this post was submitted on 29 Apr 2024
43 points (61.9% liked)

cybersecurity

3249 readers
5 users here now

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Community Rules

Enjoy!

founded 1 year ago
MODERATORS
 

I plugged into ethernet (as wifi w/captive portal does not work for me). I think clearnet worked but I have no interest in that. Egress Tor traffic was blocked and so was VPN. I’m not interested in editing all my scripts and configs to use clearnet, so the library’s internet is useless to me (unless I bother to try a tor bridge).

I was packing my laptop and a librarian spotted me unplugging my ethernet cable and approached me with big wide open eyes and pannicked angry voice (as if to be addressing a child that did something naughty), and said “you can’t do that!”

I have a lot of reasons for favoring ethernet, like not carrying a mobile phone that can facilitate the SMS verify that the library’s captive portal imposes, not to mention I’m not eager to share my mobile number willy nilly. The reason I actually gave her was that that I run a free software based system and the wifi drivers or firmware are proprietary so my wifi card doesn’t work¹. She was also worried that I was stealing an ethernet cable and I had to explain that I carry an ethernet cable with me, which she struggled to believe for a moment. When I said it didn’t work, she was like “good, I’m not surprised”, or something like that.

¹ In reality, I have whatever proprietary garbage my wifi NIC needs, but have a principled objection to a service financed by public money forcing people to install and execute proprietary non-free software on their own hardware. But there’s little hope for getting through to a librarian in the situation at hand, whereby I might as well have been caught disassembling their PCs.

top 50 comments
sorted by: hot top controversial new old
[–] [email protected] 142 points 6 months ago* (last edited 6 months ago) (29 children)

The reality despite what you or i might do, is that 99% of people don't carry around an ethernet or hardwire in when there is available wifi.

The library might be public, but it's still a good idea to communicate your intent or obtain permission prior to using someone else's network in away they might deem to be unexpected.

"Do you have ethernet or wired internet?" is actually a common library question and the response from whoever works the front desk will likely tell you everything you need to know.

[–] [email protected] 105 points 6 months ago (3 children)

Or, and hear me out, approach everything with hostility \s

[–] [email protected] 14 points 6 months ago (1 children)

I have been trying this for a while. You end up alone a lot.

[–] [email protected] 9 points 6 months ago

Instructions unclear. Am friendly 100% of the time irl and still alone.

load more comments (1 replies)
load more comments (28 replies)
[–] [email protected] 74 points 6 months ago (2 children)

Does the library provide ethernet jacks for patrons to use? If not then I can understand why a librarian would be surprised.

[–] [email protected] 55 points 6 months ago

yeah OP needs to provide this detail specifically as it changes everything.

If the Ethernet jack was not on a desk, then it wasn't there for them to use. If they unplugged a cable to make it accessible, that is unfortunately enough to be considered tampering.

If an Ethernet jack was not expressly provided, unoccupied, at the technology access station then yes the access to Ethernet information facilities was unauthorized and illegitimate and could carry legal ramifications. Say what you want about proprietary wifi drivers, you get the access you are given and any attempts to gain further access without authorization are defined as intrusion attempts and will more likely than not be treated as such to some degree. Because honestly, the libraries aren't funded enough to have great security and Ethernet security is harder than WiFi security in practice, despite the challenges being characterized by the same principles.

[–] [email protected] 10 points 6 months ago

Yeah, any half decent city IT department will at least be using port filtering for their switches anyways. Unless a port is specifically set up to provide open access to the internet, all OP would be able to do is bonk against the city IT’s MAC address filter until the port was disabled for having an unrecognized device/suspicious activity.

In my building, (and pretty much any city building I’ve ever worked in,) only specific ports were set up to provide open internet access. And usually those ports are in places that need to be unlocked, and which OP wouldn’t have ready access to without a fun little bit of breaking and entering. Because those ports aren’t intended for the general public to use; They’re meant for presenters, speakers, clients who have rented a room for the day, etc… The general public is meant to use the free wifi. Because there’s a different level of service expected if you’re renting a room, vs simply camping out all day in the quiet study area.

When OP tries to bypass that by plugging straight in, the switch will just go “lol git fukd loser” and disable the port. Of fucking course they weren’t able to access anything, because the port isn’t there for OP; It’s for the IT department to be able to use whenever they need to set up a new computer, or book checkout station, or simply to plug their city-owned laptop in to be able to use the city network.

