← back to projects

VLAN discovery and responsible disclosure

2026 · independent research · reported and acknowledged

Internal addressing, segment names, and the specific policy gaps are deliberately left out of this write-up. The point here is the process. I'm happy to talk through the technical detail in person.

Summary

While running my home lab server on the university network, I noticed that traffic which worked fine from my wifi devices was being blocked on the wired port the server uses. Digging into why led me to a dual-VLAN architecture where two segments of the same campus network enforce noticeably different security policies. I documented the difference, wrote a findings report, and sent it to the VUW network engineering team, who escalated it to the cybersecurity team. The findings were formally acknowledged and reviewed.

Context

My server lives in a hall common room on a wired connection. Everything else I own connects over wifi. A VPN client that connected without issue from every wifi device would not complete a handshake from the server, on any protocol or port I tried. That asymmetry was the starting thread: same user, same building, same network, different behaviour.

Method

Nothing here involved scanning other people's machines or trying to get anywhere I wasn't already allowed to be. Everything was tested from my own devices, on my own accounts, using normal connectivity.

Findings

The two segments enforce materially different egress policies. One is permissive, one is restrictive, and which one you get depends on which socket you plug into rather than who you are. The interesting part wasn't any single blocked protocol. It was the inconsistency: the same user gets a different security posture depending on physical location, and nothing about the network makes that visible to the user or, apparently, consistent by design.

I wrote this up as a short report: what I observed, how I verified it, and why an unintended policy split might matter, with the captures as supporting evidence.

Disclosure

What I learned

More write-ups: Hardened home lab server · SSH brute-force alerter