Please create an account to participate in the Slashdot moderation system

 


Forgot your password?
Close
typodupeerror
×
Education

University Network Policies and Punishment? 101

Posted by Cliff from the overzealous-policy-police dept.
A not-so Anonymous Coward asks: "I'm a student in the dorms at the University of Colorado, where every room is wired with Ethernet. I bought an 802.11b access point and card, and have been using them on the network. 2 days ago, I came home to find out that my network access had been shut off. When I called ITS, they said it was because I was running the access point, and this was against policy. I proceeded to look through CU's site, and read the entire AUP and terms of use. Nowhere in these agreements is any ban on using wireless equipment in-room. When I called back to see when I could get my access turned back on, I was told that the one person that could help me was out sick. So far my access has been off for 2 days and counting, and chances are slim that I'll get it back by Monday, leaving me with a total of 5+ days without access, all for a violation I was unaware of, and had no warning about. Do I have any rights to force them to turn my access on earlier, or do I just sit without access until they get around to helping me?" Now assuming the AP was not completely open to public access, what possible reason is there for such a limitation? Most kids now go to college with laptops, and an AP is probably the best way for them to work (ie, not tied to the wall). My recommendation would be to politely talk to the University IT department? If anyone else has been in similar situations, how did you go about dealing with the University to get your account/email address/network access restored?
This discussion has been archived. No new comments can be posted.

University Network Policies and Punishment? More

University Network Policies and Punishment?

Comments Filter:
  • you sure are bitching a lot about a shutdown of 5 days. Use the campus networking facilities and wait to hear back from them. You have the right to your network connection, but 5 days isn't much time for a mistake to be resolved.

    Ignorance isn't an excuse, either. If you break the rules, you break the rules. Move on. There are a lot of good reasons to ban Wireless Access Points. They can interfere with cellular phones and other things that use that open swatch of airwaves. Perhaps you left it unsecured, as well, which gives anyone in range free access to the campus network because you were a bonehead. Don't assume the worst. Campus IT is your friend (that is, you definitely don't want to piss them off).

    • > You have the right to your network connection,

      "Usage is a privilege, not a right." (from one of the links in the article)
    • Wow, you're a moron.

      Any wireless access point that interferes with cellular phones is in clear violation of FCC rules and wouldn't be much use, since the two spectrums that each technology uses are nowhere near each other.

      Troll.
    • correction: i meant wireless phones, not cellular.

  • total of 5+ days without access (Score:4, Insightful)

    by Oily Tuna ( 542581 ) on Friday March 15, 2002 @02:14PM (#3169160) Homepage Journal
    total of 5+ days without access

    What a whiner! Wait until the appropriate person is well again and stop moaning. Internet access isn't a right.

    If you need it for your studies borrow your friends' (if you have any) or go to the library.
    • It is if you pay for it.

      When I went to OSU they kept hiking tuition, presumably to cover costs like an internet connection. That's a bill that I'm footing, so damn it, I expect them to respond in a manner befitting an ISP, rather than an altruistic organization who just happened to bless me with a connection.

      They charge you money for a reason, and it certainly isn't for the food.
      • It is if you pay for it.

        He is not paying for internet access, he is paying to go to college. Just because some of that money goes to cover the costs of internet service does not mean that he is entitled to the service from them. He pays the same amount as someone who does not use the school's internet connection.

        I expect them to respond in a manner befitting an ISP

        They should not have to behave like an ISP, they are not an ISP. As much as he, you, or I do not like it (yes, I don't like it either, but it is the truth) they are an "organization who just happened to bless [him] with a connection." He is paying them for an education, and they happen to give him an internet connection as well, they certainly do not have to.
        • No, his tuition is paying for his education. His residence charges are another thing altogether. I would argue that his internet access falls under residence charges, which decidedly isn't an education.
        • He is not paying for internet access, he is paying to go to college.

          No, at least at my university. The breakdown of your bill shows all the crap you pay for, including internet access (dialup and LAN) and other technology fees. However, there is a policy in place that precludes you from doing anything non-academic on the network, like P2P file sharing (no, you can't claim it for "academic reasons"), pr0n, playing games, and a host of other stuff. Nor can you connect anything to the network without the permission of InfoSys.

          You have to sign the agreement to get an account - however, interestingly enough there is no refund if you don't sign, refuse to sign, have another ISP, or just want your money back.

        • Bah, at our school we pay a $100 technology access fee of which if for all technology on campus. Which if you have or don't have a computer you still pay for it, because the ones without would have to use the labs. Also, being an ISP just constitutes providing a service, wiether you pay for it or not, i.e. juno/netzero of old. If i provide service via an Access point to the rest of my apartment complex then technically i could be considered a lame ISP, but i still provide the service, i.e. Internet Service Provider.
      • Do you really think that your university charges you what they pay for the Internet access? I doubt it. My tuition at the University of Florida would be much higher if I paid my portion of the OC-12.
      • respond in a manner befitting an ISP

        You mean, walk you through setting up your Windows98 network and dial-up settings, no matter how many times you have done it on a particular call, no matter what the problems you are having are and no matter what OS you are using, be it Win9x, WinNT, Mac, *NIX, OS/2, etc?
      • That's a bill that I'm footing, so damn it, I expect them to respond in a manner befitting an ISP
        Sorry, but chances are you don't pay for your Internet connection. State colleges are primarily funded from non-tuition based sources. Figure that a student pays a thousand dollars per semester, and there are fifteen-thousand students, that's 30,000,000 dollars per year for the school. Now figure you have 150 faculty members, at an average of 65,000 dollars per year. That's 9,750,000 dollars just to pay for faculty. Now figure there are 300 staff members on campus, at an average of 40,000 dollars per year. That's 12,000,000 dollars per year. That's 21.75 million dollars per year, leaving you with 8.25 million dollars to pay every student employee, pay the electricity, pay water, pay maintenace, pay for office materials, including computers for so many of the people who work there, and pay back all the money it has borrowed in the past to cover various costs of running the campus.

