Results 1 to 4 of 4

Thread: WPA versus Webpage re-direct login?

Hybrid View

  1. #1

    Default WPA versus Webpage re-direct login?

    I've noticed some hotspots are protected on the radio link via WEP/WPA and some leave the radio link open (ie: no WEP/WPA) but rather have everyone who attaches re-directed to a webpage where you have to log in to the network inorder to be able to use the hotspot.

    I have 2 questions:

    1) What is it called when you have to log in via a web page? is that called "Web-redirection based authentication" and SSL? (I'm trying to research it but don't know what the correct name is )And I suppose you need a special router for that? I suppose I can't do that with my low-end Linksys router?


    2) Which method is more secure? Webpage login, or WPA login? What do most public hotspots (airports, hotels, etc) employ? I think the webpage re-direct?

  2. #2
    Moderator theprez98's Avatar
    Join Date
    Jan 2010
    Location
    Maryland
    Posts
    2,533

    Default

    Quote Originally Posted by radioraiders View Post
    1) What is it called when you have to log in via a web page? is that called "Web-redirection based authentication" and SSL? (I'm trying to research it but don't know what the correct name is )And I suppose you need a special router for that? I suppose I can't do that with my low-end Linksys router?
    It's called a "captive portal". You actually can run a captive portal on a Linksys Router, if its an older one that you can reflash the firmware. DD-WRT has a "hotspot" configuration that dictates a captive portal.
    Quote Originally Posted by radioraiders View Post
    2) Which method is more secure? Webpage login, or WPA login? What do most public hotspots (airports, hotels, etc) employ? I think the webpage re-direct?
    The problem with an encrypted hotspot--do you really plan to share the WEP/WPA key/passphrase with everyone?
    "\x74\x68\x65\x70\x72\x65\x7a\x39\x38";

  3. #3

    Default

    Thanks for the quick reply! It sounds kind of insecure, however. The only "security" is the MAC and IP address? That sounds pretty weak!

    Is there a way to "beef up" the security? Can't some kind of "VPN" be established? (I found a progam called "Anchor Free Hotspot Sheild" that does this) Is that what they mean by "some providers created extended authentication mechanisms"? Or do most hotspot providers just leave the security at this level, for whatever reasons?

    Most of these implementations merely require users to pass an SSL encrypted login page, after which their IP and MAC address are allowed to pass through the gateway. This has been shown to be exploitable with a simple packet sniffer. Once the IP and MAC addresses of other connecting computers are found to be authenticated, any machine can spoof the MAC address and IP of the authenticated target, and be allowed a route through the gateway. For this reason some captive portal solutions created extended authentication mechanisms to limit the risk for usurpation.

  4. #4
    Moderator theprez98's Avatar
    Join Date
    Jan 2010
    Location
    Maryland
    Posts
    2,533

    Default

    Quote Originally Posted by radioraiders View Post
    Thanks for the quick reply! It sounds kind of insecure, however. The only "security" is the MAC and IP address? That sounds pretty weak!

    Is there a way to "beef up" the security? Can't some kind of "VPN" be established? (I found a progam called "Anchor Free Hotspot Sheild" that does this) Is that what they mean by "some providers created extended authentication mechanisms"? Or do most hotspot providers just leave the security at this level, for whatever reasons?
    Hotspots are designed for convenience, not security. Unfortunately, most people find those two things mutually exclusive.
    "\x74\x68\x65\x70\x72\x65\x7a\x39\x38";

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •