Dorm Wired Ethernet

[war6763]

Hey there everyone, I'm trying to get more input about my current situation in the university dorms. When we first move in and connect a computer to the network, we're required to run some software on our machines which "checks to make sure our computers are secure", then our MAC address is registered and we are able to get online.

I've tried registering a computer using a VM machine and then cloning that VM's IP over to other machines, but whenever I do this my download speed is severely throttled.

I've also tried setting up a linux box, registering it on the network, and having it perform NAT/DHCP on the green side of the network to no avail. I'm once again, throttled.

As a 3rd attempt, I've tried setting up a normal, unamanged switch and letting the university's network handle dhcp, but that has also failed.

The client that the university is using to register our machines is made by a company called Bradford Networks (link).

Above all this security, the university throttles the port speed to 10 Mbps max such that we are not able to transfer anything >1MB/sec roughly. I've done some poking around and found that the immediate switch connected to a similar port as mine is a Cisco, but I am unable to get any more info since I haven't yet guessed the switch's password.

Any ideas? I'd like to be able to connect a couple computers to my single port!

[digip]

It could certainly be the software the school uses, or just their network in general is just not configured properly and they have way too much traffic that you can only get those speeds.

Depends on the hardware sometimes too, but some switches when connected to, if one persons nic or even a switchport is set to 10 only in configuration for a vlan, then everyone else, even if they have a 10/100 card and can do 100 full duplex, will all drop down to 10 only based on the swtichport and setup of the switches configuration settings. I've encountered this at school before myself with equipment, and might actually be the vlan you are on in order for people to communicate they all need to be on the same port speed.

I don't know a whole lot about how it works, but thats something I have seen with cisco switches at the place I took my cisco classes. Its kind of like Wifi, where if it can do b and g, if everyone is on g and 1 person connect with b, the router down grades to b only speeds. b/g/n routers seem to have these issues, but g and n only seem to not have this issue do to mimo antennas, but b can't do the mimo stuff(if I recall) and causes everyone else's connections to limit to 11mb max, even if your have a g capable router and card, if b is allowed and capable on the router and someone with b only connects, it limites everythign to 11mb vs 54 or whatever your N is rated for. Test it out, see what happens, might be able to get around the cap if you can get on a different vlan or subnet, or fake your MAC address, but again, could be the software or even the schools network itself.

[war6763]

So, I understand why I'm limited to 1Mbps, but whenever I add any sort of hardware the download rate drops to about 0.3Mbps. I still can't figure that one out. I've tried registering my computer as a console and cloning the MAC and it still had issues.

[Pwnd2Pwnr]

I bet the switch is configured for you to only pull a given amount of bandwidth when running the vlan or vpn. The switch bottlenecks all of the connections to it, and it gives all of the cpus on the switch to receive the same bandwidth (your speed of .3mbps is outrageous, might as well add a dial up sound when you get on the internet). Tell your local admin that you can't check your grades because of the slow bandwidth. He/she should, at the least, tell you why it is happening or fix it if it is not.

Then again, I am still drunk from a hackerspace last night.

[digip]

Could also be that they don't use switches and dare I say, have a HUB in the mix somewhere, which, by default, causes broadcast storms and would severely hose the network like this. Its almost as if you're causing too much traffic on the network.

[war6763]

So, I don't think they're using a hub because I can see and try and authenticate with the switch, also, speed is fairly consistent during the day/night, which if were a hub, wouldn't be. I've tried connecting and disconnecting devices that are registered, and only some of them work at the full 10Mbps... I'm thinking that for some reason the first or second devices that I registered are working at full speed for some reason and everything else that you register after that will work at the capped speed 0.3Mbps...

Managed to get around it today, though. Turns out they can't detect ICS in Windows, so I'm just doing that... now on to try and crack the switch password!

[digip]

Can you identify the network hardware in question? What does an nmap scan of the gateway tell you and what happens when you scan the entire subnet? What services and ports are open on the device and what kind of interface have you seen form say a web enabled managment page(if any) or telnet side? Most switches are set to only be configured via a term server or from the router, after initial configuration of the device is setup via a serial cable to the console port.

Most "switches" on the network can't be logged onto like routers can from client machines unless thy do so through the terminal server or from the router. Most likely, your connecting to a gateway/router or all in one layer 3 switch, or even a wireless router/repeater hooked to a switch which could also be why speeds are slow. They might span several wireless devices to repeat network segments to other parts of the school and have central switches in each location. True switches are more or less transparent to the users on the network and normally can only be seen from the router itself or from a serial cable or terminal server connection nearby to it(and no, not windows terminal server, but the actual physical hardware type for connecting to console ports on high end routers and switches ).

Something along the lines of:

Routers are what you would most likely be logging into and even they need management interfaces enabled to be seen from the lan side unless its a lower end consumer type router, so its more than likely, a consumer brand all in one piece of shit 4 port router hooked to another hub or switch, and if thats the case, don't expect a whole lot of control or speed increases with it. If you can map the lan and run some traceroutes around the campus and compare arp data, you might be surprised what you end up seeing. Even pinging address that return no reply, will send back an arp if a real device lives at that address, and usually the MAC address can then tell you what kind of device it is based on its OID unless its spoofed.