        Now tell me you pay for your bandwidth, which probably costs the university more than ten-thousand dollars per month.
        • Ok, also consider the revenues from sporting events, endorsement deals, R&D, medical facilities and other assorted income.

          I think the $1,000 per semester cost is a bit lowball. At OSU it's at $1,596 and rising. Residential costs, under which internet access probably falls, are significantly higher at $2,010 per semester. Now tell me, do you really think they can't afford internet access with $2,010 to play with. That's a double occupancy room, 76 (cheap) meals, and basic cable.

          The way I figure, using estimates based on real world cost (not even figuring economies of scale), that's $930 for rent, $228 for meals, $30 for cable, $100 for cleaning services, and $300 for utilities. That's about $1588. That leaves just a tiny bit of room for incidentals.

          I'm sure there are other hidden cost that I'm not allowing for, so if anybody knows differently (with hard facts), I'd love to know about it.
        • Wow. I had heard that Canadians were getting ripped off for tuition compared to all but the most expensive American colleges but I never knew how much!

          Assuming your $1000 per semester is a roughly accurate ballpark, we are paying about 25 - 50 percent more than this. And, of course, we are paying in Canadian dollars which are undervalued at the moment. Everyone, at least at the UofA [ualberta.ca], is paying over $2000 (Canadian) per semester, not counting books, room and board, food, etc. etc.
        • Ummm... Your numbers are a bit flawed. Here at the University of Michigan, our budget for FY02 was/is $9B (Yes, that's billion). Undergrad students don't pay that much compared to grad students, and a major university like Colorado is going to cost a WHOLE lot more than $1000/semester including room and board (If that was the case, I'm going back to school in a big way). Not to mention, the grants for research, donations, awards, etc. The amount they pay their employees is really a very small portion of the budget.

          Now, I know nobody will probably read this, since a 6 day old posting is pretty much Moot, but, hey, wanted to make my point

  • Somebody call the waaaambulance!!!!!! (Score:3, Funny)

    by hotarugari ( 525375 ) on Friday March 15, 2002 @02:19PM (#3169189)
    Ignorance is no excuse. If it was, we'd all be ignorant and stupid. Shame on you for even posting your sob story on here.
    • Did everyone post without reading the documents the original author linked to? It seems like everyone who wrote "You should have known, it's your own fault" didn't read the links to the terms of service the poster provided. There was no mention of wireless access points being a violation. The author COULD NOT have known.

      "Ignorance is no excuse" is only appropriate when the information is available, but the person did not bother to look it up. In this case the information was -not- available.

      Then again, if it were Microsoft who shut off his operating system access for five days because he changed a computer component, everyone on this site would be screaming about how wronged this person was.

      So, anonymous person, here's what you do if you really want to do something useful:

      1) Work with the IT department to revise the documentation to include the ban on wireless access points. If they're not willing to revise the documentation, they're making it up as they go along, and you have every right to feel slighted.

      2) Spend some time learning about the insecurity of 802.11b, because you might not want to use it once you find out how insecure it is.

      3) If, after doing the legwork, you feel wifi access points -should- be available to students, take it up as a cause. Find a secure, non-interfering way of setting one up, and propose it to the IT department. To be honest, I don't believe there is a secure and non-interfering method (yet), but it's worth a try, and you might learn something. Imagine that, learning something in college! ;)

      4) If you -do- find a secure and non-interfering method, and they don't want to hear about it (which is the likely response), let it go -- the network owner is the network owner. Just be glad you got the documentation changed so that other students won't shell out $$$ for wireless gear they can't use.

  • I had a similar situation when I was in school. The issue I had was not wireless but I had set-up a hub in the room so multiple machines could have access. I came home to find my networking equipment confiscated. I was without service for 4 days while I had to agree not to do it again. At this time they returned my hardware. I was only allowed to have one computer hooked up. So enter Linux, a masquerade...and the rest of the year went confortable as all my machines had access!!!
  • grant it, surfing pr0n sites is not as easy as the comfort for you own room.

  • Did you seeks authorization before you added a network node?

    Most of us with office jobs would ask for permission before we made the assumption that we can extend the network in an unauthorized manner.

    Network security might have an opinion about an open node to the outside world that circumvents firewalls.
    • I would cut off his access till he could prove that the node could stand up to airsnort or the like. Wireless nodes currently take a maximum of a few weeks to crack at the minimum of bandwidth usage because of the way rc4 of which wep is based on organizes its keyspace. (correct me if I'm wrong here)

  • Remember, it's not your network! (Score:3, Insightful)

    by Zack ( 44 ) on Friday March 15, 2002 @02:25PM (#3169224) Journal
    I used to work for a univeristy IT department, while I was there as a student. We often shut off peoples network ports for various reasons: running commercial servers, pr0n, port scanning, mp3 ftp servers, flooding, etc.

    We also had nothing about running Wireless APs (hell, they even gave us iBooks with 802.11b cards... we had an AP in our room) But we were also geeks and had it secured (well, as good as it can be)

    One problem was people using the campus bandwith for other people... such as setting up a dial-in server on their phone lines to give free access to their friends. Oddly enough, they got their ports shut off too.

