Shitty Situation - Egoist Swallowing Bandwidth

Data that travels over the air and how to protect (or decipher) it

Shitty Situation - Egoist Swallowing Bandwidth

Post by Deathray on Tue May 27, 2008 11:01 am
([msg=3325]see Shitty Situation - Egoist Swallowing Bandwidth[/msg])

I live in a so called "student housing" where everyone shares the same 20/2 mbit connection.
Now in the beginning I thought that there would be some kind of flow control that would split the bandwidth to each user,
but no - everyone has full access to the 20/2 connection. Until a few days ago, I was surprised to find out that it actually worked fine. Running speed tests always revealed around 17000 kbps and latency in games were also always below 50 ms.

But all of the sudden, hell breaks loose. Speed test reveals 2000 kbps :O .. Latency in games, 200 and above... Wtf !!
So of course, I decided to fix the problem myself. Because the people/person who manages this network must be a real idiot seeing the way everything is setup.

So I start by mapping out the network I am on. The very first thing I noticed was port 80 (and 23) was open on 192.168.1.102 and OS scan revealed it was a HP ProCurve J4899A. I Obviously point my browser to it to discover that absolutely no user / password is required. Omg! telnet 192.168.1.102 = Welcome ! No password either... Wtf !! Great network that idiot has set up. So at the time being, it was 2 am so I thought about what I should do to deal with the downloader. The front page of the switches website showed an image of the switch with all the active ports, ones that were active were green. So since it was 2 am on a Tuesday, I started deactivating port by port and performing speed tests online to see if it had any impact with the speed. After deactivating port 30 on the switch, the speed test goes 17000 kbps again. Bam! Found out who he was! I also did a new port scan on the network after deactivating him to compare it with the old one so I knew what IP, Mac Address and fingerprints he had, so even if I lost admin access to the switch I would still be able to find him again. So I kept his port deactivated for an entire day hoping that he would realize he wasn't allowed to download at those speeds, consuming everyone's bandwidth. Next day when I come home from school, I activate his port again. Later that evening he starts again. So deactivate him again for the entire night. So next day again when I come home from school, I notice the speeds are slow even though I haven't reactivated his port again. So I point my browser to the switch and find out that user name / password are required now ! So I find out with nMap that he is back on the network! The little fuc*ker complained about his internet not working and now I have no idea what to do!
Any suggestions would be greatly appreciated! This has been going on for some time now and is unbearable :/ . Maybe the smartest thing to do would simply call the office but doubt they will be of any help. Rather take thing into my own hands aswell :b ..
Lol, I wrote way too much :D, and excuse my English, I'm danish :b
Deathray
New User
New User
 
Posts: 3
Joined: Tue May 27, 2008 8:49 am
Blog: View Blog (0)


Re: Shitty Situation - Egoist Swallowing Bandwidth

Post by jourdie on Wed May 28, 2008 2:00 am
([msg=3386]see Re: Shitty Situation - Egoist Swallowing Bandwidth[/msg])

If you know his MAC address...u could change ur's to his and then packet sniff the network for information going to his IP.
If u pick up anything interesting...well u can do wat u like...But if u get caught, and the admins are as stupid as they seem, he should take the fall...
Other than that, options would be to either:
* Social Engineer him over the phone, saying something like "Im from maintenance....There have been a few complaints over the last few days about slow internet access etc. (blah blah blah) could i take a look at your box to repair the router flow to your computer...hopefully this should allow quicker internet flow to your computer.
Then if he does give u access to his webserver, or whatever his box is running, then put in a backdoor for later admin use.
(this is a poor example...as it took like 5 secs to write...be creative)

If u want to be mean and his internet is running from a hardline....cut it!

