Can a router be detected?

[joshg]

Hey gang, I'm getting a laptop soon, and I already have a PC. Right now I'm connecting to the University network using their network port in the room. According to a guy I have talked with he says that supposedly whenever anyone connects a hub or switch to a port in the room it automatically shuts down the port so it can't be used at all. Anyway my question is, if I used a combo router/switch that uses only the one IP address, could this be detected by the network? It doesn't say anything about this in the terms and conditions of the service, so I'm guessing it's not wrong to do it but I don't know.

Anyway, would their network be able to detect if I was using the router?

 

[blstriker]

No, they should not be able to detect a router because of the NAT in the router. At my univeristy, I had two computers hooked up to a hub and after a few hours, the port was shut down. After it was reactivated, I put a router on it and it worked great for several months. ICS will do the job as well.

 

[spidey07]

Absolutely it can be detected. Will they even go thru the trouble of looking? probably not.

 

[Poontos]

<< Absolutely it can be detected. Will they even go thru the trouble of looking? probably not. >>


Howsies? Noticing multiple connections at once?

 

[spidey07]

<< Noticing multiple connections at once? >>



yes. Also you can tell with some applications if the frame has been natted or not.

 

[n0cmonkey]

<<

<< Noticing multiple connections at once? >>



yes. Also you can tell with some applications if the frame has been natted or not. >>



Any applications you can reveal to us that search for these things?

 

[spidey07]

By applications I meant Layer7. sqlnet will carry the true source address in the session layer. TTL values I believe are decremented by one when passed through a SOHO nat router. That would be one HUGE sign that you have an active device.

doesn't matter though. no body cares and it takes a lot of work to discover it. (a lot of traffic sniffin)

 

[n0cmonkey]

<< By applications I meant Layer7. sqlnet will carry the true source address in the session layer. TTL values I believe are decremented by one when passed through a SOHO nat router. That would be one HUGE sign that you have an active device. >>



Ahh ok. Im on my second cup of morning tea, so I understand now. Im not so sure about the TTL though, I thought NAT would change that value. It would possibly also depend on the OS. Not sure though.



<< doesn't matter though. no body cares and it takes a lot of work to discover it. (a lot of traffic sniffin) >>



Or problems like in your impossible network problem thread.

 

[Sukhoi]

You might want to spoof the MAC of the NIC you've been using for a little more safety.

 

[gsaldivar]

I wouldnt worry about it. They aren't gonna waste time tracking down routers on a college LAN.

 

[blstriker]

If NAT's can be detected, why are cable companies making such a big deal and trying to create that new standard for NAT that can be detected? I think it's called CAT or something? The article was out a few days ago and they were trying to make this new standard so they could bill people for using more than one connection on cable modem. Why would they do this if they could already do this with NAT?

 

[blstriker]

Take a look at this article: Cable Labs wants to revise/eliminate NAT

 

[joshg]

<< If NAT's can be detected, why are cable companies making such a big deal and trying to create that new standard for NAT that can be detected? I think it's called CAT or something? The article was out a few days ago and they were trying to make this new standard so they could bill people for using more than one connection on cable modem. Why would they do this if they could already do this with NAT? >>



This seems to make a lot of sense to me as well. Also that post about cloning the MAC of my original NIC is a good idea... I'm thinking that my router is going to be the D-Link DI-704 simply because of it's options and it looks to be pretty simple to use/set up. Now, I'm not a complete idiot, and I'm pretty sure I can handle this thing Anyway, this particular D-Link device actually has a button you can click to clone the MAC of a NIC from it's configuration screens..

reason I think I am choosing D-Link is because I've seen a lot of reviews on it, computers.com gave them the "crown of router/switch combos" so to speak in their review of the SMC Barricade, this D-Link, and the new offerings from Linksys and Netgear in this class.. also I've seen other reviews and I like the options such as DMZ, etc., it seems like a very good value... too bad I didn't get in on the BB 9.99 deal though

So essentially, they will have a very tough time being able to tell if I am using it at all, and if I clone the MAC of my original NIC, it will be even harder? great besides I'll probably only be using the lappy to check email and browse the net, etc., or if someone comes over and they wanna browse the net or whatever

 

[Rezzin]

I believe you can use nmap to determine various information regarding a nodes status? From what I understand, different OS's handle the TCP/IP stack differently.. so depending on certain criteria: TTL, DF bitset, etc, you can determine the target's OS, etc. I highly doubt your ISP will bother to check to see if your using a router.. unless they check for MAC. Regarding 802.11b, happy sharing =)

 

[n0cmonkey]

<< I believe you can use nmap to determine various information regarding a nodes status? From what I understand, different OS's handle the TCP/IP stack differently.. so depending on certain criteria: TTL, DF bitset, etc, you can determine the target's OS, etc. I highly doubt your ISP will bother to check to see if your using a router.. unless they check for MAC. Regarding 802.11b, happy sharing =) >>



nmap can do that. How accurate is it? VERY accurate if you keep up with the updates. If my isp did something like that to me I would drop them in a heartbeat.

 

[Sukhoi]

If you have a little time to figure out how to use the more complex parts, I would get a Netgear RT314.

It has lots of custom filters and stuff in it. This way, you can restrict access to certain ports by IP and such. So if you wanted to, you could run an FTP server on your computer but only let certain people in your dorm have access to it.

As a disclaimer, I've never actually used the filters, but they should be able to do the above.

 

[joshg]

thanks for the comments

actually I may get the D-Link DI-804 instead, you can find it for basically the same price as the older model. And yeah this model does everything that the Netgear model does, as well. It really does have a LOT of features, some that I don't see on other models, and that's VERY nice in my book, especially at a much lower price. ehh well, gotta search for some amazon coupon codes! (they have a good price on the 804)