this post was submitted on 29 Apr 2024
53 points (63.3% liked)

cybersecurity

3299 readers
74 users here now

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Community Rules

Enjoy!

founded 1 year ago
MODERATORS
 

I plugged into ethernet (as wifi w/captive portal does not work for me). I think clearnet worked but I have no interest in that. Egress Tor traffic was blocked and so was VPN. I’m not interested in editing all my scripts and configs to use clearnet, so the library’s internet is useless to me (unless I bother to try a tor bridge).

I was packing my laptop and a librarian spotted me unplugging my ethernet cable and approached me with big wide open eyes and pannicked angry voice (as if to be addressing a child that did something naughty), and said “you can’t do that!”

I have a lot of reasons for favoring ethernet, like not carrying a mobile phone that can facilitate the SMS verify that the library’s captive portal imposes, not to mention I’m not eager to share my mobile number willy nilly. The reason I actually gave her was that that I run a free software based system and the wifi drivers or firmware are proprietary so my wifi card doesn’t work¹. She was also worried that I was stealing an ethernet cable and I had to explain that I carry an ethernet cable with me, which she struggled to believe for a moment. When I said it didn’t work, she was like “good, I’m not surprised”, or something like that.

¹ In reality, I have whatever proprietary garbage my wifi NIC needs, but have a principled objection to a service financed by public money forcing people to install and execute proprietary non-free software on their own hardware. But there’s little hope for getting through to a librarian in the situation at hand, whereby I might as well have been caught disassembling their PCs.

top 50 comments
sorted by: hot top controversial new old
[–] Album@lemmy.ca 141 points 7 months ago* (last edited 7 months ago) (29 children)

The reality despite what you or i might do, is that 99% of people don't carry around an ethernet or hardwire in when there is available wifi.

The library might be public, but it's still a good idea to communicate your intent or obtain permission prior to using someone else's network in away they might deem to be unexpected.

"Do you have ethernet or wired internet?" is actually a common library question and the response from whoever works the front desk will likely tell you everything you need to know.

[–] originalfrozenbanana@lemm.ee 102 points 7 months ago (2 children)

Or, and hear me out, approach everything with hostility \s

[–] Bonesince1997@lemmy.world 14 points 7 months ago (1 children)

I have been trying this for a while. You end up alone a lot.

load more comments (1 replies)
load more comments (1 replies)
load more comments (28 replies)
[–] charonn0@startrek.website 74 points 7 months ago (2 children)

Does the library provide ethernet jacks for patrons to use? If not then I can understand why a librarian would be surprised.

yeah OP needs to provide this detail specifically as it changes everything.

If the Ethernet jack was not on a desk, then it wasn't there for them to use. If they unplugged a cable to make it accessible, that is unfortunately enough to be considered tampering.

If an Ethernet jack was not expressly provided, unoccupied, at the technology access station then yes the access to Ethernet information facilities was unauthorized and illegitimate and could carry legal ramifications. Say what you want about proprietary wifi drivers, you get the access you are given and any attempts to gain further access without authorization are defined as intrusion attempts and will more likely than not be treated as such to some degree. Because honestly, the libraries aren't funded enough to have great security and Ethernet security is harder than WiFi security in practice, despite the challenges being characterized by the same principles.

[–] PM_Your_Nudes_Please@lemmy.world 10 points 7 months ago

Yeah, any half decent city IT department will at least be using port filtering for their switches anyways. Unless a port is specifically set up to provide open access to the internet, all OP would be able to do is bonk against the city IT’s MAC address filter until the port was disabled for having an unrecognized device/suspicious activity.

In my building, (and pretty much any city building I’ve ever worked in,) only specific ports were set up to provide open internet access. And usually those ports are in places that need to be unlocked, and which OP wouldn’t have ready access to without a fun little bit of breaking and entering. Because those ports aren’t intended for the general public to use; They’re meant for presenters, speakers, clients who have rented a room for the day, etc… The general public is meant to use the free wifi. Because there’s a different level of service expected if you’re renting a room, vs simply camping out all day in the quiet study area.

When OP tries to bypass that by plugging straight in, the switch will just go “lol git fukd loser” and disable the port. Of fucking course they weren’t able to access anything, because the port isn’t there for OP; It’s for the IT department to be able to use whenever they need to set up a new computer, or book checkout station, or simply to plug their city-owned laptop in to be able to use the city network.

[–] DoomBot5@lemmy.world 70 points 7 months ago (15 children)

I plugged into ethernet (as wifi w/captive portal does not work for me). I think clearnet worked but I have no interest in that. Egress Tor traffic was blocked and so was VPN. I’m not interested in editing all my scripts and configs to use clearnet, so the library’s internet is useless to me (unless I bother to try a tor bridge).

Yeah... Trying to bypass their security by using ethernet instead of Wi-Fi to use your own stuff that's being blocked is tantamount to abusing the library's services. Someone should let the IT staff know so they can properly block those services on ethernet as well.

[–] deweydecibel@lemmy.world 11 points 7 months ago* (last edited 7 months ago) (1 children)

They should just be disabling the ports, frankly. The overwhelming majority of visitors will never miss them. If you need to use a computer on an Ethernet connection because you can't/won't use the Wi-Fi, most libraries provide desktop stations for you to use.

