[ previous ] [ next ] [ threads ]
 
 From:  "Josh McAllister" <josh at bluehornet dot com>
 To:  "Dinesh Nair" <dinesh at alphaque dot com>, "Mitch \(WebCob\)" <mitch at webcob dot com>
 Cc:  "Michael Monaghan" <mmonaghan at gmail dot com>, "sylikc" <sylikc at gmail dot com>, "Chris Buechler" <cbuechler at gmail dot com>, <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] External Authentication
 Date:  Wed, 22 Sep 2004 10:35:05 -0700
Perhaps I'm restating the obvious, but this would make it rather simple
to defeat the captive portal... just hijack an already allowed IP.

Looks like squid / Proxy Authentication may be a viable option.
http://www.sourcekeg.co.uk/squid/Doc/FAQ/FAQ-23.html#ss23.1

Uses HTTP/Authorization headers, not IP or MAC. To spoof this would of
course require that the spoofer know the user/pass.


On a (slightly) separate note, would it be possible to have a
configurable check that only grants access to a IP/MAC pair that is
registered by dhcpd?

Josh McAllister

-----Original Message-----
From: Dinesh Nair [mailto:dinesh at alphaque dot com] 
Sent: Wednesday, September 22, 2004 1:13 AM
To: Mitch (WebCob)
Cc: Michael Monaghan; sylikc; Chris Buechler; m0n0wall at lists dot m0n0 dot ch
Subject: Re: [m0n0wall] External Authentication

On 22/09/2004 14:54 Mitch (WebCob) said the following:
> Does it have to work this way? Could it be modified to create allow
rules
> only based on IP? Could be a checkbox (default to off of course for
original
> behaviour)...

it could, which is what i'm investigating now. i want to see what other 
implications removing that check would have. also even if it is doable,
i 
won't be putting it into the official distro as it would defeat the
purpose 
of a captive portal.

-- 
Regards,                           /\_/\   "All dogs go to heaven."
dinesh at alphaque dot com                (0 0)    http://www.alphaque.com/
+==========================----oOO--(_)--OOo----========================
==+
| for a in past present future; do
|
|   for b in clients employers associates relatives neighbours pets; do
|
|   echo "The opinions here in no way reflect the opinions of my $a $b."
|
| done; done
|
+=======================================================================
==+

---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch