Can my network administrator know that I am using a virtual router to access the internet on my unauthorised devices?

Solution 1:

Yes, your use of a wireless hotspot can be identified using a wireless intrusion prevention system.

The primary purpose of a WIPS is to prevent unauthorized network access to local area networks and other information assets by wireless devices. These systems are typically implemented as an overlay to an existing Wireless LAN infrastructure, although they may be deployed standalone to enforce no-wireless policies within an organization. Some advanced wireless infrastructures have integrated WIPS capabilities.

Solution 2:

Besides physically running around and detecting hotspots via WLAN traffic ("warwalking"?), or maybe using the existing router to detect then, traffic patterns can also be a giveaway - your hotspot has a different signature than your device.

Instead of working against your sysadmin (which is a PITA for both sides), talk to him. I don't know why they have the "one MAC per student rule", maybe they can relax it a bit? Say, "two or three MACs per student". Not much more trouble to administrate.

I don't know how the political side of the student representation works at your uni, but often students can voice their interests in some way. Yes, this is slower than just setting up a hotspot, but also more effective.

Solution 3:

I used to work as a network administrator's assistant for a college. It sounds like a generational difference issue or the school's network can't handle more than 1 device for each student, staff member, etc. Probably every student has more devices than the policy allows.

The short answer is YES they can detect unauthorized access. NO, don't do it. I routinely revoked access for network violations (file sharing, illegal software, viruses, porn in the computer labs, etc). Many of those students had to leave school, because college is quite difficult without computer access. The students are exposing the network to risk. What if someone's unauthorized device passed a virus that wiped your doctoral research and thesis? If you think it's a joke now, try it at a job and see what happens.

Work with the network administrator, student government, administration, etc. to get additional wireless access for "your other devices" that don't NEED to be on the school's network and/or in common areas (like the free wifi in most coffee shops). This prevents load on the "actual" school network, and still gives you the internet access you want.

Solution 4:

I can think of a handful of ways to detect this kind of behaviour in a network. The restriction is not a great one when really what they should do is limit connections by port rather than mac, but it's their network and their rules even if it does create a easy (targeted) denial of service attack if you were to spoof someone else's MAC address.

Taking https://networkengineering.stackexchange.com/questions/123/how-do-you-prevent-rogue-wireless-access-points-on-a-network as a starting point it seems pretty clear that any decent wireless infrastructure would be able to detect rogue hotspots (even a dd-wrt box can do a wireless survey to see what else is around.)

Since the admins control the traffic, IDS tools like Snort can also be brought to bear and would give you away pretty quickly if the admins were keen to find people who weren't compliant. Some protocols don't even hide that they're operating through NAT (RFC7239 has http headers like X-Forwarded-For specifically for use by web proxies.) RFC2821 advises SMTP clients to send an optional identifier though it's not mandatory.

The only way you could really hide something like that is to have the device which connects to their network send everything out to a VPN or system like TOR, which in itself would raise some attention in your direction.

While not exactly the same situation as they don't seem to have the same restrictions, the University of Cambridge's security team do frown upon the use of NAT in their network as seen in Firewalls and Network Address Translation policy and provide some background on their reasoning.

TL;DR - If you want to use more devices then you need to go through the system and student representation to address the issues you're facing, because if your admins want to catch you then they will.

Solution 5:

My network utilizes a system that has detectors spaced throughout the buildings, and if a rogue SSID shows up it will actually triangulate the location of the device. The system isn't cheap, but good Lord, it's probably more cost effective in the long run if you add up time spent manually managing MAC addresses; that has to be an administrative nightmare. Of all the ways to lock down a system, I really can't think of a worse way of doing it.

As others have said, work with the admins, don't try to beat them. With available technology these days, you don't even need a good network admin to catch you. Try to change policies, see if exceptions are allowed, etc. You'll be better off in the end.