    You can't really complain about it too much, though. At my university, students were paying about $3 a month for internet access... at 10 Base! (okay, maxed at 100 Base total per building, but still faster than a modem) And the entire point of university networks is for academic use.

    So basically, it's their network, their rules. Doesn't mean they have to be draconion, but if they want to, they can.

    Oh and be polite when you talk to the campus IT guys... they have to deal with a LOT of crap, and experinced users should know how to be nice. (Unless you want to get your connection back and have it throttled to 1kb/s :)

    • Now, I don't want people to take this too literaly, but to all intents and purposes, they are. I used to work as a university sysadmin for an electronics and computer science department. We had rules and reg's just like everyone else, and the usual catch-all's at the bottom.

      As someone else pointed out - be nice! We don't get paid much, but in exchange for the poor salary we get extra priveldges, like two 30 mintues coffee breaks a day + 1.5 hour lunch break, flexi-time (read 11:00 starts), and not having too much stress.

      If someone comes in and starts mouthing off and being nasty about stuff, of course we help.. we have to, but only so much, most of the things we do can happen MUCH slower if you got on our nerves! and some things won't happen at all. It is frankly one of the perks of the job, we can choose to be helpful or not. If you do something stuid but appologise you might get away with it, you do something stupid and mouth off about how you should be allowed to do it... well you might just find chunks of your account own'd by root, with a boyband picture on your background that you can't change!

      The reason people do this job is for the love of technology trying to help people and the perks, we can and will hit back if pushed, and we look after the backups... you would be surprised how many days it can take to get a backup restored if you pissed of the sysadmins last week :)

  • BOFH (Score:3)

    by Lord Sauron ( 551055 ) on Friday March 15, 2002 @02:27PM (#3169231)
    Youd better be happy your SysAdmin is not a BOFH [ntk.net]. Otherwise, youd have alredy been LARTed [home.ins.de].

    Ooops, and what is this high-voltage cable doing so close to your antenna? And why have all your files on the campus network been erased ? Oh, and what about the girl you like ? After receiving some e-mails she now thinks youre engaged with another man.

    Oh, the joys of being a BOFH.

  • Sorry, but... (Score:4, Informative)

    by uslinux.net ( 152591 ) on Friday March 15, 2002 @02:29PM (#3169244) Homepage
    As per the AUP you mention:

    * ResNet services and wiring may not be modified or extended beyond the area of their intended use. This applies to all network, hardware, computer lab and in-room data jacks.

    This one is questionable, since it does (or can) extend use outside the room

    * ResNet may not be used to provide the University of Colorado computer services or Internet access to anyone outside of the Residence Halls community for any purposes (other than those in direct support of the academic mission of the University).

    Aside from the inherent insecurities in WEP, they may not be sure you
    are even using WEP, which would (or certainly could) provide access to
    others outside of your residence halls

    * The University of Colorado specific or commercially obtained network resources may not be retransmitted outside of the University community.

    As per the AUP you mention:

    * ResNet services and wiring may not be modified or extended beyond the area of their intended use. This applies to all network, hardware, computer lab and in-room data jacks.

    This one is questionable, since it does (or can) extend use outside the room

    * ResNet may not be used to provide the University of Colorado computer services or Internet access to anyone outside of the Residence Halls community for any purposes (other than those in direct support of the academic mission of the University).

    Aside from the inherent insecurities in WEP, they may not be sure you
    are even using WEP, which would (or certainly could) provide access to
    others outside of your residence halls

    * The University of Colorado specific or commercially obtained network resources may not be retransmitted outside of the University community.

    And not being sure about the location or range, this could also apply.

    So, frankly, don't gripe. Those terms are designed to be loosely interpreted. Point is, while YOU may not feel you violated any rules, THEY do, and THEY control the access. Perhaps you can get approval now, but if not, just accept it and live with it. Life is unfair.
    • ResNet services and wiring may not be modified or extended beyond the area of their intended use. This applies to all network, hardware, computer lab and in-room data jacks.

      This one is questionable, since it does (or can) extend use outside the room.

      So could a really long cable. The area of his intended use is Residence (hence the name ResNet), and I fail to see how using wireless instead of a really long cable changes that.

      ResNet may not be used to provide the University of Colorado computer services or Internet access to anyone outside of the Residence Halls community for any purposes (other than those in direct support of the academic mission of the University).

      Aside from the inherent insecurities in WEP, they may not be sure you are even using WEP, which would (or certainly could) provide access to others outside of your residence halls

      This is a better point, but he's not using ResNet to provide outsiders with access. If they hack his basestation, he did not provide them with access, they stole his. Totally different ballgame. More so if he really locks down access.

      * The University of Colorado specific or commercially obtained network resources may not be retransmitted outside of the University community.

      And not being sure about the location or range, this could also apply.

      It says "community" not property, and since he's a paying student, wherever he goes, the community goes.

      So, while those terms could be mistaken to apply, if you look carefully, each point can be refuted.

      • Quite frankly, these "refutations" are pretty .... poor.
        ResNet services and wiring may not be modified or extended beyond the area of their intended use. This applies to all network, hardware, computer lab and in-room data jacks.

        This one is questionable, since it does (or can) extend use outside the room.

        So could a really long cable. The area of his intended use is Residence (hence the name ResNet), and I fail to see how using wireless instead of a really long cable changes that.

        And why would a really long cable be okay under this policy? And arguing that because the service is named "ResNet" that his service is intended to be used anywhere in the residence is rather a stretch!

        This is a better point, but he's not using ResNet to provide outsiders with access. If they hack his basestation, he did not provide them with access, they stole his. Totally different ballgame. More so if he really locks down access.

