :)
 
I wouldn't exactly say setting up a wireless network is especially stealthy. Would be fairly trivial to detect if they wanted to. If you really want to be stealthy then wire everything up...
 
I don't understand, the op says people have connected multiple devices before and been caught meaning he either has more than one lan connection or the first logical alternative, a router, has been tried before and failed (and yet everyone's screaming router :P).

Need more details tbh.
 
Well if people had previously set up a router with a SSID broadcast "Kevin's room" I guess they might get caught!!
 
Azuse05 said:
I don't understand, the op says people have connected multiple devices before and been caught meaning he either has more than one lan connection or the first logical alternative, a router, has been tried before and failed (and yet everyone's screaming router :P).

Need more details tbh.
Click to expand...

I suspect they went with a switch which was what I did at uni as it was dirt cheap and routers were still pretty expensive at the time, these days I'd go with a router and a wirless lan set not to broadcast it's CID I can't see any University being proactive enough to catch you unless you hammer the conection to pieces.
 
Confused said:
Of course, if they're being clever, they can see that the TTL is lower (by going through an additional device) and track you that way ;)
Click to expand...
That wouldn't be the most reliable way to do it. If it's doing NAT properly the entire layer3 encap should be stripped off and re-costructed on egress. This would result in a brand new IP TTL value. TTL Values vary somewhat anyway. ping to google comes back with TTL=247 Ping to loopback TTL is 128, ping to my default gateway comes back TTL=64 My router is deffo not 4 times further away than google!

Provided your router can MAC spoof and you spoof an actual NIC in your possession you'll be fine. If they check the MAC they can find that it's a linksys/DLink/Belkin Vendor ID and if asked you could produce a desktop/laptop NIC with matching MAC. If it comes back as broadcom or intel they're not likely to suspect that as much anyway. Wireless is a nono as even if the SSID isn't broadcast spoofing 802.11 probe signals will soon reveal it.

This is all assuming they give a hoot. Provided you're not hosting a small datacentre in your room using lots of bandwidth they're not going to be that fussed, and if they are anal about it they'd just turn up unanounced and inspect the rooms for contraband hardware and find it that way.
 
Drop all ICMP at the router and make sure the MAC is spoofed from your actual NIC.

Like skid said though, how fast can you unplug it all when someone comes knocking? :p
 
Wireless is not subtle. If the following precautions are taken, how could you trace one?
SSID set to something obscure like Default, rather than Jon's room, and not broadcast
MAC filter set up that only allows access from one of your devices
Turn remote administration of your router off
Put strong password on router
Use encryption

The above is what I did when I had a netbook, now everything is wired and I've turned the wireless off again. As far as I can tell, the best people could manage is to find that the network is there and then fail to make any connection to it. Mac spoofing isn't as easy when you don't know the mac you need to emulate.

A switch would not be subtle either, but in a different way
 
JonJ678 said:
Wireless is not subtle. If the following precautions are taken, how could you trace one?
SSID set to something obscure like Default, rather than Jon's room, and not broadcast
MAC filter set up that only allows access from one of your devices
Turn remote administration of your router off
Put strong password on router
Use encryption

The above is what I did when I had a netbook, now everything is wired and I've turned the wireless off again. As far as I can tell, the best people could manage is to find that the network is there and then fail to make any connection to it. Mac spoofing isn't as easy when you don't know the mac you need to emulate.

A switch would not be subtle either, but in a different way
Click to expand...

You can still easily break the encryption even on WPA and view the contents of packets, this will give you all the info you need. Even if they don't track you down they can DoS the wifi network by spoofing "Free to transmit" CSMA/CA signals or creating a duplicate SSID on the same channel to prevent you from using it. Which they're within their rights to do.
They could also see from the traffic you send; your source port and destination IP/port. Which they could then match against logging on their kit and derive your WAN side IP/MAC from that. I do the latter part of that process regualrly to tie down rogue connections to a swichport, which can then give me the physical location. Once I had a TCP/IP session to trace I could probably have the physical location within 10-15 mins.
Wifi is just a bad idea if you want to be stealthy.
 
I used and abused my uni connection to a ridiculous degree for 4 years and never got fingered once. Maybe they were thick, but probably they didn't care.
 
Just finished a course and we were shown quite a bit of funky network stuff, the guy cracked a (relatively simple) WPA password in about 5 minutes start to finish.

Think he was using an airpcap usb sniffer (very cool little thing), first ran airodump to bring up a list of macs/machines that were already connected to the access point to get a mac to spoof.

Then ran a password attack in airocrack (I think, could be wrong) and that was it. ok the passphrase used on the ap was only 8 random chars, think it was only upper and lower case letter and numbers, no symbols.

Best course I've ever done though :)
 
You must log in or register to reply here.
Back
Top Bottom