|
||||||||||
Perhaps I'm restating the obvious, but this would make it rather simple to defeat the captive portal... just hijack an already allowed IP. Looks like squid / Proxy Authentication may be a viable option. http://www.sourcekeg.co.uk/squid/Doc/FAQ/FAQ-23.html#ss23.1 Uses HTTP/Authorization headers, not IP or MAC. To spoof this would of course require that the spoofer know the user/pass. On a (slightly) separate note, would it be possible to have a configurable check that only grants access to a IP/MAC pair that is registered by dhcpd? Josh McAllister -----Original Message----- From: Dinesh Nair [mailto:dinesh at alphaque dot com] Sent: Wednesday, September 22, 2004 1:13 AM To: Mitch (WebCob) Cc: Michael Monaghan; sylikc; Chris Buechler; m0n0wall at lists dot m0n0 dot ch Subject: Re: [m0n0wall] External Authentication On 22/09/2004 14:54 Mitch (WebCob) said the following: > Does it have to work this way? Could it be modified to create allow rules > only based on IP? Could be a checkbox (default to off of course for original > behaviour)... it could, which is what i'm investigating now. i want to see what other implications removing that check would have. also even if it is doable, i won't be putting it into the official distro as it would defeat the purpose of a captive portal. -- Regards, /\_/\ "All dogs go to heaven." dinesh at alphaque dot com (0 0) http://www.alphaque.com/ +==========================----oOO--(_)--OOo----======================== ==+ | for a in past present future; do | | for b in clients employers associates relatives neighbours pets; do | | echo "The opinions here in no way reflect the opinions of my $a $b." | | done; done | +======================================================================= ==+ --------------------------------------------------------------------- To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch |