[ previous ] [ next ] [ threads ]
 
 From:  "Bob Young" <bob at lavamail dot net>
 To:  "'Molle Bestefich'" <molle dot bestefich at gmail dot com>
 Cc:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] WISP client's data gets past my captive portal ?
 Date:  Fri, 15 Sep 2006 00:14:52 -0400
Hi Molle:

Thanks for your reply.

Yes. I'm running captive portal on the WISP interface.  That's my wireless
interface.

I do see the dhcp leases. And the logging shows my neighbors computer is
trying to send data, but if captive portal is on, it seems that the data
doesn't get out the WAN interface.  Initially I thought it was getting out
the WAN interface.  But I'm surprised it can even get logged at all,
especially when the captive portal is turned on.  

If I have captive portal turned off, then their computer actually sends data
out my WAN interface.  I wonder if it's some kind of "phone home" virus...or
some kind of malware?

Thank you for your info Molle.

Anybody else run into this? 

Thanks,
Bob

-----Original Message-----
From: Molle Bestefich [mailto:molle dot bestefich at gmail dot com] 
Sent: Thursday, September 14, 2006 5:03 AM
To: Bob Young
Cc: m0n0wall at lists dot m0n0 dot ch
Subject: Re: [m0n0wall] WISP client's data gets past my captive portal ?

Bob Young wrote:
> This is a thought provoking problem...
>
> My problem here is:
> I have people in my neighborhood that are associated to my AP and have
> gotten DHCP leases from my Monowall, but who have not clicked the
"Continue"
> button on my captive portal

AFAIK (never used it) m0n0wall's captive portal is HTTP-based.
HTTP runs on top of IP, so your clients needs an IP address to talk to
the captive portal in order to be presented with the fabled "Continue"
button.

You don't say what your WISP interface is, but presuming it's the
wireless interface you're running a captive portal on, seeing dropped
traffic from hosts that hasn't logged in via the portal sounds normal.