Bypassing University Network authentication

Benb96 · March 21, 2017

Hey guys,

I'm at university, I want to get wireless access without authentication on their end. I assume they are using some sort of LDAP or RADIUS authentication methods. (If anyone has heard of it or is from England, the educational internet at Universities is something called EDUROAM)

https://www.eduroam.org/

Even though I'm using a VPN, I still have to authenticate with my username and password to access the wifi.

So my question is, if I bought

http://www.tp-link.sg/products/details/cat-9_TL-WR802N.html

and when I'm in the library if I plugged this in and connected would it work? (at every desk there is a RJ-45 Ethernet socket)

Or would the mini wireless access point be blocked?

I do understand it depends on the setup at the University, but it is a large university so just imagine they are using the practices of most large enterprises.

Another Question:

If this would work, what MAC address would be shown on the traffic? As if it would be the devices connected to the mini access point, then I assume they'd be able to identify it was me with the access point. As also assuming my phones, MAC address will have been logged to my username?

Edited March 21, 2017 by Benb96
Additional thought

UMxMarky94 · March 21, 2017

6 minutes ago, Benb96 said:

Hey guys,

I'm at university, I want to get wireless access without authentication on their end. I assume they are using some sort of LDAP or RADIUS authentication methods. (If anyone has heard of it or is from England, the educational internet at Universities is something called EDUROAM)

https://www.eduroam.org/

Even though I'm using a VPN, I still have to authenticate with my username and password to access the wifi.

So my question is, if I bought

http://www.tp-link.sg/products/details/cat-9_TL-WR802N.html

and when I'm in the library if I plugged this in and connected would it work? (at every desk there is a RJ-45 Ethernet socket)

Or would the mini wireless access point be blocked?

I do understand it depends on the setup at the University, but it is a large university so just imagine they are using the practices of most large enterprises.

that will bypass the login but you will still go through the DNS server so little to no point. every way to connect through the Uni's network will go through there systems

blu4 · March 21, 2017

There is a physical device between the server and the outside world that all the traffic goes through. there is not much you can do.

jt999 · March 21, 2017

My partner had eduroam at her uni, wireless needed auth on a website once connected (made trying to add a Roku with no web browser fun, had to MAC spoof my laptop, register it under the Roku MAC, then connect the Roku). The wired ports didn't seem to need any auth.

That said, these were only in the on-site accommodation (halls or whatever it's called) so they may simply skip authentication on the physical ports at they know who is staying in that room, I didn't try anywhere open to everyone such as a library.

I think it breaks the rules to run your own AP, so worth checking as you don't want to end up with aggro for it. Not sure why you need to hide who is using it, if you're worried about them snooping I'd suggest using a VPN instead.

jt999 · March 21, 2017

I've just realised I'm remembering that wrong (sorry!!!). The physical port did need the auth, that was where I did the MAC spoofing to register the Roku (originally tried a Now TV box but they lacked a network port back then). The wifi was WPA-enterprise or something, which the Now TV/Roku didn't support so we had to use cabled.

So I don't think it can be bypassed at all, so back to the VPN idea. Universities usually have quite a large budget, so they can afford enterprise gear with all the bells and whistles.

airdeano · March 21, 2017

as per the Community Standards:

Talking about piracy in general, broad details, is acceptable however the posting or discussing pirated/hacked/cracked or otherwise nefariously obtained content is not. This includes Windows content, games, hackintosh, etc. Also discussions regarding ways to avoid or block legitimately installed monitoring/tracking software or the like is also not allowed.