I’m having trouble getting my Linksys WRT54G working in the K-state residence halls. Resnet appears to be enforcing their No NAT routers policy more stringently this year than last. Therefore I’ve had to come up with a way of getting around their policy. I have to have my NAT box. I loves it.
The problem: KSU immediately can determine that I’ve connected my router and assign me a private IP (10.10.x.x) and redirect me to a warning page, telling me I’ve violated their policy and that they will kill my firstborn if I don’t remove the router.
Now this seems odd to me. How can they instantly tell that I’ve attached a router between myself and their network? I’ve cloned the MAC address of my laptop to the WAN interface, so it should look the same on Layer 2. The problem is, they seem to immediately be able to tell that it;s a router. There’s no delay in detecting it or anything. I can’t NMAP myself, so they aren’t going to succeed. It could also be TTL, but I ruled that out by setting it to 129 so it would look like traffic from a normal windows host. So the only other thing it could be is……….DHCP! tada!
DHCP that’s the ticket. My client somehow identifies itself as Linksys, or sends it’s MAC address, or something. I’m not sure which, I need to sniff the traffic between the NAT box and their DHCP server (10.10.0.220) to exactly what it is.
In the mean time my only work-around is to request the IP with my laptop and then statically assign that IP to the WAN interface on the router. The only problem with this is that the release expires every 24-hours, requiring me to renew the IP with my laptop once a day. I’ll work on a way to automate this, but that’ll take some time.
I need to learn of the dhcp client on the WRT54GS works. Namely the client included with DD-WRT #22. It uses udhcpc 0.9.8, which is included in Busybox v1.0. I’ve tried playing around with most of the options I’ve found in the man pages, but that doesn’t seem to help.
I’ve also tried using DHCPing on my Linux server to fake the DHCP request, however, their server is on a non-routable subnet, so I can only reach it by broadcast. Those tricky bastards.