Campus network exploitation

original plan with exploit

The campus has strange regulations to restrict outbound speed but not LAN speed. The goal was to utilize every accessible computer with wired LAN access to speed up my campus outbound connections. By using load balancer over a large number of computers the outbound bandwidth is combined for multithread downloading. n2n is used to connect devices with admin access for easy management, direct v2ray is deployed to devices without admin access but with fixed ip and port access, and v2ray of reverse proxy is to deploy to devices without fixed ip and admin access.

new exploits

While I was examing the campus HPC I noticed something strange: the outbound speed is not limited (in terms of LAN speed) on the HPC. This is reasonable consider that many people are using the cluster. Furthermore, the HPC is shared with commercial users from outside the campus, and further inspection confirms that the HPC outbound is a direct link to local China Telecom network instead of China Education and Research Network. This is a major advantage as the former one is much more reliable and efficient.

First of all, I only have a user account on the HPC, meaning opening ports on firewall is out of the quesiton, let alone creating tun devices. A common practise under such situation would be creating a reverse proxy to another server.

However, a port scan shows local 90 and 8080 port is open but unused. Port 90 is unavailable to common users, but 8080 is totally accessible. This is unexpected as well as hilarious. Nginx and v2ray is then deployed with ws+tls+vmess to provide maximum security. Crontab is configured to ensure availablity across reboot.

sudo nmap -n -Pn -sS -p0-65535 [ip]

result

Due to the unlimited outbound speed of HPC the connection bottle neck is now the campus LAN. Ping to various servers drops significantly due to the advantage of China Telecom over CERNET. Secure connections are established. While all operations are under campus regulation, some part of the process should be seen as exploits.

potential counter measures

To counter the exploits campus net admin would have to:

  • properly configure firewall of public workstations
  • block all ports of LAN devices to avoid NAT traversal, which is totally unreasonable, or
  • restrict the LAN speed to outbound speed, which is equivelantly unreasonable

Before that the campus network outbound speed limit is merely a trash policy, an inconvenience, rather than a restriction. Considering the inconvenience inflicted, and the total legal and reasonable process, I hardly find any motivation to report such exploits.