I just moved into a student dorm for a semester abroad, and beforehand I emailed them asking whether they had ethernet ports to plug my router into (I use it to connect all my devices, and for WiVRn VR streaming). They confirmed that I could, but now that I’m here the wifi login portal is asking me to accept these terms from the ISP, which forbid plugging in a router. There’s another clause that forbids “Disruptive Devices” entirely, defined as:
“Disruptive Device” means any device that prevents or interferes with our provision of the 4Wireless to other customers (such as a wireless access point such as wireless routers) or any other device used by you in breach of the Acceptable Use Policy;
So what are my options? I don’t think I can use this service without accepting the terms, but also I was told by the student dorm support that I could bring a router, which contradicts this.
EDIT: some additional context:
- dorm provider is a company separate from my uni (they have an agreement but that’s it)
- ISP (ask4) is totally separate from dorm provider, and have installed a mesh network that requires an account. On account creation, there are many upsells including one for connecting more than one device. The “free” plan only allows me to sign in on a single device, and I can upgrade to two devices for 15 pounds.
- ethernet requires login too
- VR streaming requires a high performance wifi 6 network, which is why I bought this router (Archer C6 from tp-link)
You must log in or register to comment.
As someone who has administered networks and written policies like this the concern here is that you will run an open network that may be used for piracy, hacking, DDOS or to send bomb threats. Tracing down this type of behavior is required by law and allowing students to run open networks makes this near impossible.
Not only that, but managing wifi channel congestion in a dorm is a pita.
It’s tough enough when you fully control the airspace, to have nice clean coverage and overlapping cells.
But then add dozens or hundreds of individually managed APs in a tiny space…with DFS and/or 160MHz channel widths?
Ops best bet is to get their own 5g home internet and plug in.
You’ll be hard pressed to get a router to talk to a captive portal sign in…but if OP wants to get creative, this can easily be fixed with a dumb switch and a Linux PC with two NICs. You could use windows for this, but why would you?
I’m not advocating for breaking any rules, but many people dont know that you can hide your wifi routers SSID. even fewer people know how to track these networks.
Most commercial networks systems have the ability to detect rogue access points by analysing the radio spectrum, and hiding the SSID will not avoid detection once traffic starts flowing to it.
And they can triangulate the position of the rogue AP.
Interesting about hiding SSIDs, I never knew why that option existed. I’m here on Erasmus so I don’t want to risk too much by knowingly breaking rules… them triangulating it to my room and starting a legal case or something sounds real scary.
Also, connecting an access point that doesn’t broadcast its SSID has another side effect: all devices configured to connected to it will periodically broadcast a signal to search for that hidden AP instead, so it makes you even easier to track down anywhere else.
That’s assuming they’re actively looking. Hiding your SSID is more to prevent someone from getting suspicious and calling out the ISP.
them triangulating it to my room and starting a legal case or something sounds real scary.
It’s also incredibly unlikely unless you’re actually causing problems
If you really want wireless, do the Ethernet > Desktop/Laptop with hotspot and limit it’s TX power WAY down to minimal levels.
You should be able to use it within your dorm room fine, but will have trouble penetrating beyond the walls and will also make detecting and triangulation quite difficult
So technically I should get away with connecting the router and making an AP right? I can’t do a hotspot from my laptop because the performance is not high enough for streaming (this is why I bought a dedicated router).
In that case I would pickup a cheap USB Ethernet dongle (or 2 if the laptop doesn’t have an onboard one)
Wall > Ethernet 1 and router > Ethernet 2
Configure windows to share Ethernet 1 connection to Ethernet 2 (Builtin functionality since Windows 7 iirc)
Configure the router for minimal power to the radios, use your laptop to handle captive portal and there should be no DHCP interference concerns with the Windows laptop on the middle in this fashion
Boom done, congratulate yourself a lil for a small win over corporate greed lol
Mine didn’t either when I lived in a dorm. I got around the network block.
- Plug Xbox 360 into ethernet wall port
- Log into uni network, get internet
- Plug router directly into pc.
