Wireless Routers Banned From My Dorm

rrm74001

macrumors 6502
Original poster
Nov 11, 2008
274
315
I got this email from the manager of my dorm:

This is a reminder that wireless routers of any kind are not permitted anywhere in the ***** *****. If you have one please disable it immediately because these are causing the internet for the entire building to stop working and it is very frustrating to residents who do not have internet access. This entire building does not have wireless capabilities. Every apartment is equipped with a modem for Ethernet internet access. We pay a lot of money to have Ethernet in every apartment so by using wireless routers when we don’t have wireless internet you’re not only stealing wireless from someone not affiliated with this building you’re wasting our money that pays the internet bill every month, and you’re causing the internet to go down to the entire building. ***** is working hard to identify where these wireless routers are in the building and disabling them as they find them, but they need your help. If you have one please stop using it, or if you know someone that has one please tell them to stop using it. If you have questions about this please direct them to the IT department by calling (***) ***-****.
Is there really a way for them to detect if I am using a wireless router in my dorm room? I am using an Airport Express and it is convenient because it allows me to plug my printer into the USB so my printer does not take up space on my desk. And I have a Playstation 3 in the common room with NetFlix. So do you think I should unplug it? Or are they bluffing? :D
 

frenchlemon

macrumors newbie
Feb 22, 2010
7
0
South of France
I think they're bluffing, one thing you could do if you want to keep your wifi, hide your SSID on the router and use a channel that is not used where you live. (use iStumbler or similar to find out what's common). They can find you if they really want.
I thinks they really want to crack down on people sharing the bill (i.e. you and your neighbors getting one connection between the two of you). So don't tell anyone you know you are using wifi.

The other solution would be using Ethernet over power adaptors:
http://www.ehow.com/how_4662693_use-ethernet-over-power-outlets.html
http://computer.howstuffworks.com/power-network.htm

FL.
 

kmaute

macrumors 6502
Oct 5, 2008
301
2
USA
Well... In my days of undergrad, I worked as the HelpDesk coordinator for a Pac-10 University. You would simply not believe the number of idiots who would buy a wireless router, plug in the LAN cable into one of the host slots and proceed to start assigning IP addresses to other clients on the network. We're talking 3-4 per month. They could shut down a dorm in a matter of minutes.

We would probe the network for OS information and when a BSD/Other device appeared, we would simply give them a call and ask what version of BSD they were running. When they were unable to answer, we'd block their port and would seize the router.

I'm 95% sure the wireless component is not what they're talking about; it's simply the real possibility of a rogue router bringing down the network. However, as long as you're not an idiot - they most likely won't bother you. Keep your essid hidden and well encrypted.
 

steve2112

macrumors 68040
Feb 20, 2009
3,023
6
East of Lyra, Northwest of Pegasus
Yeah, they can tell if you are running a switch or router on their network. In Cisco's IOS, for example, there is a command called BPDU guard which can detect when an intelligent device, such as a switch or router, is plugged into a switchport and shut down that port. As a network admin, this is a good thing, since a rogue switch or router can cause problems with Spanning Tree, DHCP, etc. In a corporate environment, this would help prevent someone from plugging in a rogue wireless AP somewhere and snooping your network. As was stated earlier, this is probably to protect the network, not to prevent wireless use.
 

niuniu

macrumors 68020
You can get little fobs that detect wireless signals, some even display how strong the signal is the closer you get to it afaik. I doubt they're doing that anyway.

Just have it turned on when you use it and keep it close to your chest I guess.

Edit: just read above post, seems maybe they can do it through their system management..
 

Techhie

macrumors 65816
Dec 7, 2008
1,160
0
The hub of stupidity
As was stated earlier, this is probably to protect the network, not to prevent wireless use.
The wording suggests that they aren't technically apt enough to go to such great lengths. :rolleyes:

A hidden SSID should suffice, as well as an unconnected ethernet cable on hand to ward off any suspicion. If the router (and SSID) are left hidden but unencrypted, there is nothing stopping you from denying ownership and claiming that knowledge of the hidden network came from rumor.
 

acurafan

macrumors 6502a
Sep 16, 2008
615
0
any school running decent network equipment w/proactive monitoring at the access layer will eventually find out. you can hide your SSID but with netstumbler, airjack, or airmagnet - given time will find your device.
 

