PaulDotCom mailing list archives
Re: hotel captive portals and forced VPNs
From: Jarrod Frates <jfrates.ml () gmail com>
Date: Fri, 28 Dec 2012 00:41:18 -0600
On Thu, Dec 27, 2012 at 8:41 AM, Robin Wood <robin () digininja org> wrote:
Has anyone seen a way to stop this short window of opportunity but obviously still allow the user to connect to the captive portal and authenticate?
I've seen locations that occasionally allow non-HTTP traffic without any sort of authentication (DNS being the most common I've checked), but I haven't explored them significantly. I once stayed at a hotel that allowed my IM logins to proceed but challenged me on web access. I've since seen hotels battening down the hatches to prevent anything from leaving without a web login; I imagine that your friend would have a rough time with those locations, though I wonder what would happen if you sent something other than types 1, 6, or 17 across it. Any properly-configured NAC should be intercepting the first packet and demanding authentication. However, I've seen all manner of oddities when it comes to hotel networks. A hotel in Dallas triggered the ARP spoof detection on my fiancee's notebook's ESET installation; the MAC address for the default gateway kept flipping between addresses of the same manufacturer. The hotel staff blamed it on a volleyball team showing up and flooding the network with traffic, but I think it was just a poorly-configured load balancer of some sort as I've run into it elsewhere since then. (Or maybe someone was just being really clever and intercepting the traffic intermittently.) We eventually just disabled the ARP spoof detection and went on our merry way, but it reminded me that one can never trust networks that one did not design or at least implement (and sometimes not even then). -- Jarrod Frates GAWN, GCIH, GPEN, GXPN _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- hotel captive portals and forced VPNs Robin Wood (Dec 27)
- Re: hotel captive portals and forced VPNs xgermx (Dec 27)
- Re: hotel captive portals and forced VPNs Robin Wood (Dec 28)
- Re: hotel captive portals and forced VPNs Dan McGinn-Combs (Dec 27)
- Re: hotel captive portals and forced VPNs Robin Wood (Dec 28)
- Re: hotel captive portals and forced VPNs Jarrod Frates (Dec 28)
- Re: hotel captive portals and forced VPNs Frank Michael (Dec 28)
- Re: hotel captive portals and forced VPNs xgermx (Dec 27)