Public IP given at a Hilton hotel?

4

2

DISCLAIMER: Maybe this isn't the right place for this. Please let me know if it isn't.

I recently stayed at a Hilton Garden Inn (member of the Hilton hotel family). While there, I connected my computer via ethernet to their network (which, as near as I can tell, is run by AT&T). When I did I was surprised to see that I received a public IP address in the 50.95.2.xxx pool with the subnet of 255.255.255.128, and a router of 50.95.2.1

In order to determine if I was publicly accessible, I ran a small server on my laptop and connected from my computer located at home, where Comcast is my ISP (accessed over VNC). I've seen this happen to me a few times before, but not always. It seems to be random. I'm not using the "premium access" which is aimed at business customers with VPNs, just the basic complementary one that is for surfing email or the web.

Connecting using a different thunderbolt->ethernet adapter (thus a different NIC) results in me getting a 192.168.x address, which I see on my other devices (phone, iPad).

Has anyone else seen this / has anyone found why it happens? It seems very insecure to give out public addresses to random hotel clients. Unsuspecting average users might have a configuration where they have something running that (typically behind NAT) isn't a problem, such as guest access to file shares or a vnc server with an insecure password. Not to mention the v4 address shortage.

EDIT: it had all the normal constraints such as a captive portal and 2-3 megabit speed restrictions.

lightbord

Posted 2016-04-11T03:18:21.473

Reputation: 213

1It's a fact wayport, now an AT&T company, mostly leases public IP's. (I suspect they treat hotels like its a cell site). Who is it insecure for? – Tyson – 2016-04-11T03:34:31.623

1it may be insecure for customers that have a machine running something like a VNC server. If that server is found on the public internet, especially if their password isnt strong, it could be a problem. Also people who have Guest access for something like AFP. – lightbord – 2016-04-11T04:31:16.733

Answers

3

Hotels cater to business guests who may need to use certain enterprise applications like VPN and VOIP. These sorts of applications often require that your computer has a public IP address with unblocked ports. As such, many hotels give you exactly that. Some hotels will actually let you choose whether you want this by asking if you want a public IP when you first connect to the network, along with a description saying that you probably want this if you use business applications like VPN.

You mentioned that you feel it is insecure to give out public IP addresses. However, keep in mind that NAT (using a shared public IP) is no better at blocking incoming connections then a firewall rule that does so. Other than perhaps anonymity, there isn't much of a reason not to give someone a public IP with all incoming connections blocked instead of using NAT. (And even the anonymity benefit is questionable as it may be possible to gain information about users behind a NAT from doing traffic analysis based on things such as differences in how network protocols are implemented in different operating systems.) Of course, as you indicated, they don't block incoming connections either, which is likely for the reasons mentioned in the first paragraph.

Disclaimer: Everyone should critically evaluate any security info/advice they receive. I make no claim that this answer is correct/complete, nor do I claim that acting based on it won't go horribly wrong. Anyone using it should use it at their own risk.

John

Posted 2016-04-11T03:18:21.473

Reputation: 409

What I find confusing / interesting is that I was assigned this address at random, while switching to another thunderbolt->ethernet adapter (and thus a different NIC) results in me getting a 192.168.x.x ip. No choice on the captive login page, just chose complementary which is supposed to be for surfing the web or email. I could see it happening for their "premium access" customers, of which I certainly am not one. It seems to be random. Is there some specific reason or criteria anyone has found that causes me to get a 50 address instead of a 192 like most devices (including my other NIC) get? – lightbord – 2016-04-11T04:20:20.407

So you're saying that you tried using two different thunderbolt to ethernet adapters and one gave you a public IP while the other gave you a private one? It's possible that they might have a limited number of public IPs to give out and switch over to NAT when the public IPs are exhausted. If the number of users is close to the number of available public IPs, then one might expect that the number of users would randomly fluctuate below/above the number of available public IPs. In this case it might appear "random" whether you get a public or private IP, depending on how many users there are. – John – 2016-04-11T18:54:14.923

You could test this hypothesis by using the same NIC, then repeatedly change your mac address and reconnect, keeping track of whether you get a public/private IP. If you do this 20 times, one would expect that you would get a public IP a larger fraction of the time in the first 10 attempts than in the second 10. – John – 2016-04-11T19:09:32.663

2

the address block you are refering to are owned by Wayport.net, a company that appears to rent service to Hilton hotels via AT&T wifi business services.

Keep in mind, that while the user may be more exposed to unsolicited access by third parties, anyone can use the IP they are assigned for any purpose. A NAT network provider would for instance be unable to support applications that require port forwarding. By using a public IP, they are not confining users to situations where stateful packet filtering and NAT are required.

Frank Thomas

Posted 2016-04-11T03:18:21.473

Reputation: 29 039

-2

Simply Best :-P

  • You can't access your computer by External IP. because your ISP using Carrier-Grad NAT technology.

  • This means that basically, you and other clients inside your ISP are in a big Metropolitan Area Network (MAN), The same way your home router is creating a Local Area Network (LAN) but in a bigger scale. Unfortunately they can't port forward :(

    Why NAT?

  • As you may know, the pool of free IPv4 exhausted a couple of years ago so they need to use a lower amount of public IPv4's

Is there any way to access my pc remotely?

  • Yes! you can, Using a ISP's private IP assigned to you (Check on Router).

  • Using this IP (10.1.X.X) you can access your computer remotely if the other computer is connected to the ISP which you're also connected.

  • System B(10.1.10.45) can be connected to System A 10.1.10.23(Server). They might be have a Common DNS (10.1.10.1)

Sathish Kumar

Posted 2016-04-11T03:18:21.473

Reputation: 155

2This answer doesn't seem to be directed at the actual question, but instead cherry-picked terms in the question. Please update the potentially useful information about NAT to provide an answer to the actual question regarding the scenario of being assigned a public IP address by a hotel. – Ashley – 2016-04-12T15:50:40.177

Asked: 2016-04-11T03:18:21.473

Viewed: 2 060 times

Active: 2019-03-13T22:38:21.087