[isf-wifidog] immediate user disconnect feature

Wichert Akkerman wichert at wiggy.net
Lun 28 Avr 14:12:49 EDT 2008


Previously acv wrote:
> On Mon, Apr 28, 2008 at 07:55:22PM +0200, Wichert Akkerman wrote:
> > 
> > The thought had occured to me. The reason I did not do that is that it
> > complicates the protocol a bit while was not sure that is really needed.
> 
> 	In the wifidog threat model, it's been the assumption that the
> goal the goal of attackers has been to get free iinternet access. If they
> can sniff the internet side of the router, the only thing they really stand
> to gain, re-usable authentication credentials) are supposed to be SSL
> protected.

I also want to protect against people trying to 'play' with sessions
from other users. If people get randomly disconnected because someone is
triggering disconnects I'm going to get support calls and complaints. 

Since the login redirect to the gateway will always use http and
typically an unencrypted wireless network is used I have to assume that
the IP address, MAC address and token for all users are known.

Wichert.

-- 
Wichert Akkerman <wichert at wiggy.net>    It is simple to make things.
http://www.wiggy.net/                   It is hard to make things simple.


Plus d'informations sur la liste de diffusion WiFiDog