        No, if someone hacks his basestation, they stole the universities access. There are many millions of dollars worth of data on that network, and the university has a right to protect it. The policy says that he can't give outsiders access to the network, period. It doesn't matter whether he intends to do so or not.

        The University of Colorado specific or commercially obtained network resources may not be retransmitted outside of the University community.

        And not being sure about the location or range, this could also apply.

        It says "community" not property, and since he's a paying student, wherever he goes, the community goes.

        He's retransmitting the network resources. By doing so he is potentially allowing outsiders access to the network. That is in violation of the policy.

        This is really an incredible argument. You are claiming that he has a right to have access wherever he is. The rule quoted, however, says nothing at all like that. It says that he MUST NOT provide access to anyone else.

        • Thanks for the reply, I'm glad to have errors I make pointed out. I guess I should have put more thought into my post.

          Regarding long cables, I suppose you're right. If the indended use of a jack was "in this room" then a long cable is perfectly fine until you move the computer outside the room. On the other hand, if the intended use isn't specified, it leaves some room for interpretation.

          Regarding the basestation, where do you draw the line? Would the university consider someone breaking into his room, unplugging his computer, and hooking up their own computer "providing outsiders access?" It's fair to say that by hooking up the base station, he's making it EASIER to gain access as an outsider... perhaps it's like insurance companies requiring locked doors? If he had a totally hack-proof (not likely) station, would it then be ok, since in that case, no outsider could gain access through his station?

          Regarding retransmission, well, a wireless basestation does nothing but retransmit. Touche. I wouldn't apply the outsider access in this case, I'd just use the retransmission clause. Looks like he loses here for sure.

          Regarding his "right to access." You had good points you claim that I argued for this. You are putting words in my mouth. He has no right to anything. He does have a contract for service with the university, that has specific terms. I just pointed out some arguments that could be made that he didn't violate the terms outlined in the contract. It appears that he did violate at least one term, so defending the other terms is moot at this point.

          Off topic, but relavent. As far as extrapolating details from the name of a service/product, I think that's fair to some degree. If I sell a product called the "Penis Mightier" I think it's fair that people expect that my product will make their penis mightier. If I sell "A Big Stick" I think it's fair my customers get upset when they open their package and it contains an apple. Misleading product names could lead to one person not getting what they barganed for, which could constitute fraud on the part of the seller. IANAL, but that's what I'd hope as someone who likes to buy things occasionally.

          Again, thanks for pointing out the flaws in my arguments, I'm always looking to improve.
  • ... set up their own wireless network [drexel.edu]. Access requires registering your laptop's MAC address, and you can reach the network from just about every classroom and dorm on campus. They require the MAC address to block out non-Drexel folk, as the campus is in the middle of Philly.

  • My story (be polite) (Score:3, Interesting)

    by skunkeh ( 410004 ) on Friday March 15, 2002 @02:30PM (#3169250)
    I was banned from my University's network a couple of days ago after an e-mail incident - a large university announce-only mailing list had been accidentally left unmoderated and was being flooded with rubbish from all over the campus. I posted a message explaining what had happened (for the benefit of the users asking "Why am I getting so much mail!?") and suggesting everyone just wait it out until the list admins re-moderated the list.

    As you can imagine, I was pretty surprised when my room connection stopped working and I recieved an e-mail informing me that I had been banned for a week!

    After a short e-mail exchange with a network admin it became apparent that someone had sent an abusive message to the (now moderated) list using my name as their signature. The message had been picked up by a list moderator who suggested I was banned along with the other public abusers of the list. E-Mail headers were checked, my name was cleared and my connection was reinstated (the guy who pretended to be me could be facing a £250 fine though).

    The point of this rather uninteresting story? University network admins are reasonable people, but you have to aproach them in the right way. I was painfully polite in every one of the e-mails I sent them, I explained my circumstances in detail and made sure to thank them for their time. Provided you put your case in a clear, concise and above all polite manner you should be fine. What you SHOULDN'T do is go demanding better treatment and quoting University rules left right and center - that won't help your cause in the slightest.
  • ResNet services and wiring may not be modified or extended beyond the area of their intended use. This applies to all network, hardware, computer lab and in-room data jacks.


    ResNet may not be used to provide the University of Colorado computer services or Internet access to anyone outside of the Residence Halls community for any purposes (other than those in direct support of the academic mission of the University).

    I think I case could be made by the university that a wireless access point "extend the ResNet service beyond the area of their intended use" (whether or not they are actually being *USED* beyond the area of their intended use). Also, it is again *possible* that a WAP be used to provide access to someone outside of the Residence Halls community (even though this may not actually be occurring).

    However, in their terms of service, they say the access is a "privelage" not a "right". That could probably be argued as long as *you* are paying for the services of the university - why should it not be a right?

    • Re:Read this part of AUP (Score:4, Insightful)

      by foobar104 ( 206452 ) on Friday March 15, 2002 @02:48PM (#3169372) Journal
      However, in their terms of service, they say the access is a "privelage" not a "right". That could probably be argued as long as *you* are paying for the services of the university - why should it not be a right?

      What you're describing really isn't a case of access being a "right"-- which would make the subsequent denial of that access a 6th amendment issue-- but of breach of contract.

      If the University agrees to provide you with internet connectivity in your room in return for your tuition or housing fees-- either as a separate itemized fee or as part of a package of services-- then you have a contract with the University. If the University violates their terms of this contract, then you have a legitimate grievance against them.

