<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 TRANSITIONAL//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; CHARSET=UTF-8">
<META NAME="GENERATOR" CONTENT="GtkHTML/3.6.2">
</HEAD>
<BODY>
WiFi Phones are pretty easy, just allow only the SIP ports through (5060,5061) to either anywhere or a specific service (just look at the wifidog.config) for some clues :<BR>
<BR>
-Pete Flaherty<BR>
<BR>
On Wed, 2006-02-01 at 00:05 -0500, Benoit Grégoire wrote:
<BLOCKQUOTE TYPE=CITE>
<PRE>
<FONT COLOR="#000000">On January 31, 2006 11:37 pm, Jason Potter wrote:</FONT>
<FONT COLOR="#000000">> Hi All,</FONT>
<FONT COLOR="#000000">></FONT>
<FONT COLOR="#000000">> Just an extension to the discussion below, what are the approaches to</FONT>
<FONT COLOR="#000000">> giving free wifi to devices in a venue that don't have a browser.</FONT>
<FONT COLOR="#000000">1-Tie MAC adress(es) to a single user account who vouches for it </FONT>
<FONT COLOR="#000000">(<A HREF="http://dev.wifidog.org/ticket/19">http://dev.wifidog.org/ticket/19</A>). Only slightly more insecure than normal </FONT>
<FONT COLOR="#000000">captive portal operation.</FONT>
<FONT COLOR="#000000">2-Whitelist specific servers ("perfectly" secure, allows the group to ask </FONT>
<FONT COLOR="#000000">money from their operators for the priviledge since they run a business on </FONT>
<FONT COLOR="#000000">your network). Good for the DS and VOIP operators, doesn't work for allowing </FONT>
<FONT COLOR="#000000">you to connect to you own asterisk server for example.</FONT>
<FONT COLOR="#000000">3-Whitelist specific ports (such as SIP). Once you do that, anyone can tunnel </FONT>
<FONT COLOR="#000000">any kind of traffic trough them.</FONT>
<FONT COLOR="#000000">4-Don't run any authentication at all. Works fine for those who only run a </FONT>
<FONT COLOR="#000000">portal to display a splash page and terms of service.</FONT>
<FONT COLOR="#000000">I hadn't tought of Pete's solution:</FONT>
<FONT COLOR="#000000">5-Whitelist a range of MAC adresses by manufacturer. Only works when the </FONT>
<FONT COLOR="#000000">manufacturer and the service to be whitelisted are the same, so it would work </FONT>
<FONT COLOR="#000000">for the DS, but not for a wifi phone). Also, once the users know whose </FONT>
<FONT COLOR="#000000">device is whitelisted, they no longuer have to guess of find a MAC adress to </FONT>
<FONT COLOR="#000000">spoof.</FONT>
<FONT COLOR="#000000">If anyone has other ideas, please speak up. So far there is no perfect </FONT>
<FONT COLOR="#000000">solution.</FONT>
<FONT COLOR="#000000">_______________________________________________</FONT>
<FONT COLOR="#000000">WiFiDog mailing list</FONT>
<FONT COLOR="#000000"><A HREF="mailto:WiFiDog@listes.ilesansfil.org">WiFiDog@listes.ilesansfil.org</A></FONT>
<FONT COLOR="#000000"><A HREF="http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog">http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog</A></FONT>
</PRE>
</BLOCKQUOTE>
</BODY>
</HTML>