K University - 5 Mac Address Limit, Can I Beat It?

[DD_nVidia]

Right, I'm going to university in like 2-3 weeks (move in the 11-13th September) and the company the provides the internet is a private firm, not the university.

For free, you get 4Mbit, one MAC address authentication.

For £80+10 you get 25Mbit, and 4 extra MAC addresses, so 5 in total.

However, I have more than 5 devices. Gigabit switch, wifi access point, main rig, second rig, laptop, iPhone, 360, WDLive plus any virtual machines I'm running.

They told me on the phone I wasn't allowed to have a router running with DHCP on since it'd interfere with their system for whatever reason.

So, without knowing any more details on how their system works just now, can anyone advise a way around this 5 limit (and yes I asked first about paying £10 more for 9 in total but they can only do one, so their own fault, I would have happily paid)

Thanks guys, hope you can help, sorry for making my first post here a question :(

[Netshroud]

You should be fine with a regular router. If DHCP is actually an issue, configure a router with static IPs only.

[BattZ]

You could always call them back, to double check that you can't use a router. Sometimes people are mis-informed or new there and don't have the proper info. But if he was right, and you can't, you can ask them what you could do, since I'm sure they have had this problem with other customers. Without knowing their network details it's hard to figure a way around it.

[DD_nVidia]

Yeah, I might send an e-mail again. The folk who are doing the net are gonna be there on move in day so i'll see if I get any better results in person.

AFAIK it works with just a standard ethernet port in the wall and you have to go set up when you get there with a configuration disk (dunno if that just loads an ip address or something though) that lets you authorize the MAC address. They said it's easy to change and you can deauth/reauth stuff whenever you want but if I'm honest, I can't be arsed doing that >_<

Any way to find out what kind of network details they have?

[Trax]

Wow talk about trying to screw you.

Get yourself a router. I don't see why it would cause any kind of issue with their network. when they ask you to probably install software just tell them you don't want to install their software and to just give you the configuration information. plug it into the router and your done.

i have had ISP's try to pull this kind of crap with me in the past, all i ever had to do was to put a router in. I even had one ISP tell me that their internet was for use with 1 computer only. they never even knew that i had 4 set up.

Depending on what kind of load your going to put on it though you might want to go ahead and spring for the larger package. but i know personally i have a 16 Mbps connection that even with 3 computers going full time, torrents downloading, gaming, video streaming etc.. i never come close to using that up. i MAY start feeling a pinch if i only had a 4 Mbps connection though.

also check if they cap your bandwidth usage. not all that common anymore, but i know if my parents download more then 450mb per day they get their net locked out and have to pay a fee to have it turned back on again (satellite).

[VaKo]

Ask if they allow NAT, if they do then your home free. If they don't then things will be a lot more complicated.

[Mr-Protocol]

They do it to make money. I've seen this done before.

My Time Warner can actually identify that I have a Linksys Router connected to their modem. So maybe you can spoof the fingerprint of your router somehow (dd-wrt, openwrt, etc.) to make it look like just a plain old linux machine or a Windows machine when it is really a router.

[DD_nVidia]

Vako - NAT is not allowed. I don't they'd be too chuffed about me circumventing their measures either, but hey, i offered to pay.

Trax - Yeah they did say they'd have a disc with configuration stuff on it, not sure if its a program or just instructions. In terms of load, oh it'll be used alright haha ;) They don't have any limits or restrictions, rapidshare, bittorrent both work, and according to the guy one the phone "people download terrabytes a month and our systems are fine, as long as you don't do anything malicious to damage or slow the network on purpose"

So since NAT is disallowed is using a router still an option? Any other suggestions. No way to pipe everything through one system? I could get an old system to set up as a router if i needed any more customization/options.

Thanks.

[DD_nVidia]

Mr-Protocol - Yeah SKY can do that with me too, they can tell I don't have their router connected and won't give any support when we phone, so I'm guessing that with a straight ethernet connection to their equipment the folk at uni will be able to have just as much if not more information.

Like i said above, I can get my hands on another computer if needed to run as a router to load with whatever software needed or I can buy whatever router I need to load the custom firmware/software/os. I can acquire a computer for either nothing, or super cheap or I can spend £40-50 on a router, even better if its 802.11n wireless. Dual band isn't needed since I have no dual band devices and everything else I want hardwired.

[Mr-Protocol]

Ok so you have to use a router they give you? So then you just hook up a secondary router behind it. Or another PC with ICS/NAT running. Or you can just use your desktop PC with ICS. So it would be a port in the wall => Their router/modem => Your PC with ICS =>Multiple other devices.

They should only be able to see your one PC if they even monitor it. Not all the things behind it with ICS. At least I think.