      But the key there is that the University, in turning off your service, has to be in violation of the terms of the contract. In order for this to be true, two things must also be true:

      1. The University's provision of access to you is an explicit term of your housing contract, like electricity.

      2. The University's contract with you does not have a discretionary clause.

      The University, however, is probably smart. They probably do have a discretionary clause. I haven't read any of the documents linked to in the original post-- 'cause I'm lazy-- but it's probably in there somewhere. "We provide this service to you at our discretion, and may disconnect or discontinue this service, temporarily or permanently, at any time... " and so on.

      So basically, no, internet access in your dorm is not a right, and it's probably not something that you can fight on contractual terms.
      • Or the college may extend the privilege of using the high bandwidth access they have to buy to run their business and research operations, but only as a provisional user - meaning the dorms are second class citizens getting throttled access during the day and always being the fourth or fifth priority in the QoS tables. If there is no explicit fee, and no explicit statement promise of service, just a port in your room that works, then there is no contract to be broken.
  • Chances are you have a few options. University of Michigan, for instance, has free lawyers for their students who could at least tell you where you stand legally and what your options might be. You likely have other processes you can go through - you are paying for the dorm room with includes the service, bring it up with the administration of the dorms. Take it to a higher level, and show in what ways this has damaged your ability to do schoolwork. We also have a student government we pay dues to. They represent us to some extent to the administration, and you could talk to your student body representative. It'll give you experience for when you find out that you can't play your newest dvds on your home player since the MPAA turned it off and you need to talk to your senator or house rep to get them to overturn the new "Your content are belong to MPAA" amendment.

    But reality is that they control the network, and they likely don't report to anyone that you can influence.

    Asking for legal opinion on slashdot is pretty short sighted though. Sounds like you just wanted a public place to vent.

    -Adam
  • Most dorm rooms I have seen so far are so small they can be wired with 3' patch cables...

  • I had every shell, mail, and lab account taken away for running a 'rouge' slashsite. I still haven't recieved access back from my university.

    I don't even exist anymore to them, and it's been almost a year.

  • "How dare they punish this child by removing his god-given RIGHT to a 24/7, dual T3 access point? What did (s)he actually do? (S)He used the technologies at his/her disposal to UNTETHER him/herself from the school mandated position of sitting idle at his/her desk while (s)he could be FREELY EXPRESSING him/herself as (s)he roamed around his/her dorm room, HIS/HER HOME. This school should be CHASTISED for the detrimental effect their actions have taken on this student's ability to FREELY EXPRESS him or herself. SHAME ON YOU."
  • I used to be the Director of Network Services for a small (2000 students) private liberal arts college. I would have also disabled the port, based on the AUP I read. College network administrators have more to deal with than most people realize, and the easiest thing to do is simply disable things that cause problems and deal with it. I didn't get upset with anyone when they did things like this - I just disabled them, talked it over with them and in every case, they understood the reasoning and didn't do it again. I read a post earlier where someone violated the rules, was caught and then set up Linux with IP masquerading to do it all over again. That sucks. Wait until you get a real job and try something like that.
    • This argument makes no sence at all. Why would (s)he do this at work. (s)he does not "live" at work. (S)He is living in his dorm room. In the workplace you would have to request equipment, which when (s)he got it would probably be hooked to the network, or not depending on the project.

      On a separate note, I was banned from my college accounts for logging into a server. I accidentaly ssh'd into the www server, I forgot the www.cs. The server let me log in! My account was disabled for 2 weeks. How dumb is that.

  • Here at UMass... (Score:2, Informative)

    by leviramsey ( 248057 )

    ...last year, I accidentally did some portscanning (I was getting Samba up and running and forgot the WINS server; OIT [umass.edu]'s web page didn't have that information readily available. So I scanned the entire 128.119.0.0/16 subnet for a WINS server) and got my ethernet card blacklisted (I was still able to log on to the public machines). I met with OIT and explained to/convinced their netops guys that I wasn't evil. I ended up scoring extra points by being very vigilant from then on about reporting hacking attempts from the university subnet (as OIT's detection systems are mainly designed for external attacks).

    So my advice is be contrite, say you'll never do it again; if you want to do it again, ask them first (maybe going UNODIR would work, also). And if there's anything they need help with, don't hesitate to give it.

    Remember, netops people have a tendency to be just like you. They've just had to deal with far too many morons who do stupid things while breaking the AUP. As a result, any violations are assumed to be the work of a moron. If you can demonstrate that you know what you're doing and can be trusted running a wireless gateway (stay away from WEP... use end-to-end IPSec), they'll be much more likely to let it slide.

  • The most common way for netops to find wireless APs is to look at arp tables for MAC addresses that are in ranges that are known to be used by wireless APs. If your AP supports using a localy administered MAC address just change the MAC to something else that is not in a known wireless AP range.
    As convenient as 802.11b is, I do understand why many organizations do have policies against them(or strict configuration requirements). It really sucks to have to explain to your CIO that some people in a van out on the street jumped onto your internal networks poked around. Although, in a university environment I don't see how some wireless APs make the network any less secure, I mean you usually just walk in a library or computer lab or a dorm room and hop onto their networks.
    • I don't know about you, but my AP (and another router) has an option to specify what the external MAC address on it. Basically it is meant to be used so that you can type in the MAC address of the system that was usually on that link (cable modem or DSL). Some cable modem networks were setup in such a way that you could only access the net while using a system whos MAC address was in their database, this would supposedly keep people from putting in routers, etc., and force them to purchase extra IP addresses from the cable modem network. Well, the guys who made routers were not stupid and saw that they might lose some business, so they came up with a way to spoof the external MAC address of their routers.
  • In a way it's good that university students experience monopolistic behavior directly in what amounts to a laboratory environment. The arrogance and rudeness that come naturally to monopolies find full expression in universities.