[Infiltrator]

It could also be that the switch port, that your dorm room is connected to, is configured to allow one MAC address to operate at full duplex only. If it detects another MAC address than the speed will be throttled down. That could explain the situation you are into.

[AshiOni]

If it were me, I suppose I would have registered an enterprise firewall as my computer to start off with, thus allowing you to NAT your local dorm room network to their network. Try something like Sophos UTM, m0n0wall, etc. and see if that works out for you.

[CompleteTech]

I deal with things like this a lot. I help manage a network like this for multiple properties here where I live. Basically what it comes down to is that they have the router setup to detect this and it realizes that there are "rouge" devices and corrects or attempts to correct this.

Hope this helps. Probably not. I am so focused on trying to track down who has hacked my websites/hosting/social media I can not think straight. Sorry. I will try and come back later and give a better description.

[stealthkit]

I will give my 2 cents on how I think your college/dorms are set up as I am the Sr. Network Engineer for a large school district. * I think I can relate to the college * My best guess is that they are using some police policies as well a NAC *Network Access Control* device. Most likely you are connected to a layer 3 switch *As stated above* which I can almost guarantee they have split up into separate vlans. This way they are able to apply the police policies *EX. bandwidth restrictions* to the vlan. The NAC device then will use you mac-address and look at what rights you are given and then assign you to the correct vlan. I can not be for sure but if they are all Cisco, then I would say that the NAC that is being used is Cisco's ISE *Cisco Identity Services Engine*. This box is the perfect solution for * You and all the other students* BYOD or Bring Your Own Device. Since you have seen that they are Cisco switches then they will have CDP * Cisco Discovery Protocol * unless they have disabled *Not Likely*. You can download a network walker/spider that can walk CDP and discover their entire network. If they were smart they will have configured ssh on the vty lines. If they did not and used telnet then technically you could sniff the password. The only catch is you would actively have to be waiting for them to connect back to the layer 3 switch. A friendly word of caution as you are getting into the iffy side of things and don't want you thrown out of school if the network admin finds you in their equipment. If they have set up syslog then it will keep a record of everyone that logged in. This is all just a guess remember that. Heck you could be having a ton of collisions if the port is half duplex. It could be a number of things. I recommend that you talk to your network admin, as I am sure he/she will be able to either explain what is going on or be able to fix it. Hell he or she might be able to up your download/upload limit. *If you have one* Hope this helps you as a possible network configuration/explanation.

Cheers

-Stealthkit

Edited November 29, 2012 by stealthkit

[digip]

I will give my 2 cents on how I think your college/dorms are set up as I am the Sr. Network Engineer for a large school district. * I think I can relate to the college * My best guess is that they are using some police policies as well a NAC *Network Access Control* device. Most likely you are connected to a layer 3 switch *As stated above* which I can almost guarantee they have split up into separate vlans. This way they are able to apply the police policies *EX. bandwidth restrictions* to the vlan. The NAC device then will use you mac-address and look at what rights you are given and then assign you to the correct vlan. I can not be for sure but if they are all Cisco, then I would say that the NAC that is being used is Cisco's ISE *Cisco Identity Services Engine*. This box is the perfect solution for * You and all the other students* BYOD or Bring Your Own Device. Since you have seen that they are Cisco switches then they will have CDP * Cisco Discovery Protocol * unless they have disabled *Not Likely*. You can download a network walker/spider that can walk CDP and discover their entire network. If they were smart they will have configured ssh on the vty lines. If they did not and used telnet then technically you could sniff the password. The only catch is you would actively have to be waiting for them to connect back to the layer 3 switch. A friendly word of caution as you are getting into the iffy side of things and don't want you thrown out of school if the network admin finds you in their equipment. If they have set up syslog then it will keep a record of everyone that logged in. This is all just a guess remember that. Heck you could be having a ton of collisions if the port is half duplex. It could be a number of things. I recommend that you talk to your network admin, as I am sure he/she will be able to either explain what is going on or be able to fix it. Hell he or she might be able to up your download/upload limit. *If you have one* Hope this helps you as a possible network configuration/explanation.

Cheers

-Stealthkit

Make me want to go back to Cisco class..lol. CDP works with major cisco routers, but if they aren't using Cisco, there are probably other ways to deduce the hardware and network devices, if you can get a hold of any of the MAC addresses for the network switches and routers/gateways, their OID, if not spoofed, will identify at a minimum the manufacturer, which if using wireshark on yourself and watching the arp traffic, might even tell you when you reply to the gateway and swtiches, since it will have both your and their MAC address in the pool.

I do like your idea of a CDP spider. I've never given it much thought outside of the classroom, but damn thats a good point. What tools do you know of, outside of owning a higher end Cisco router, speak and can query CDP? Wondering if there is an nmap nse script that does this now...lol. google...you suck lately, might have to go to duck duck go or bing these days to get half decent research answers...