this post was submitted on 07 Sep 2024
472 points (92.6% liked)

Technology

60062 readers
3365 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 2 years ago
MODERATORS
 

I just moved into a student dorm for a semester abroad, and beforehand I emailed them asking whether they had ethernet ports to plug my router into (I use it to connect all my devices, and for WiVRn VR streaming). They confirmed that I could, but now that I'm here the wifi login portal is asking me to accept these terms from the ISP, which forbid plugging in a router. There's another clause that forbids "Disruptive Devices" entirely, defined as:

“Disruptive Device” means any device that prevents or interferes with our provision of the 4Wireless to other customers (such as a wireless access point such as wireless routers) or any other device used by you in breach of the Acceptable Use Policy;

So what are my options? I don't think I can use this service without accepting the terms, but also I was told by the student dorm support that I could bring a router, which contradicts this.

EDIT: some additional context:

  • dorm provider is a company separate from my uni (they have an agreement but that's it)
  • ISP (ask4) is totally separate from dorm provider, and have installed a mesh network that requires an account. On account creation, there are many upsells including one for connecting more than one device. The "free" plan only allows me to sign in on a single device, and I can upgrade to two devices for 15 pounds.
  • ethernet requires login too
  • VR streaming requires a high performance wifi 6 network, which is why I bought this router (Archer C6 from tp-link)
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 145 points 3 months ago (5 children)

psst

Hey, kid, don't tell anyone I told you about this

*Lifts coat

iodine
https://code.kryo.se/iodine
Description: tool for tunneling IPv4 data through a DNS server
This is a piece of software that lets you tunnel IPv4 data through a DNS
server. This can be usable in different situations where internet access is
firewalled, but DNS queries are allowed.

[–] [email protected] 31 points 3 months ago* (last edited 3 months ago) (1 children)

You got the goods! I used an HTTP tunnel when I was in college.

[–] [email protected] 26 points 3 months ago (2 children)

I also like the idea of ptunnel

Ptunnel is an application that allows you to reliably tunnel TCP connections to a remote host using ICMP echo request and reply packets, commonly known as ping requests and replies.

[–] [email protected] 10 points 3 months ago (2 children)

I don’t understand how that can be reliable without being extremely obvious.

[–] [email protected] 4 points 3 months ago

Yeah, any off the shelf network intrusion software would probably immediately flag either of those based solely on the amount of traffic.

[–] [email protected] 1 points 3 months ago

Well it would be obvious. Any decent network tool would be able to filter traffic on a port or type (ICMP, DNS, etc).

“Wonder why this kid has 2.5Gb of DNS traffic last week? That isn’t normal. Maybe we should go check it out”

The trick to staying hidden is to look like noise. And this would not be noise.

[–] [email protected] 3 points 3 months ago

In 2014 when I was in the hospital for a week I got a visit from their IT. Seems like pushing 5 to 10 gig a day through a ssh connection triggered something. Just a gig of ICMP of any variety would trip a alarm.

[–] [email protected] 16 points 3 months ago

Man, I wish I knew this back then. I used Google translate as a proxy. Then that was blocked, so I used babelfish's built-in translation engine which was touch and go. This would have helped a lot lol

[–] [email protected] 9 points 3 months ago (1 children)

I love things that can route internet over something that should not be used for that. For example I'm thinking of making same thing over SMS and Veloren/Minecraft (or anyother videogame)'s private chat or something.

[–] [email protected] 4 points 3 months ago (1 children)

Oh, you are going to love this one then if you haven't seen it before: https://robertheaton.com/pyskywifi/

[–] [email protected] 1 points 3 months ago
[–] [email protected] 3 points 3 months ago (1 children)
[–] [email protected] 7 points 3 months ago (1 children)

No, this is specifically for DNS over UDP (Port 53). What you're looking for is just an HTTPS proxy. There is no difference between a DoH connection and any other HTTPS connection.

[–] [email protected] 0 points 3 months ago

Except on my networks all port 53 tcp/udp and port 853 for that matter are forwarded to my dns per firewall rules. I also block all encrypted dns as well as dns over https blocked. Its my dns or nothing. I also have a vpn and proxy blocklist that updates twice a day. PFblockerNG is effective when maintained.

[–] [email protected] 1 points 3 months ago

This is a very neat tool that I’ve bookmarked for further research. But I think you’re missing the point. He doesn’t need to hide network traffic, he needs a Wifi6 router. Now maybe you could setup a router to go through this service to further obfuscate the traffic but I don’t think this alone solves his purpose.

But I’m very glad you posted it because I love learning about little tricks like this to get around overly restrictive networks.