But being the responsible, and righteous teenager i am, i'd suggest sticking to a way that doesn't damage equipment, involve malicious means, or hurt any1's feelings (although he probably is downloading 20G of porn)

Anyway, good luck with it,
Re-post to keep an update

b1nd/jourdie

:)
This is a paradox: I always lie
This is a statement: You're a fag!
jourdie
New User
New User
 
Posts: 18
Joined: Sun May 04, 2008 7:23 am
Blog: View Blog (0)


Re: Shitty Situation - Egoist Swallowing Bandwidth

Post by Rijnzael on Wed May 28, 2008 2:43 am
([msg=3388]see Re: Shitty Situation - Egoist Swallowing Bandwidth[/msg])

jourdie wrote:If you know his MAC address...u could change ur's to his and then packet sniff the network for information going to his IP.
If u pick up anything interesting...well u can do wat u like...But if u get caught, and the admins are as stupid as they seem, he should take the fall...
Other than that, options would be to either:
* Social Engineer him over the phone, saying something like "Im from maintenance....There have been a few complaints over the last few days about slow internet access etc. (blah blah blah) could i take a look at your box to repair the router flow to your computer...hopefully this should allow quicker internet flow to your computer.
Then if he does give u access to his webserver, or whatever his box is running, then put in a backdoor for later admin use.
(this is a poor example...as it took like 5 secs to write...be creative)

If u want to be mean and his internet is running from a hardline....cut it!

But being the responsible, and righteous teenager i am, i'd suggest sticking to a way that doesn't damage equipment, involve malicious means, or hurt any1's feelings (although he probably is downloading 20G of porn)

Anyway, good luck with it,
Re-post to keep an update

b1nd/jourdie

:)


You have some good ideas. I suggest typing with more care so that people will take you more seriously. ;) Also, I don't believe that changing your MAC to be the MAC of a victim works on enterprise (and probably most home) switches, as they keep a table of active MAC addresses and their current switch port. You'd be better to use ARP poisoning.

OP, what you're accessing sounds like a Cisco Catalyst or similar switch. If you're experienced enough or care to go through the documentation for Cisco IOS (their router/switch operating systems), you can put in place QoS rules to segment off the bandwidth to each user and prioritize based off of in use applications using the telnet interface. Or, as an extension upon using ARP poisoning, setup firewall software and use ARP poisoning to force the traffic of heavy users through you, and block any packets sent or received to cut off their network access without needing to disable switch ports.
Rijnzael
Poster
Poster
 
Posts: 164
Joined: Sun Apr 13, 2008 10:12 am
Location: 128.0.0.0/8
Blog: View Blog (0)


Re: Shitty Situation - Egoist Swallowing Bandwidth

Post by Deathray on Wed May 28, 2008 5:44 pm
([msg=3437]see Re: Shitty Situation - Egoist Swallowing Bandwidth[/msg])

Thank you for your replies!
Rijnzael > As I stated in the op, I have no long access to the switch either by the web ui or telnet. :(
But it ended with me calling the office and they told me they would send someone out to see what they could do, AND they would give a letter in everyone's mailbox asking to respect others by not swallowing the entire bandwidth.
But until then, I cant live with waiting 5-10 seconds opening Google. So I'm using an application called netcut to DoS him by ARP poisoning :b . When I get the time, I'll create an ettercap filter instead and simply filter out the heavy net usage. So he at least can access everything else on the www.
Deathray
New User
New User
 
Posts: 3
Joined: Tue May 27, 2008 8:49 am
Blog: View Blog (0)


Re: Shitty Situation - Egoist Swallowing Bandwidth

Post by jourdie on Thu May 29, 2008 3:55 am
([msg=3479]see Re: Shitty Situation - Egoist Swallowing Bandwidth[/msg])

Sorry about the spaghetti English (bad joke...my bad), but just needed sleep that night.
I hope that you have solved the issue. However, maybe you could talk to him/her about his bandwidth consumption and resolve the problem in a matter that doesn't involve Denial of Service. After all, its not his fault that the network flow is configured correctly.
Hope everything works out well

B1nd/Jourdie
This is a paradox: I always lie
This is a statement: You're a fag!
jourdie
New User
New User
 
Posts: 18
Joined: Sun May 04, 2008 7:23 am
Blog: View Blog (0)



Return to Networking

Who is online

Users browsing this forum: No registered users and 0 guests

cron