Penetration Testing mailing list archives

Re: Wired captive portal pen-test

From: "Mario Spinthiras" <mspinthiras () gmail com>
Date: Thu, 17 Jul 2008 10:08:29 +0300

I am not sure what kind of captive portal it was. I know for sure that
if the administrator limited the dns traffic or performed DPI
(cleverly) they could avoid NSTX bypasses. NSTX relies on dns queries
solely to be able to bypass CP. However by limiting the amount of DNS
queries per IP to a more "normal" threshold then NSTX would be
rendered useless.

As for DTP , yersinia seems to be able to handle DTP auditing just
fine. I have not found other tools capable of doing similar audits.


-- 
Warm Regards,
Mario A. Spinthiras
Blog: http://www.spinthiras.net
Mail: mspinthiras () gmail com
Skype: smario125

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes in 
Securing Web Applications
Get 45 Min Video and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------

Current thread:

Re: Wired captive portal pen-test, (continued)
- - - Re: Wired captive portal pen-test José M. Palazón Romero (Jul 16)
    - Re: Wired captive portal pen-test Roman Medina-Heigl Hernandez (Jul 16)
    - RE: Wired captive portal pen-test Sergio Castro (Jul 16)
    - Re: Wired captive portal pen-test José M. Palazón Romero (Jul 15)
    - Re: Wired captive portal pen-test Mario Spinthiras (Jul 16)
    - Re: Wired captive portal pen-test Roman Medina-Heigl Hernandez (Jul 16)
    - Re: Wired captive portal pen-test Roman Medina-Heigl Hernandez (Jul 16)
  - Re: Wired captive portal pen-test sherwyn . williams (Jul 14)
- RE: Wired captive portal pen-test Alex Eden (Jul 15)
- Re: Wired captive portal pen-test Cedric Blancher (Jul 16)
  - Re: Wired captive portal pen-test Mario Spinthiras (Jul 17)