Penetration Testing mailing list archives
Re: Wired captive portal pen-test
From: "Mario Spinthiras" <mspinthiras () gmail com>
Date: Thu, 17 Jul 2008 10:08:29 +0300
I am not sure what kind of captive portal it was. I know for sure that if the administrator limited the dns traffic or performed DPI (cleverly) they could avoid NSTX bypasses. NSTX relies on dns queries solely to be able to bypass CP. However by limiting the amount of DNS queries per IP to a more "normal" threshold then NSTX would be rendered useless. As for DTP , yersinia seems to be able to handle DTP auditing just fine. I have not found other tools capable of doing similar audits. -- Warm Regards, Mario A. Spinthiras Blog: http://www.spinthiras.net Mail: mspinthiras () gmail com Skype: smario125 ------------------------------------------------------------------------ This list is sponsored by: Cenzic Top 5 Common Mistakes in Securing Web Applications Get 45 Min Video and PPT Slides www.cenzic.com/landing/securityfocus/hackinar ------------------------------------------------------------------------
Current thread:
- Re: Wired captive portal pen-test, (continued)
- Re: Wired captive portal pen-test José M. Palazón Romero (Jul 16)
- Re: Wired captive portal pen-test Roman Medina-Heigl Hernandez (Jul 16)
- RE: Wired captive portal pen-test Sergio Castro (Jul 16)
- Re: Wired captive portal pen-test José M. Palazón Romero (Jul 15)
- Re: Wired captive portal pen-test Mario Spinthiras (Jul 16)
- Re: Wired captive portal pen-test Roman Medina-Heigl Hernandez (Jul 16)
- Re: Wired captive portal pen-test Roman Medina-Heigl Hernandez (Jul 16)
- Re: Wired captive portal pen-test Mario Spinthiras (Jul 17)