[ previous ] [ next ] [ threads ]
 
 From:  "Bob Young" <bob at lavamail dot net>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  WISP client's data gets past my captive portal ?
 Date:  Sat, 9 Sep 2006 00:53:26 -0400
This is a thought provoking problem...

My problem here is:
I have people in my neighborhood that are associated to my AP and have
gotten DHCP leases from my Monowall, but who have not clicked the "Continue"
button on my captive portal (I instituted captive portal), in order to gain
access to the Internet.  But these people's computers are still passing
apparently trashy data into my WISP interface of my Monowall.

I see an IP address that my DHCP has assigned to one of my neighbor's
computers. And this IP address is acting as a source and incrementing port
numbers trying to get to another IP address out on the Internet, that goes
to CHINA RAILWAY TELECOMMUNICATIONS CENTER. A bunch of the destination IP
numbers that the DHCP IP address tries to go to is to CHINA RAILWAY
TELECOMMUNICATIONS CENTER, and most of the time the source port numbers are
incrementing.

What's really perplexing is that my neighbor's computer was given an IP
address from the DHCP of my Monowall...but this computer did not log onto
the Internet via the Captive Portal continue button.  However, the logging
information on my Monowall shows that this data is being passed.  How can
that be?

Seems that the trashy data is bypassing my captive portal?  Maybe it is a
Trojan on my neighbors computer.  But how come my Monowall logging shows
that data as being passed on the WISP interface?

Thanks for any ideas on how this can happen.