[–] [email protected] 70 points 6 months ago (14 children)

I plugged into ethernet (as wifi w/captive portal does not work for me). I think clearnet worked but I have no interest in that. Egress Tor traffic was blocked and so was VPN. I’m not interested in editing all my scripts and configs to use clearnet, so the library’s internet is useless to me (unless I bother to try a tor bridge).

Yeah... Trying to bypass their security by using ethernet instead of Wi-Fi to use your own stuff that's being blocked is tantamount to abusing the library's services. Someone should let the IT staff know so they can properly block those services on ethernet as well.

[–] [email protected] 11 points 6 months ago* (last edited 6 months ago) (1 children)

They should just be disabling the ports, frankly. The overwhelming majority of visitors will never miss them. If you need to use a computer on an Ethernet connection because you can't/won't use the Wi-Fi, most libraries provide desktop stations for you to use.

Keep some Wi-Fi USB dongles in the drawer at the front desk for people whose Wi-Fi isn't working, or the extreme edge case where somebody has some sort of device that can only use an ethernet connection, and for some reason they brought it to the library.

load more comments (1 replies)
load more comments (13 replies)
[–] [email protected] 39 points 6 months ago (30 children)

Well, you were trying to bypass one of their security measures. They require SMS verification so that they can track you in case you break their rules. Presumably this is why they also block other means of anonymizing yourself.

load more comments (30 replies)
[–] [email protected] 36 points 6 months ago (6 children)

Good luck with that here. No port you can access will give you a IP If its hot at all. We don't allow patron machines to use Ethernet since it bypasses the QOS setting for the public WiFi. We also don't have any requirements to connect to our WiFi.

The reason for not allowing this is simple. We had several people come in and abuse usage of wired connections. Specifically people with consoles that thought it was okay to come in and kill our Patron vlan to download that fifty gig update for their console.

load more comments (6 replies)
[–] [email protected] 34 points 6 months ago* (last edited 6 months ago) (3 children)

My first reaction is yeah, you don't just plug into random Ethernet.

The wi-fi is likely a visitor network setup for guests to the library. That ethernet port could provide access to their private intranet, and be a security risk to the library. Worst case scenario, it could result in malware, ransomware, and/or millions of dollars in expenses to recover (on a library budget, that could mean permanently shutting down the library even).

After reading your post, I would say, no harm intended, just don't do it again.

After reading your comments about intentionally being vague about 'plugging in' to lead the librarian to think you were asking to plug in a power cord, and not specifically meaning ethernet connection.... yeah, you're clearly in the wrong. Just be up front; if they say no, so be it. They may be able to direct you to a visitor ethernet plug-in, or maybe not. If this were an AITA thread, i'd say yes, YTA in this case.

Asking in an security community.... I would assume some level of technical awareness, and you are likely well aware of network segmentation, and that no IT department would be happy about a guest plugging their laptop into random rj-45 jacks around the building. Maybe it's not well designed, and that actually has access to firewall administration?

load more comments (3 replies)
[–] [email protected] 20 points 6 months ago (16 children)

It's their network that they are offering as a service, if they say no then no it is.

load more comments (16 replies)
[–] [email protected] 18 points 6 months ago (1 children)

I can’t rant against librarians. My friend has been a librarian for many years and she has put up with a hell of a lot of crap from people. So be kind, be patient and be honest with them.

Obviously not all librarians, like any job, are perfect.

load more comments (1 replies)
[–] [email protected] 15 points 6 months ago

Sounds like a her problem.

[–] [email protected] 11 points 6 months ago (1 children)
  • Most folks will probably freak out when they see a terminal window ("DOS box") on a computer.
  • Most folks in my country have no idea that there is something else than WhatsApp as alternative to SMS.
  • Whenever I've tried explaining to people that stuff on their website violates privacy or when I try to explain why they are having email delivery problems almost always results in permanent silence or disbelief.

Technology appears to be a scare factor for a lot of people. But in this case the librarian maybe thought that Ethernet was only for their qualified IT department to use.

load more comments (1 replies)
[–] [email protected] 10 points 6 months ago

It's uncommon for 'public use' ethernet ports to exist, unless they are clearly labeled. The ethernet ports might grant access to the internal network, which, is easy to accidentally do. A non-profit library with a limited budget might overlook all the extra protections on open ports (enable/disable ports as needed, use 802.11x port-based authentication, internal SSL, etc), that would be necessary to secure it. Or, even better; that RJ45 port might be wired up to an old PBX, and you may have fried their telephone system, or your own hardware.

load more comments
view more: next ›