    There was no reason to cut him off at a time when nobody would be around to restore his service; that is just rude. There was no reason to cut him off without sending him an e-mail, to give him a chance to correct his usage first. These are excellent examples of petty authority running unchecked, as characteristic a feature of monopolies as of unrepresentative governments.

    It's unfortunate that so many people (made evident by the above postings) learn the wrong lesson, and develop a toadying attitude toward anyone who has managed to seize a little power. The tendency to toadyism is an unfortunate inheritance from ancestors who managed to squeak out a little privilege at the expense of general liberty.

  • My university recently send me this:
    --------
    You are receiving this email because you have a computer registered in
    the [University] Residence Halls or Apartments.

    ITS is currently monitoring an increase in campus bandwidth utilization.
    Our internet connection is currently at 94% utilization for outbound
    traffic- that is servers on campus sending information off campus. Some of
    the servers consuming the bandwidth are located in the Residence Halls and
    Apartments.

    ITS will begin DISABLING the Ethernet connections of high bandwidth
    users beginning Friday afternoon. If you are running a server and have not
    taken steps to reduce or control the amount of bandwidth that you are using,
    you may loose your Ethernet connection. You should find settings or
    preferences or options for your server software to control bandwidth usage
    and consecutive connections.

    If your network connection stops working you will have to contact the
    Resnet Office (see below) to request reactivation. Any server that is in
    violation of the [University] Code of Conduct for Computer Use will be documented and
    forwarded to Campus Safety. The Code of Conduct for Computer Use can be
    found at:
    http://www.[University].edu/~750www/Publications /p olicies/code_of_conduct_rit.shtml

    If you are NOT running a server but your connection stops working it is
    likely that your computer has been compromised. Resnet will assist you in
    securing your computer and restoring your network connection.
    -------
    No mention of what exactly constitutes excessive use. X kbps for Y duration? Z Gb per month? I emailed them to ask, but received no reply. They like to be vague so they can take out whoever they want, and let certain 'friends' slip by.
    • What the fuck do you think excessive use is? If you've got X total bandwidth and are using 90% of it all the time that will probably be construed at excessive bandwidth usage. You're in college and can't figure this out? The letter says bandwidth utilization has increased to 94% which you can pretty much assume means a good deal of people are using that percentage of their personal bandwidth. Students running file servers on the school's network cost them money, so do students running their Windows 2000 laptops with Nimda worms on them DDoSing some poor sap somewhere.

  • Yo, Cliff... (Score:2, Interesting)

    by otok_dadel ( 203734 )
    "Most kids now go to college with laptops..."

    That's a ridiculous statement and an indication of the extent to which we in the (extended) tech community often have our heads in the clouds.

    Sorry to be off-topic, but I've spent the day trying to figure out how to shoehorn another 10,000 low income kids into a subsidized summer daycamp program without a budget increase. Issues of class and disposable income are in the front of my mind at the moment.
    • He speaks the truth. Probably less than 5% of students entering college do so without any form of a computer. Lots of colleges already have laptop-for-every-student mandations, and plenty more are getting them soon (mine [clemson.edu] being an example). Most students prefer laptops.

      Cheers,
      levine
    • No, its not a rediculous statement.

      For instance in my degree program (architecture) 95% of this year's entering freshman class (of about 120) have laptops they cart between class and home
    • I'm in college now, and I would say the majority of oncampus students do have laptops.
  • I few years back, while I was attending the University of Oklahoma, I hooked up a Linux system to my dorm connection. It had been intended purely for testing purposes, but one day a friend who was running a MUSH found herself serverless and needed a temporary home. I searched for some sort of policy for network use, but found none, so I offered to host the MUSH until she paid for a new hosting service.

    Now, a while back, I'd purchased a domain name with the long-term goal of starting my own hosting company once I was off-campus. So, to allow the handful of people who needed to connect to the MUSH an easy way of connecting, I also set up the DNS config and told NetSol my .com's primary server was my linux box. Worked like a champ.

    Well, the next week I moved off campus, but since they told my roommate that he would not be reassigned a new roommate, I left the linux box there, hosting away. The game actually was moved back to a real hosting company, but I left my domain name going, redirected, for the convenience of the players.

    All went fine for a little while... I was short on space in my new apartment, so I left the server at the dorms. Next thing I know, I get a threatening voicemail on my answering machine. My roommate gave them my new number when they called the dorm. Some student IT admin ranted about me illegally running a server on the network, and that I would be facing "academic disciplinary action" if it wasn't resolved immediately. He didn't leave a phone number. My roommate, though, called me up and told me he had gotten a phone number from someone else - the head of the ResNet department. I called him up, and unlike the kid with a god complex who left the message the first time, he was very kind and apologized for the AUP not being properly posted, and so forth. But what surprised me was that it wasn't running the MUSH for a couple weeks that was the problem -- it wasn't even running the DNS server -- it was the fact I had a record at InterNIC saying the primary DNS for a .com domain was located inside OU's IP range! (something about threatening their non-profit educational status and possibly costing them $thousands...)

    So I killed the DNS and took the machine home, but that didn't solve the "problem". And boy did the Network Solutions auto-bots have fun sending me denials as I tried to find ways to unlink the IP address from the primary DNS server field. Too bad I didn't know about free dns services back then... But that's another story.
  • Its a long shot but... is it your own computer that you are using it on? On the campus I work on students are issued laptops. If they want to add, remove, etc. hardware, cards, etc. from the laptop it must be done by IT. If it wasn't - they can be punished. This falls under permission to modify school equipment.