steve2112

macrumors 68040
Feb 20, 2009
3,023
6
East of Lyra, Northwest of Pegasus
The wording suggests that they aren't technically apt enough to go to such great lengths. :rolleyes:

A hidden SSID should suffice, as well as an unconnected ethernet cable on hand to ward off any suspicion. If the router (and SSID) are left hidden but unencrypted, there is nothing stopping you from denying ownership and claiming that knowledge of the hidden network came from rumor.
I was just saying it was indeed possible for them to tell if someone was running unauthorized network equipment. As you said, though, if they were running this kind of stuff, it would have already stopped working. Most of the options like BPDU guard and port security are pretty much instant.
 

ravenvii

macrumors 604
Mar 17, 2004
7,583
489
Melenkurion Skyweir
any school running decent network equipment w/proactive monitoring at the access layer will eventually find out. you can hide your SSID but with netstumbler, airjack, or airmagnet - given time will find your device.
I spent 3 1/2 years at an university dormitory that doesn't allow wireless routers (or any routers for that matter). Yet, I had an AirPort Express all those years because they put the ethernet port in such a inconvenient place (literally opposite the power plugs). I hide the SSID, encrypt it, and only I, my roommate and any girlfriend I happen to have at the time, are allowed to use it. I change the SSID and password whenever the identity of either my roommate or my girlfriend changes :D

Never caught, never got a complaint.
 

rrm74001

macrumors 6502
Original poster
Nov 11, 2008
274
315
I am not so worried about them finding the wireless signal of my router. I have the SSID hidden and a 32 alpha-numeric-symbolic random WPA2-Personal encryption password. I suppose they could use a WiFi sniffer and walk around the building trying find where the signal is strongest and find my router that way. But I do not see them doing that. Plus I set the radius of the signal to 10% so it does not reach much farther than my room.

What I am worried about though is them finding my router REMOTELY. Like do my packets somehow indicate that I am using a router? Or can they detect what kind of hardware is connected to my modem remotely?

Maybe I should not even risk it because they claim that they will turn off my internet for the rest of the semester if I do not comply...

I cant even use my computer on my bed!
 

kmaute

macrumors 6502
Oct 5, 2008
301
2
USA
I highly doubt that they're going to put that much effort into it. Most likely, they'll use a lot of nasty language and as long as you aren't doing bad things (torrenting, DMCA or equivalent violations, foreign traffic, etc...) I wouldn't have bothered you when I ran the HellDesk. It just depends on the university.

If you are really concerned, build yourself a little linux box and use that to set up a WAP. They won't see any thing except your linux box pulling traffic. At my school, you could buy a POS surplus machine that would serve this purpose wonderfully. You could even get by with running monowall off a floppy. You have lots of options...
 

MacDawg

macrumors Core
Mar 20, 2004
19,708
4,274
"Between the Hedges"
I know it may not be the cool and popular thing to say
But I would recommend following the school's policies instead of trying to find ways to circumvent them
Whether you feel they are not fair, unjustified or just plain silly, it still doesn't give you the right to violate the rules
You agree to certain limits when you choose to attend the school
At such time you are no longer willing to uphold that agreement, you should re-evaluate your choice of school
 

steve2112

macrumors 68040
Feb 20, 2009
3,023
6
East of Lyra, Northwest of Pegasus
What I am worried about though is them finding my router REMOTELY. Like do my packets somehow indicate that I am using a router? Or can they detect what kind of hardware is connected to my modem remotely?

Maybe I should not even risk it because they claim that they will turn off my internet for the rest of the semester if I do not comply...

I cant even use my computer on my bed!
As I said earlier, routers and other intelligent networking devices are detectable if they have the right equipment, IOS setup, and they are actually monitoring it. Like I said, though, if they haven't done it by now, I would think they aren't doing anything like that. Or maybe they just are being nice by giving you warning.

One question for you: Do you just have ethernet jacks in the room to plug into, or do they give you an actual modem? Most of the stuff I have been talking about would basically involve an ethernet cable connected to an enterprise level switch and a big network. If they give you something like a cable modem, I'm not too sure what they can and can't detect.
 

rrm74001

macrumors 6502
Original poster
Nov 11, 2008
274
315
As I said earlier, routers and other intelligent networking devices are detectable if they have the right equipment, IOS setup, and they are actually monitoring it. Like I said, though, if they haven't done it by now, I would think they aren't doing anything like that. Or maybe they just are being nice by giving you warning.

