[dundee] Instant hotspot Idea

Sean McRobbie lug at seany.us
Fri Dec 11 10:47:28 UTC 2009


DNAT = device required
DHCP = device required
DNS via DHCP = optional

You can apparently tunnel via DNS too to break out of some hotspots.

Regards,
Sean McRobbie

----- Original Message -----
From: "Marcel Hecko" <marcel at shmu.org.uk>
To: "Tayside Linux User Group" <dundee at lists.lug.org.uk>
Sent: Friday, 11 December, 2009 9:41:24 AM
Subject: Re: [dundee] Instant hotspot Idea

Sorry, to more clear - you only need one public installation for many 
LANs. So the solution can be offered on SaS basis.

Marcel

Robert Ladyman wrote:
> I'm puzzled - if there's no hardware involved, what's handing out your DNS 
> addresses and CSS?
>
>   
>> Sean, what is the Mikrotik bug you heave reported?
>>
>> Well, it might not be that simple to bypass. If you force DNS for the
>> users using DNAT it will be ratrer more complex, because you will have
>> to either:
>> - disable cookies
>> - disable CSS
>> - block the retreival of one particular CSS file (if the name of the css
>> file is not generated randomly:))
>> - rewrite HTML upon its retreival from proxy
>>
>> Well, of course the solution is not very secure, however it does create
>> the possibility to create extremely simple Captive system for
>> non-sysadmins for Internet Cafes, small hotspot networks and so on - and
>> absolutely no HW necessarry.
>>
>> Im working on the Proof of concept right now. Will let you know once
>> this is ready.
>>
>> Marcel
>>
>> Sean McRobbie wrote:
>>     
>>> Mikrotik still haven't fixed some majorly annoying bug I've reported on
>>> hotspot.
>>>
>>> The DNS idea is unfortunately too simple - people like me will bypass it
>>> (without even knowing so too).
>>>
>>> Regards,
>>> Sean McRobbie
>>>
>>> ----- Original Message -----
>>> From: "Marcel Hecko" <marcel at shmu.org.uk>
>>> To: "Tayside Linux User Group" <dundee at lists.lug.org.uk>
>>> Sent: Friday, 11 December, 2009 8:44:16 AM
>>> Subject: Re: [dundee] Instant hotspot Idea
>>>
>>> That would require a separate physical PC between the Internet and LAN -
>>> I have tested many solutions like that and we are using the one from
>>> Mikrotik on one of our networks right now, however that is not exactly
>>> my vision - the idea plotted is based on the premise that no additional
>>> equipments has to be installed and yet works per-user.
>>> It has many many limitations, but for the basic service it's a brilliant
>>> idea :)
>>>
>>> Marcel
>>>
>>> Robert Ladyman wrote:
>>>       
>>>> I think that ZoneCD might be what you want.
>>>>
>>>> http://www.publicip.net/
>>>>
>>>>         
>>>>> I have a dream.
>>>>> A dream about instant captive portal solution. The deployment would
>>>>> only require the network admin to change the DNS settings for LAN
>>>>> users. The idea flows in my head approximately like this:
>>>>>
>>>>> USER requests foo.com
>>>>> DNS responds with IP for pong.com
>>>>> pong.com is a (Squid) proxy which downloads foo.coms index.html
>>>>> proxy adds a link for css stylesheet file located on pong.com server to
>>>>> index.html page from foo.com
>>>>> the changed index.html is served to USER
>>>>> USER requests css file from pong.css server - creates HTTP GET request
>>>>> if (HTTP request for style.css on pong.com includes users cookies) {
>>>>>   the style.css is a blank file
>>>>>   } else {
>>>>>   the stylesheet is designed the way to render the foo.com index page
>>>>> unreadable and displays notice on how to register on pong.com
>>>>> }
>>>>> the registration would set proper cookie in users browser for pong.com
>>>>>  domain
>>>>>
>>>>> Of course, style.css can easily be changed to any other element of the
>>>>> page - such as IMG , but stylesheet would serve quite well.
>>>>>
>>>>> Now, is there any DNS/HTTP/COOKIE expert who can tell me whether this
>>>>> is actually technically possible to do? I believe it is and I also
>>>>> think that I have never seen such a service in practice.
>>>>>
>>>>> I am finishing this mail with one of my mottos:
>>>>> "Life is to short to keep secrets"
>>>>>
>>>>> Marcel
>>>>>
>>>>> please reply to
>>>>> marcel at shmu.org.uk
>>>>>
>>>>> Marcel Hecko
>>>>> Connected SHMU Project Manager
>>>>> Station House Media Unit
>>>>> Station Road, Woodside,
>>>>> Aberdeen  AB24 2WB
>>>>> Tel - 01224 487174
>>>>>
>>>>>
>>>>>
>>>>> www.shmu.org.uk
>>>>>
>>>>> listen to our community radio station live at www.shmufm.net
>>>>>
>>>>> -----------------------------------------------------------------------
>>>>> ---- ------------ This message is not intended to have contractual
>>>>> effect
>>>>> -----------------------------------------------------------------------
>>>>> ---- ------------
>>>>>
>>>>> Save a tree -  don't print this e-mail or any attachment unless
>>>>> absolutely necessary.
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> dundee GNU/Linux Users Group mailing list
>>>>> dundee at lists.lug.org.uk  http://dundeelug.org.uk
>>>>> https://mailman.lug.org.uk/mailman/listinfo/dundee
>>>>> Chat on IRC, #tlug on irc.lug.org.uk
>>>>>           
>
>   


-- 
please reply to
marcel at shmu.org.uk

Marcel Hecko
Connected SHMU Project Manager
Station House Media Unit
Station Road, Woodside,
Aberdeen  AB24 2WB
Tel - 01224 515013	

www.shmu.org.uk

listen to our community radio station live on 99.8FM and at www.shmufm.net

SHMU is a charity registered in Scotland - SC034211 and a registered Limited Company - SC332413


---------------------------------------------------------------------------------------
This message is not intended to have contractual effect
---------------------------------------------------------------------------------------
 



_______________________________________________
dundee GNU/Linux Users Group mailing list
dundee at lists.lug.org.uk  http://dundeelug.org.uk
https://mailman.lug.org.uk/mailman/listinfo/dundee
Chat on IRC, #tlug on irc.lug.org.uk



More information about the dundee mailing list