Results 1 to 7 of 7

Thread: how secure are public access points?

  1. #1
    Just burned his ISO
    Join Date
    Dec 2007
    Posts
    5

    Default how secure are public access points?

    Hi,

    I am having a hard time finding out about public wireless access points which require you to pay to use them, you know the kind like those T-mobile ones etc.. I know this will probably sound silly but I really can't get google to give me anything useful about how they work. I just can't come up with a decent search query, try it yourself if you don't believe me My question is just: how do they authenticate clients, do they run dns proxys to block people who haven't paid? It surely can't be as simple as 'this mac address is allowed all others aren't' because you could just disassociate the client and spoof their mac, do they perhaps use encryption? I am not asking to be spoon-fed here, just a link or a paper, or maybe somebody here knows more about the software running on these APs, any discussion would be really appreciated.

    Thanks,

    Calef13

  2. #2
    Senior Member
    Join Date
    Apr 2008
    Posts
    2,008

    Default

    Quote Originally Posted by calef13 View Post
    Hi,

    I am having a hard time finding out about public wireless access points which require you to pay to use them, you know the kind like those T-mobile ones etc.. I know this will probably sound silly but I really can't get google to give me anything useful about how they work. I just can't come up with a decent search query, try it yourself if you don't believe me My question is just: how do they authenticate clients, do they run dns proxys to block people who haven't paid? It surely can't be as simple as 'this mac address is allowed all others aren't' because you could just disassociate the client and spoof their mac, do they perhaps use encryption? I am not asking to be spoon-fed here, just a link or a paper, or maybe somebody here knows more about the software running on these APs, any discussion would be really appreciated.

    Thanks,

    Calef13
    Most use a simple authentication page, without a valid username/password traffic to the WAN will be blocked.
    -Monkeys are like nature's humans.

  3. #3

    Default

    Quote Originally Posted by calef13 View Post
    Hi,

    I just can't come up with a decent search query, try it yourself if you don't believe me
    Try searching for the term "wifi walled garden" (or "wireless walled garden" or "hotspot walled garden")

  4. #4
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by cybrsnpr View Post
    Try searching for the term "wifi walled garden" (or "wireless walled garden" or "hotspot walled garden")
    Captive Portal also works.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  5. #5
    Senior Member Thorn's Avatar
    Join Date
    Jan 2010
    Location
    The Green Dome
    Posts
    1,509

    Default

    Quote Originally Posted by calef13 View Post
    Hi,

    I am having a hard time finding out about public wireless access points which require you to pay to use them, you know the kind like those T-mobile ones etc.. I know this will probably sound silly but I really can't get google to give me anything useful about how they work. I just can't come up with a decent search query, try it yourself if you don't believe me My question is just: how do they authenticate clients, do they run dns proxys to block people who haven't paid? It surely can't be as simple as 'this mac address is allowed all others aren't' because you could just disassociate the client and spoof their mac, do they perhaps use encryption? I am not asking to be spoon-fed here, just a link or a paper, or maybe somebody here knows more about the software running on these APs, any discussion would be really appreciated.

    Thanks,

    Calef13
    DNS proxies can be used, as can MAC filters. Many also use a token-based system.

    NoCat is an open source walled garden. http://nocat.net This is a good overview of how it functions: http://www.oreillynet.com/pub/a/wire...nocatauth.html
    Thorn
    Stop the TSA now! Boycott the airlines.

  6. #6
    Good friend of the forums
    Join Date
    Feb 2010
    Posts
    328

    Default

    * ssh tunnel
    * openvpn tunnel
    * dns tunnel :P ( slow as balls but a fun project ) also ICMP can tunnel too

  7. #7
    Just burned his ISO
    Join Date
    Dec 2007
    Posts
    5

    Default

    Thanks for all the replies guys, that's really helpful, the captive portal stuff appears to be what I'm looking for. I get the impression these hotspots are fairly difficult to bypass and I wanted to know why, cheers.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •