[ previous ] [ next ] [ threads ]
 From:  Nans Delrieu <delrieu dot nans at laposte dot net>
 To:  Chris Buechler <cbuechler at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Spoofing max adresses
 Date:  Wed, 04 May 2005 22:01:21 +0200
Chris Buechler a écrit :

>On 5/4/05, Nans Delrieu <delrieu dot nans at laposte dot net> wrote:
>>Lots of captive portal use mac adress after authentification. Afeter
>>auth, captive portal looks for mac adresses and let surf if the ùmac
>>adress is good.
>>For exemple, if someone (called A) want to connect to the local network,
>>he gives his login and password.
>>Then, the captive portal authorize this person if the login and the
>>pasword is good. But after authentification , if a malintentioned person
>>B take the MAC adress of the personn A, the captive portal let person B
>>surf on the web ???  it's a big problem ? how to resove that ??
>Ah yes, m0n0wall's captive portal does rely on MAC addresses.  There
>is no way to prevent spoofing a MAC to gain access to another person's
>authenticated session after they are done using it.  Instructing your
>users to use the log out functionality will prevent this (I know
>that's easier said than done though).  Using the idle timeout and hard
>timeout will also help prevent this, and minimize the window for
>To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
Ok. Do you know if there is a captive portal which prevent from that ?? 
(except talweg captive portal)

I have an idea, but I don't know if it is possible.

I would like to contact the freeradius server.A person A gives his login 
and password. A radius server is contacted, in the response, ii give an 
attribute for example Reply-Message = vlan 1 . Is it possible to put 
users in vlan as that ??

What is the utility of vlan in monowall ??