[isf-wifidog] How to Auth non-browser based devices

Jason Potter jasonp at iinet.net.au
Mer 1 Fév 00:16:58 EST 2006 

Hi All,

Can an account be automatically created for a particular mac address when it
tries to connect, so that it can be tracked?

Option 1 is what I think I am looking for.

I want people to be able to connect without logging in but be time limited
to 2 hours and speed limited to 64k.

Does anyone have this solution setup at the moment.

Cheers
Jason

-----Original Message-----
From: Benoit Grégoire [mailto:bock at step.polymtl.ca] 
Sent: Wednesday, 1 February 2006 4:06 PM
To: wifidog at listes.ilesansfil.org; jasonp at iinet.net.au
Subject: Re: [isf-wifidog] How to Auth non-browser based devices

On January 31, 2006 11:37 pm, Jason Potter wrote:
> Hi All,
>
> Just an extension to the discussion below, what are the approaches to
> giving free wifi to devices in a venue that don't have a browser.

1-Tie MAC adress(es) to a single user account who vouches for it 
(http://dev.wifidog.org/ticket/19).  Only slightly more insecure than normal

captive portal operation.
2-Whitelist specific servers ("perfectly" secure, allows the group to ask 
money from their operators for the priviledge since they run a business on 
your network).  Good for the DS and VOIP operators, doesn't work for
allowing 
you to connect to you own asterisk server for example.
3-Whitelist specific ports (such as SIP).  Once you do that, anyone can
tunnel 
any kind of traffic trough them.
4-Don't run any authentication at all.  Works fine for those who only run a 
portal to display a splash page and terms of service.

I hadn't tought of Pete's solution:
5-Whitelist a range of MAC adresses by manufacturer.  Only works when the 
manufacturer and the service to be whitelisted are the same, so it would
work 
for the DS, but not for a wifi phone).  Also, once the users know whose 
device is whitelisted, they no longuer have to guess of find a MAC adress to

spoof.

If anyone has other ideas, please speak up.  So far there is no perfect 
solution.

-- 
Benoit Grégoire, http://benoitg.coeus.ca/

More information about the WiFiDog mailing list