Ex Vaddio PM here. Like 5 years ago all our firmware defaulted to requiring non-default passwords on setup. We also created a free windows application that can mass upgrade firmware and change auth if defaults were used. We tried!
Saw the Vaddio logo and had to chime in. Gotta stick up for my Minnesota devs.
The PTR record enumeration trick is often fun to try on hotel and other public networks.
The problem here is that many places segment their guest network away from the internal one, but they use the same DNS server for both, so guests can still resolve internal hostnames and perform rev DNS queries.
I usually like to run a traceroute or two (to some arbitrary external IP like 1.1.1.1 or 8.8.8.8) whenever I connect to a new network. As traceroute does rev dns by default, if you see the internal hostname for your default gateway (and possibly other hosts inbetween you and the wider internet), those IPs are likely good starting points for your rev DNS shenanigans.
I also love PTR record numeration using broadcast mDNS/Bonjour. Instead of relying on a central server, you send out the same sort of DNS query but as a broadcast packet:
dig -x 192.168.1.1 @224.0.0.251 -p 5353
This gets you the .local address of a device. Of course, fewer things support mDNS. But it will often come up with interesting details. On Apple devices, you can also retrieve the model number via mDNS.
> At some point, I hit a threshold where the DNS server could no longer keep up and broke. As I later found out, this caused a ~15 minute campus wide outage for managed computers as no computer could make the DNS lookup in order to mount its network drive. IT politely told me to stop spamming the DNS server after this, so I did.
> How’d IT know it was me? I yapped about it for two weeks!
You know, I think maybe the first part is how they found out about you, rather than that they just happened to follow you on social media :)
If universities jailed everyone who did something stupid on their network, they'd have to close their computer science department for lack of students.
I once stood up a DHCP server without realizing I'd start serving addresses to my entire dorm. I shut it down after just a minute or so having served 10 or 15 addresses out. A few minutes later my dorm phone rang asking about what I had done. Fortunately I could say with a straight face I'd already shut it down.
(Before anyone says "why didn't they just", this would be 1997 or 1998. Networks and their tooling have come a long way since then.)
I got my first job in technology when I moved into my dorm freshman year. I had been looking forward to having Ethernet for a while, and once I plugged it in, no network. I realized that they still needed to assign IP addresses, and no network admin was around, so I watched the network, found free IPs, and spun up a DHCP server that gave out these free IPs. A few hours later my port shut off, and the network manager came to my room, asked what I did. I explained, and he offered me a job on the spot. I worked in networking for the university until I hooked up with the Unix guys, and my tech career shot up like a rocket from there. This was late 90s early 00s, so no fear of prosecution then. Hell, we ran a nearly-officially-sanctioned file sharing service when the internet handoff got too busy and we needed people downloading music and movies to lay off. The server ran in a rack in the datacenter for a few years until the MPAA paid a visit.
Happened to me too. Back in the early 2000s, my college had two outbound Internet connections. One was shared with all students and one was shared with all labs/classrooms/etc. Connecting from dorms to labs was quick, and labs to internet quick, but dorms to internet was slow as molasses especially at certain times of day when a ton of students were on the Internet.
So I found some always on lab machine and ran squid on it, so I could get on the Internet through the labs from my dorm.
Turns out some tech found it after a few months, and tried to kill it but ended up fork bombing the system. And it fork bombed again whenever they rebooted it. That system apparently was the one used for scheduling anything at the college and they weren't happy with it going down.
At like 8am one day 3 techies knocked on my door and were like "uhhh..please don't run squid any more" and that was that.
It was a glorious 3 months though when I was getting 1mb/s downloads and everyone else around me was getting 75kb/s
I've did plenty of shit stuff in school, always got polite requests to stop rather than getting the police called on me, except one time.
I think "kid did a hacking, adults called the cops" is less common than people think, it just doesn't usually make the news when that happens, only when the cops get involved the media get involved, so essentially survivor bias.
At colleges that I've worked at it really seems to depend on intent. If you fuck up the network trying to increase your own speeds, warning. If you maliciously try to access protected information, cops.
Exactly, if it wasn't extraordinary it wouldn't make the news. The problem is when people think what's reported as news is normal rather than exceptional.
Even running a port scanner is enough to face disciplinary action at many US colleges. Taking down the network for the entire school for 15 minutes surely deserved more consequences than were doled out here. I'd encourage the author to focus their efforts and talents on something more constructive.
Why would they deserve “more consequences”? Academia isn’t the real world. It’s a place where people can learn how to interact with the world as an adult. People should be encouraged to experiment (within reason) and if there is no actual bad intent, consequences should focus on learning rather than punishment.
It’s university. It’s the time to be irresponsible and immature. When I worked managing serious high performance computing systems at a university and my job relied on the network. When the network failed, we would just go to the bar and have a couple drinks. It’s really not that big a deal.
I am a bit confused on how they were able to access these devices if they stated the network is not allowing routing? I think I may've missed that part in the article.
Causing a 15 minute outage campuswide is not clever at all. A DOS attack was not the goal and it drew unwanted attention. If I was responding to this outage there would have been consequences - not for doing it, but for getting caught. Perhaps a 200 KB/s rate limit on every device associated with the user for escalating timeout periods if the unclever behavior remained attributable.
nice writeup. might be a bit careful though, as far as i know port scanning might be technically not allowed by your campus's it policy... nonetheless great job!
Saw the Vaddio logo and had to chime in. Gotta stick up for my Minnesota devs.
The problem here is that many places segment their guest network away from the internal one, but they use the same DNS server for both, so guests can still resolve internal hostnames and perform rev DNS queries.
I usually like to run a traceroute or two (to some arbitrary external IP like 1.1.1.1 or 8.8.8.8) whenever I connect to a new network. As traceroute does rev dns by default, if you see the internal hostname for your default gateway (and possibly other hosts inbetween you and the wider internet), those IPs are likely good starting points for your rev DNS shenanigans.
> How’d IT know it was me? I yapped about it for two weeks!
You know, I think maybe the first part is how they found out about you, rather than that they just happened to follow you on social media :)
This must be happening in some alternate universe.
I once stood up a DHCP server without realizing I'd start serving addresses to my entire dorm. I shut it down after just a minute or so having served 10 or 15 addresses out. A few minutes later my dorm phone rang asking about what I had done. Fortunately I could say with a straight face I'd already shut it down.
(Before anyone says "why didn't they just", this would be 1997 or 1998. Networks and their tooling have come a long way since then.)
So I found some always on lab machine and ran squid on it, so I could get on the Internet through the labs from my dorm.
Turns out some tech found it after a few months, and tried to kill it but ended up fork bombing the system. And it fork bombed again whenever they rebooted it. That system apparently was the one used for scheduling anything at the college and they weren't happy with it going down.
At like 8am one day 3 techies knocked on my door and were like "uhhh..please don't run squid any more" and that was that.
It was a glorious 3 months though when I was getting 1mb/s downloads and everyone else around me was getting 75kb/s
I think "kid did a hacking, adults called the cops" is less common than people think, it just doesn't usually make the news when that happens, only when the cops get involved the media get involved, so essentially survivor bias.
Why?! ;_;
> I used ai for a single rust scope issue that google wasn’t giving me clear answers for.
Nowadays, this needs to be highlighted. Congrats