[dundee] Instant hotspot Idea
Marcel Hecko
marcel at shmu.org.uk
Fri Dec 11 09:14:16 UTC 2009
Sean, what is the Mikrotik bug you heave reported?
Well, it might not be that simple to bypass. If you force DNS for the
users using DNAT it will be ratrer more complex, because you will have
to either:
- disable cookies
- disable CSS
- block the retreival of one particular CSS file (if the name of the css
file is not generated randomly:))
- rewrite HTML upon its retreival from proxy
Well, of course the solution is not very secure, however it does create
the possibility to create extremely simple Captive system for
non-sysadmins for Internet Cafes, small hotspot networks and so on - and
absolutely no HW necessarry.
Im working on the Proof of concept right now. Will let you know once
this is ready.
Marcel
Sean McRobbie wrote:
> Mikrotik still haven't fixed some majorly annoying bug I've reported on hotspot.
>
> The DNS idea is unfortunately too simple - people like me will bypass it (without even knowing so too).
>
> Regards,
> Sean McRobbie
>
> ----- Original Message -----
> From: "Marcel Hecko" <marcel at shmu.org.uk>
> To: "Tayside Linux User Group" <dundee at lists.lug.org.uk>
> Sent: Friday, 11 December, 2009 8:44:16 AM
> Subject: Re: [dundee] Instant hotspot Idea
>
> That would require a separate physical PC between the Internet and LAN -
> I have tested many solutions like that and we are using the one from
> Mikrotik on one of our networks right now, however that is not exactly
> my vision - the idea plotted is based on the premise that no additional
> equipments has to be installed and yet works per-user.
> It has many many limitations, but for the basic service it's a brilliant
> idea :)
>
> Marcel
>
> Robert Ladyman wrote:
>
>> I think that ZoneCD might be what you want.
>>
>> http://www.publicip.net/
>>
>>
>>
>>> I have a dream.
>>> A dream about instant captive portal solution. The deployment would only
>>> require the network admin to change the DNS settings for LAN users.
>>> The idea flows in my head approximately like this:
>>>
>>> USER requests foo.com
>>> DNS responds with IP for pong.com
>>> pong.com is a (Squid) proxy which downloads foo.coms index.html
>>> proxy adds a link for css stylesheet file located on pong.com server to
>>> index.html page from foo.com
>>> the changed index.html is served to USER
>>> USER requests css file from pong.css server - creates HTTP GET request
>>> if (HTTP request for style.css on pong.com includes users cookies) {
>>> the style.css is a blank file
>>> } else {
>>> the stylesheet is designed the way to render the foo.com index page
>>> unreadable and displays notice on how to register on pong.com
>>> }
>>> the registration would set proper cookie in users browser for pong.com
>>> domain
>>>
>>> Of course, style.css can easily be changed to any other element of the
>>> page - such as IMG , but stylesheet would serve quite well.
>>>
>>> Now, is there any DNS/HTTP/COOKIE expert who can tell me whether this is
>>> actually technically possible to do? I believe it is and I also think that
>>> I have never seen such a service in practice.
>>>
>>> I am finishing this mail with one of my mottos:
>>> "Life is to short to keep secrets"
>>>
>>> Marcel
>>>
>>> please reply to
>>> marcel at shmu.org.uk
>>>
>>> Marcel Hecko
>>> Connected SHMU Project Manager
>>> Station House Media Unit
>>> Station Road, Woodside,
>>> Aberdeen AB24 2WB
>>> Tel - 01224 487174
>>>
>>>
>>>
>>> www.shmu.org.uk
>>>
>>> listen to our community radio station live at www.shmufm.net
>>>
>>> ---------------------------------------------------------------------------
>>> ------------ This message is not intended to have contractual effect
>>> ---------------------------------------------------------------------------
>>> ------------
>>>
>>> Save a tree - don't print this e-mail or any attachment unless absolutely
>>> necessary.
>>>
>>>
>>> _______________________________________________
>>> dundee GNU/Linux Users Group mailing list
>>> dundee at lists.lug.org.uk http://dundeelug.org.uk
>>> https://mailman.lug.org.uk/mailman/listinfo/dundee
>>> Chat on IRC, #tlug on irc.lug.org.uk
>>>
>>>
>>>
>>
>>
>
>
>
--
please reply to
marcel at shmu.org.uk
Marcel Hecko
Connected SHMU Project Manager
Station House Media Unit
Station Road, Woodside,
Aberdeen AB24 2WB
Tel - 01224 515013
www.shmu.org.uk
listen to our community radio station live on 99.8FM and at www.shmufm.net
SHMU is a charity registered in Scotland - SC034211 and a registered Limited Company - SC332413
---------------------------------------------------------------------------------------
This message is not intended to have contractual effect
---------------------------------------------------------------------------------------
More information about the dundee
mailing list