One question for you: Do you just have ethernet jacks in the room to plug into, or do they give you an actual modem? Most of the stuff I have been talking about would basically involve an ethernet cable connected to an enterprise level switch and a big network. If they give you something like a cable modem, I'm not too sure what they can and can't detect.
There are no ethernet jacks in my room. There is a phone line that connects to my modem, and then from the modem I connect to my AirPort Express via ethernet and then I connect to the AirPort Express. I am pretty sure I am still going through my schools network though.

I have had this wireless router running in my room (along with many other people in my dorm using their own router) for over 8 months now and they have not said anything at all. Now all of a sudden I am "bringing down the internet for the entire building"...

I know it may not be the cool and popular thing to say
But I would recommend following the school's policies instead of trying to find ways to circumvent them
Whether you feel they are not fair, unjustified or just plain silly, it still doesn't give you the right to violate the rules
You agree to certain limits when you choose to attend the school
At such time you are no longer willing to uphold that agreement, you should re-evaluate your choice of school
Well...now that we got that out of the way...
 

ravenvii

macrumors 604
Mar 17, 2004
7,583
489
Melenkurion Skyweir
There are no ethernet jacks in my room. There is a phone line that connects to my modem, and then from the modem I connect to my AirPort Express via ethernet and then I connect to the AirPort Express. I am pretty sure I am still going through my schools network though.
That completely throws out what I said above. That setup sounds really strange.
 

rrm74001

macrumors 6502
Original poster
Nov 11, 2008
274
315
Okay 1 more question for you guys. I turned on internet sharing and set it up so that devices that connect to my MacBook Pro via Airport will share internet with my ethernet connection. Is my MacBook going to be viewed as a router if they are monitoring?
 

savar

macrumors 68000
Jun 6, 2003
1,954
0
District of Columbia
What I am worried about though is them finding my router REMOTELY. Like do my packets somehow indicate that I am using a router? Or can they detect what kind of hardware is connected to my modem remotely?
We actually had a thread similar to this not too long ago.

http://forums.macrumors.com/showthread.php?t=833193&highlight=router+ttl

Also:

http://www.nessus.org/whitepapers/wap-id-nessus.pdf

Edit: Relevant link from that thread: http://www.sflow.org/detectNAT/
 

MisterMe

macrumors G4
Jul 17, 2002
10,650
28
USA
Okay 1 more question for you guys. I turned on internet sharing and set it up so that devices that connect to my MacBook Pro via Airport will share internet with my ethernet connection. Is my MacBook going to be viewed as a router if they are monitoring?
You clearly don't know enough about networking to avoid getting caught. To your question: Of course, your computer is a router if you have Internet sharing enabled. That's what a router does.
 

rrm74001

macrumors 6502
Original poster
Nov 11, 2008
274
315
Thanks that helped alot. It seems like the problem has to do with people hooking their routers up wrong:

http://forums.macrumors.com/showthread.php?t=833193&page=2&p=8987158

I was doing it right all along because I have been using bridge mode on my AirPort Express so I was not causing any problems :D.
 

frenchlemon

macrumors newbie
Feb 22, 2010
7
0
South of France
As I said earlier, routers and other intelligent networking devices are detectable if they have the right equipment, IOS setup, and they are actually monitoring it. Like I said, though, if they haven't done it by now, I would think they aren't doing anything like that. Or maybe they just are being nice by giving you warning.
I agree on this, but if we look at the wording of the letter of the OP, it clearly states wireless routers, not "any router" so even if they could detect a router (which we've come to the conclusion, with the setup is not possible/unlikely), they can't dismiss it on those basis alone. (since it might be a normal wired router).. just my 2cts

FL.
 

rrm74001

macrumors 6502
Original poster
Nov 11, 2008
274
315
Actually, the more that I think about it, I am using more of a wireless bridge than I am a wireless router. Do you think they consider them to be the same thing?
 

phishindsn

macrumors regular
Oct 24, 2009
146
1
I imagine them using the term "wireless router" meaning any device sharing their internet connection remotely.

Also in all reality they could just start capturing simple packet traces from said equipment and cross reference MAC address's to determine what types of devices. Will they do this, doubt it.

Most often they send these letters to see if they can scare the majority of users to stop, if they don't, well consider the warning. As usual in life, the majority ruins it for the minority.

Bridge is the best way as all traffic passes with the last devices MAC address.