[ previous ] [ next ] [ threads ]
 From:  "Josh McAllister" <josh at bluehornet dot com>
 To:  "Dinesh Nair" <dinesh at alphaque dot com>, "Mitch \(WebCob\)" <mitch at webcob dot com>
 Cc:  "Michael Monaghan" <mmonaghan at gmail dot com>, "sylikc" <sylikc at gmail dot com>, "Chris Buechler" <cbuechler at gmail dot com>, <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] External Authentication
 Date:  Wed, 22 Sep 2004 10:35:05 -0700
Perhaps I'm restating the obvious, but this would make it rather simple
to defeat the captive portal... just hijack an already allowed IP.

Looks like squid / Proxy Authentication may be a viable option.

Uses HTTP/Authorization headers, not IP or MAC. To spoof this would of
course require that the spoofer know the user/pass.

On a (slightly) separate note, would it be possible to have a
configurable check that only grants access to a IP/MAC pair that is
registered by dhcpd?

Josh McAllister

-----Original Message-----
From: Dinesh Nair [mailto:dinesh at alphaque dot com] 
Sent: Wednesday, September 22, 2004 1:13 AM
To: Mitch (WebCob)
Cc: Michael Monaghan; sylikc; Chris Buechler; m0n0wall at lists dot m0n0 dot ch
Subject: Re: [m0n0wall] External Authentication

On 22/09/2004 14:54 Mitch (WebCob) said the following:
> Does it have to work this way? Could it be modified to create allow
> only based on IP? Could be a checkbox (default to off of course for
> behaviour)...

it could, which is what i'm investigating now. i want to see what other 
implications removing that check would have. also even if it is doable,
won't be putting it into the official distro as it would defeat the
of a captive portal.

Regards,                           /\_/\   "All dogs go to heaven."
dinesh at alphaque dot com                (0 0)    http://www.alphaque.com/
| for a in past present future; do
|   for b in clients employers associates relatives neighbours pets; do
|   echo "The opinions here in no way reflect the opinions of my $a $b."
| done; done

To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch