August 22, 2010

Bypassing Authentication in Cable Internet System

I have been using Internet through cable since many years. Sometimes I feel very bad about the network speed, access control by ISP and other limitations though there are various advantages. Few of them are using peer computers contents which are open, sharing content with friends assuming they are on same network.
As popular quote says, need is the mother of invention. I always try to find loop holes & tricks to increase the performance of browsing. And in this journey I learnt about my network, its component, structure and how to bypass systems which are there to put us in a jail.

These service providers gets a dedicated link from a parent service provider which is usually having a Internet backbone at wider level. And they uses subscription and billing application to design plans and users/machines/bandwidth management.

Common Network Architecture

There are various subnets named subnet A, B etc. Subnet is logical grouping of network components for better manageability and control. Each subnet has a server installed which is also your IP Gateway.
This server is responsible for user authentication and bandwidth management using a web based software. 

Each subnet is then connected to its parent server from where the Internet bandwidth is allocated. To improve  the performance of browsing and optimize bandwidth, all the servers are equipped with Squid in transparent configuration for content caching. 

Now Suppose, the parent server has a link speed of 12 mbps which is further divided for each subnet. Let's consider subnet A gets a total of 3 mbps shared. Thus total usage of all the workstations in this subnet has to share this 3 mbps and overall speed will be very cumbersome. 

Hack
You have to find a way in your network such that you bypass the authentication system of your local subnet and configure your system to use proxy of the parent server of your network (marked with static IP). Usually the proxy is configured on port 80 to provide transparency.

Now question arises how to bypass the security mechanism. Now this could be a loophole in the network or the network user is a leased line user with no binding with a particular machine.
  1. Login to your subnet server using ssh or telnet. Usually the password of these consoles are not changed. It will be by default admin/admin.
  2. Add yourself to leased line user through the console or use any already configured IP
  3. Use the proxy (using IE options or Individual software settings): set IP as that of parent server and port 80
  4. The key is to use all the bandwidth that is going to be distributed through out the subnets.
You may wish to use nmap to discover network or wireshark to analyze your network and to identify plain text passwords flowing between workstation & subnet server or any other opensource software you wish which can do the same thing. 

Note - Speed is a function of squid performance, its caching efficiency and the overall link speed & load on network. So sometimes you will find it very fast and sometimes very normal just like you are going through official way ;-).

P.S. This is not targeted to any company and the above said configuration is an ordinary configuration used by service providers. This may not be applied in all cases. If you have any questions or facing difficulties in understanding the above pointers or just want to add some more things, please feel free to comment.