Direct connection through a switch

[short-stack]

Hmm Mount Laurel NJ...

The dorms, aren't part of the honey nets no. A lot of schools place the student residential networks (RESNETS) on public IP space to force the traffic towards internal resources to take the same path through the security stack that all external traffic takes. This enforces equal inspection.

The student devices are owned by the students not the schools, so the schools can't enforce patch requirements or any type of posture assessment on the machine itself so they have to treat it just like any other machine on the internet.

Where did you get Mount Laurel NJ? ARIN shows 35.0.0.0/9 as owned by MERIT, and 35.11.0.0/16 as being assigned to Michigan State, so 35.11.236.0/24 and 35.11.237.0/24 are probably just some of networks assigned to RESNET. Anyways, check with your policy before you extend the network, or you could lose your entire access depending on their

 

[short-stack]

So I've just determined that the problem is the computer is going through the schools network to the NAS. I did a traceroute to the box and there is not a direct connection through the switch. Does anyone have any ideas how I would go about setting up that direct connection?

You're signed in to the network, or you've at least signed up for the NAS DHCP assignment, so the school knows who you are and that you're a student. They may be enforcing traffic policies so that no one student or person can hog all of the bandwidth. That or since you're being routed up through some path, there might be inspection or something else that's limiting your connection to 100 Mbit

 

[seangreen]

You're signed in to the network, or you've at least signed up for the NAS DHCP assignment, so the school knows who you are and that you're a student. They may be enforcing traffic policies so that no one student or person can hog all of the bandwidth. That or since you're being routed up through some path, there might be inspection or something else that's limiting your connection to 100 Mbit

Yeah that's what I've been thinking as well. There are rules against your own routers here at the school, but many people have one anyway.

I've just come up with a stopgap measure for right now. I can connect the schools network with my wifi adapter, then I can set my ethernet port to the offline IP and access both the NAS and Internet at the same time from my computer. So this works for computer storage right now. However I do not then have access to those files from say my TV if I wanted to watch plex from the TV.

So it's still a work in progress but I believe that I am making progress which is great. Thanks to everyone for their help so far!

 

[c32767a]

Yeah that's what I've been thinking as well. There are rules against your own routers here at the school, but many people have one anyway.

I've just come up with a stopgap measure for right now. I can connect the schools network with my wifi adapter, then I can set my ethernet port to the offline IP and access both the NAS and Internet at the same time from my computer. So this works for computer storage right now. However I do not then have access to those files from say my TV if I wanted to watch plex from the TV.

So it's still a work in progress but I believe that I am making progress which is great. Thanks to everyone for their help so far!

Does your NAS really need internet connectivity?

If not, windows has the concept of "secondary" IPs on an interface, you could configure a second IP on the interface on a random RFC 1918 network and then give your NAS an IP in the same network. If you were really daring, you could create a secondary interface on the FreeNAS as well. Then windows (and FreeNAS, if you went that far) would be able to reach the internet through the primary IP and the NAS via the secondary, all on the same wire.

Remember though that you're on a dorm network full of college students.. You'd be far safer putting the NAS and your laptop behind a small NAT router and keep your traffic off the dorm network completely.

 

[c32767a]

Is the dorm network part of the hunny pot?

The sarcastic answer is the dorm network IS the honeypot. :) I did time managing those environments.. Students do the darnedest things.

The real reason for the public IP is it's far simpler to use public IP space, because A) they have it, and B) it makes dealing with DMCA and other complaints a lot easier when the traffic is traceable to a public IP. If the institution does NAT, then they have to track all the NAT translations so they can map a violation back to an individual user. That effort requires security staff time and drives up the costs of compliance.

I don't know anything about MSU, but many other institutions will pick off random IPs in their dorm networks and allocate them to honey pots and tripwires, but even the IP rich are under pressure as IPv4 addresses run out, so it's not very common to see an institution throw away 65,000 IPs on a honeypot, particularly when they're contiguous, and easy for sophisticated attackers to spot.