[isf-wifidog] How to Auth non-browser based devices

Benoit Grégoire bock at step.polymtl.ca
Mer 1 Fév 00:05:44 EST 2006


On January 31, 2006 11:37 pm, Jason Potter wrote:
> Hi All,
>
> Just an extension to the discussion below, what are the approaches to
> giving free wifi to devices in a venue that don't have a browser.

1-Tie MAC adress(es) to a single user account who vouches for it 
(http://dev.wifidog.org/ticket/19).  Only slightly more insecure than normal 
captive portal operation.
2-Whitelist specific servers ("perfectly" secure, allows the group to ask 
money from their operators for the priviledge since they run a business on 
your network).  Good for the DS and VOIP operators, doesn't work for allowing 
you to connect to you own asterisk server for example.
3-Whitelist specific ports (such as SIP).  Once you do that, anyone can tunnel 
any kind of traffic trough them.
4-Don't run any authentication at all.  Works fine for those who only run a 
portal to display a splash page and terms of service.

I hadn't tought of Pete's solution:
5-Whitelist a range of MAC adresses by manufacturer.  Only works when the 
manufacturer and the service to be whitelisted are the same, so it would work 
for the DS, but not for a wifi phone).  Also, once the users know whose 
device is whitelisted, they no longuer have to guess of find a MAC adress to 
spoof.

If anyone has other ideas, please speak up.  So far there is no perfect 
solution.

-- 
Benoit Grégoire, http://benoitg.coeus.ca/
-------------- section suivante --------------
Une pièce jointe non texte a été nettoyée...
Nom: non disponible
Type: application/pgp-signature
Taille: 189 octets
Desc: non disponible
Url: http://listes.ilesansfil.org/pipermail/wifidog/attachments/20060201/c0f11173/attachment.pgp


More information about the WiFiDog mailing list