- Assign router same ip as Xbox
- Spoof router mac address to match xbox
- Unplug from pc
- Quickly swap cable in wall from Xbox cable to router cable, Indiana Jones style
- Internet for 1 month. Repeat monthly.
this gives me playstation 1 CD swap vibes
(inserting a legal cd to pass verification and then swapping it for your own cd)
Hacker on steroids.
TIL you aren’t a wireless professional until your hacks comes with a cinematic soundtrack.
You’re not a wireless professional if you use wired ethernet cables…
deleted by creator
Honestly this sounds like a bit of a pickle. If I were in your situation I would just use one of the cellular carriers 5g internets. I personally use a T-Mobile 5g internet hotspot with a fresh tomato flashed nether 6700 plugged into it. Then I basically do all of my networking from that. Latency is a fair bit higher (usually about 30-50ms) but upload is significantly better than spectrum.
I would set up your router, turn off ssid broadcast and forget about it. It’s doubtful they have the equipment to find an access point that doesn’t actively announce itself to the world .
Edit: it means you will have to manually add your wifi network to your devices by typing in the ssid on them but other than that there shouldn’t be any issues
They will find it. Hidden is a software switch and your device just doesn’t show it. It’s still being advertised, however.
Maybe it depends on the access point. When I turn it off on my router there are no beacons sent. Unless you specifically probe the ssid it doesn’t announce itself. BUT granted when you make a connection the ssid does show up during the handshake. If you were watching at the exact moment of connection then it would be detectable. I suppose they could use a mass deauther device and cause new connections and detect while that is happening but they they would need to triangulate the location of said ap… Again a lot of extra equipment.
If they go looking. It’s unlikely they went out of their way to purchase and configure specialized devices in the building to catch it proactively.
I work IT at a university. They do go looking for this sort of thing. Every time students move in and plug in their equipment from home, entire network segments collapse. There is a game of whack a mole each time the term starts.
If somebody goes and causes an outage, I would expect nothing less than a tech walking around and trying to triangulate the offending router.
But in OP’s case, it’s an external ISP that provides internet services to the dorm. As long as nobody gives them a reason to start looking, I don’t expect a for-profit ISP to be sending out a contractor proactively beyond the first week of move-ins. That costs them money, and likely a lot more money than they would recover by catching the handful of people trying to dogde the per-device upcharge.
You may be right. The sales side lines up a contract, installer comes out, and they move on.
Is the VR streaming in the Local net (PC to Headset)? Just run the WiFi router without plugging it into the wall. Connect only the pc and the headset.
Also, appart from that, to use more wired devices, maybe use an unmanaged switch. Don’t think that does anything forbidden here.
I remember when I was in college running a hackintosh. I was at the end of the hall and had awful Wi-Fi reception, so I just had my desktop emitting Wi-Fi for me and my dorm mate. I pirated some stuff but never seeded. I told my roommate about pirating and whatnot and showed him how to pirate Parks and Recreation. He didn’t turn off seeding. The university banned my MAC address, but luckily I could spoof one and have internet. He had to go to the dean and tell him he was sorry and that he won’t do it again to get my hardware MAC banned so I didn’t have to change it every time I booted up.
The fact that it was so simple for me to get around this ban was hilarious.
Robust but complex solution:
-
Set up an encrypted VPN at the router level. Any encryption will work, even weak dumb encryption is fine. Any attempts to decrypt it would be mad illegal.
-
Turn off your SSID.
It is now functionally impossible to detect anything about the traffic or the Wi-Fi router without some serious or illegal methods.
It is now functionally impossible to detect anything about the traffic or the Wi-Fi router without some serious or illegal methods.
You should really spend some time learning about WiFi signals. Tracking down rogue Access Points is a pretty common thing and having the SSID turned off does fuck all to prevent it. On the easy end, many enterprise wireless network controllers have rogue AP detection built right in and will show you a map of the location of the rogue AP. Harder, but still entirely possible, is running around with a setup just detecting the signal and triangulating it.