    If its your own equipment, does your school have a policy about using your own equipment on school networks? Ours does. Its stupid, but they won't let students hook up to the network with their own machines. They don't want them to compromise the security of the network so they say.

    I'd say what rights you have to force the school to do anything are slim to none. However a lot of it will depend on whether you have previously violated computer policy. And I'd highlight the fact that you didn't get a warning before your disconnection. You might have more luck pushing for another department (like student life) to pressure IT instead of you going to them themselves. Tell them how important the connection is to you and why.

  • The reason is... (Score:3, Interesting)

    by jdclucidly ( 520630 ) on Friday March 15, 2002 @06:20PM (#3170643) Homepage
    At UMKC (umkc.edu) the IT department has just recently instituted this policy. The staff has had wide speculation but the one that seems to make the most sense is.... Money. The university is currently charging $450 for a quickly one hour drop of a new CAT5 port. Not only does this finance the people doing the drop, but also the subsequent equipment upgrades required to provide consistant 10 megabit access. While I do not agree with my university's methods or logic, I do see where they're coming from. There is probably something similar occuring at the Univ. o Co. You should consider asking what the cost of a new port is...
  • I worked for the department that managed ResNet and stuff at my university, and my internet access was threatened to be shut off once. The reason they had (and it _is_ legitimate) was that the hubs they were using in my building were old hubs with security tables that kept a record of the MAC addresses which used each port (they're kind of halfway between a hub and a true switch).

    Because of this, any time you plugged in a hub/WAP/etc. and connected multiple computers to a room jack, the hubs would crash, bringing down everyone on your floor as well. So I built a little OpenBSD router with NAT enabled and put my WAP and other computers behind that; that got them off my backs, and it was slightly more secure than what I had before.
  • ...and students are always finding creative ways to degrade the performance of the campus network and residence hall network by playing "amateur network engineer" or installing the latest fad in recreational software.

    When students call us complaining that the network is slow or unusable, and we discover that a student has (for example) connected a hub and ten of his friends to the network, half of whom are across the street in a frat house and downloading pron (or whatever), and someone in the frat house thinks it's funny to connect both ends of a crossover cable to the frat house hub...

    Wireless access points are particularly egregious because you can't follow the wires and find out what's really connected to your network.

    When the admin loses all control like this, no amount of "This is academic!" or "I paid for this!" or "I expect ISP-level service!" is going to make a damn bit of difference. Admin has to provide usable service within the budget. This applies to any network anywhere, not just a residence hall network at a university.

    It's extremely important to remember that the network connections provided to students in dormitories are designed and intended for academic use, on a single computer, by the authorized student, only. They are provided so that the student may reliably access university resources (e-mail, library card catalog, etc.) and also, as an added benefit, for periodic high-speed internet access. They are not designed to allow students to provide a 24-hour file service to the internet (a la Napster), to play games, or to constantly saturate the network with (invariably non-academic) multimedia downloads. A network designed to support this would be prohibitively expensive: compare with what you might pay a managed hosting company for a single port, for example.

  • Is it just me, or does it seem preposterous that the poster would expect that he has rights in this situation? There are no laws about college students receiving uninterrupted service when you violate the rules, or when you're thought to have violated the rules. You have no option but to wait around until this person is back at work.

    Honestly, what did you expect? That you'd be able to call your lawyer, and they'd bring in a member of EMERGENCY IT TASKFORCE (EIT) of your local police department and s/he'd waltz into the ITS office and switch your access back on?

    With most college kids I know, it's common knowledge that routers, access points, NATs and the like are not allowed in the dorms. Just makes common sense that they wouldn't want you to do it. Doesn't necessarily make sense why, but it just seems like a rule they'd have. People do it, but they usually have the sense to disguise it. :)
    • Could it be that maybe he pays specific fees for that access, and thus has a property right in it?

  • Suprising (Score:3, Interesting)

    by OnyxRaven ( 9906 ) on Friday March 15, 2002 @09:53PM (#3171477) Homepage
    This is relatively suprising that he got 'caught' considering the length of time the CU ResNet and ITS takes to find things like this.

    It took weeks, months, and more for them to actually send an email to the guy running a CounterStrike server down the hall, and it took them even longer to find my server.

    It seems the CU ResNet policy is to give the student the runaround whilest not providing any information or help at all. I've heard a few different situations that come up:

    Server Is found:
    * ITS sends email to user explaining they are in violation of the AUP
    * ITS shuts down all external access to user dropping all packets from and to outside networks, and sends email like above
    * ITS shuts down all external access without any explanation
    * ITS literally disables the port the offender is on, after the one or two of the above procedures.

    Which happens is anyones guess. Will the offense actually be recorded or not is anyones guess.

    Here's my experience:

    I was running a mp3 ftp server. I know. AUP violation plain and simple. So i'm suprised, but not perplexed when my connection gets turned off. I call ITS to see whats up (and how long I'll be down, etc.). They have no record of the violation, and they can see my machine, MAC address, etc just fine.

    They come out and test the connection by plugging in their own equipment and everything works. I show them I still get link light on my machine, and the switch I have attached (another little linux box I have for development). They connect through the switch and still they work. They give up and go back to research some stuff on the internal routers.

    Two days go by.

    We finally get a call back from the techs. They explain my machine was blocked off at the external routers, the same procedure if we were to be 'blackholed', except the record was never entered. The tech who finally found the problem removed the block, and I was back on instantly.

    So in general, suprising he got to even talk to someone.

