|
||||||||||
Chris Buechler a écrit : >On 5/4/05, Nans Delrieu <delrieu dot nans at laposte dot net> wrote: > > >>Lots of captive portal use mac adress after authentification. Afeter >>auth, captive portal looks for mac adresses and let surf if the ùmac >>adress is good. >> >>For exemple, if someone (called A) want to connect to the local network, >>he gives his login and password. >>Then, the captive portal authorize this person if the login and the >>pasword is good. But after authentification , if a malintentioned person >>B take the MAC adress of the personn A, the captive portal let person B >>surf on the web ??? it's a big problem ? how to resove that ?? >> >> >> > >Ah yes, m0n0wall's captive portal does rely on MAC addresses. There >is no way to prevent spoofing a MAC to gain access to another person's >authenticated session after they are done using it. Instructing your >users to use the log out functionality will prevent this (I know >that's easier said than done though). Using the idle timeout and hard >timeout will also help prevent this, and minimize the window for >misuse. > >-Chris > >--------------------------------------------------------------------- >To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch >For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch > > > > Ok. Do you know if there is a captive portal which prevent from that ?? (except talweg captive portal) I have an idea, but I don't know if it is possible. I would like to contact the freeradius server.A person A gives his login and password. A radius server is contacted, in the response, ii give an attribute for example Reply-Message = vlan 1 . Is it possible to put users in vlan as that ?? What is the utility of vlan in monowall ?? Thanks Nans |