Yeah, I mistyped part of the sentence. Should have been “without some serious effort or illegal methods.” Serious effort is well beyond most ISP’s. They aren’t sniffing wireless AP’s then busting down doors to find out if its a 5g AP or an AP using their network. I actually know quite a bit about WiFi signals. I happen to be certified in Meraki (CMSS). If the uni said “no wireless signals” that would be a completely different story.
-
Can you use a switch for wired devices or is that also a no-no?
Switches are also explicitly banned as they allow bypassing the device limit.
They don’t want you plugging in your own gear to their network, fine.
Get one of the “5G Home Internet” services from T-Mobile or Verizon, plug your router into that.
https://www.t-mobile.com/home-internet
https://www.verizon.com/home/internet/5g/
Not on their network, they have absolutely no say over it.
While they “may” allow it. They absolutely have a say, and can prohibit it. Same way apartment complexes can prohibit pets.
Not really, it’s not their network. No way to prohibit it. All you’d do is plug it into power.
The dorm could, the ISP couldn’t.
While I believe they really could, that would be really stupid. Is creating a hotspot with your phone suddenly also not allowed? Because that’s all it essentially is.
Since the price mentions British Pound Sterling as currency I dont think Verizon would be there. But T-Mobile is probably there in the UK.
If this is UK major local ISPs would be: O2, EE, Three
T-mobile did exist for a while but is now defunct and where replaced by Orange and then EE.
Three are the cheapest generally if they have coverage there.
Looks like that tos is just for the wifi network, if you’ve got an ethernet port then that won’t be using the wifi.
The ethernet connexion still requires a login/account creation/T&C acceptance sadly.
Hmm, the fact that they specifically prohibit even WAPs is going to be a problem too. Do you have the earlier conversation in writing? I’d go back to whoever you spoke to before and ask them about it.
I work in university IT so I have some experience here. Some schools are better than others but in general providing IT services for students is like trying to wrangle a herd of starving feral cats who are all in heat.
First of all I have never seen 802.1x implemented (Ethernet authentication) in the wild that wasn’t almost immediately removed. It’s a shitty protocol that’s terrible to debug. I totally get why they restrict APs … my god if every student had one it would be a pain. It would be like standing in a crowded room with everyone shouting and you’re trying to pick out one conversation 20 ft away.
My guess is you’re basically in a situation like my son was at ECU. It’s likely not really a university dorm but closely affiliated hence the reason of a third party. Or the central university IT is abysmal and can’t be bothered. Either way the only reason to use 802.1X is because they think it’s more secure, when in fact it’s way more trouble than it’s worth. You can do the same thing by controlling downstream routing or MAC filtering. The ECU “dorm” did that and it wasn’t much better honestly. You had to go into a website to add your MAC address to get access to the WiFi. Firstly how do you do that when your computer can’t talk to anything. Chicken and egg problem. Secondly for the ones who figured out how to do that using your phone, good luck getting a history major to figure what even what a MAC address was.
My suggestion is don’t bother. If they’ve implemented 802.1x they’re a micromanaged IT and will catch you eventually. I’d also guess they have completely overtaxed their egress traffic and your speeds are abysmal.
On a related note, when you graduate never ever rent from an apt complex that generously process WiFi or Ethernet. It will almost always suck, they will have no one to provide adequate tech support, and they are just using it as another revenue stream.
Sorry I don’t have better advice but if they control the network there isn’t really much you can do.
I was once responsible for a student house (we don’t have dorms in the US sense, this is the closest we have) and I have similar experiences but less extreme. My favourite was when I had forgotten to configure DHCP filtering and someone plugged in a router the wrong way so it started offering DHCP (that didn’t work) to everyone in the building, in a race with our upstream ISP.
Also, the times rats got into the networking room and ate random cables. I should add the network was built by volunteer students in the ‘90s.
I did this a work one time… sorta the same thing. I installed pfsense VM and left the DHCp server on. I killed the network in our office for about 15 minutes.
Assuming they have their own wifi, they just don’t want you using wifi off of your own router. A wired connection should be fine.
Unfortunately, connecting to the ethernet port still prompts me to log into the network (make an account and accept these terms)
I would just accept the terms and disable wifi, or if you don’t want to double nat just use a switch and accept the terms / login on every device connected to the switch.