Keep some Wi-Fi USB dongles in the drawer at the front desk for people whose Wi-Fi isn't working, or the extreme edge case where somebody has some sort of device that can only use an ethernet connection, and for some reason they brought it to the library.

load more comments (1 replies)
load more comments (14 replies)
[–] ArbitraryValue@sh.itjust.works 39 points 7 months ago (30 children)

Well, you were trying to bypass one of their security measures. They require SMS verification so that they can track you in case you break their rules. Presumably this is why they also block other means of anonymizing yourself.

load more comments (30 replies)
[–] MehBlah@lemmy.world 36 points 7 months ago (6 children)

Good luck with that here. No port you can access will give you a IP If its hot at all. We don't allow patron machines to use Ethernet since it bypasses the QOS setting for the public WiFi. We also don't have any requirements to connect to our WiFi.

The reason for not allowing this is simple. We had several people come in and abuse usage of wired connections. Specifically people with consoles that thought it was okay to come in and kill our Patron vlan to download that fifty gig update for their console.

load more comments (6 replies)
[–] Truck_kun@beehaw.org 33 points 7 months ago* (last edited 7 months ago) (3 children)

My first reaction is yeah, you don't just plug into random Ethernet.

The wi-fi is likely a visitor network setup for guests to the library. That ethernet port could provide access to their private intranet, and be a security risk to the library. Worst case scenario, it could result in malware, ransomware, and/or millions of dollars in expenses to recover (on a library budget, that could mean permanently shutting down the library even).

After reading your post, I would say, no harm intended, just don't do it again.

After reading your comments about intentionally being vague about 'plugging in' to lead the librarian to think you were asking to plug in a power cord, and not specifically meaning ethernet connection.... yeah, you're clearly in the wrong. Just be up front; if they say no, so be it. They may be able to direct you to a visitor ethernet plug-in, or maybe not. If this were an AITA thread, i'd say yes, YTA in this case.

Asking in an security community.... I would assume some level of technical awareness, and you are likely well aware of network segmentation, and that no IT department would be happy about a guest plugging their laptop into random rj-45 jacks around the building. Maybe it's not well designed, and that actually has access to firewall administration?

load more comments (3 replies)
[–] lemmyreader@lemmy.ml 24 points 7 months ago (1 children)
  • Most folks will probably freak out when they see a terminal window ("DOS box") on a computer.
  • Most folks in my country have no idea that there is something else than WhatsApp as alternative to SMS.
  • Whenever I've tried explaining to people that stuff on their website violates privacy or when I try to explain why they are having email delivery problems almost always results in permanent silence or disbelief.

Technology appears to be a scare factor for a lot of people. But in this case the librarian maybe thought that Ethernet was only for their qualified IT department to use.

load more comments (1 replies)
[–] amio@kbin.social 20 points 7 months ago (20 children)

It's their network that they are offering as a service, if they say no then no it is.

load more comments (20 replies)
[–] YurkshireLad@lemmy.ca 19 points 7 months ago (1 children)

I can’t rant against librarians. My friend has been a librarian for many years and she has put up with a hell of a lot of crap from people. So be kind, be patient and be honest with them.

Obviously not all librarians, like any job, are perfect.

load more comments (1 replies)
[–] MisshapenDeviate@lemmy.dbzer0.com 15 points 7 months ago (2 children)

If it was a publicly available Ethernet port, it was likely for public use. The fact that she thought it was malicious speaks to ignorance on her part, not yours.

[–] halcyoncmdr@lemmy.world 20 points 7 months ago (3 children)

Even ignoring that, if internet via a wired ethernet connection isn't an option they provide for whatever reason... their network infrastructure shouldn't allow the connection anyway. It should be blocked as an unknown device on the network end, regardless if someone plugs into the network.

load more comments (3 replies)
[–] BolexForSoup@kbin.social 15 points 7 months ago (2 children)

Or you could just ask them to avoid confusion as it takes 5 seconds and they may have a way of doing things that you don't know about? It's respectful and it potentially saves you a lot of hassle if it doesn't work and you need to troubleshoot it.

[–] Icalasari@fedia.io 11 points 7 months ago

Yeah. For all we know, there could be a sign in/out thing at the desk for if you use ethernet - She DID think OP was taking one of the library's cables after all, which implies the public has access, possibly through a sign in/out system

load more comments (1 replies)
[–] wahming@monyet.cc 14 points 7 months ago

Sounds like a her problem.

[–] jol@discuss.tchncs.de 11 points 7 months ago

10+ years ago you had to bring your own ethernet cable to the University library because the WiFi couldn't handle all the students at peak times. Wo der if it's still the case.

[–] mystik@lemmy.world 10 points 7 months ago

It's uncommon for 'public use' ethernet ports to exist, unless they are clearly labeled. The ethernet ports might grant access to the internal network, which, is easy to accidentally do. A non-profit library with a limited budget might overlook all the extra protections on open ports (enable/disable ports as needed, use 802.11x port-based authentication, internal SSL, etc), that would be necessary to secure it. Or, even better; that RJ45 port might be wired up to an old PBX, and you may have fried their telephone system, or your own hardware.

[–] Doom4535@lemmy.sdf.org 9 points 7 months ago* (last edited 7 months ago) (1 children)

This sounds odd to me, unless you connected to an Ethernet port behind a desk or somehow forced open a network closet… They also might not like it if you disconnected one of the public computers to use its cable/port; otherwise if this was an open and public port, you used it as designed and the librarian probably has watched too many Hollywood hacking movies. I have to admit, I never thought of this as a way to bypass the captive portal (sorta just assumed everyone going through the public network would have to hit it, kinda of the equivalent to having everyone sign a liability waiver).

With that said, I can see some institutions not liking connections that aren’t part of the more traditional/commercial networking (but it doesn’t sound like the library took issue with your traffic, just the librarian didn’t like the PHY link you chose to use). For the SMS thing (I haven’t seen that used in a while, you might be able to use some sort of burner number app if they don’t filter them).

load more comments (1 replies)
load more comments
view more: next ›