[isf-wifidog] How to Auth non-browser based devices

Pete Flaherty pjf at cape.com
Mer 1 Fév 00:26:18 EST 2006 

There is some experimental code flying around teh Openwrt project for
just this purpose, Though it's not ready for prine time quite yet.
QOS is also slated in openwrt

-Pete Flaherty 

On Wed, 2006-02-01 at 16:16 +1100, Jason Potter wrote:

> Hi All,
> 
> Can an account be automatically created for a particular mac address when it
> tries to connect, so that it can be tracked?
> 
> Option 1 is what I think I am looking for.
> 
> I want people to be able to connect without logging in but be time limited
> to 2 hours and speed limited to 64k.
> 
> Does anyone have this solution setup at the moment.
> 
> Cheers
> Jason
> 
> -----Original Message-----
> From: Benoit Grégoire [mailto:bock at step.polymtl.ca] 
> Sent: Wednesday, 1 February 2006 4:06 PM
> To: wifidog at listes.ilesansfil.org; jasonp at iinet.net.au
> Subject: Re: [isf-wifidog] How to Auth non-browser based devices
> 
> On January 31, 2006 11:37 pm, Jason Potter wrote:
> > Hi All,
> >
> > Just an extension to the discussion below, what are the approaches to
> > giving free wifi to devices in a venue that don't have a browser.
> 
> 1-Tie MAC adress(es) to a single user account who vouches for it 
> (http://dev.wifidog.org/ticket/19).  Only slightly more insecure than normal
> 
> captive portal operation.
> 2-Whitelist specific servers ("perfectly" secure, allows the group to ask 
> money from their operators for the priviledge since they run a business on 
> your network).  Good for the DS and VOIP operators, doesn't work for
> allowing 
> you to connect to you own asterisk server for example.
> 3-Whitelist specific ports (such as SIP).  Once you do that, anyone can
> tunnel 
> any kind of traffic trough them.
> 4-Don't run any authentication at all.  Works fine for those who only run a 
> portal to display a splash page and terms of service.
> 
> I hadn't tought of Pete's solution:
> 5-Whitelist a range of MAC adresses by manufacturer.  Only works when the 
> manufacturer and the service to be whitelisted are the same, so it would
> work 
> for the DS, but not for a wifi phone).  Also, once the users know whose 
> device is whitelisted, they no longuer have to guess of find a MAC adress to
> 
> spoof.
> 
> If anyone has other ideas, please speak up.  So far there is no perfect 
> solution.
> 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://listes.ilesansfil.org/pipermail/wifidog/attachments/20060201/06a40d9b/attachment.html

More information about the WiFiDog mailing list