Re: Captive Portal bypassing

[coderman <coderman () gmail com>]

On Dec 11, 2007 9:27 AM, gmaggro <gmaggro () rogers com> wrote:
> ... what I dislike about some of these techniques... they lack a certain
> potency. If they reliably achieve their goal they are slow; if they have
> better throughput then reliability becomes an issue.

order of preference:

a. UDP 53 openvpn tunnel (no tcp over tcp issues like 443 below)

b. TCP 443 openvpn tunnel (still works nicely on most links)

c. ICMP transport (pingtunnel, etc - often filtered)

d. DNS transport (ozymandns, etc)

if you can't even get DNS or ping packets through, you're most likely fucked.

as for wireless, i remember someone implementing a pingtunnel like
tun/tap transport on top of a wifi card doing management / control
frame injection directed at the tower / radio for payload broadcast to
a second party that can receive the tower / high power radio
transmission at a distant location.  (some of these signals carry over
many miles :)

the throughput is incredibly low, and unfortunately, it seemed to fuck
with the IBSS DIFS timeouts like crazy and just turned the network to
shit.  anyone remember the tool(s) that did this?

best regards,

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/