    Anyway, as to his specific problem though, I would think that if he can prove his access point was secure, so that nobody outside the campus, could get on (the only way they could is through a NAT or if they set up their machine with the dhcp servers on the network. You must register your MAC with those servers to get access outside the campus), he should be fine. There were many of us in the dorms that had more than one machine hooked up on switches, and no complaints there.

  • NYU cut off my roommate's ethernet for running Linux. I had unplugged my box when he was portscanned so he was able to use my connection while he talked with the NOC people.

    He was a music major so it wasn't hard for him to convince him he wasn't a hacker. They ended up allowing Linux as an unsupported OS after a couple weeks. I'm sure if you're polite your NOC people will end up allowing 802.11b with some kind of firewall requirement. The basic firewall in one of those all-in-one boxes would prolly decrease the vulnerability of the network to Microsoft WORMs. You'd have to know you're running a web server to forward port 80, for instance.
  • Last semseter, got an AP. I'm pritty sure they knew I had wireless gear because I would sit on the patio and surf the net. I also knew that they looked at mysetup at least once because I got back to my room one day and my firewall and access point had been moved some, and the cables were out in the open. Wireless networking gear of any kind is expressly forbidden. They banned it when I asked during the summer.

    But some silly rule did not keep me from doing it. My setup was a bit diffrent, I had my ap using wep (unlike 80% of other access points), and I had it on a DMZ where I did all kinds of cool stuff. I also had an ipsec tunnel to where I work and all. Thats another story, but my boss called his friend who runs the university network and got him to open up ip-proto-50 so I could do ipsec.

    Why I did not get in trouble, or my access yanked. I would guess thats because I knew a good chunk of the networking folks. Residential Networking even tried to offer me a job.... But, I'm sure that If i had it directly plugged into the network, My access would have been yanked.

    Now, if they did not know I had an ap, They will soon, because I know they read slashdot.
  • You know, it's sad, because I'm not that old (or so I think). But I remember back in the day when I went to college, we had computer labs. Rooms and rooms full of Wyse terminals, all hooked up to one of four VAX (appropriatley and imaginativley named VAXA.HOFSTRA.EDU through VAXD.HOFSTRA.EDU) If you wanted to check your e-mail you got your ass off your dorm room couch, put on a jacket (it gets cold in New York!) and walked yourself to one of the computer labs. You even had your choice of mail software (as long as you chose mail, pine, or elm). Shoot they even had this newfangled USENET thing there. There were a couple of PC labs, but those were for weenies who couldn't do term papers in LaTeX. If you wanted pr0n you walked to the bodega and got a Playboy.

    Internet in the dorm room you ask? Yeah, we had that. It cost me about $100 and 29.95 a month. The $100 was for a converter thingie so we could use an analog modem with the university's newfangled digital PBX system. The $29.95 was for an account with a local ISP. We used SLIP and we used NCSA mosiac to browse gopher servers, and occaisonally, the web. And we liked it, goddamnit. A LAN in our dorm room? Forget it! Internet connection sharing? Not invented yet! (I ran OS/2 WARP! 3 on my PC back then.) If I was on the 'Net and my roommate wanted on, he'd unpug the phone line.

    What is it with kids these days? Yes I understand you're paying for the dorm room. But for christ sake, you're talking about suing your school and shit for turning off your dorm room ethernet access . Get a grip.

    • lucky! you had pine!

      just kidding, I'm actually in college now, but I like pine. I can check my email from anywhere (try finding a Win or OSX box w/out telent) including the user labs, which are notorious for not allowing anything besides MSWord and Netscape 4.7 to be run....although the Sparc stations can be fun.

      But pine+telnet is good; so is IMAP; but pine+telnet is better.

  • My College has a fairly strict set of rules on computer useage too. However, this didn't stop myself and a friend from setting up wireless and letting each other access the college network from through our wireless enabled machines.

    How, you might ask. Simple, we're two of the student computing representatives. As such, we get far more leniency from college about our computer useage. We get free internet access, hosting for a few of our machines out of term time, and a big say in what happens wrt student computing.

    Admitedly, we do have to go to two student political meetings / week, and help run some of the services. Since we probably would have spent nearly as much time running similar services of our own anyway, the latter isn't a big deal, and makes for great CV entries - it helped me get my summer job :). As for the former, we're always informed on what's happening, get to have a decent say in what happens, and know most people.

    So, if you want to do anything even slightly borderline, get involved in student politics first.

  • Whenever I ran into problems with our BOFH-type network admins, I got a professor to poke them. They didn't like it when they got a call from the department chair. It interrupted their 16-hour-a-day IRC/MUD sessions, but I didn't give a crap. I had work to do.
  • At the university I work at, all forms of connection sharing are banned by network services. Because they associate specific users with specific IP addresses, anything that allows more than one user to access an IP is a possible security problem. Is the problem that you were running a wireless access point specifically or was it that you were running a switch that happened to be wireless?
  • If its anything like my university (University of Southern California) then you are only allowed one machine per port. They run a script to check the network for hubs (or, more importantly multiple NIC addresses using the same jack) and automatically shut it down.

    I've had the problem. Best way to solve it is make friends w/ a student employee who has access to the appropriate network tools. If you're good enough friends they'll enable it as soon as you call them.
  • I asked them for access to setup my email account up as a mailserver. They reviewed the request ( taking two weeks to do it ) and denied it.

    I asked the person if they minded if I set up a mail server using my normal student access / privlages. She said if I could they wouldn't mind.

    Within 2 days I had written a mailserver. I got word back later that they weren't expecting me to actually be able to write it.

    VAX DCL scripting - It's still out there somewhere.

Slashdot Top Deals

E = MC ** 2 +- 3db

Close