Accept the terms and ignore them
100% the correct answer.
deleted by creator
Would that work even if the T&Cs are for a third party (the ISP), while the correspondence is with my dorm provider (not legally related to my uni, they just have a partnership)?
deleted by creator
Turn off SSID broadcasting entirely. Hidden networks require more technical expertise to discover than most people have.
The ISP techs will still be able to find it, but there’s little reason for them to go looking when nothing seems out of the ordinary.
This is what I was going to recommend. Worse case scenario the internet gets shut off and he has to email somebody and say he won’t do it again. Most likely that nobody will notice or care.
Yes I did the same thing at my uni halls, said fuck paying for multi device, bought a router, named it like a phone hot-spot and never had issues.
In reality no one that works there is paid nearly enough to care about the ISP’s terms and conditions, and even if someone from the ISP comes to do maintainance or something, they won’t be there to snoop for rule breakers and even if they are, if the SSID looks like a phone hot-spot, they won’t care, and even if they do they’re not going to trace it back to you directly and even if they do, you have the email saying its okay which will shift any and all blame away from you.
So just go for it, there’s a 99.999999999999999999% chance you won’t get caught and even if you do you won’t get any blame because you asked the company.
It’s a security\legal risk to allow adhoc wireless networks within your environment, pretty much any organization above a certain size has the same restrictions.
You could theoretically allow anyone to access your router directly, which would let them bypass agreeing to the Acceptable Use Policy, for example, shifting liability back to the organization for that users behavior.
That seems pretty standard stuff. My dorm had the same policy, because they operated their own mesh network and didn’t want students sending out their own radio signals that would have absolutely made their wireless network not work well.
Is there some reason you need your own router?
ETA: The student dorm people probably meant a network switch. Regular, non-techy people don’t usually know the difference between a router and a switch.
Yeah, the interference argument is fair, but I think this is also the ISP (totally separate third party) trying to protect the paid plans they sell for connecting more than one device…
In that case, just set up a router level VPN. The university probably doesn’t give a shit. Which is why the help desk IT kid said it’s fine, probably.
It’s the 3rd party ISP just being greedy. The ISP may not even care as long as you’re not running an insane amount of traffic through it. Often this type of stuff is added to TOSs to allow them the option, if you’re being a bad actor.
trying to protect the paid plans they sell for connecting more than one device
It’s definitely 90% of the reason
So it’s a network operated by a third party? That’s interesting. The handful of universities I’ve been to maintain their own.
My university had student apartments, each had their own router. No weird rules since it wasn’t the university’s network at all, it belonged to whoever lived in the apartment. Full router access, connect whatever, put it in bridge mode and connect your own if you want.
If there’s enough space between them, it would be less of an issue. If it was in a multifamily high rise with hundreds of units, I would expect it to cause issues.
Is this a problem with 5G networks? There are more channels and they don’t go through walls as well, right?
Tl;Dr It’s complicated.
Do you mean 5Ghz networks (5G is cellular tech, after all)? If so, 5Ghz can travel through walls, but it doesn’t travel as far, because there’s an inverse relationship between range and channel width. Also, 5Ghz has a shorter wavelength; some of the signal’s light will get absorbed by the walls, but not all of it.
Ultimately, you’d still have the same problem: too many radios sharing a limited range of frequencies on a band would interfere with each other if sufficiently close.
It would be akin to having everyone playing different music at full volume on their own personal speaker; you’ll inevitably hear the people closest to you. Radios can’t “hear” anything outside of their chosen frequency (channel), but if other people nearby are also on that channel, you might catch or lose some unintended packets, triggering a resend event (TCP) or causing stuttering/lag (UDP).
The number of channels available for 5Ghz varies by country, with the EU having the most, iirc. In the US, if you try to force your router to use one of the blacklisted channels, your devices will likely not connect (unless they were directly imported), despite being able to use the 5Ghz spectrum.
Where I went to school, originally the dorms were on the university network but a year in they offloaded us onto regular, commercial ISPs. The change was great for us since the university network was very strict on stuff like torrents (using DPI any torrent, even legal, got you disconnected for 24h)
