[ previous ] [ next ] [ threads ]
 From:  -Gerd-Root- <gerdroot at gmail dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  CaptivePortal Security hole?
 Date:  Thu, 09 Mar 2006 23:23:53 +0100

Today i tested a setup of m0n0wall with about 8 wireless access points.
There is no encryption, m0n0wall is supposed to do the authentication
with its build in captive portal. The m0n0walls DHCP server is
(currently) configured to give IPs also to unknown clients. Captive
Portal is also working fine as i wanted it to be.

I watched the firewall log, as i wanted to see what is going on and if
everythings fine. I then saw an IP i've not seen before and checked the
captiveportal-log to see who logged on, but there was only freshly
created accounts (used by persons sitting next to me) logged on. The
Firewall Log showed passed packets to a NintendoDS.net site (that refers
to nintendo.com) and the hostname of the client was also NintendoDS.
These things seem to have wireless abilities. I then tested to kick me
out of CaptivePortal by deactivating my account in the CaptivePortal
Activeuser list. Tried to call another website to see if it passes
packets to the website before showing up the Portal-Page, but there were
no passed packets to the website i tried to open. So for me it looks
like the Nintendo thing bypassed the CaptivePortal login-page anyway.

Is this possible?

I'm sure there was no other user logged into the portal than 2
colleagues and me.

Any suggestions, known problems, etc?

best regards