[dundee] Instant hotspot Idea

Marcel Hecko marcel at shmu.org.uk
Fri Dec 11 10:57:40 UTC 2009 

Sean gimme a break! If you want anything to be connected to the internet 
you need some kind of "device" - all the time I am talking about an 
ADDITIONAL device to the one already being used. DNAT and DHCP are 
available on basically any DSL/whatever modem and I am presuming DNS is 
set through DHCP in most of the cases.
Tunneling TCP/80 traffic through UDP/53 (most of the cases) would be an 
interesting idea though :)
The easiest way would be for user to change DNS server, however if you 
DNAT all TCP,UDP/53 requests to the dedicated DNS server the above 
threat dissapears.

Marcel

Sean McRobbie wrote:
> DNAT = device required
> DHCP = device required
> DNS via DHCP = optional
>
> You can apparently tunnel via DNS too to break out of some hotspots.
>
> Regards,
> Sean McRobbie
>
> ----- Original Message -----
> From: "Marcel Hecko" <marcel at shmu.org.uk>
> To: "Tayside Linux User Group" <dundee at lists.lug.org.uk>
> Sent: Friday, 11 December, 2009 9:41:24 AM
> Subject: Re: [dundee] Instant hotspot Idea
>
> Sorry, to more clear - you only need one public installation for many 
> LANs. So the solution can be offered on SaS basis.
>
> Marcel
>
> Robert Ladyman wrote:
>   
>> I'm puzzled - if there's no hardware involved, what's handing out your DNS 
>> addresses and CSS?
>>
>>   
>>     
>>> Sean, what is the Mikrotik bug you heave reported?
>>>
>>> Well, it might not be that simple to bypass. If you force DNS for the
>>> users using DNAT it will be ratrer more complex, because you will have
>>> to either:
>>> - disable cookies
>>> - disable CSS
>>> - block the retreival of one particular CSS file (if the name of the css
>>> file is not generated randomly:))
>>> - rewrite HTML upon its retreival from proxy
>>>
>>> Well, of course the solution is not very secure, however it does create
>>> the possibility to create extremely simple Captive system for
>>> non-sysadmins for Internet Cafes, small hotspot networks and so on - and
>>> absolutely no HW necessarry.
>>>
>>> Im working on the Proof of concept right now. Will let you know once
>>> this is ready.
>>>
>>> Marcel
>>>
>>> Sean McRobbie wrote:
>>>     
>>>       
>>>> Mikrotik still haven't fixed some majorly annoying bug I've reported on
>>>> hotspot.
>>>>
>>>> The DNS idea is unfortunately too simple - people like me will bypass it
>>>> (without even knowing so too).
>>>>
>>>> Regards,
>>>> Sean McRobbie
>>>>
>>>> ----- Original Message -----
>>>> From: "Marcel Hecko" <marcel at shmu.org.uk>
>>>> To: "Tayside Linux User Group" <dundee at lists.lug.org.uk>
>>>> Sent: Friday, 11 December, 2009 8:44:16 AM
>>>> Subject: Re: [dundee] Instant hotspot Idea
>>>>
>>>> That would require a separate physical PC between the Internet and LAN -
>>>> I have tested many solutions like that and we are using the one from
>>>> Mikrotik on one of our networks right now, however that is not exactly
>>>> my vision - the idea plotted is based on the premise that no additional
>>>> equipments has to be installed and yet works per-user.
>>>> It has many many limitations, but for the basic service it's a brilliant
>>>> idea :)
>>>>
>>>> Marcel
>>>>
>>>> Robert Ladyman wrote:
>>>>       
>>>>         
>>>>> I think that ZoneCD might be what you want.
>>>>>
>>>>> http://www.publicip.net/
>>>>>
>>>>>         
>>>>>           
>>>>>> I have a dream.
>>>>>> A dream about instant captive portal solution. The deployment would
>>>>>> only require the network admin to change the DNS settings for LAN
>>>>>> users. The idea flows in my head approximately like this:
>>>>>>
>>>>>> USER requests foo.com
>>>>>> DNS responds with IP for pong.com
>>>>>> pong.com is a (Squid) proxy which downloads foo.coms index.html
>>>>>> proxy adds a link for css stylesheet file located on pong.com server to
>>>>>> index.html page from foo.com
>>>>>> the changed index.html is served to USER
>>>>>> USER requests css file from pong.css server - creates HTTP GET request
>>>>>> if (HTTP request for style.css on pong.com includes users cookies) {
>>>>>>   the style.css is a blank file
>>>>>>   } else {
>>>>>>   the stylesheet is designed the way to render the foo.com index page
>>>>>> unreadable and displays notice on how to register on pong.com
>>>>>> }
>>>>>> the registration would set proper cookie in users browser for pong.com
>>>>>>  domain
>>>>>>
>>>>>> Of course, style.css can easily be changed to any other element of the
>>>>>> page - such as IMG , but stylesheet would serve quite well.
>>>>>>
>>>>>> Now, is there any DNS/HTTP/COOKIE expert who can tell me whether this
>>>>>> is actually technically possible to do? I believe it is and I also
>>>>>> think that I have never seen such a service in practice.
>>>>>>
>>>>>> I am finishing this mail with one of my mottos:
>>>>>> "Life is to short to keep secrets"
>>>>>>
>>>>>> Marcel
>>>>>>
>>>>>> please reply to
>>>>>> marcel at shmu.org.uk
>>>>>>
>>>>>> Marcel Hecko
>>>>>> Connected SHMU Project Manager
>>>>>> Station House Media Unit
>>>>>> Station Road, Woodside,
>>>>>> Aberdeen  AB24 2WB
>>>>>> Tel - 01224 487174
>>>>>>
>>>>>>
>>>>>>
>>>>>> www.shmu.org.uk
>>>>>>
>>>>>> listen to our community radio station live at www.shmufm.net
>>>>>>
>>>>>> -----------------------------------------------------------------------
>>>>>> ---- ------------ This message is not intended to have contractual
>>>>>> effect
>>>>>> -----------------------------------------------------------------------
>>>>>> ---- ------------
>>>>>>
>>>>>> Save a tree -  don't print this e-mail or any attachment unless
>>>>>> absolutely necessary.
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> dundee GNU/Linux Users Group mailing list
>>>>>> dundee at lists.lug.org.uk  http://dundeelug.org.uk
>>>>>> https://mailman.lug.org.uk/mailman/listinfo/dundee
>>>>>> Chat on IRC, #tlug on irc.lug.org.uk
>>>>>>           
>>>>>>             
>>   
>>     
>
>
>   


-- 
please reply to
marcel at shmu.org.uk

Marcel Hecko
Connected SHMU Project Manager
Station House Media Unit
Station Road, Woodside,
Aberdeen  AB24 2WB
Tel - 01224 515013	

www.shmu.org.uk

listen to our community radio station live on 99.8FM and at www.shmufm.net

SHMU is a charity registered in Scotland - SC034211 and a registered Limited Company - SC332413


---------------------------------------------------------------------------------------
This message is not intended to have contractual effect
---------------------------------------------------------------------------------------

More information about the dundee mailing list