[dundee] Instant hotspot Idea
Robert Ladyman
it at file-away.co.uk
Fri Dec 11 09:33:30 UTC 2009
I'm puzzled - if there's no hardware involved, what's handing out your DNS
addresses and CSS?
> Sean, what is the Mikrotik bug you heave reported?
>
> Well, it might not be that simple to bypass. If you force DNS for the
> users using DNAT it will be ratrer more complex, because you will have
> to either:
> - disable cookies
> - disable CSS
> - block the retreival of one particular CSS file (if the name of the css
> file is not generated randomly:))
> - rewrite HTML upon its retreival from proxy
>
> Well, of course the solution is not very secure, however it does create
> the possibility to create extremely simple Captive system for
> non-sysadmins for Internet Cafes, small hotspot networks and so on - and
> absolutely no HW necessarry.
>
> Im working on the Proof of concept right now. Will let you know once
> this is ready.
>
> Marcel
>
> Sean McRobbie wrote:
> > Mikrotik still haven't fixed some majorly annoying bug I've reported on
> > hotspot.
> >
> > The DNS idea is unfortunately too simple - people like me will bypass it
> > (without even knowing so too).
> >
> > Regards,
> > Sean McRobbie
> >
> > ----- Original Message -----
> > From: "Marcel Hecko" <marcel at shmu.org.uk>
> > To: "Tayside Linux User Group" <dundee at lists.lug.org.uk>
> > Sent: Friday, 11 December, 2009 8:44:16 AM
> > Subject: Re: [dundee] Instant hotspot Idea
> >
> > That would require a separate physical PC between the Internet and LAN -
> > I have tested many solutions like that and we are using the one from
> > Mikrotik on one of our networks right now, however that is not exactly
> > my vision - the idea plotted is based on the premise that no additional
> > equipments has to be installed and yet works per-user.
> > It has many many limitations, but for the basic service it's a brilliant
> > idea :)
> >
> > Marcel
> >
> > Robert Ladyman wrote:
> >> I think that ZoneCD might be what you want.
> >>
> >> http://www.publicip.net/
> >>
> >>> I have a dream.
> >>> A dream about instant captive portal solution. The deployment would
> >>> only require the network admin to change the DNS settings for LAN
> >>> users. The idea flows in my head approximately like this:
> >>>
> >>> USER requests foo.com
> >>> DNS responds with IP for pong.com
> >>> pong.com is a (Squid) proxy which downloads foo.coms index.html
> >>> proxy adds a link for css stylesheet file located on pong.com server to
> >>> index.html page from foo.com
> >>> the changed index.html is served to USER
> >>> USER requests css file from pong.css server - creates HTTP GET request
> >>> if (HTTP request for style.css on pong.com includes users cookies) {
> >>> the style.css is a blank file
> >>> } else {
> >>> the stylesheet is designed the way to render the foo.com index page
> >>> unreadable and displays notice on how to register on pong.com
> >>> }
> >>> the registration would set proper cookie in users browser for pong.com
> >>> domain
> >>>
> >>> Of course, style.css can easily be changed to any other element of the
> >>> page - such as IMG , but stylesheet would serve quite well.
> >>>
> >>> Now, is there any DNS/HTTP/COOKIE expert who can tell me whether this
> >>> is actually technically possible to do? I believe it is and I also
> >>> think that I have never seen such a service in practice.
> >>>
> >>> I am finishing this mail with one of my mottos:
> >>> "Life is to short to keep secrets"
> >>>
> >>> Marcel
> >>>
> >>> please reply to
> >>> marcel at shmu.org.uk
> >>>
> >>> Marcel Hecko
> >>> Connected SHMU Project Manager
> >>> Station House Media Unit
> >>> Station Road, Woodside,
> >>> Aberdeen AB24 2WB
> >>> Tel - 01224 487174
> >>>
> >>>
> >>>
> >>> www.shmu.org.uk
> >>>
> >>> listen to our community radio station live at www.shmufm.net
> >>>
> >>> -----------------------------------------------------------------------
> >>>---- ------------ This message is not intended to have contractual
> >>> effect
> >>> -----------------------------------------------------------------------
> >>>---- ------------
> >>>
> >>> Save a tree - don't print this e-mail or any attachment unless
> >>> absolutely necessary.
> >>>
> >>>
> >>> _______________________________________________
> >>> dundee GNU/Linux Users Group mailing list
> >>> dundee at lists.lug.org.uk http://dundeelug.org.uk
> >>> https://mailman.lug.org.uk/mailman/listinfo/dundee
> >>> Chat on IRC, #tlug on irc.lug.org.uk
>
--
Robert Ladyman
File-Away Limited, 32 Church Street, Newtyle
Perthshire, PH12 8TZ SCOTLAND
Registered in Scotland, Company Number SC222086
Tel: +44 (0) 1828 898 158
Mobile: +44 (0) 7732 771 649
http://www.file-away.co.uk
More information about the dundee
mailing list