[DD_nVidia]

No no I was stating the situation at my house, we can use our own router at home :)

At the halls, its just a standard ethernet port in the wall, where it goes from there I don't know.

No NAT is allowed. No DHCP is allowed. ICS i've not heard of this,, whats that?

[Mr-Protocol]

No no I was stating the situation at my house, we can use our own router at home :)

At the halls, its just a standard ethernet port in the wall, where it goes from there I don't know.

No NAT is allowed. No DHCP is allowed. ICS i've not heard of this,, whats that?

ICS = Internet Connection Sharing.

What you could do is just ICS a router.

Plug the WAN port into another NIC card on your main PC they "allow" to connect.

Then setup a ICS with your router on NIC2 with the main network NIC1.

Have all other devices connect to Router on NIC2.

They are only saying "No NAT no DHCP" because they want you to buy more MAC spaces...

[DD_nVidia]

Ah fantastic. So doing it via ICS would bypass the mac address authentication problem?

Right so....

Wall connection --> C2D Rig Port 01

C2D Rig Port 02 --> Gigabit Switch 01

Gigabit Switch Port 02 --> Ci7 Rig Port 01

Ci7 Rig --> VM01

Ci7 Rig --> VM02

Ci7 Rig --> VM03

Gigabit Switch Port 02 --> Wireless Access Point

Wireless Access Point --> iPhone

Wireless Access Point --> Laptop

Wireless Access Point --> Laptop

So thats 10 systems for the price of one? If it works I'll probably try grab an older computer and make it as silent as possible to use for ICS the girlfriend loves that my pc is fast, not so much that it has 10 fans in it =/ haha. If it was up to me i'd leave it all running 24/7 considering I've not to pay for electricity!

I'll need to look more into how thats done nearer the time, but from the information you've gave me so far it seems like it should work :D If I have any problems I'll no doubt be back for some emergency help haha. But thanks so much for taking the time to help me, it's much appreciated!

[VaKo]

The switch won't count as a device unless its a fancy managed device. So your just left with your 2 desktops, the 360 and your storage unit (which will either need way more security added or to be connected via USB rather than IP). VM's can be run using a virtual NAT device rather than bridged connections, which will mitigate the need to register/un-register MAC's. Not sure how your going to manage wireless unless your halls has it, when I worked for a Uni's IT team we took rather a dim view of people running there own WAPs. So if you do run one, look for a business near your halls and set the SSID to something with the same name.

As for NAT, if you register your main PC on there system, then get a router and use the same MAC for the "WAN" connection you will probably be able to get away with it. I don't know what system they will use to police this but if it looks legit, and your not doing anything dodgy (p2p, viruses, portscans etc), you will probably just be able to keep your head down.

[Charles]

You could even "clone" yer PC's MAC onto the router and do it that way. I don't know if that would work or not, depending on how they plan on enforcing the "5 MACs" rule.

[DD_nVidia]

VaKo - Doesn't every networked device have a mac address though?

Ah right didn't know I could do that with the VM's. That's handy then.

I already asked about wireless access points, they said they're fine with it but obviously recommended that I keep it secure. I'll just give it WPA2PSK encryption and hide the SSID so unless anyones hunting out wireless networks they shouldn't find me.

VaKo+Charles - Yeah I'm not sure what way/how they're enforcing the rules, but when I move in if the representatives from the company who are there to help you get started, sign up etc. seem to know stuff I'll try strike up a conversation with them and find out what they know. Maybe I'll get lucky and get onto a conversation about network security :P haha.

I'm not in a massive rush, 5 MAC addresses will certainly do me to start with, so I'll have time to ponder my options and test them out. (as well as maybe testing out other wifi related tomfoolery that I've seen on Hak5, you know, people dying to use wifi on their laptops instead of being on their desk :P)

[Charles]

Be sure to use WPA2 AES, not TKIP.

Hiding yer SSID is pointless, as even a WAP that isn't broadcasting it's SSID is still broadcasting, and is able to be found.

Yes, switches have MAC addresses, but they don't get an IP, unless it's a managed switch.

Edited August 26, 2010 by Charles

[VaKo]

An unmanaged switch does not have a MAC address (only a MAC table), a managed switch does.

[DD_nVidia]

Charles - Yeah AES :) And well I know it's still broadcasting, but 99% of people wouldn't look any deeper than the windows wireless configuration tool.

VaKo - Yeah it's just a normal 5 port gigabit switch. TP-Link one, so definitely unmanaged haha.

[Charles]

Thanks VaKo, I could have sworn that the two gigabit switches I have had a MAC address, but they don't. I must be thinking of a router or something.