[ art / civ / cult / cyb / diy / drg / feels / layer / lit / λ / q / r / sci / sec / tech / w / zzz ] archive provided by lainchan.jp

lainchan archive - /sec/ - 3135



File: 1482976390697.png (491.96 KB, 300x188, sTsP2kg.jpg)

No.3135

Ok, I'm moving into a uni dorm within the month, and was looking at the network policy. It seems to be pretty strict. Not allowing your own routers/switches, banning the use of p2p software entirely, and even has a point that states being anonymous at all is not allowed. Infringement in any of these points and more result in disconnection and being sent to student conduct. What would you do /sec/? I don't think I can get through without use of private trackers, and knowing that everything that I do on the network will be visible to the school staff will gnaw on my sanity and probably alter my usage of the network.

  No.3136

Bring a knife
Show it to a fellow sitting next to you that tries to be your friend
See him go 10 seats away from you

Thats security

  No.3137

>>3136
t-thanks I guess

  No.3138

Start a company in a friends name. Say you work for that company part-time, remotely as a data engineer or something and that you need to use a vpn to honor your signed agreement to protect the proprietary algorithms. Formally apply to get an exception. Watch the university squirm to decide between capitalism and this Brave New technological World. Plz seed your torrents.

  No.3139

As for the torrents, that's easy enough to get around. Simply setup a seedbox, and use SSH to access it.

Alight, as for the VPN, this is also quite easy to get through. Buy a VPS. Be sure that it respects privacy and Freedoms(TM). You'll want to configure all your VPS traffic to pass through your VPN. Once that's done, you'll be able to do the following:

ssh -X my.vps.ip firefox (or other web-browser of your choosing)

Computer -> VPS -> VPN -> Outside world

SSH traffic looks totally normal (especially in a uni), just try to not to abuse it too much.

Also, have you considered not living on Campus?

  No.3140

>>3138
The only funny thing about your comment is that females find funny guys really attractive, meaning that you will not procreate

  No.3141

>>3139
got any recommendations for vpn and vps services? The amount available to choose from is a bit intimidating.

  No.3142

>>3141
Mullvad. It's no-log and hosted in a good area. CryptoStorm and TorGuard are also okay from what I've heard.

  No.3143

Oh, and you may want to also consider (if possible) using a DNS-Server other than theirs. OpenNIC is good, be sure to pick a server without logs though.

Once that's changed, they won't be able to get the domains of the sites that you're visiting, only their IP-Addresses. This might anger them though, so ask for their confirmation.

Polite sage for unnecessary bump.

  No.3144

>>3135
How about not giving a fuarrrk?
I lived in a dorm myself and we had similar rules (e.g. no pr0n, no switches, internet access only after MAC registration). The truth about those rules is that they are impossible to enforce. MACs can be spoofed, network administrators can't look into TLS streams, etc.
These rules probably only exist as an insurance if you do something stupid and illegal in their network.

  No.3145

>>3143
Is it possible to set up a spare computer I have at home as the server? and connect to that with ssh? Or is that difficult to set up securely?

>>3144
Yeah I know this is most likely the case, but I just want to be sure I have something to fall back on.

  No.3146

>>3141
I use AirVPN. It costs me $5 a month.

I'm not going to renew my subscription when it expires; I'll just use Tor instead.

If Tor can beat China, it can beat your university.

  No.3147

Advice from a Campus Stooge -

SSL Encrypt everything you can, run it over 443. Don't let them install a certificate authority. Remember that the network admin wants more than anything else is to not spend their time dealing with bullsoykaf.
That means we try to block torrents because we can't block DMCA notices.
It means we have a strong policy so your porn addiction is Not Our Problem.
Stay under the radar and you should be fine (without any funny business)
Your router and switch could screw up someone elses network (it's not fun tracking down a rogue DHCP server), so don't try to piss them off.

Know that you aren't anonymous when you're using someone else's network. Tor helps, but it also puts a target on you, because it's not obfuscated.

  No.3148

>>3145
>Is it possible to set up a spare computer I have at home as the server?

Depends on your ISP. Some tend to do everything they can to prevent a server of any-kind to be hosted (e.g, Charter Spectrum)

You'd have to setup port forwarding, I haven't messed around with that in ages, so I cannot give much advice there.

Maybe it could be done with something like No-IP, I'm not too sure. As long as it's connectable with SSH, you're golden.

  No.3149

>>3139
not OP, but can I use my seedbox to route my traffic? Do I really need a separate VPS?

  No.3150

>>3149
Yes, having the second VPS is optional.

ssh -x would work all the same, keep in mind that your seedbox host already has access to all of your bittorrent traffic, and you'll be entrusting them with your web browsing traffic too. As long as it's a well known and trusted provider, and you use HTTPs, you should be generally safe.

Just keep in mind: It's someone else's computer.

