Re: Wired captive portal pen-test

["Terry Cutler" <jedi31337 () gmail com>]

Interesting request..I'd love to know more myself on this.

On Mon, Jul 14, 2008 at 3:20 PM, Mike Hale <eyeronic.design () gmail com> wrote:
> I've used a Nomadix system.  I don't know of any inherent
> vulnerabilities, but the Nomadix is deployed as a Gateway with a
> switch being necessary for overall connectivity.  The unit itself runs
> on VxWorks.
>
> If you are unable to ping any other IPs, it sounds like the actual
> switch you're plugged is configured to deny that.
>
> There's also a very good chance that you will be unable to access the
> management features from the subscriber side of the network, as that's
> a common thing to turn off.
>
> I don't have any specs on the quadriga stuff, but you may have a tough
> nut in front of you if it's anything similar to the Nomadix unit.
>
> On Mon, Jul 14, 2008 at 8:41 AM, Roman Medina-Heigl Hernandez
> <roman () rs-labs com> wrote:
> > Hello,
> >
> > I'm looking for information about pen-testing a captive portal commonly used
> > in hotels. At least here in Spain I've seen that Quadriga (quadriga.com)
> > commercial solution is commonly used. If I attach a laptop to the RJ45 of
> > the room (with Quadriga), I receive an IP by DHCP. I can also ping the
> > gateway. But I cannot see other IPs. I suspect they're using some kind of L2
> > filtering (to disable ARP-requests except to the gateway), perhaps I'm
> > wrong, though. If I start a browser I'm redirected to a captive portal where
> > I can see my room number in one of the parameters, so (I think) they are
> > identifying my room by the switch port (I cannot figure other alternative
> > since my laptop/MAC is not pre-registered so it's unknown to them).
> >
> > Any information about these systems and how to pen-test them? Do you know
> > which kind of security meassures does Quadriga apply in particular or more
> > technical specs about this kind of systems? Do they use some special network
> > hardware (hardened switch, etc)? Or are they deployed using common hardware
> > (Cisco, etc)? Any manuals, tech specs, etc?
> >
> > Thanks in advance for your responses and have a nice day.
> > -r
> >
> > ------------------------------------------------------------------------
> > This list is sponsored by: Cenzic
> >
> > Top 5 Common Mistakes in Securing Web Applications
> > Get 45 Min Video and PPT Slides
> >
> > www.cenzic.com/landing/securityfocus/hackinar
> > ------------------------------------------------------------------------
>
>
>
> --
> 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
>
> ------------------------------------------------------------------------
> This list is sponsored by: Cenzic
>
> Top 5 Common Mistakes in
> Securing Web Applications
> Get 45 Min Video and PPT Slides
>
> www.cenzic.com/landing/securityfocus/hackinar
> ------------------------------------------------------------------------



-- 
./Terry Cutler
Master CNE , CDE, CLP, Certified Ethical Hacker

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes in 
Securing Web Applications
Get 45 Min Video and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------