[isf-wifidog] How to Auth non-browser based devices
Jason Potter
jasonp at iinet.net.au
Mer 1 Fév 00:16:58 EST 2006
Hi All,
Can an account be automatically created for a particular mac address when it
tries to connect, so that it can be tracked?
Option 1 is what I think I am looking for.
I want people to be able to connect without logging in but be time limited
to 2 hours and speed limited to 64k.
Does anyone have this solution setup at the moment.
Cheers
Jason
-----Original Message-----
From: Benoit Grégoire [mailto:bock at step.polymtl.ca]
Sent: Wednesday, 1 February 2006 4:06 PM
To: wifidog at listes.ilesansfil.org; jasonp at iinet.net.au
Subject: Re: [isf-wifidog] How to Auth non-browser based devices
On January 31, 2006 11:37 pm, Jason Potter wrote:
> Hi All,
>
> Just an extension to the discussion below, what are the approaches to
> giving free wifi to devices in a venue that don't have a browser.
1-Tie MAC adress(es) to a single user account who vouches for it
(http://dev.wifidog.org/ticket/19). Only slightly more insecure than normal
captive portal operation.
2-Whitelist specific servers ("perfectly" secure, allows the group to ask
money from their operators for the priviledge since they run a business on
your network). Good for the DS and VOIP operators, doesn't work for
allowing
you to connect to you own asterisk server for example.
3-Whitelist specific ports (such as SIP). Once you do that, anyone can
tunnel
any kind of traffic trough them.
4-Don't run any authentication at all. Works fine for those who only run a
portal to display a splash page and terms of service.
I hadn't tought of Pete's solution:
5-Whitelist a range of MAC adresses by manufacturer. Only works when the
manufacturer and the service to be whitelisted are the same, so it would
work
for the DS, but not for a wifi phone). Also, once the users know whose
device is whitelisted, they no longuer have to guess of find a MAC adress to
spoof.
If anyone has other ideas, please speak up. So far there is no perfect
solution.
--
Benoit Grégoire, http://benoitg.coeus.ca/
More information about the WiFiDog
mailing list