  No.3152

When you say anonymous, I assume you are referencing tor/i2p. Of course, tor/i2p over vpn is bad. Tor can hide itself, however. Look into "tor bridges". Figure out which services are useable on your network. (DNS is a low bandwidth protocol, and thus a bad choice. Easily discernible by traffic patterning.) FTP, SSH, and HTTPS are all good protocol choices to spoof.

  No.3153

>>3147
>run it over 443
This is a really key thing because that's the port that HTTPS runs over. The sysadmins can't actually tell if you're using a VPN, they just know most VPNs run over some other port and that HTTPS runs over port 443. If your traffic looks like HTTPS to them, they won't do anything.

Also, I think you could run a VM and pass your wifi or ethernet into the VM, and then get the internet through it. However, I have no clue how you would do this. You should be able to do something like this with a cheap physical machine as well, and it's probably easier.

  No.3154

>>3141
I reccommend you get a $5/$10 vps from https://www.digitalocean.com/ and setup your own https://bitmask.net/ provider on it and use it as a vpn and even as a seedbox to keep your ratio on private trackers up.

you can get the $5 vps and add storage to it for cheap

  No.3155

I work in my universities IT department. Let me tell you some things. If they are using a different network for the dorms like my school does do not fuarrrk around to much. I was able to vpn ssh and tor but when i got a DMCA notice they freaked out at me. Now for the actual school network I used vpn SSH Tor and torrent through it as long as it's not on a computer owned by the school they don't give a soykaf. Also do whatever you want as long as it won't show up as a major red flag on their monitoring system. However never contact IT if your having trouble with doing something you shouldn't be doing cause depending on who you get they will be pissed off annoyed or at best not give a soykaf. For instance we blocked some dudes VPN cause the host IP was blocked for spam and when he came in my coworker yelled at him for doing a vpn besides the main university one.

  No.3156

>>3155
>when i got a DMCA notice they freaked out at me
how did you get a DMCA notice

  No.3167

File: 1483142143010.png (272.19 KB, 111x200, expensive-daycare.png)

>>3135
I'd suck it up and pay for a non-uni network that offers more freedom. Remember that you can share files with local meatpods in your vicinity.
>>3147
This is good advice.

  No.3175

File: 1483158277586.png (34.21 KB, 200x156, spoon.jpg)

>>3167
That headline

  No.3452

So

The tl;dr of this thread, OP

Is that if you have a box "on the outside"

You can log into it remotely and do whatever the fuarrrk you want to

The university can't get in trouble for that (because they simply have to turn over the logs that say "Anon did indeed do a fuarrrkton of SSH to this IP, and they're in the clear), and thus they won't bother you for that

  No.3457

>>3135
>I don't think I can get through without use of private trackers,
Me too; my uni requires students to authenticate with their network for every device. There is no such thing as guest internet access so you can say goodbye to having the lads over for drinks. I've managed to get by just using a vpn and obfuscating my work machine's TCP/IP fingerprint; the spyware they have us install in order to authenticate doesn't support linux and mobile devices so.. yeah. You can always maintain your media consumption through an unlimited data plan via smartphone; that's what's made this past year for me at all bearable.

  No.3787

>>3139
I would do 'ssh -D 8080 vps.address' and configure local Firefox to a socks proxy on localhost port 8080. You would have all your browsing traffic going through the vps, but Firefox would be running faster locally.

  No.3800

>>3787
or use sshtunnel https://github.com/pahaz/sshtunnel

which is a poor mans vpn. Routes all your TCP traffic through ssh through your vps

  No.3830

Or couldn't you just use other people's accounts and spoof your MAC? Let it be someone else's problem.

  No.3844

If you want to network multiple devices onto your connection, then you'll have to NAT them unless they don't have port security etc and ignore multiple MACs on the same port.

As others have said, best way to do it is set up an OpenVPN install on a VPS (Digital Ocean works fine), and tunnel your file sharing / porn etc traffic through there. A seed box is also a good alternative, then pull from it via SCP.

If you want to give them nothing, set up a Pfsense VM or small computer (you can run it on an rPi or Odroid), then configure it with a site to site VPN pointing to your Digital Ocean VPN. Then NAT all your traffic through the pfsense box.

IT staff at unis really give very few soykafs about what you're doing unless you give them cause to. When I was at university we had a DC++ hub that covered all the dorms and people fileshared like crazy. The link usage must have been insane, as there were hundreds of people continously download HD movies all day.

  No.3863

>>3800
What is the point of this? If you have access to a VPS then why not just install an OpenVPN server on it and route traffic through that?

  No.4089

>>3863
There's a chance the uni might have their firewall filter VPN traffic. But that's not to say VPN wouldn't work. I had one set up on my home desktop a long time ago when I was in middle school and use it to watch YouTube poops in class. But I worked at the university I attended in their IT and found those kinds of things to be much more restricted. SSH is normally open for the computer science students at least.