[isf-wifidog] How to Auth non-browser based devices
Benoit Grégoire
bock at step.polymtl.ca
Mer 1 Fév 00:05:44 EST 2006
On January 31, 2006 11:37 pm, Jason Potter wrote:
> Hi All,
>
> Just an extension to the discussion below, what are the approaches to
> giving free wifi to devices in a venue that don't have a browser.
1-Tie MAC adress(es) to a single user account who vouches for it
(http://dev.wifidog.org/ticket/19). Only slightly more insecure than normal
captive portal operation.
2-Whitelist specific servers ("perfectly" secure, allows the group to ask
money from their operators for the priviledge since they run a business on
your network). Good for the DS and VOIP operators, doesn't work for allowing
you to connect to you own asterisk server for example.
3-Whitelist specific ports (such as SIP). Once you do that, anyone can tunnel
any kind of traffic trough them.
4-Don't run any authentication at all. Works fine for those who only run a
portal to display a splash page and terms of service.
I hadn't tought of Pete's solution:
5-Whitelist a range of MAC adresses by manufacturer. Only works when the
manufacturer and the service to be whitelisted are the same, so it would work
for the DS, but not for a wifi phone). Also, once the users know whose
device is whitelisted, they no longuer have to guess of find a MAC adress to
spoof.
If anyone has other ideas, please speak up. So far there is no perfect
solution.
--
Benoit Grégoire, http://benoitg.coeus.ca/
-------------- section suivante --------------
Une pièce jointe non texte a été nettoyée...
Nom: non disponible
Type: application/pgp-signature
Taille: 189 octets
Desc: non disponible
Url: http://listes.ilesansfil.org/pipermail/wifidog/attachments/20060201/c0f11173/attachment.pgp
More information about the WiFiDog
mailing list